Adapters
In Casbin, the policy storage is implemented as an adapter (aka middleware for Casbin). A Casbin user can use an adapter to load policy rules from a storage (aka LoadPolicy()), or save policy rules to it (aka SavePolicy()). To keep light-weight, we don't put adapter code in the main library.
Supported adapters
A complete list of Casbin adapters is provided as below. Any 3rd-party contribution on a new adapter is welcomed, please inform us and we will put it in this list:)
| Adapter | Type | Author | AutoSave | Description |
|---|---|---|---|---|
| File Adapter (built-in) | File | Casbin | ❌ | For .CSV (Comma-Separated Values) files |
| JDBC Adapter | JDBC | Casbin | ✅ | MySQL, Oracle, PostgreSQL, DB2, Sybase, SQL Server are supported by JDBC |
| Hibernate Adapter | ORM | Casbin | ✅ | Oracle, DB2, SQL Server, Sybase, MySQL, PostgreSQL are supported by Hibernate |
| MyBatis Adapter | ORM | Casbin | ✅ | MySQL, Oracle, PostgreSQL, DB2, Sybase, SQL Server (the same as JDBC) are supported by MyBatis 3 |
| Hutool Adapter | ORM | @mapleafgo | ✅ | MySQL, Oracle, PostgreSQL, SQLite are supported by Hutool |
| MongoDB Adapter | NoSQL | Casbin | ✅ | MongoDB is supported by mongodb-driver-sync |
| DynamoDB Adapter | NoSQL | Casbin | ❌ | For Amazon DynamoDB |
| Adapter | Type | Author | AutoSave | Description |
|---|---|---|---|---|
| File Adapter (built-in) | File | Casbin | ❌ | For .CSV (Comma-Separated Values) files |
| Filtered File Adapter (built-in) | File | Casbin | ❌ | For .CSV (Comma-Separated Values) files with policy subset loading support |
| String Adapter (built-in) | String | @calebfaruki | ❌ | For String |
| Basic Adapter | Native ORM | Casbin | ✅ | pg, mysql, mysql2, sqlite3, oracledb, mssql are supported by the adapter itself |
| Sequelize Adapter | ORM | Casbin | ✅ | MySQL, PostgreSQL, SQLite, Microsoft SQL Server are supported by Sequelize |
| TypeORM Adapter | ORM | Casbin | ✅ | MySQL, PostgreSQL, MariaDB, SQLite, MS SQL Server, Oracle, WebSQL, MongoDB are supported by TypeORM |
| Prisma Adapter | ORM | Casbin | ✅ | MySQL, PostgreSQL, MariaDB, SQLite, MS SQL Server, AWS Aurora, Azure SQL are supported by Prisma |
| Knex Adapter | ORM | @sarneeh and knex | ✅ | MSSQL, MySQL, PostgreSQL, SQLite3, Oracle are supported by Knex.js |
| Objection.js Adapter | ORM | @willsoto | ✅ | MSSQL, MySQL, PostgreSQL, SQLite3, Oracle are supported by Objection.js |
| Node PostgreSQL Native Adapter | SQL | @touchifyapp | ✅ | PostgreSQL adapter with advanced policy subset loading support and improved performances built with node-postgres. |
| Mongoose Adapter | NoSQL | elastic.io and Casbin | ✅ | MongoDB is supported by Mongoose |
| Node MongoDB Native Adapter | NoSQL | @juicycleff | ✅ | For Node MongoDB Native |
| DynamoDB Adapter | NoSQL | @fospitia | ✅ | For Amazon DynamoDB |
| Couchbase Adapter | NoSQL | @MarkMYoung | ✅ | For Couchbase |
| Redis Adapter | KV store | Casbin | ❌ | For Redis |
| Redis Adapter | KV store | @NandaKishorJeripothula | ❌ | For Redis |
| Adapter | Type | Author | AutoSave | Description |
|---|---|---|---|---|
| File Adapter (built-in) | File | Casbin | ❌ | For .CSV (Comma-Separated Values) files |
| Database Adapter | ORM | Casbin | ✅ | MySQL, PostgreSQL, SQLite, Microsoft SQL Server are supported by techone/database |
| Zend Db Adapter | ORM | Casbin | ✅ | MySQL, PostgreSQL, SQLite, Oracle, IBM DB2, Microsoft SQL Server, Other PDO Driver are supported by zend-db |
| Doctrine DBAL Adapter (Recommend) | ORM | Casbin | ✅ | Powerful PHP database abstraction layer (DBAL) with many features for database schema introspection and management. |
| Medoo Adapter | ORM | Casbin | ✅ | Medoo is a lightweight PHP Database Framework to Accelerate Development, supports all SQL databases, including MySQL, MSSQL, SQLite, MariaDB, PostgreSQL, Sybase, Oracle and more. |
