Skip to main content

Module security

xrust

Module security 

Source
Expand description

Support for security policies.

A security policy allows a module to limit, or constrain, access to a resource. The resource is named, using a QName, and the module will call into the in-force policy to retrieve the limitation set on the resource. The limitation is returned as a SecurityResult. The module may provide ActualParameters to the feature, refer to the module’s documentation for details.

use xrust::security::{SecurityResult, Policy, Feature};
use xrust::{Error, ErrorKind, Node};
use xrust::item::Item;
use xrust::value::Value;
use xrust::transform::Transform;
use xrust::transform::callable::ActualParameters;
use qualname::{QName, NcName};

fn get_feature<N: Node>(policy: &Policy<N>) -> Result<Option<String>, Error> {
   match policy.get(
      &QName::from_local_name(NcName::try_from("my_security_feature").unwrap()),
      ActualParameters::Named(vec![
         (QName::from_local_name(NcName::try_from("input").unwrap()),
          Transform::Literal(Item::Value(Rc::new(Value::from("value")))))
      ])
   )? {
       SecurityResult::NotPermitted => Err(Error::new(ErrorKind::NotPermitted, "access denied")),
       SecurityResult::Permitted(None) => Ok(None),
       SecurityResult::Permitted(Some(v)) => Ok(Some(v)),
   }
}

If a policy does not define a limit or constraint for a resource, then the module will define a default value. The module should set a default that has minimal security implications for the application. Most likely this will be to deny access to the resource.

Security policies are named. Many named policies can be loaded into the system. The application can nominate which policy it wants to be in force (“activated”).

Resource constraints may be specified either as an absolute value or with a template. Templates use the same syntax as XSLT templates.

In this example, a security policy is created with the feature set to “permitted with no limits”.

use xrust::security::{Feature, Policy};
use xrust::trees::smite::RNode;
use qualname::{QName, NcName};

let mut policy: Policy<RNode> = Policy::new(QName::from_local_name(
   NcName::try_from("test_policy").unwrap(),
));
policy.add(
   QName::from_local_name(
       NcName::try_from("my_security_feature").unwrap(),
   ),
   Feature::Permitted(None),
);

Structs§

Policy
A security policy. Security policies contain a number of security Features.
SecurityPolicies
All of the security policies available for use, indexed by name. One of these policies may be in force (or “active”).

Enums§

Feature
A security feature. These limit or constrain acccess to a resource. Access to a resource may, or may not, be permitted. If access is permitted, then it may also be constrained so some maximum value. This value is computed dynamically using a Transform. If no Transform is given then the access to the resource is unlimited.
SecurityResult
The result of determining the limitation or constraint for a security feature. Permitted means that the application is allowed to access the resource. The contained value is a limit on the usage of the resource. If it is None then there is no limit on resource usage, or the module may impose a default limit. NotPermitted means that the application is not allowed to access the resource at all, or the module may impose a default limit.