Update from original

README.md

@@ -2,7 +2,7 @@
   <img src="https://pac4j.github.io/pac4j/img/logo-play.png" width="300" />
 </p>
 
-The `play-pac4j` project is an **easy and powerful security library for Play framework v2** web applications which supports authentication and authorization, but also application logout and advanced features like session fixation and CSRF protection.
+The `play-pac4j` project is an **easy and powerful security library for Play framework v2** web applications which supports authentication and authorization, but also application logout and advanced features like CSRF protection.
 It's based on Play 2 and on the **[pac4j security engine](https://github.com/pac4j/pac4j)**. It's available under the Apache 2 license.
 
 Several versions of the library are available for the different versions of the Play framework:
@@ -38,7 +38,7 @@ Just follow these easy steps to secure your Play 2 web application:
 You need to add a dependency on:
 
 - the `play-pac4j` library (<em>groupId</em>: **org.pac4j**, *version*: **2.5.0-SNAPSHOT**)
-- the appropriate `pac4j` [submodules](https://github.com/pac4j/pac4j/wiki/Clients) (<em>groupId</em>: **org.pac4j**, *version*: **1.9.0**): `pac4j-oauth` for OAuth support (Facebook, Twitter...), `pac4j-cas` for CAS support, `pac4j-ldap` for LDAP authentication, etc.
+- the appropriate `pac4j` [submodules](https://github.com/pac4j/pac4j/wiki/Clients) (<em>groupId</em>: **org.pac4j**, *version*: **1.9.1**): `pac4j-oauth` for OAuth support (Facebook, Twitter...), `pac4j-cas` for CAS support, `pac4j-ldap` for LDAP authentication, etc.
 
 All released artifacts are available in the [Maven central repository](http://search.maven.org/#search%7Cga%7C1%7Cpac4j).
 
@@ -431,8 +431,9 @@ bind(classOf[ApplicationLogoutController]).toInstance(logoutController)
 
 ### 2.4.0 (Play 2.5) -> 2.5.0 (Play 2.5)
 
-The `SecurityModule` class needs to bind the `PlaySessionStore` to the `PlayCacheStore`
-The `PlayWebContext` needs a `PlaySessionStore`, see examples at heading 5 (Get the user profile (`ProfileManager`))
+The `SecurityModule` class needs to bind the `PlaySessionStore` to the `PlayCacheStore`.
+
+The `PlayWebContext` needs a `PlaySessionStore`, see examples at heading 5 (Get the user profile (`ProfileManager`)).
 
 ### 2.1.0 (Play 2.4) / 2.2.0 (Play 2.5) -> 2.3.0 (Play 2.4) / 2.4.0 (Play 2.5)
 
@@ -454,29 +455,6 @@ The `DataStore` concept is replaced by the pac4j `SessionStore` concept. The `Pl
 
 The `DefaultHttpActionAdapter` does not need to be bound in the security module, but must to be set using the `config.setHttpActionAdapter` method.
 
-### 1.5.x -> 2.0.0
-
-`play-pac4j v2.0` is a huge refactoring of the previous version 1.5. It takes advantage of the new features of `pac4j` v1.8 (REST support, authorizations, configuration objects...) and is fully based on dependency injection -> see [Play 2.4 migration guide](https://www.playframework.com/documentation/2.4.x/Migration24).
-
-In Java, the `SecurityController` and `JavaController` are deprecated and you need to use the `UserProfileController` to get the user profile (you can also use the `ProfileManager` object directly).
-
-The "target url" concept has disappeared as it was too complicated, it could be simulated though.
-
-The `SecurityCallbackController` is deprecated and you must use the `CallbackController`. The logout support has been moved to the `ApplicationLogoutController`.
-
-The `JavaWebContext` and `ScalaWebContext` have been merged into a new `PlayWebContext`.
-
-The `StorageHelper` has been removed, replaced by the `PlayCacheStore` implementation where you can set the timeouts. You can provide your own implementation of the `CacheStore` if necessary.
-
-The `PlayLogoutHandler` has been moved to the `org.pac4j.play.cas.logout` package and renamed as `PlayCacheLogoutHandler` (it relies on the Play Cache).
-
-The static specific `Config` has been replaced by the default `org.pac4j.core.config.Config` object to define the clients (authentication) and the authorizers (authorizations).
-
-Custom 401 / 403 HTTP error pages must now be defined by overriding the `DefaultHttpActionAdapter`.
-
-The `isAjax` parameter is no longer available as AJAX requests are now automatically detected. The `stateless` parameter is no longer available as the stateless nature is held by the client itself.
-The `requireAnyRole` and `requieAllRoles` parameters are no longer available and authorizers must be used instead (with the `authorizerName` parameter).
-
 