| Laminas-db Adapter | ORM | Casbin | ✅ | MySQL, PostgreSQL, Oracle, IBM DB2, Microsoft Sql Server, PDO, etc. are supported by laminas-db |
| Zend-db Adapter | ORM | Casbin | ✅ | MySQL, PostgreSQL, Oracle, IBM DB2, Microsoft Sql Server, PDO, etc. are supported by zend-db |
| Redis Adapter | KV store | @nsnake | ❌ | For Redis |
| Adapter | Type | Author | AutoSave | Description |
|---|---|---|---|---|
| File Adapter (built-in) | File | Casbin | ❌ | For .CSV (Comma-Separated Values) files |
| SQLAlchemy Adapter | ORM | Casbin | ✅ | PostgreSQL, MySQL, SQLite, Oracle, Microsoft SQL Server, Firebird, Sybase are supported by SQLAlchemy |
| Async Databases Adapter | ORM | Casbin | ✅ | PostgreSQL, MySQL, SQLite, Oracle, Microsoft SQL Server, Firebird, Sybase are supported by Databases |
| Peewee Adapter | ORM | @shblhy | ✅ | PostgreSQL, MySQL, SQLite are supported by Peewee |
| MongoEngine Adapter | ORM | @zhangbailong945 | ❌ | MongoDB is supported by MongoEngine |
| Couchbase Adapter | NoSQL | ScienceLogic | ✅ (without remove_filtered_policy()) | For Couchbase |
| DynamoDB Adapter | NoSQL | @abqadeer | ✅ | For DynamoDB |
| Pymongo Adapter | NoSQL | Casbin | ❌ | MongoDB is supported by Pymongo |
| Adapter | Type | Author | AutoSave | Description |
|---|---|---|---|---|
| File Adapter (built-in) | File | Casbin | ❌ | For .CSV (Comma-Separated Values) files |
| EF Adapter | ORM | Casbin | ❌ | MySQL, PostgreSQL, SQLite, Microsoft SQL Server, Oracle, DB2, etc. are supported by Entity Framework 6 |
| EFCore Adapter | ORM | Casbin | ✅ | MySQL, PostgreSQL, SQLite, Microsoft SQL Server, Oracle, DB2, etc. are supported by Entity Framework Core |
| Adapter | Type | Author | AutoSave | Description |
|---|---|---|---|---|
| File Adapter (built-in) | File | Casbin | ❌ | For .CSV (Comma-Separated Values) files |
| Diesel Adapter | ORM | Casbin | ✅ | SQLite, PostgreSQL, MySQL are supported by Diesel |
| Sqlx Adapter | ORM | Casbin | ✅ | PostgreSQL, MySQL are supported by Sqlx with fully asynchronous operation |
| YAML Adapter | String | Casbin | ✅ | For YAML |
note
- If
casbin.NewEnforcer()is called with an explicit or implicit adapter, the policy will be loaded automatically. - You can call
e.LoadPolicy()to reload the policy rules from the storage. - If the adapter does not support the
Auto-Savefeature, The policy rules cannot be automatically saved back to the storage when you add or remove policies. You have to callSavePolicy()manually to save all policy rules.
Examples
Here we provide several examples:
File adapter (built-in)
Below shows how to initialize an enforcer from the built-in file adapter:
import "github.com/casbin/casbin"
e := casbin.NewEnforcer("examples/basic_model.conf", "examples/basic_policy.csv")
use Casbin\Enforcer;
$e = new Enforcer('examples/basic_model.conf', 'examples/basic_policy.csv');
use casbin::prelude::*;
let mut e = Enforcer::new("examples/basic_model.conf", "examples/basic_policy.csv").await?;
This is the same with:
import (
"github.com/casbin/casbin"
"github.com/casbin/casbin/file-adapter"
)
a := fileadapter.NewAdapter("examples/basic_policy.csv")
e := casbin.NewEnforcer("examples/basic_model.conf", a)
use Casbin\Enforcer;
use Casbin\Persist\Adapters\FileAdapter;
$a = new FileAdapter('examples/basic_policy.csv');
$e = new Enforcer('examples/basic_model.conf', $a);
use casbin::prelude::*;
let a = FileAdapter::new("examples/basic_policy.csv");
let e = Enforcer::new("examples/basic_model.conf", a).await?;
MySQL adapter
Below shows how to initialize an enforcer from MySQL database. it connects to a MySQL DB on 127.0.0.1:3306 with root and blank password.
