BAEL-8813: Authorization using jCasbin

libraries-7/pom.xml

@@ -83,6 +83,16 @@
             <artifactId>elasticjob-bootstrap</artifactId>
             <version>${elasticjob.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.casbin</groupId>
+            <artifactId>jcasbin</artifactId>
+            <version>${jcasbin.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>${commons-io.version}</version>
+        </dependency>
     </dependencies>
 
     <build>
@@ -128,6 +138,8 @@
         <jte.version>3.2.2</jte.version>
         <hypersistence.version>2.1.4</hypersistence.version>
         <elasticjob.version>3.0.5</elasticjob.version>
+        <jcasbin.version>1.99.0</jcasbin.version>
+        <commons-io.version>2.17.0</commons-io.version>
     </properties>
 
 </project>

libraries-7/src/test/java/com/baeldung/jcasbin/EnforcerUnitTest.java

@@ -0,0 +1,66 @@
+package com.baeldung.jcasbin;
+
+import java.io.IOException;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.casbin.jcasbin.main.Enforcer;
+import org.casbin.jcasbin.model.Model;
+import org.casbin.jcasbin.persist.file_adapter.FileAdapter;
+import org.junit.jupiter.api.Test;
+
+class EnforcerUnitTest {
+
+    @Test
+    void givenAclConfiguration_whenCheckingPermissions_thenTheCorrectResultsAreReturned() throws IOException {
+
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/acl.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/acl.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        assertTrue(enforcer.enforce("alice", "data1", "read"));
+        assertTrue(enforcer.enforce("bob", "data2", "write"));
+
+        assertFalse(enforcer.enforce("alice", "data2", "write"));
+    }
+
+    @Test
+    void givenAclSuperuserConfiguration_whenCheckingPermissions_thenTheCorrectResultsAreReturned() throws IOException {
+
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/acl.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/acl_superuser.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        assertTrue(enforcer.enforce("alice", "data1", "read"));
+        assertTrue(enforcer.enforce("bob", "data2", "write"));
+
+        assertTrue(enforcer.enforce("root", "data2", "write"));
+    }
+
+
+    @Test
+    void givenRbacConfiguration_whenCheckingPermissions_thenTheCorrectResultsAreReturned() throws IOException {
+
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/rbac.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/rbac.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        assertTrue(enforcer.enforce("alice", "data1", "read"));
+        assertTrue(enforcer.enforce("bob", "data2", "write"));
+
+        assertTrue(enforcer.enforce("carol", "data2", "read"));
+    }
+}