 ## Demo
 
@@ -487,7 +465,7 @@ Test them online: [http://play-pac4j-java-demo.herokuapp.com](http://play-pac4j-
 
 ## Release notes
 
-See the [release notes](https://github.com/pac4j/play-pac4j/wiki/Release-notes). Learn more by browsing the [play-pac4j Javadoc](http://www.javadoc.io/doc/org.pac4j/play-pac4j/2.5.0) and the [pac4j Javadoc](http://www.pac4j.org/apidocs/pac4j/1.9.0/index.html).
+See the [release notes](https://github.com/pac4j/play-pac4j/wiki/Release-notes). Learn more by browsing the [play-pac4j Javadoc](http://www.javadoc.io/doc/org.pac4j/play-pac4j/2.5.0) and the [pac4j Javadoc](http://www.pac4j.org/apidocs/pac4j/1.9.1/index.html).
 
 
 ## Need help?

pom.xml

@@ -71,7 +71,7 @@
     </pluginRepositories>
 
     <properties>
-        <pac4j.version>1.9.0</pac4j.version>
+        <pac4j.version>1.9.1</pac4j.version>
         <play.version>2.5.4</play.version>
         <java.version>1.8</java.version>
         <powermock.version>1.6.4</powermock.version>

src/main/java/org/pac4j/play/ApplicationLogoutController.java

@@ -34,6 +34,8 @@ public class ApplicationLogoutController extends Controller {
 
     public Result logout() {
 
+        assertNotNull("applicationLogoutLogic", applicationLogoutLogic);
+
         assertNotNull("config", config);
         final PlayWebContext playWebContext = new PlayWebContext(ctx(), playSessionStore);
 

src/main/java/org/pac4j/play/CallbackController.java

@@ -36,6 +36,8 @@ public class CallbackController extends Controller {
 
     public Result callback() {
 
+        assertNotNull("callbackLogic", callbackLogic);
+
         assertNotNull("config", config);
         final PlayWebContext playWebContext = new PlayWebContext(ctx(), playSessionStore);
 

src/main/java/org/pac4j/play/PlayWebContext.java

@@ -12,7 +12,9 @@
 import play.mvc.Http.Response;
 import play.mvc.Http.Session;
 import play.mvc.Http.Context;
+
 import static org.pac4j.core.util.CommonHelper.assertNotNull;
+
 /**
  * <p>This class is the web context for Play (used both for Java and Scala).</p>
  * <p>"Session objects" are managed by the defined {@link SessionStore}.</p>
@@ -40,7 +42,7 @@ public PlayWebContext(final Context context, final SessionStore<PlayWebContext>
         this.request = context.request();
         this.response = context.response();
         this.session = context.session();
-        assertNotNull("sessionStore must not be null", sessionStore);
+        assertNotNull("sessionStore", sessionStore);
         this.sessionStore = sessionStore;
     }
 

src/main/java/org/pac4j/play/cas/logout/PlayCacheLogoutHandler.java

@@ -24,7 +24,6 @@ public class PlayCacheLogoutHandler extends NoLogoutHandler {
 
     protected final Logger logger = LoggerFactory.getLogger(getClass());
 
-
     private final CacheApi cache;
     private final Provider<CacheApi> cacheApiProvider;
 
@@ -43,7 +42,6 @@ private CacheApi getCache() {
         return cache != null ? cache : cacheApiProvider.get();
     }
 
