How can we do role based access in play framework 2.7.x

I am using play framework 2.x , and currently doing role based access in pre-processor class , post validation only allowing user to do further process.
I just want to know ,is it possible , to define role or list of roles on routes file only , so routes will directly do roles validation from incoming request header.
Example:
[“role1”,“role2”]
GET /user/read controlles.UserCotroller.read

it means any request header which had either role1 or role2 or both can invoke this url.

thanks.

I think deadbolt might does what you are looking for?

I’ve had success for many years with: GitHub - pac4j/play-pac4j: Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT…

There is an example project that shows you all the basics: GitHub - pac4j/play-pac4j-scala-demo: Play Scala demo to test the play-pac4j security library

The docs are here: pac4j: security for Java

It supports a wide variety of implementations, authentication, and authorization schemes.

WRT allowing multiple Roles access you would use a RequireAnyRoleAuthorizer

There is a google group where you can ask questions: https://groups.google.com/g/pac4j-users

It has been in constant development/release for years and the lead developer is still delivering new features, bug fixes, and keeping all the pieces current.

Good luck!