object AuthznIntent { // AuthorizationRequest is a template for a Rule in the

1. object AuthznIntent {
2.  
3. // AuthorizationRequest is a template for a Rule in the system (basically, a rule with no actions on the Rule result)
4. // By default the example is referencing variables as per entities that exist in the JAAS model, namely having the 'Principal' variable act as the identity of the caller and a number of subjects, aka user credentials, which would be associated with the Princicpal.
5. // The requestor id is also acting as the users token for service innvocation (aka a session scoped token), and the account Id represents the entity on which we
6. // are perfroming the action
7. case class AuthorizationRequest(requestorId: String, operationName: String, principal: String, subjects: Set[String], accountId: String)
8.  
9. // The expected response from the operation. Rules could be enacted before calling the action (preventative rules) or after (filtering rules)
10. case class PayloadResponse(var attribA : String = "a", var attribB : String = "b", var attribC : String = "c")
11.  
12. // An authorization test, and a set of functions to be applied on success/failure. In truth, there'd be conditions where an Auth Exception would
13. // be thrown for an Auth Failure, but it's (probably) more interesting to deal with the attribute filtering use case.
14. case class Rule(test: AuthorizationRequest => Boolean, trueActions: Set[PayloadResponse => Unit], falseActions: Set[PayloadResponse => Unit])
15.  
16. // Lets assume that the client makes two request: a VALID one for theie own account; and an INVALID one for another account
17. val authReq1 = new AuthorizationRequest("1", "doSomething", "B2C", Set("a"), "1")
18. val authReq2 = new AuthorizationRequest("1", "doSomething", "B2C", Set("a"), "2")
19.  
20. // If the rule passes/succeeds/isTRUE, do nothing, on failure, filter/nill out attribute A from the response
21. val rule1 = Rule(((x: AuthorizationRequest) => (x.requestorId == x.accountId)), Set(), Set(((y: PayloadResponse) => (y.attribA = ""))))
22.  
23. // Method to test and apply the result of a permission test
24. def applyPermissions(authReq: AuthorizationRequest) = {
25.  
26. var payloadResponse = new PayloadResponse()
27.  
28. // Inner method so we could recurse over a List of rules to apply
29. def applyRule(rule: Rule) {
30. if(rule.test(authReq)) {
31. println("rule determined to be TRUE")
32. rule.trueActions.foreach(action => action(payloadResponse))
33. } else {
34. println("rule determined to be FALSE")
35. rule.falseActions.foreach(action => action(payloadResponse))
36. }
37. }
38.  
39. applyRule(rule1)
40.  
41. // return the payload
42. payloadResponse
43. }
44.  
45. def main(args: Array[String]) {
46. println("Running tests...")
47. println(applyPermissions(authReq1))
48. println(applyPermissions(authReq2))
49. println("..tests complete")
50.  
51. }
52. }