search

casbin / jcasbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Java
https://casbin.org
Apache License 2.0
2.4k stars 464 forks source link

Enforcer unable to load policy from DB. #372

Closed Harishs27 closed 9 months ago

Harishs27 commented 10 months ago

My application is cloud based springboot app with multiple tenants/domain.

I have many policies present already in db for each tenants/domain. When i start the application the first thing we do is to wait for enforcer to load all the policies in memory. However we are not stopping the application if the enforcer is not ready. So we have a simple function to check if enforcer is ready by getting all the roles from DB by using the command, we try this for 5 times.

enforcer.getAllRoles().isEmpty();

Now the above command always gives empty result. And the application still goes ahead and starts.

So in this scenario when i am trying to get all the roles for the given user in given tenant using below function i am getting error.

public void getRolesForUser(String userId, String domain){ enforcer.getRolesForUserInDomain(userId, domain); }

The error i am getting is as below

10-01-2024 14:25:11.505|[http-nio-8080-exec-3]|[]|ERROR|org.casbin.jcasbin|error: name does not exist

Why is enforcer unable to load policies from DB.

The casbin version i'm using is 0.4.1

casbin-bot commented 10 months ago

@tangyang9464 @imp2002

hsluoyz commented 10 months ago

@Harishs27 can you answer these?

  1. What you do?
  2. What you expect?
  3. What you got instead?
  4. Is this happening for all Casbin versions? If not, it starts to happen from which version?
Harishs27 commented 10 months ago
  1. We are using rbac for authorization. I am using RBAC model with domain.
  2. I should be able to use casbin enforcer to fetch roles, permissions of user and should be able to validate permission of user against the stored policy using casbin.
  3. When trying to fetch the users roles and permission the enforcer.getRolesForUserInDomain(userId, domain) is throwing error as org.casbin.jcasbin|error: name does not exist. Ideally it should have given me all the roles which are associated to the user. And by querying the db i can see that the user has multiple roles with him.
  4. We have multiple environments where we are using the same version of casbin for authorization and it's all working fine. But however it started failing in one of the environments now. And it's unable to recover from this state.

I have not upgraded to new versions of casbin. So i am not sure if its recurring issue with other versions as well

imp2002 commented 9 months ago

Run test testRoleAPIWithDomains() in RbacAPIWithDomainsUnitTest.java to test getRolesForUserInDomain(), all as expected! The probability is that you are using it incorrectly, you can refer to the usage of the test.

image

hsluoyz commented 9 months ago

Closed as resolved