Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support multiple policy

See original GitHub issue

Hi, I am new in casbin and I am combining RBAC & ABAC model following https://casbin.org/docs/en/syntax-for-models#multiple-sections-type, but It seems that jcasbin has no implemented yet (I am using latest version v1.19.0). So I got the exception when running the test as below:

java.lang.NullPointerException
	at org.casbin.jcasbin.rbac.DefaultRoleManager.hasLink(DefaultRoleManager.java:197)
	at org.casbin.jcasbin.util.BuiltInFunctions$1.variadicCall(BuiltInFunctions.java:395)
	at com.googlecode.aviator.runtime.function.AbstractVariadicFunction.call(AbstractVariadicFunction.java:71)
	at Script_1638266462922_58.execute0(Script_1638266462922_58:1)
	at com.googlecode.aviator.ClassExpression.executeDirectly(ClassExpression.java:44)
	at com.googlecode.aviator.BaseExpression.execute(BaseExpression.java:237)
	at org.casbin.jcasbin.main.CoreEnforcer.enforce(CoreEnforcer.java:463)
	at org.casbin.jcasbin.main.CoreEnforcer.enforce(CoreEnforcer.java:575)

My test:

    @Test
    public void testRBACMixingABACModel() throws Exception {
        var objectMapper = new ObjectMapper();
        Adapter adapter =  new FileAdapter("src/test/resources/rbac_abac_mixing_policy.csv");
        Model model = new Model();
        model.loadModelFromText(FileUtil.readResource("/rbac_abac_mixing_model.conf"));
        Enforcer e = new Enforcer(model, adapter);
        EnforceContext enforceContext = new EnforceContext("p2", "e2", "m2", "r2");
        TestEvalRule alice = new TestEvalRule("alice", 18);
        assertEquals(false, e.enforce(enforceContext, alice, "/data1", "read"));
   }

My model:

[request_definition]
r = sub, obj, act
r2 = sub, obj, act

[policy_definition]
p = sub, obj, act
p2= sub_rule, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
#RABC
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
#ABAC
m2 = eval(p2.sub_rule) && r2.obj == p2.obj && r2.act == p2.act

My policies:

p2, r2.sub.age > 18 && r2.sub.age < 25, /data1, read
p, admin, /data2, write

g, alice, admin

My TestEvalRule class & EnforceContext class


    public static class TestEvalRule implements Serializable {
        private String name;
        private int age;

        TestEvalRule(String name, int age) {
            this.name = name;
            this.age = age;
        }

        public String getName() {
            return name;
        }

        public void setName(String name) {
            this.name = name;
        }

        public int getAge() {
            return age;
        }

        public void setAge(int age) {
            this.age = age;
        }
    }

    public static class EnforceContext {
        private String pType;
        private String eType;
        private String mType;
        private String rType;

        public EnforceContext(String pType, String eType, String mType, String rType) {
            this.pType = pType;
            this.eType = eType;
            this.mType = mType;
            this.rType = rType;
        }

        public String getpType() {
            return pType;
        }

        public void setpType(String pType) {
            this.pType = pType;
        }

        public String geteType() {
            return eType;
        }

        public void seteType(String eType) {
            this.eType = eType;
        }

        public String getmType() {
            return mType;
        }

        public void setmType(String mType) {
            this.mType = mType;
        }

        public String getrType() {
            return rType;
        }

        public void setrType(String rType) {
            this.rType = rType;
        }
    }

Please help to correct me if I am missing something. Thanks and best regards,

Huy

Issue Analytics

State:
Created 2 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

seriouszyxcommented, Nov 30, 2021

@huyphan-tiki @hungpham1309 Have supported it in #242, plz review. And in your example, the unit test should be changed as below (Use EnforceContext provided by jCasbin and set eType as “e”).

@Test
public void testRBACMixingABACModel() throws Exception {
    Enforcer e = new Enforcer("examples/rbac_abac_mixing_model.conf", "examples/rbac_abac_mixing_policy.csv");
    EnforceContext enforceContext = new EnforceContext("2");
    enforceContext.seteType("e");
    AbacAPIUnitTest.TestEvalRule alice = new AbacAPIUnitTest.TestEvalRule("alice", 18);
    assertEquals(false, e.enforce(enforceContext, alice, "/data1", "read"));
}

0reactions

huyphan-tikicommented, Nov 30, 2021

Thanks @hsluoyz , @seriouszyx a lot!

Top Results From Across the Web

Support multiple policy definitions · Issue #126 - GitHub

I have a use case that might be interesting to you: there are users, domains and items. Users usually obtain permission to work...

Creating a condition with multiple keys or values

Most condition keys support using multiple values. ... If your policy has multiple condition operators or multiple keys attached to a single condition ......

Use multiple Windows Defender Application Control Policies

Windows Defender Application Control supports multiple code integrity policies for one device.

How to include multiple policies - Stack Overflow

The first thing to realize is that Authorize attribute Policy setting is singular unlike Roles which can be plural and that multiple ...

Which policy applies to a user who is part of multiple security ...

If a user is part of multiple security groups, the policy assigned to that user is determined by the policy prioritization logic set...