Enforce SSL on Play! Framework

Question

I\'m currently using Play! 1.2.2 and its new Netty client framework.

I haven\'t found a straightforward method to enforce SSL, although can get HTTP and HTTPS to serve a

Answer 1

In the controller you can check against request.secure and either do a redirect or return 403/access denied.

You can force SSL for a whole controller doing this:

public static class ForceSSL extends Controller
{
    @Before
    static void verifySSL()
    {
        if (request.secure == false)
            redirect("https://" + request.host + request.url); 
    }
}

... and annotate another controller:

@With(ForceSSL.class)
public class Foo extends Controller
{
....
}

See also http://groups.google.com/group/play-framework/browse_thread/thread/7b9aa36be85d0f7b