libraries-7/src/test/java/com/baeldung/jcasbin/ManagementUnitTest.java

@@ -0,0 +1,144 @@
+package com.baeldung.jcasbin;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Set;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.casbin.jcasbin.main.Enforcer;
+import org.casbin.jcasbin.model.Model;
+import org.casbin.jcasbin.persist.file_adapter.FileAdapter;
+import org.junit.jupiter.api.Test;
+
+public class ManagementUnitTest {
+    @Test
+    void whenQueryingSubjects_thenTheCorrectSubjectsAreReturned() throws IOException {
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/acl.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/acl.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        List<String> subjects = enforcer.getAllSubjects();
+        assertEquals(2, subjects.size());
+        assertTrue(subjects.contains("alice"));
+        assertTrue(subjects.contains("bob"));
+    }
+
+    @Test
+    void whenQueryingObjects_thenTheCorrectObjectsAreReturned() throws IOException {
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/acl.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/acl.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        List<String> objects = enforcer.getAllObjects();
+        assertEquals(2, objects.size());
+        assertTrue(objects.contains("data1"));
+        assertTrue(objects.contains("data2"));
+    }
+
+    @Test
+    void whenQueryingActions_thenTheCorrectActionsAreReturned() throws IOException {
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/acl.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/acl.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        List<String> actions = enforcer.getAllActions();
+        assertEquals(2, actions.size());
+        assertTrue(actions.contains("read"));
+        assertTrue(actions.contains("write"));
+    }
+
+    @Test
+    void givenAclConfiguration_whenQueryingAllowedActions_thenTheCorrectActionsAreReturned() throws IOException {
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/acl.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/acl.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        Set<String> actions = enforcer.getPermittedActions("alice", "data1");
+        assertEquals(1, actions.size());
+        assertTrue(actions.contains("read"));
+    }
+
+    @Test
+    void givenRbacConfiguration_whenQueryingAllowedActions_thenTheCorrectActionsAreReturned() throws IOException {
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/rbac.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/rbac.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        Set<String> actions = enforcer.getPermittedActions("carol", "data2");
+        assertEquals(2, actions.size());
+        assertTrue(actions.contains("read"));
+        assertTrue(actions.contains("write"));
+    }
+
+    @Test
+    void whenQueryingRoles_thenTheCorrectRolesAreReturned() throws IOException {
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/rbac.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/rbac.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        List<String> roles = enforcer.getRolesForUser("carol");
+        assertEquals(1, roles.size());
+        assertTrue(roles.contains("superuser"));
+    }
+
+    @Test
+    void whenAssigningPermissions_thenTheNewPermissionsWork() throws IOException {
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/rbac.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/rbac.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        assertFalse(enforcer.enforce("alice", "data2", "read"));
+
+        enforcer.addPermissionForUser("alice", "data2", "read");
+
+        assertTrue(enforcer.enforce("alice", "data2", "read"));
+    }
+
+    @Test
+    void whenAssigningRoles_thenTheNewPermissionsWork() throws IOException {
+        FileAdapter fileAdapter = new FileAdapter(getClass().getResourceAsStream("/com/baeldung/jcasbin/rbac.csv"));
+
+        String content = new String(getClass().getClassLoader().getResourceAsStream("com/baeldung/jcasbin/rbac.conf").readAllBytes());
+        Model model = new Model();
+        model.loadModelFromText(content);
+
+        Enforcer enforcer = new Enforcer(model, fileAdapter);
+
+        assertFalse(enforcer.enforce("alice", "data2", "read"));
+
+        enforcer.addRoleForUser("alice", "superuser");
+
+        assertTrue(enforcer.enforce("alice", "data2", "read"));
+    }
+}

libraries-7/src/test/resources/com/baeldung/jcasbin/acl.conf

@@ -0,0 +1,15 @@
+# Request definition
+[request_definition]
+r = sub, obj, act
+
+# Policy definition
+[policy_definition]
+p = sub, obj, act
+
+# Matchers
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
+
+# Policy effect
+[policy_effect]
+e = some(where (p.eft == allow))

libraries-7/src/test/resources/com/baeldung/jcasbin/acl.csv

@@ -0,0 +1,2 @@
+p, alice, data1, read
+p, bob, data2, write

libraries-7/src/test/resources/com/baeldung/jcasbin/acl_superuser.conf

@@ -0,0 +1,15 @@
+# Request definition
+[request_definition]
+r = sub, obj, act
+
+# Policy definition
+[policy_definition]
+p = sub, obj, act
+
+# Matchers
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act || r.sub == "root"
+
+# Policy effect
+[policy_effect]
+e = some(where (p.eft == allow))

libraries-7/src/test/resources/com/baeldung/jcasbin/model.conf

@@ -0,0 +1,15 @@
+# Request definition
+[request_definition]
+r = sub, obj, act
+
+# Policy definition
+[policy_definition]
+p = sub, obj, act
+
+# Policy effect
+[policy_effect]
+e = some(where (p.eft == allow))
+
+# Matchers
+[matchers]
+m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

libraries-7/src/test/resources/com/baeldung/jcasbin/policy.csv

@@ -0,0 +1,2 @@
+p, alice, data1, read
+p, bob, data2, write

libraries-7/src/test/resources/com/baeldung/jcasbin/rbac.conf

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

libraries-7/src/test/resources/com/baeldung/jcasbin/rbac.csv

@@ -0,0 +1,7 @@
+p, alice, data1, read
+p, data2_admin, data2, read
+p, data2_admin, data2, write
+
+g, bob, data2_admin
+g, superuser, data2_admin
+g, carol, superuser