little.security

Type members

Classlikes

Provides factory for creating group permissions.

Provides factory for creating group permissions.

A group permission should be applied to an operation that must be restricted to a specific group of users. For example, if a user owns a resource, then read access to the resource can be restricted to the user's group.

See also
sealed trait Permission

Defines permission by name.

Defines permission by name.

Companion
object
object Permission

Provides Permission factory.

Provides Permission factory.

See also
Companion
class

Defines root context in which all permissions are granted.

Defines root context in which all permissions are granted.

See also
sealed trait SecurityContext

Defines context in which permissions are granted.

Defines context in which permissions are granted.

Security in Action

A SecurityContext establishes a pattern in which a restricted operation is performed only if its required permissions are granted; otherwise, a SecurityViolation is raised.

The following script demonstrates how read/write access to an in-memory cache could be implemented.

import little.security.{ Permission, SecurityContext, UserContext }

import scala.collection.concurrent.TrieMap

object SecureCache:
 // Define permissions for reading and writing cache entries
 private val getPermission = Permission("cache:get")
 private val putPermission = Permission("cache:put")

 private val cache = TrieMap[String, String](
   "gang starr"      -> "step in the arena",
   "digable planets" -> "blowout comb"
 )

 def get(key: String)(using security: SecurityContext): String =
   // Test for read permission before getting cache entry
   security(getPermission) { cache(key) }

 def put(key: String, value: String)(using security: SecurityContext): Unit =
   // Test for write permission before putting cache entry
   security(putPermission) { cache += key -> value }

// Create security context for user with read permission to cache
given SecurityContext = UserContext("losizm", "staff", Permission("cache:get"))

// Get cache entry
val classic = SecureCache.get("gang starr")

// Throw SecurityViolation because user lacks write permission
SecureCache.put("sucker mc", classic)
case class SecurityViolation(message: String) extends RuntimeException

Indicates security violation.

Indicates security violation.

Value Params
message

detail message

Constructor

Constructs SecurityViolation with supplied detail message.

sealed trait UserContext extends SecurityContext

Defines user context in which a set of permissions is granted.

Defines user context in which a set of permissions is granted.

See also
Companion
object
object UserContext

Provides UserContext factory.

Provides UserContext factory.

Companion
class

Provides factory for creating user permissions.

Provides factory for creating user permissions.

A user permission should be applied to an operation that must be restricted to a specific user. For example, if a user owns a resource, then write access to the resource can be restricted to the user.

See also