search

codingchili / chili-core

Reactive framework for creating transport & storage-transparent microservices with Vert.x
https://codingchili.github.io/chili-core/
MIT License
14 stars 5 forks source link

Add rbac support to Protocol and Token #110

Closed codingchili closed 6 years ago

codingchili commented 7 years ago

Increase granularity of service accessibility from public/authorized to roles.

codingchili commented 7 years ago

Associated with #107

codingchili commented 7 years ago

Implement as vertx auth provider.

codingchili commented 7 years ago

Added properties to tokens, vertx auth provider in another issue.

codingchili commented 7 years ago

Add integration with the Protocol for specifying access levels

codingchili commented 6 years ago

Added to protocol, custom roles, annotations supported, access levels. To be used with a RoleManager to get the roles from incoming requests. RoleManager TBD

veotax commented 6 years ago

jCasbin is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, casbin has several advantages:

  1. roles can be cascaded, aka roles can have roles.
  2. support resource roles, so users have their roles and resource have their roles too. role = group here.
  3. the permission assignments (or policy in casbin's language) can be persisted in files or database.
  4. multiple models like ACL, BLP, RBAC, ABAC, RESTful are supported.

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.

I saw there's a RBAC need here, and I think jCasbin is a good choice. What do you think? Thanks.