kings13y/AuthznIntent.scala

## AuthznIntent.scala
object AuthznIntent {

	// AuthorizationRequest is a template for a Rule in the system (basically, a rule with no actions on the Rule result)
	// By default the example is referencing variables as per entities that exist in the JAAS model, namely having the  'Principal' variable act as the identity of the caller and a number of subjects, aka user credentials, which would be associated with the Princicpal.
	// The requestor id is also acting as the users token for service innvocation (aka a session scoped token), and the account Id represents the entity on which we
	// are perfroming the action
	case class AuthorizationRequest(requestorId: String, operationName: String, principal: String, subjects: Set[String], accountId: String)

	// The expected response from the operation. Rules could be enacted before calling the action (preventative rules) or after (filtering rules)
	case class PayloadResponse(var attribA : String = "a", var attribB : String = "b", var attribC : String = "c")

	// An authorization test, and a set of functions to be applied on success/failure. In truth, there'd be conditions where an Auth Exception would
	// be thrown for an Auth Failure, but it's (probably) more interesting to deal with the attribute filtering use case.
	case class Rule(test: AuthorizationRequest => Boolean, trueActions: Set[PayloadResponse => Unit], falseActions: Set[PayloadResponse => Unit])

	// Lets assume that the client makes two request: a VALID one for theie own account; and an INVALID one for another account
	val authReq1 = new AuthorizationRequest("1", "doSomething", "B2C", Set("a"), "1")
	val authReq2 = new AuthorizationRequest("1", "doSomething", "B2C", Set("a"), "2")

	// If the rule passes/succeeds/isTRUE, do nothing, on failure, filter/nill out attribute A from the response
	val rule1 = Rule(((x: AuthorizationRequest) => (x.requestorId == x.accountId)), Set(), Set(((y: PayloadResponse) => (y.attribA = ""))))

	// Method to test and apply the result of a permission test
	def applyPermissions(authReq: AuthorizationRequest) = {

		var payloadResponse = new PayloadResponse()

		// Inner method so we could recurse over a List of rules to apply
		def applyRule(rule: Rule) {
			if(rule.test(authReq)) {
				println("rule determined to be TRUE")
				rule.trueActions.foreach(action => action(payloadResponse))
			} else {
				println("rule determined to be FALSE")
				rule.falseActions.foreach(action => action(payloadResponse))
			}
		}

		applyRule(rule1)

		// return the payload
		payloadResponse
}

	def main(args: Array[String]) {
		println("Running tests...")
		println(applyPermissions(authReq1))
		println(applyPermissions(authReq2))
		println("..tests complete")

	}
}
	object AuthznIntent {

	// AuthorizationRequest is a template for a Rule in the system (basically, a rule with no actions on the Rule result)
	// By default the example is referencing variables as per entities that exist in the JAAS model, namely having the 'Principal' variable act as the identity of the caller and a number of subjects, aka user credentials, which would be associated with the Princicpal.
	// The requestor id is also acting as the users token for service innvocation (aka a session scoped token), and the account Id represents the entity on which we
	// are perfroming the action
	case class AuthorizationRequest(requestorId: String, operationName: String, principal: String, subjects: Set[String], accountId: String)

	// The expected response from the operation. Rules could be enacted before calling the action (preventative rules) or after (filtering rules)
	case class PayloadResponse(var attribA : String = "a", var attribB : String = "b", var attribC : String = "c")

	// An authorization test, and a set of functions to be applied on success/failure. In truth, there'd be conditions where an Auth Exception would
	// be thrown for an Auth Failure, but it's (probably) more interesting to deal with the attribute filtering use case.
	case class Rule(test: AuthorizationRequest => Boolean, trueActions: Set[PayloadResponse => Unit], falseActions: Set[PayloadResponse => Unit])

	// Lets assume that the client makes two request: a VALID one for theie own account; and an INVALID one for another account
	val authReq1 = new AuthorizationRequest("1", "doSomething", "B2C", Set("a"), "1")
	val authReq2 = new AuthorizationRequest("1", "doSomething", "B2C", Set("a"), "2")

	// If the rule passes/succeeds/isTRUE, do nothing, on failure, filter/nill out attribute A from the response
	val rule1 = Rule(((x: AuthorizationRequest) => (x.requestorId == x.accountId)), Set(), Set(((y: PayloadResponse) => (y.attribA = ""))))

	// Method to test and apply the result of a permission test
	def applyPermissions(authReq: AuthorizationRequest) = {

	var payloadResponse = new PayloadResponse()

	// Inner method so we could recurse over a List of rules to apply
	def applyRule(rule: Rule) {
	if(rule.test(authReq)) {
	println("rule determined to be TRUE")
	rule.trueActions.foreach(action => action(payloadResponse))
	} else {
	println("rule determined to be FALSE")
	rule.falseActions.foreach(action => action(payloadResponse))
	}
	}

	applyRule(rule1)

	// return the payload
	payloadResponse
	}

	def main(args: Array[String]) {
	println("Running tests...")
	println(applyPermissions(authReq1))
	println(applyPermissions(authReq2))
	println("..tests complete")

	}
	}