Closed jtktam closed 6 years ago
For me, it is OK. Please try this configuration and see if the result is correct.
never mind.. I think I finally understand how to do it.. I will post an update soon
String expString = ((Assertion)((Map)this.model.model.get("m")).get("m")).value;
(g(r_sub, p_sub) || r_sub == r_obj.owner) && keyMatch(r_obj, p_obj) && regexMatch(r_act, p_act)
Expression expression = AviatorEvaluator.compile(expString);
expression var_0 name = "r_sub" var_1 name = "p_sub" var_2 name = "r_obj.owner" var_3 name = "r_obj" var_4 name = "p_obj" var_5 name = "r_act" var_6 name = "p_act" var_7 rm name = "g" var_8 Class has no fields var_9 Class has no fields varNames = size = 6 0 = "r_sub" 1 = "p_sub" 2 = "r_obj" 3 = "p_obj" 4 = "r_act" 5 = "p_act" varFullNames = size = 7 0 = "r_sub" 1 = "p_sub" 2 = "r_obj.owner" 3 = "r_obj" 4 = "p_obj" 5 = "r_act" 6 = "p_act" expression = null
Object result = expression.execute(parameters);
parameters = size = 6 0 = "r_sub" -> "guest" 1 = "p_act" -> "*" 2 = "r_act" -> "GET" 3 = "p_sub" -> "guest" 4 = "r_obj" -> 5 = "p_obj" -> "/swagger-ui.html"
at this point i get an exception:
com.googlecode.aviator.exception.ExpressionRuntimeException: Execute expression error
It seems that your r_obj
is an instance of a class, as you used its owner
member. So in keyMatch(r_obj, p_obj)
, you should also use a string member of it instead of itself. For example use keyMatch(r_obj.name, p_obj)
.
that was the part that was missing.. thanks for the help!
Hi,
I want to use the abac part of jcasbin to secure my restful endpoints.
I want to be able to define groups and write a matcher that will combine group permissions and user permissions
is this correct syntax?
thanks!