Authorization action

AuthZ.scala

package org.w3.readwriteweb.play.auth

import play.api.mvc._
import javax.security.auth.Subject
import java.security.Principal
import play.api.libs.concurrent.Promise
import java.security.cert.Certificate


/**
 * An Authorization Action
 * Wraps an Action, which it authorizes (or not)
 * @param guard a method that filters requests, into those that are authorized (maps to true) and those that are not
 * @param action the action that will be run if authorized
 * @tparam A the type of the request body
 */
case class AuthZ[A](guard: RequestHeader => Boolean)(action: Action[A]) extends Action[A] {

  def apply(request: Request[A]): Result = {
    if (guard(request)) action(request)
    else Results.Unauthorized
  }

  override
  def parser = action.parser
}

case class WebAccessControlGuard(
    subject : RequestHeader => Subject,
    group: RequestHeader => Group) extends (RequestHeader => Boolean) {
  def apply(request: RequestHeader) = group(request).member(subject(request))
}

trait Group {
   def member(subj: =>Subject): Boolean
}

object EveryBody extends Group {
   def member(subj: =>Subject) = true
}

To be used with Play 2.0 Action such as the following, which authorizes all resources starting with "a"

package controllers

import play.api._
import play.api.mvc._
import play.api.libs.concurrent._
import org.w3.readwriteweb.play.auth._

object Application extends Controller {

  def index(rg: String) = AuthZ(r => rg.startsWith("a")) {
        Action {
          Ok("hello "+rg)
        }
      }
}