概述
Casbin 是一个强大和高效的开放源码访问控制库,它支持各种 访问控制模型 以强制全面执行授权。
Enforcing a set of rules is as simple as listing subjects, objects, and the desired allowed action (or any other format as per your needs) in a policy file. This is synonymous across all flows in which Casbin is used. The developer/administrator has complete control over the layout, execution, and conditions for authorization, which are set via the model file. Casbin provides an Enforcer for validating an incoming request based on the policy and model files given to the Enforcer.
Languages Supported by Casbin
Casbin provides support for various programming languages, ready to be integrated within any project and workflow:
 |  |  |  |
|---|---|---|---|
| Casbin | jCasbin | node-Casbin | PHP-Casbin |
| Production-ready | Production-ready | Production-ready | Production-ready |
 |  |  |  |
|---|---|---|---|
| PyCasbin | Casbin.NET | Casbin-C++ | Casbin-RS |
| Production-ready | Production-ready | Production-ready | Production-ready |
Feature Set for Different Languages
We are always working our best to make Casbin have the same set of features for all languages. However, the reality is not that beautiful.
| 特性 | Go | Java | Node.js | PHP | Python | C# | Delphi | Rust | C++ | Lua | Dart | Elixir |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 具体实施 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ABAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Scaling ABAC (eval()) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| 适配器 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| 管理接口 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Batch API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Filtered Adapter | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Watcher | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Role Manager | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Multi-Threading | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| matcher中的‘in‘语法 | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
Note - ✅ for Watcher or Role Manager only means having the interface in the core library. It is not indicative of whether there is a watcher or role manager implementation available.
Casbin 是什么?
Casbin is an authorization library that can be used in flows where we want a certain object or entity to be accessed by a specific user or subject. The type of access, i.e. action, can be read, write, delete, or any other action as set by the developer. This is how Casbin is most widely used, and it's called the "standard" or classic { subject, object, action } flow.
Casbin能够处理除标准流量以外的许多复杂的许可使用者。 There can be the addition of roles (RBAC), attributes (ABAC), etc.
What Casbin Does
- Enforce the policy in the classic
{ subject, object, action }form or a customized form as you defined. 支持允许和拒绝授权。 - 具有访问控制模型model和策略policy两个核心概念。
- 支持RBAC中的多层角色继承,不止主体可以有角色,资源也可以具有角色。
- 支持内置超级用户,如
root或administrator。 超级用户可以在没有明确权限的情况下做任何事情。 - Provide multiple built-in operators to support rule matching. For example,
keyMatchcan map a resource key/foo/barto the pattern/foo*.
What Casbin Does NOT Do
- Authentication (aka verifying
usernameandpasswordwhen a user logs in) - 管理用户列表或角色列表。
It's more convenient for projects to manage their lists of users, roles, or passwords. 用户通常有他们的密码,但是 Casbin 的设计思想并不是把它作为一个存储密码的容器。 而是存储RBAC方案中用户和角色之间的映射关系。