Things You Need To Know About Jcasbin Service

Jcasbin supports a variety of classic access control methods, such as role-based access control RBAC, attribute-based access control ABAC, etc.

The main features of jCasbin include - 

1. Support custom request format, the default request format is {subject, object, action};

2. Has two core concepts of access control model model and policy;

3. Support multi-layer role inheritance in RBAC, not only the subject can have roles, but resources can also have roles;

4. Support super users, such as root or Administrator, super users can access any resources without being restricted by authorization policies;

Here is an example how to use Jcasbin in Spring boot - 

Based on springboot1.5.10, but not very much related to springboot.

1. Introduce the mavan warehouse

  <dependency>
     <groupId>org.casbin</groupId>
     <artifactId>jcasbin</artifactId>
     <version>1.1.0</version>
  </dependency>
  <dependency>
     <groupId>org.casbin</groupId>
     <artifactId>jdbc-adapter</artifactId>
     <version>1.1.0</version>
   </dependency>

2. Two, read permission information to initialize

We need to initialize the Enforcer class and load the information in the configuration file

@Component
public class EnforcerFactory implements InitializingBean {
 
    private static Enforcer enforcer;
 
    @Autowired
    private EnforcerConfigProperties enforcerConfigProperties;
    private static EnforcerConfigProperties config;
    
    @Override
    public void afterPropertiesSet() throws Exception {
        config = enforcerConfigProperties;
        JDBCAdapter jdbcAdapter = new JDBCAdapter(config.getDriverClassName(),config.getUrl(),config.getUsername(),
                                                    config.getPassword(), true);
        enforcer = new Enforcer(config.getModelPath(), jdbcAdapter);
        enforcer.loadPolicy();//Load the policy from DB.
    }
    
    public static boolean addPolicy(Policy policy){
        boolean addPolicy = enforcer.addPolicy(policy.getSub(),policy.getObj(),policy.getAct());
        enforcer.savePolicy();
        
        return addPolicy;
    }
    
    public static boolean removePolicy(Policy policy){
        boolean removePolicy = enforcer.removePolicy(policy.getSub(),policy.getObj(),policy.getAct());
        enforcer.savePolicy();
        
        return removePolicy;
    }
    
    public static Enforcer getEnforcer(){
        return enforcer;
    }    

}

Policy is a custom class that encapsulates official collections/arrays.

public class Policy {

    private String sub;
    
    private String obj;
    
    private String act;
 
 }

3. Add and delete permissions

For permission operations, we can directly call the corresponding method in the EnforcerFactory written above - 

@PutMapping("/add/role/policy")
    public ResultBO<Object> addPer(){
        
        EnforcerFactory.addPolicy(new Policy("alice", "/user/list", "*"));
        
        return ResultTool.success();
    }
    
    @DeleteMapping("/remove/role/policy")
    public ResultBO<Object> deletePer(){
        
        EnforcerFactory.removePolicy(new Policy("alice", "/user/list", "*"));
        
        return ResultTool.success();

}

In this way, we can combine jcasbin and SpringCloud's zuul to achieve unified user login and permission control. A custom filter can be inherited from ZuulFilter.