Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- object AuthznIntent {
- // AuthorizationRequest is a template for a Rule in the system (basically, a rule with no actions on the Rule result)
- // By default the example is referencing variables as per entities that exist in the JAAS model, namely having the 'Principal' variable act as the identity of the caller and a number of subjects, aka user credentials, which would be associated with the Princicpal.
- // The requestor id is also acting as the users token for service innvocation (aka a session scoped token), and the account Id represents the entity on which we
- // are perfroming the action
- case class AuthorizationRequest(requestorId: String, operationName: String, principal: String, subjects: Set[String], accountId: String)
- // The expected response from the operation. Rules could be enacted before calling the action (preventative rules) or after (filtering rules)
- case class PayloadResponse(var attribA : String = "a", var attribB : String = "b", var attribC : String = "c")
- // An authorization test, and a set of functions to be applied on success/failure. In truth, there'd be conditions where an Auth Exception would
- // be thrown for an Auth Failure, but it's (probably) more interesting to deal with the attribute filtering use case.
- case class Rule(test: AuthorizationRequest => Boolean, trueActions: Set[PayloadResponse => Unit], falseActions: Set[PayloadResponse => Unit])
- // Lets assume that the client makes two request: a VALID one for theie own account; and an INVALID one for another account
- val authReq1 = new AuthorizationRequest("1", "doSomething", "B2C", Set("a"), "1")
- val authReq2 = new AuthorizationRequest("1", "doSomething", "B2C", Set("a"), "2")
- // If the rule passes/succeeds/isTRUE, do nothing, on failure, filter/nill out attribute A from the response
- val rule1 = Rule(((x: AuthorizationRequest) => (x.requestorId == x.accountId)), Set(), Set(((y: PayloadResponse) => (y.attribA = ""))))
- // Method to test and apply the result of a permission test
- def applyPermissions(authReq: AuthorizationRequest) = {
- var payloadResponse = new PayloadResponse()
- // Inner method so we could recurse over a List of rules to apply
- def applyRule(rule: Rule) {
- if(rule.test(authReq)) {
- println("rule determined to be TRUE")
- rule.trueActions.foreach(action => action(payloadResponse))
- } else {
- println("rule determined to be FALSE")
- rule.falseActions.foreach(action => action(payloadResponse))
- }
- }
- applyRule(rule1)
- // return the payload
- payloadResponse
- }
- def main(args: Array[String]) {
- println("Running tests...")
- println(applyPermissions(authReq1))
- println(applyPermissions(authReq2))
- println("..tests complete")
- }
- }
Add Comment
Please, Sign In to add comment