SecurityContext

sealed trait SecurityContext

Defines context in which permissions are granted.

Security in Action

A SecurityContext establishes a pattern in which a restricted operation is performed only if its required permissions are granted; otherwise, a SecurityViolation is raised.

The following script demonstrates how read/write access to an in-memory cache could be implemented.

import little.security.{ Permission, SecurityContext, UserContext }

import scala.collection.concurrent.TrieMap

object SecureCache:
 // Define permissions for reading and writing cache entries
 private val getPermission = Permission("cache:get")
 private val putPermission = Permission("cache:put")

 private val cache = TrieMap[String, String](
   "gang starr"      -> "step in the arena",
   "digable planets" -> "blowout comb"
 )

 def get(key: String)(using security: SecurityContext): String =
   // Test for read permission before getting cache entry
   security(getPermission) { cache(key) }

 def put(key: String, value: String)(using security: SecurityContext): Unit =
   // Test for write permission before putting cache entry
   security(putPermission) { cache += key -> value }

// Create security context for user with read permission to cache
given SecurityContext = UserContext("losizm", "staff", Permission("cache:get"))

// Get cache entry
val classic = SecureCache.get("gang starr")

// Throw SecurityViolation because user lacks write permission
SecureCache.put("sucker mc", classic)
class Object
trait Matchable
class Any

Value members

Abstract methods

def test(perm: Permission): Boolean

Tests whether given permission is granted.

Tests whether given permission is granted.

Value Params
perm

permission

Returns

true if permission is granted; otherwise, false

Concrete methods

def all[T](perms: Set[Permission])(op: => T): T

Tests permissions before applying operation.

Tests permissions before applying operation.

If all supplied permissions are granted, the operation is applied; otherwise, SecurityViolation is thrown.

Value Params
op

operation

perms

permissions

Returns

value of operation

Throws
SecurityViolation

if all permissions are not granted

Note

The operation is authorized if perms is empty.

def all[T](one: Permission, more: Permission*)(op: => T): T

Tests permissions before applying operation.

Tests permissions before applying operation.

If all supplied permissions are granted, the operation is applied; otherwise, SecurityViolation is thrown.

Value Params
more

additional permissions

one

permission

op

operation

Returns

value of operation

Throws
SecurityViolation

if all permissions are not granted

def any[T](perms: Set[Permission])(op: => T): T

Tests permissions before applying operation.

Tests permissions before applying operation.

If any of supplied permissions is granted, the operation is applied; otherwise, SecurityViolation is thrown.

Value Params
op

operation

perms

permissions

Returns

value of operation

Throws
SecurityViolation

if no permission is granted

Note

The operation is authorized if perms is empty.

def any[T](one: Permission, more: Permission*)(op: => T): T

Tests permissions before applying operation.

Tests permissions before applying operation.

If any of supplied permissions is granted, the operation is applied; otherwise, SecurityViolation is thrown.

Value Params
more

additional permissions

one

permission

op

operation

Returns

value of operation

Throws
SecurityViolation

if no permission is granted

def apply[T](perm: Permission)(op: => T): T

Tests permission before applying operation.

Tests permission before applying operation.

If supplied permission is granted, the operation is applied; otherwise, SecurityViolation is thrown.

Value Params
op

operation

perm

permission

Returns

value of operation

Throws
SecurityViolation

if permission is not granted