-
     public void destroySession(WebContext context) {
         final PlayWebContext webContext = (PlayWebContext) context;
         final String logoutRequest = context.getRequestParameter("logoutRequest");
@@ -63,6 +61,6 @@ public void recordSession(WebContext context, String ticket) {
         final PlayCacheStore playCacheStore = (PlayCacheStore) webContext.getSessionStore();
         final String sessionId = playCacheStore.getOrCreateSessionId(webContext);
         logger.debug("save sessionId: {}", sessionId);
-        getCache().set(ticket, sessionId, playCacheStore.getProfileTimeout());
+        getCache().set(ticket, sessionId, playCacheStore.getTimeout());
     }
 }

src/main/java/org/pac4j/play/engine/HttpActionAdapterWrapper.java

@@ -7,7 +7,6 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
 
-
 /**
  * Wrapper of a <code>HttpActionAdapter&lt;Result,PlayWebContext&gt;</code>.
  *

src/main/java/org/pac4j/play/java/SecureAction.java

@@ -83,6 +83,8 @@ public CompletionStage<Result> call(final Context ctx) {
 
     public CompletionStage<Result> internalCall(final Context ctx, final String clients, final String authorizers, final boolean multiProfile) throws Throwable {
 
+        assertNotNull("securityLogic", securityLogic);
+
         assertNotNull("config", config);
         final PlayWebContext playWebContext = new PlayWebContext(ctx, sessionStore);
         final HttpActionAdapterWrapper actionAdapterWrapper = new HttpActionAdapterWrapper(config.getHttpActionAdapter());
@@ -94,7 +96,7 @@ public CompletionStage<Result> internalCall(final Context ctx, final String clie
             } else {
                 return delegate.call(ctx);
             }
-        }, actionAdapterWrapper, clients, authorizers, null, multiProfile, ctx);
+        }, actionAdapterWrapper, clients, authorizers, null, multiProfile);
     }
 
     protected String getStringParam(final InvocationHandler invocationHandler, final Method method, final String defaultValue) throws Throwable {

src/main/java/org/pac4j/play/store/PlayCacheStore.java

@@ -2,13 +2,11 @@
 
 import com.google.inject.Inject;
 import org.pac4j.core.context.Pac4jConstants;
-import org.pac4j.core.profile.CommonProfile;
 import org.pac4j.play.PlayWebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import play.cache.CacheApi;
 import play.mvc.Http;
-import java.util.LinkedHashMap;
 
 /**
  * The cache storage uses the Play Cache, only an identifier is saved into the Play session.
@@ -26,10 +24,7 @@ public class PlayCacheStore implements PlaySessionStore {
     private String prefix = "";
 
     // 1 hour = 3600 seconds
-    private int profileTimeout = 3600;
-
-    // 1 minute = 60 second
-    private int sessionTimeout = 60;
+    private int timeout = 3600;
 
     private final CacheApi cache;
 
@@ -67,12 +62,6 @@ public Object get(final PlayWebContext context, final String key) {
 
     @Override
     public void set(final PlayWebContext context, final String key, final Object value) {
-        int timeout;
-        if (value instanceof CommonProfile || value instanceof LinkedHashMap) {
-            timeout = profileTimeout;
-        } else {
-            timeout = sessionTimeout;
-        }
         final String sessionId = getOrCreateSessionId(context);
         cache.set(getKey(sessionId, key), value, timeout);
     }
@@ -85,20 +74,11 @@ public void setPrefix(String prefix) {
         this.prefix = prefix;
     }
 
-    public int getProfileTimeout() {
-        return profileTimeout;
-    }
-
-    public void setProfileTimeout(int profileTimeout) {
-        this.profileTimeout = profileTimeout;
+    public int getTimeout() {
+        return timeout;
     }
 
-    public int getSessionTimeout() {
-        return sessionTimeout;
+    public void setTimeout(int timeout) {
+        this.timeout = timeout;
     }
-
-    public void setSessionTimeout(int sessionTimeout) {
-        this.sessionTimeout = sessionTimeout;
-    }
-
 }