Skip to main content

Overview

Casbin is a powerful and efficient open-source access control library that supports various access control models for enforcing authorization across the board.

Enforcing a set of rules is as simple as listing down subjects, objects and the desired allowed action (or any other format as per your needs) in a policy file. This is synonymous across all flows Casbin is used in. The developer/administrator has the complete control over the layout, execution and conditions for authorization which is set via the model file. Casbin provides an Enforcer for validating an incoming request based on the policy and model files given to the Enforcer.

Languages supported by Casbin:​

Casbin provides support for various programming languages, ready to be integrated within any project and workflow:

golangjavanodejsphp
CasbinjCasbinnode-CasbinPHP-Casbin
싀무 개발 적합(Production-Ready)싀무 개발 적합(Production-Ready)싀무 개발 적합(Production-Ready)싀무 개발 적합(Production-Ready)
pythondotnetc++rust
PyCasbinCasbin.NETCasbin-CPPCasbin-RS
싀무 개발 적합(Production-Ready)싀무 개발 적합(Production-Ready)싀무 개발 적합(Production-Ready)싀무 개발 적합(Production-Ready)

언어별 κΈ°λŠ₯ 지원 ν˜„ν™©β€‹

We are always working our best to make Casbin have the same set of features for all languages. κ·ΈλŸ¬λ‚˜ 아직은 μ™„λ²½ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€.

κΈ°λŠ₯GoJavaNode.jsPHPPythonC#DelphiRustC++LuaDartElixir
Enforcementβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
RBACβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
ABACβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
Scaling ABAC (eval())βœ…βœ…βœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βœ…βœ…
Adapterβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βŒ
Management APIβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
RBAC APIβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
Batch APIβœ…βœ…βœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βŒβŒ
Filtered Adapterβœ…βœ…βœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βŒβŒ
Watcherβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βŒβŒ
Role Managerβœ…βœ…βœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βœ…βŒ
Multi-Threadingβœ…βœ…βœ…βŒβœ…βŒβŒβœ…βŒβŒβŒβŒ
'in' of matcherβœ…βœ…βœ…βœ…βœ…βŒβœ…βŒβŒβŒβœ…βœ…

Note- βœ… for Watcher or Role Manager only means having the interface in the core library. It is not indicative of whether there is a watcher or role manager implementation available.

Casbinμ΄λž€?​

Casbin is an authorization library which can be used in flows where we want a certain object or entity to be accessed by a specific user or subject. The type of access i.e. action can be read, write, delete or any other action as set by the developer. This is how Casbin is most widely used and its called the "standard" or classic { subject, object, action } flow.

Casbin is capable of handling many complex authorization scenarios other than the standard flow. There can be addition of roles (RBAC), attributes (ABAC) etc.

Casbin이 ν•˜λŠ” 것:​

  1. Enforce the policy in the classic { subject, object, action } form or a customized form as you defined. Both allow and deny authorizations are supported.
  2. μ ‘κ·Ό μ œμ–΄ λͺ¨λΈκ³Ό λ³΄μ•ˆ 정책을 μ €μž₯ν•©λ‹ˆλ‹€.
  3. μ‚¬μš©μž-μ—­ν•  κ°„ 맡핑 및 μ—­ν• -μ—­ν•  κ°„ 맡핑(μ—­ν• -기반 μ ‘κ·Ό μ œμ–΄μ—μ„œμ˜ μ—­ν•  계측)을 κ΄€λ¦¬ν•©λ‹ˆλ‹€.
  4. Support built-in superusers like root or administrator. A superuser can do anything without explicit permissions.
  5. Multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.

What Casbin does NOT do:​

  1. 인증 (둜그인 μ‹œ usernameκ³Ό passwordλ₯Ό κ²€μ¦ν•˜λŠ” 것)
  2. μ‚¬μš©μžμ™€ μ—­ν•  λͺ©λ‘ 관리.

It's more convenient for the project to manage their list of users, roles or passwords. μ‚¬μš©μž μ •λ³΄μ—λŠ” νŒ¨μŠ€μ›Œλ“œκ°€ μžˆλŠ”λ°, Casbin은 νŒ¨μŠ€μ›Œλ“œ μ €μž₯μ†Œλ‘œλŠ” μ„€κ³„λ˜μ§€ μ•Šμ•˜μŠ΅λ‹ˆλ‹€. λ‹€λ§Œ, Casbin은 μ—­ν• -기반 μ ‘κ·Ό μ œμ–΄ μ‹œλ‚˜λ¦¬μ˜€μ—μ„œ μ‚¬μš©λ  μ‚¬μš©μžμ™€ μ—­ν•  κ°„μ˜ 연결을 μ €μž₯ν•©λ‹ˆλ‹€.