scala - spray authenticate directive returns different HTTP status codes -
i trying basic authentication on post request in spray.io 1.3.2 using authenticate directive. code looks following:
val route: route = { pathprefix("ato") { pathprefix("v1") { path("orders" / "updatestatus") { post { authenticate(basicauth(userpasswordauthenticator _, realm = "bd ato import api")) { user => entity(as[string]) {e => complete { s"hello $e " } } } } } } } } def userpasswordauthenticator(userpass: option[userpass]): future[option[string]] = future { if (userpass.exists(up => up.user == ato_import_v1_usr && up.pass == ato_import_v1_pwd)) some("ato_v1") else none }
this works fine, authorized status ok 200, unauthorized 401. when order of directives changed follows:
val route: route = { pathprefix("ato") { pathprefix("v1") { authenticate(basicauth(userpasswordauthenticator _, realm = "bd ato import api")) { user => path("orders" / "updatestatus") { post { entity(as[string]) {e => complete { s"hello $e " } } } } } } } }
i getting status 405, http method not allowed unauthorized access. not sure why happens. point make sense, path not matched because of missing credentials etc.
could please clarify that?
the reason why wanted put authorization @ v1 level wanted make every version protected different password. there way how achieve that? best practice in chaining directives?
i follow dry principle.
thanks
Comments
Post a Comment