支持多种访问控制模型
支持多种访问控制模型
在Casbin,访问控制模型是基于PERM元模型 (Policy, Effect, Request, Matchers) 压缩而成的一个CONF文件。 因此,项目授权机制的转换或升级就像修改配置一样简单。
灵活的策略储存方式
灵活的策略储存方式
Besides memory and file, Casbin policy can be stored into lots of places. Currently, dozens of databases are supported, from MySQL, Postgres, Oracle to MongoDB, Redis, Cassandra, AWS S3. Check the full supported list at: https://v1.casbin.org/docs/en/adapters
跨语言 & 跨平台
跨语言 & 跨平台
Casbin已经使用Golang、Java、PHP和Node.js等等语言实现。 所有的实现共享相同的 API 和行为。学习一次即可到处使用。
策略持久化
策略持久化
In Casbin, the policy storage is implemented as an adapter(aka middleware for Casbin). To keep light-weight, we don't put adapter code in the main library (except the default file adapter). A complete list of Casbin adapters is provided as below. Any 3rd-party contribution on a new adapter is welcomed, please inform us and I will put it in this list:) For details of adapters, please refer to the documentation: https://v1.casbin.org/docs/en/adapters
规模化执行策略
规模化执行策略
一些适配器支持过滤策略管理。这意味着Casbin 加载的策略是基于给定过滤器的存储策略的子集。当解析整个策略成为性能瓶颈时,就能在大型多租户环境中有效地执行策略。
要将过滤策略与支持的适配器一起使用,只需调用 LoadFilteredPolicy 方法。过滤器参数的有效格式取决于使用的适配器。为防止意外数据丢失,加载过滤策略时会禁用 SavePolicy 方法。
例如,以下代码片段使用内置过滤文件适配器和带域的 RBAC 模型。在这种情况下,过滤器将策略限制为单个域。加载的策略中省略了除“domain1”之外的域的任何策略行:
角色管理器
角色管理器
The role manager is used to manage the RBAC role hierarchy (user-role mapping) in Casbin. A role manager can retrieve the role data from Casbin policy rules or external sources such as LDAP, Okta, Auth0, Azure AD, etc. We support different implementations of a role manager. To keep light-weight, we don't put role manager code in the main library (except the default role manager). A complete list of Casbin role managers is provided as: https://v1.casbin.org/docs/en/role-managers
