@Entity @Table(name = "users") public class User extends Model { @Column(name = "username") public String username; @Column(name = "password") public String password; @Column(name = "role") public String role; // Getter and setter methods } public class UserController extends Controller { public Result register() { } public Result login() { } } @With(Authenticator.class) @Retention(RetentionPolicy.RUNTIME) @Target({ElementType.TYPE, ElementType.METHOD}) public @interface Authorized { String value() default ""; } public class Authenticator extends Action.Simple { public CompletionStage<Result> call(Http.Context ctx) { String role = getUserRole(ctx); if (role.equals("admin")) { return delegate.call(ctx); } else { return CompletableFuture.completedFuture(forbidden("Access denied.")); } } private String getUserRole(Http.Context ctx) { } } plaintext GET /register controllers.UserController.register() POST /register controllers.UserController.registerSubmit() GET /login controllers.UserController.login() POST /login controllers.UserController.loginSubmit() GET /admin @controllers.Authorized controllers.AdminController.index()