Overview
Casbinは、強力で効率的なオープンソースのアクセス制御ライブラリで、権限付与を全面的に強制するためのさまざまなアクセス制御モデルをサポートしています。
一連のルールを強制することは、主体、対象、そして望ましい許可されたアクション(またはあなたのニーズに応じた他の形式)をポリシーファイルにリストアップするだけで簡単です。 これは、Casbinが使用されるすべてのフローで同義です。 開発者/管理者は、レイアウト、実行、および認可の条件について完全な制御を持っており、これらはモデルファイルを通じて設定されます。 Casbinは、与えられたポリシーとモデルのファイルに基づいて、着信リクエストを検証するためのEnforcerを提供します。
Casbinによってサポートされる言語
Casbinは、さまざまなプログラミング言語をサポートし、任意のプロジェクトやワークフローに統合する準備ができています:
 |  |  |  |
|---|---|---|---|
| Casbin | jCasbin | node-Casbin | PHP-Casbin |
| 本番環境対応 | 本番環境対応 | 本番環境対応 | 本番環境対応 |
 |  |  |  |
|---|---|---|---|
| PyCasbin | Casbin.NET | Casbin-CPP | Casbin-RS |
| 本番環境対応 | 本番環境対応 | Production-ready | Production-ready |
Feature Set for Different Languages
We are always working our best to make Casbin have the same set of features for all languages. However, the reality is not that beautiful.
| Feature | Go | Java | Node.js | PHP | Python | C# | Delphi | Rust | C++ | Lua | Dart | Elixir |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enforcement | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ABAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Scaling ABAC (eval()) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Adapter | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Management API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Batch API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Filtered Adapter | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Watcher | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Role Manager | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Multi-Threading | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| 'in' of matcher | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
Note - ✅ for Watcher or Role Manager only means having the interface in the core library. It is not indicative of whether there is a watcher or role manager implementation available.
What is Casbin?
Casbin is an authorization library that can be used in flows where we want a certain
object or entity to be accessed by a specific user or subject. The type of access, i.e. action,
can be read, write, delete, or any other action as set by the developer. This is how Casbin is most widely used, and it's called the "standard"
or classic { subject, object, action } flow.
Casbin is capable of handling many complex authorization scenarios other than the standard flow. There can be the addition of roles (RBAC), attributes (ABAC), etc.
What Casbin Does
- Enforce the policy in the classic
{ subject, object, action }form or a customized form as you defined. Both allow and deny authorizations are supported. - Handle the storage of the access control model and its policy.
- Manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
- Support built-in superusers like
rootoradministrator. A superuser can do anything without explicit permissions. - Provide multiple built-in operators to support rule matching. For example,
keyMatchcan map a resource key/foo/barto the pattern/foo*.
What Casbin Does NOT Do
- Authentication (aka verifying
usernameandpasswordwhen a user logs in) - Manage the list of users or roles.
It's more convenient for projects to manage their lists of users, roles, or passwords. Users usually have their passwords, and Casbin is not designed as a password container. However, Casbin stores the user-role mapping for the RBAC scenario.