Type members


Provides factory for creating group permissions.

A group permission should be applied to an operation that must be restricted to a specific group of users. For example, if a user owns a resource, then read access to the resource can be restricted to the user's group.

Defines permission by name.

object Permission

Provides Permission factory.

Defines root context in which all permissions are granted.

Defines context in which permissions are granted.

Security in Action

A SecurityContext establishes a pattern in which a restricted operation is performed only if its required permissions are granted; otherwise, a SecurityViolation is raised.

The following script demonstrates how read/write access to an in-memory cache could be implemented.

import{ Permission, SecurityContext, UserContext }

import scala.collection.concurrent.TrieMap

object SecureCache:
 // Define permissions for reading and writing cache entries
 private val getPermission = Permission("cache:get")
 private val putPermission = Permission("cache:put")

 private val cache = TrieMap[String, String](
   "gang starr"      -> "step in the arena",
   "digable planets" -> "blowout comb"

 def get(key: String)(using security: SecurityContext): String =
   // Test for read permission before getting cache entry
   security(getPermission) { cache(key) }

 def put(key: String, value: String)(using security: SecurityContext): Unit =
   // Test for write permission before putting cache entry
   security(putPermission) { cache += key -> value }

// Set security context for user with read permission to cache
given SecurityContext = UserContext("lupita", "staff", Permission("cache:get"))

// Get cache entry
val classic = SecureCache.get("gang starr")

// Throw SecurityViolation because user lacks write permission
SecureCache.put("sucker mc", classic)
class SecurityViolation(message: String) extends RuntimeException

Indicates security violation.

Value Params

detail message


Constructs SecurityViolation with supplied detail message.


Defines user context in which a set of permissions is granted.

Provides UserContext factory.

Provides factory for creating user permissions.

A user permission should be applied to an operation that must be restricted to a specific user. For example, if a user owns a resource, then write access to the resource can be restricted to the user.