import (
"github.com/casbin/casbin"
"github.com/casbin/mysql-adapter"
)
a := mysqladapter.NewAdapter("mysql", "root:@tcp(127.0.0.1:3306)/")
e := casbin.NewEnforcer("examples/basic_model.conf", a)
// https://github.com/casbin-rs/diesel-adapter
// make sure you activate feature `mysql`
use casbin::prelude::*;
use diesel_adapter::{ConnOptions, DieselAdapter};
let mut conn_opts = ConnOptions::default();
conn_opts
.set_hostname("127.0.0.1")
.set_port(3306)
.set_host("127.0.0.1:3306") // overwrite hostname, port config
.set_database("casbin")
.set_auth("casbin_rs", "casbin_rs");
let a = DieselAdapter::new(conn_opts)?;
let mut e = Enforcer::new("examples/basic_model.conf", a).await?;
// https://github.com/php-casbin/dbal-adapter
use Casbin\Enforcer;
use CasbinAdapter\DBAL\Adapter as DatabaseAdapter;
$config = [
// Either 'driver' with one of the following values:
// pdo_mysql,pdo_sqlite,pdo_pgsql,pdo_oci (unstable),pdo_sqlsrv,pdo_sqlsrv,
// mysqli,sqlanywhere,sqlsrv,ibm_db2 (unstable),drizzle_pdo_mysql
'driver' => 'pdo_mysql',
'host' => '127.0.0.1',
'dbname' => 'test',
'user' => 'root',
'password' => '',
'port' => '3306',
];
$a = DatabaseAdapter::newAdapter($config);
$e = new Enforcer('examples/basic_model.conf', $a);
Use your own storage adapter
You can use your own adapter like below:
import (
"github.com/casbin/casbin"
"github.com/your-username/your-repo"
)
a := yourpackage.NewAdapter(params)
e := casbin.NewEnforcer("examples/basic_model.conf", a)
Load/Save at run-time
You may also want to reload the model, reload the policy or save the policy after initialization:
// Reload the model from the model CONF file.
e.LoadModel()
// Reload the policy from file/database.
e.LoadPolicy()
// Save the current policy (usually after changed with Casbin API) back to file/database.
e.SavePolicy()
AutoSave
There is a feature called Auto-Save for adapters. When an adapter supports Auto-Save, it means it can support adding a single policy rule to the storage, or removing a single policy rule from the storage. This is unlike SavePolicy(), because the latter will delete all policy rules in the storage and save all policy rules from Casbin enforcer to the storage. So it may suffer performance issue when the number of policy rules is large.
When the adapter supports Auto-Save, you can switch this option via Enforcer.EnableAutoSave() function. The option is enabled by default (if the adapter supports it).
note
- The
Auto-Savefeature is optional. An adapter can choose to implement it or not. Auto-Saveonly works for a Casbin enforcer when the adapter the enforcer uses supports it.- See the
AutoSavecolumn in the above adapter list to see ifAuto-Saveis supported by an adapter.
Here's an example about how to use Auto-Save:
import (
"github.com/casbin/casbin"
"github.com/casbin/xorm-adapter"
_ "github.com/go-sql-driver/mysql"
)
// By default, the AutoSave option is enabled for an enforcer.
a := xormadapter.NewAdapter("mysql", "mysql_username:mysql_password@tcp(127.0.0.1:3306)/")
e := casbin.NewEnforcer("examples/basic_model.conf", a)
// Disable the AutoSave option.
e.EnableAutoSave(false)
// Because AutoSave is disabled, the policy change only affects the policy in Casbin enforcer,
// it doesn't affect the policy in the storage.
e.AddPolicy(...)
e.RemovePolicy(...)
// Enable the AutoSave option.
e.EnableAutoSave(true)
// Because AutoSave is enabled, the policy change not only affects the policy in Casbin enforcer,
// but also affects the policy in the storage.
e.AddPolicy(...)
e.RemovePolicy(...)
For more examples, please see: https://github.com/casbin/xorm-adapter/blob/master/adapter_test.go
How to write an adapter
All adapters should implement the Adapter interface by providing at least two mandatory methods:LoadPolicy(model model.Model) error and SavePolicy(model model.Model) error.
The other three functions are optional. They should be implemented if the adapter supports the Auto-Save feature.
| Method | Type | Description |
|---|---|---|
| LoadPolicy() | mandatory | Load all policy rules from the storage |
| SavePolicy() | mandatory | Save all policy rules to the storage |
| AddPolicy() | optional | Add a policy rule to the storage |
| RemovePolicy() | optional | Remove a policy rule from the storage |
| RemoveFilteredPolicy() | optional | Remove policy rules that match the filter from the storage |
note
If an adapter doesn't support Auto-Save, it should provide an empty implementation for the three optional functions. Here's an example for Golang:
// AddPolicy adds a policy rule to the storage.
func (a *Adapter) AddPolicy(sec string, ptype string, rule []string) error {
return errors.New("not implemented")
}
// RemovePolicy removes a policy rule from the storage.
func (a *Adapter) RemovePolicy(sec string, ptype string, rule []string) error {
return errors.New("not implemented")
}
// RemoveFilteredPolicy removes policy rules that match the filter from the storage.
func (a *Adapter) RemoveFilteredPolicy(sec string, ptype string, fieldIndex int, fieldValues ...string) error {
return errors.New("not implemented")
}
Casbin enforcer will ignore the not implemented error when calling these three optional functions.
Who is responsible to create the DB?
As a convention, the adapter should be able to automatically create a database named casbin if it doesn't exist and use it for policy storage. Please use the Xorm adapter as a reference implementation: https://github.com/casbin/xorm-adapter