ABAC roles

[ondesPositives]

Hi. I want to use the abac part of jcasbin. The problem is that I couldn't find where to define the attributes variables , example (r_obj.owner, r.sub.branch).

For this example that already exists:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = (g(r.sub, p.sub) || r.sub == r.obj.owner) && r.obj == p.obj && r.act == p.act

I got this: Exception in thread "main" com.googlecode.aviator.exception.ExpressionRuntimeException: Could not find variable r_obj.owner
    at com.googlecode.aviator.runtime.type.AviatorJavaType.getProperty(AviatorJavaType.java:301)
    at com.googlecode.aviator.runtime.type.AviatorJavaType.getValue(AviatorJavaType.java:251)
    at com.googlecode.aviator.runtime.type.AviatorJavaType.compare(AviatorJavaType.java:381)
    at Script_1551791355988_0/1869997857.execute0(Unknown Source)
    at com.googlecode.aviator.ClassExpression.execute(ClassExpression.java:72)
    at org.casbin.jcasbin.main.CoreEnforcer.enforce(CoreEnforcer.java:345)
    at Server.main(Server.java:131)
.....

Would you please help me! Thanks

[hsluoyz]

@ondesPositives see: https://casbin.org/docs/en/abac

[hsluoyz]

Closed as solved.

[ondesPositives]

Thank you for your help

[w-k-s]

Can you please provide an example of how to do this in Java. The documentation is thread-bare

[hsluoyz]

@w-k-s see:

https://github.com/casbin/jcasbin/blob/dc122cd5aadddfa79c2538fd11d3129b571c8125/src/test/java/org/casbin/jcasbin/main/ModelUnitTest.java#L312-L345