Cookie Authentication using Scalatra and JWTs

As part of my work with Arcadia, I've built a Rails application that added a cookie that contains a JWT (pronounced jot). Great! That was fairly simple. Then I had to go over to our Scala application and get it to accept the JWT as identification. Right now, we were keeping it pretty simple and we only care if it's valid. This post will cover what I think is the simplest way to do that, from start to finish. Or you can skip all that and just go look at the full gist.

We want to start off with the JWT parsing. And before we add the code to actually do that, let's add some tests! I decided to use the JWT Scala library and, in particular, jwt-core. It had, in my opinion, the most easy-to-understand documentation so I could indeed RTFM and get my work done. Since I didn't need to add encoding in the actual application (the tokens would be encoded in another application), I added a quick line to encode a token within the tests.

Now that I have my tests, let's add the actual code to decode the JWT! Thanks to JWT Scala, this is pretty simple! The real secret sauce is in this line: userTokenData = parse(decoded).extract[Token].data. That does a lot of heavy lifting! decoded is just a string and parse turns it into this Jvalue object thanks to json4s, but that object is a bit hard to work with. However, I can extract it out to my case class, Token, which is downright magical. If it doesn't include all the fields that I have in Token, it will produce an error. Perfect!

Next I need a reusable Authentication object. This wasn't too bad because I found out that HttpServletRequest has a method called getCookies which... returns the cookies. Excellent. I'm sure this looks weird as an Either, but in this case I really did want Some or None because I didn't care about returning the error to the actual user. I did want to log it though, hence the liberal use of println.

Last, but definitely not least, I need a servlet. Well... tests for the servlet, then the servlet 😛. This is where I actually ran into trouble because I wasn't sure how to pass cookies to the get request in a test. With some help from my boss, we found out that get takes a headers param and you can pass a cookie if it looks like this: headers = Map("Cookie" -> cookie_value). To be honest, it required a bit of trial and error and I'm still trying to figure out exactly what values are being passed.

Screen Shot 2018-05-02 at 11.33.45 AM.png

And finally... my servlet! Short and sweet.

Polymorphic Routes

I just started classes (working toward the CS certificate at BU Met) and my new big project at work is porting over a ton of code from Rails 2 to Rails 4, so I’m sure I’m about to have tons to write about. For today, here’s something I somehow just found out about: polymorphic routes in Rails.

What are polymorphic routes? Let’s say you want to have a partial that is used for quite a few different models. Every model you have has a show page for individual instances of that model and each show page has an edit link. So instead of creating a new page for each, the view you have reads in a generic @object and then you can use polymorphic routes to generate the path for the edit link! In this example, I’ll have the @object represent an instance of the Article class. Like so:


results in:


I’m pretty surprised I haven’t seen this yet, but now I’m glad that I have! This is pretty cool :D

Oh My Zsh!

The terminal is fun. And it should also look fun (and be functional). I’ve been using Robby Russell’s Oh My Zsh for years now, but it still surprises me when people haven’t heard of it.

I’m not going to go into a ton of detail as to why you should use it. Here are a few great posts that already do that.

Nope, I’m mostly going to talk about how I have been adding a series of increasingly ridiculous emojis to my prompt. Why? Because if I am having a bad day, dammit if a 💩 doesn’t make me smile a bit. Right now I have a rainbow if I have a clean git repo, but I’m going to add a unicorn as soon as I can update my work computer.

There are so many awesome, fun themes to use depending on your workflow. I was using a slightly modified bullet-train:

But then today, I decided it was taking up too much space and went back to an old standby: crunch. I modified it just a bit to change the icons (💩) and also to just display the current folder instead of the whole path. Though I’m sure the whole path can be useful to most people, my directory paths can sometimes get long and ridiculous, so generally a folder name does in a pinch. If I need to confirm, there’s always pwd.

Try zsh. It has some other sweet features that are all useful, but my favorite thing is the themes and how much easier they make my day to day.