search

casbin / jcasbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Java
https://casbin.org
Apache License 2.0
2.38k stars 461 forks source link

Function `enforce` working first time only #407

Closed thinhtpt2000 closed 1 month ago

thinhtpt2000 commented 2 months ago

I'm testing Casbin function about multi-domain support. My code is working only the first time. If I run again without clearing data on DB, I got the exception.

Exception in thread "main" org.casbin.jcasbin.exception.CasbinMatcherException: invalid policy size: expected 5, got 6, pvals: [account_admin, .{0, }, account, read, allow]
    at org.casbin.jcasbin.main.CoreEnforcer.getPTokens(CoreEnforcer.java:878)
    at org.casbin.jcasbin.main.CoreEnforcer.enforce(CoreEnforcer.java:631)
    at org.casbin.jcasbin.main.CoreEnforcer.enforce(CoreEnforcer.java:738)
    at com.katalon.example.Main.main(Main.java:35)

My code

import org.casbin.adapter.JDBCAdapter;
import org.casbin.jcasbin.main.Enforcer;
import org.postgresql.ds.PGSimpleDataSource;

public class Main {
    public static void main(String[] args) throws Exception {
        var driver = "org.postgresql.Driver";
        var url = "jdbc:postgresql://localhost:5432/casbin";
        final var dataSource = getSimpleDataSource(url);

        var a = new JDBCAdapter(dataSource);

        var modelPath = Thread.currentThread().getContextClassLoader()
                .getResource("model.conf")
                .getPath();
        var e = new Enforcer(modelPath, a);

        e.addPolicy("account_admin", ".{0,}", "account", "read", "allow");
        e.addPolicy("account_admin", ".{0,}", "account", "update", "allow");
        e.addPolicy("account_admin", "domain1.{0,}", "account", "update", "deny");
        e.addPolicy("project_admin", "domain1.{0,}", "project", "read", "allow");
        e.addRoleForUserInDomain("alice", "account_admin", "domain1");
        e.addRoleForUserInDomain("alice", "project_admin", "domain1");

        e.addRoleForUserInDomain("alice", "account_admin", "domain2");

        // Check the permission.
        var result = e.enforce("alice", "domain1", "account", "update");
        System.out.println("Check results: account.update => " + result);

        result = e.enforce("alice", "domain1", "project", "read");
        System.out.println("Check results: project.read => " + result);

        result = e.enforce("alice", "domain2", "account", "update");
        System.out.println("Check results d2: account.update => " + result);

        // Save the policy back to DB.
        e.savePolicy();
        // Close the connection.
        a.close();
    }

    private static PGSimpleDataSource getSimpleDataSource(String url) {
        var username = "postgres";
        var password = "admin";

        // Recommend use DataSource to initialize a JDBC adapter.
        // Implementer of DataSource interface, such as hikari, c3p0, durid, etc.
        var dataSource = new PGSimpleDataSource();
        dataSource.setURL(url);
        dataSource.setUser(username);
        dataSource.setPassword(password);
        return dataSource;
    }
}

My model.conf

[request_definition]
r = sub, dom, obj, act

[policy_definition]
p = sub, dom, obj, act, eft

[role_definition]
g = _, _, _

[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))

[matchers]
m = g(r.sub, p.sub, r.dom) && regexMatch(r.dom, p.dom) && r.obj == p.obj && r.act == p.act

My using dependencies

dependencies {
    implementation("org.casbin:jcasbin:1.55.0")
    implementation("org.casbin:jdbc-adapter:2.7.0")
    implementation("org.postgresql:postgresql:42.7.3")
}

Hope someone can help me figure it out. Thank you, Thinh Tran.

casbin-bot commented 2 months ago

@tangyang9464 @imp2002

JackYifan commented 2 months ago

@thinhtpt2000 What does ".{0,}" mean in statement e.addPolicy("account_admin", ".{0,}", "account", "read", "allow");?