I have been migrating a project to 2.6.x (https://github.com/bravegag/play-authenticate-usage-scala) and I believe that the latest 2.6.x Deadbolt2 Scala is causing some issues. It has to do with the newly introduced wrapping of the RequestHeader instead of the former way of enriching it with an AuthenticatedRequest containing inplace all the RequestHeader data.

The issue happens when doing e.g.

class Application @Inject()(deadbolt: DeadboltActions) extends Controller {
  def index = deadbolt.WithAuthRequest()() { authRequest =>
    Future {
      Ok(views.html.index(new MyDeadboltHandler)(authRequest))
    }
  }
}

What comes out of this is an AuthenticatedRequest that aggregates another AuthenticatedRequest that aggregates yet the original RequestHeader see attached.

This causes many issues later in the code because the original request data is hidden away within this nesting. For example, the preferred language is not found and the request body too and then as result, form request binding won't work.

Is there an alternative to using WithAuthRequest()() that's more friendly to pre 2.6 code? Otherwise can we not make an alternative to this approach?

I also posted a question here:
https://stackoverflow.com/questions/56068601/migrating-to-2-6-why-deadbolt2s-withauthrequest-outputing-multiple-nested

Though I thought this was the issue for my use-case, it wasn't. For the record, the issue was a change in the play.core.j.JavaHelpers that overloaded the createJavaContext and was creating one without body.