SecurityContext
Defines context in which permissions are granted.
Security in Action
A SecurityContext
establishes a pattern in which a restricted operation is
performed only if its required permissions are granted; otherwise, a
SecurityViolation is raised.
The following script demonstrates how read/write access to an in-memory cache could be implemented.
import little.security.{ Permission, SecurityContext, UserContext }
import scala.collection.concurrent.TrieMap
object SecureCache:
// Define permissions for reading and writing cache entries
private val getPermission = Permission("cache:get")
private val putPermission = Permission("cache:put")
private val cache = TrieMap[String, String](
"gang starr" -> "step in the arena",
"digable planets" -> "blowout comb"
)
def get(key: String)(using security: SecurityContext): String =
// Test for read permission before getting cache entry
security(getPermission) { cache(key) }
def put(key: String, value: String)(using security: SecurityContext): Unit =
// Test for write permission before putting cache entry
security(putPermission) { cache += key -> value }
// Create security context for user with read permission to cache
given SecurityContext = UserContext("losizm", "staff", Permission("cache:get"))
// Get cache entry
val classic = SecureCache.get("gang starr")
// Throw SecurityViolation because user lacks write permission
SecureCache.put("sucker mc", classic)
Value members
Abstract methods
Concrete methods
Tests permissions before applying operation.
Tests permissions before applying operation.
If all supplied permissions are granted, the operation is applied; otherwise, SecurityViolation is thrown.
- Value Params
- op
operation
- perms
permissions
- Returns
value of operation
- Throws
- SecurityViolation
if all permissions are not granted
- Note
The operation is authorized if
perms
is empty.
Tests permissions before applying operation.
Tests permissions before applying operation.
If all supplied permissions are granted, the operation is applied; otherwise, SecurityViolation is thrown.
- Value Params
- more
additional permissions
- one
permission
- op
operation
- Returns
value of operation
- Throws
- SecurityViolation
if all permissions are not granted
Tests permissions before applying operation.
Tests permissions before applying operation.
If any of supplied permissions is granted, the operation is applied; otherwise, SecurityViolation is thrown.
- Value Params
- op
operation
- perms
permissions
- Returns
value of operation
- Throws
- SecurityViolation
if no permission is granted
- Note
The operation is authorized if
perms
is empty.
Tests permissions before applying operation.
Tests permissions before applying operation.
If any of supplied permissions is granted, the operation is applied; otherwise, SecurityViolation is thrown.
- Value Params
- more
additional permissions
- one
permission
- op
operation
- Returns
value of operation
- Throws
- SecurityViolation
if no permission is granted
Tests permission before applying operation.
Tests permission before applying operation.
If supplied permission is granted, the operation is applied; otherwise, SecurityViolation is thrown.
- Value Params
- op
operation
- perm
permission
- Returns
value of operation
- Throws
- SecurityViolation
if permission is not granted