Comments (8)
Can you debug it and find the crashing line?
from jcasbin.
Line 69 , Enforcer enforcer = new Enforcer(tempConfPath, tempPoliciesPath);
says the enforcer is null
from jcasbin.
I can't squeeze out a bit information time to time like this. Can you provide a full working and runnable example to reproduce?
from jcasbin.
/*
- To change this license header, choose License Headers in Project Properties.
- To change this template file, choose Tools | Templates
- and open the template in the editor.
*/
package com.kapiasolutions.karma.filter;
import com.kapiasolutions.karma.util.LogUtil;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.casbin.jcasbin.main.Enforcer;
/**
*
-
@author ahamouch
*/
@Provider
public class JCasbinFilter implements ContainerRequestFilter {String conf;
String policies;
String key = "";@OverRide
public void filter(ContainerRequestContext crc) throws IOException {try { InitialContext initialContext = new InitialContext(); Context environmentContext = (Context) initialContext.lookup("java:/comp/env"); configureCasbinFiles(environmentContext); UriInfo uriInfo = crc.getUriInfo(); Request request = crc.getRequest(); String requestPath = uriInfo.getPath(); int index = requestPath.lastIndexOf("/"); String object = requestPath.substring(index); String verb = request.getMethod(); String domain = requestPath.replace(object, ""); String confContent = decryptFile(key, conf); String polContent = decryptFile(key, policies); // adresse des fichier temporaires String tempConfPath = writeTempFile(confContent, conf); String tempPoliciesPath = writeTempFile(polContent, policies); //Utilisation de Enforcer de Casbin en lui passant les informations récupéré sur la requête Enforcer enforcer = new Enforcer(tempConfPath, tempPoliciesPath); //Si False accès non autorisé , requête annulée , envoi de la invalidAccessLevelResponse if (enforcer.enforce(object, domain, verb) == false) { String msg = String.format("You are not allowed to access this service", requestPath); CacheControl cc = new CacheControl(); cc.setNoStore(true); Response invalidAccessLevelResponse = Response.status(Response.Status.FORBIDDEN) .entity(msg) .cacheControl(cc) .build(); crc.abortWith(invalidAccessLevelResponse); } } catch (NamingException ex) { LogUtil.showLog(ex); } catch (Exception ex) { Logger.getLogger(JCasbinFilter.class.getName()).log(Level.SEVERE, null, ex); }
}
//Création de la Réponse en cas d'accès refusé
//Configuration de Casbin via les variables d'environnement
private void configureCasbinFiles(Context environmentContext) throws NamingException {this.conf = (String) environmentContext.lookup("casbinConf"); this.policies = (String) environmentContext.lookup("casbinPolicies");
}
//Lecture et récupération des données cryptées
public static byte[] readCasbinFile(String path) throws Exception {byte[] encoded; encoded = Files.readAllBytes(Paths.get(path)); return encoded;
}
//Génération de la clé à partir du String
public static SecretKey generateKey(String keyStr) throws NoSuchAlgorithmException {
KeyGenerator keygen = KeyGenerator.getInstance("AES");
SecureRandom random = new SecureRandom(keyStr.getBytes());
keygen.init(random);
SecretKey secretKey = keygen.generateKey();
return secretKey;
}//Le fichier est décrypté ici
public String decryptFile(String key, String path) throws Exception {
SecretKey secretkey = generateKey(key);
byte[] cipherText = readCasbinFile(path);
byte[] IV = new byte[16];
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec keySpec = new SecretKeySpec(secretkey.getEncoded(), "AES");
IvParameterSpec ivSpec = new IvParameterSpec(IV);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
byte[] decryptedText = cipher.doFinal(cipherText);
String decrypt = new String(decryptedText);return decrypt;
}
//Création du fichier temporaire de config Casbin
public String writeTempFile(String contentConf, String confFilePath) throws IOException {if (confFilePath.contains("model.conf")) { String tempPath = confFilePath.replace("model.conf", "tempModel.conf"); FileWriter writer = new FileWriter(tempPath, false); writer.write(contentConf); writer.close(); return tempPath; } else { String tempPath = confFilePath.replace("karma.policy", "Tempkarma.policy"); FileWriter writer = new FileWriter(tempPath, false); writer.write(contentConf); writer.close(); return tempPath; }
}
}
from jcasbin.
It's better in a GitHub repo, with project files, POM file, etc. So I can run it at once without copy-paste and setup a lot of code.
from jcasbin.
eh ..I don't have the right to share this code unfortunately ><
from jcasbin.
You should provide a minimized example, only show the bug.
from jcasbin.
I bumped into a similar issue last night. The code that parses the policy.csv
expects everything to be delimited with ", "
and nothing else. I'll make a PR to make that a bit more lenient.
from jcasbin.
Related Issues (20)
- Policy Enforce explain not logging for model with RBAC with deny override HOT 3
- [Bug] Implicit role doesn't work in java lib 'jcasbin' but work in casbin editor HOT 2
- [Feature] Implement WatcherEx HOT 2
- get 'define class error' for first enforcement HOT 4
- Casbin with Graalvm native breaks since 1.32.0 HOT 2
- High risk vulnerability. HOT 2
- [Bug] Java SDK Bug of keyMatch4 HOT 2
- CSV values escaped using \ HOT 4
- [Bug] ConcurrentModificationException breaks Enforcer when calling Enforce() HOT 3
- NPE when loading model of RBAC with domain and keyMatch HOT 2
- [feature] support map in ABAC HOT 1
- Sync all test cases from Go to Java HOT 1
- The automated release is failing 🚨 HOT 1
- Enforcer unable to load policy from DB. HOT 5
- Update com.github.seancfoley:ipaddress to 5.4.1+ to fix CVE-2023-50570 HOT 1
- The automated release is failing 🚨 HOT 1
- Does Jcasbin support rbac-with-conditions? HOT 1
- The automated release is failing 🚨 HOT 2
- When using transactions, is it possible to provide an appending method instead? HOT 4
- jcasbin EnableAcceptJsonRequest HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jcasbin.