mostafa-eltaher / abacspringsecurity Goto Github PK
View Code? Open in Web Editor NEWAttribute-Based Access Control with Spring Security
License: MIT License
Attribute-Based Access Control with Spring Security
License: MIT License
Thanks for an awesome blog and sample project!
Here is a minor issue I found...
The JsonFilePolicyDefinition.DEFAULT_POLICY_FILE_NAME
should have a leading / to find it as a root level classpath resource in src/main/resources:
Current: private static String DEFAULT_POLICY_FILE_NAME = "default-policy.json";
Fixed: private static String DEFAULT_POLICY_FILE_NAME = "/default-policy.json";
To my mind: attribute name 'action' in rule definition has incorrect meaning in that project.
And as a result, we can't bind a certain rule to a certain endpoint.
Try to look up an implementation of PermissionEvaluator - AbacPermissionEvaluator in the 'access-control' maven module.
Take into account following method's signature:
boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission);
'permission' is the last param.
In 'AbacPermissionEvaluator' implementation U throw this object to the PolicyEnforcement#check method as an action object.
According to 'PermissionEvaluator' provided by Spring-boot. Here Permission is an object which claims which permits caller(User) has. So, implementation of PermissionEvaluator have to describe security rules and decides: can caller(user) with certain permissions receive an access to a targetDomainObject.
So, as a result, U define a rule target incorrectly.
Let's see an exmaple: 'subject.role.name() == 'PM' && action == 'PROJECTS_VIEW''.
I understood following: the rule is acceptable if user role - is 'PM' and its permission is 'PROJECTS_VIEW' because action attribute didn't mean action - it means permissions.
As a result, we can't bind this rule to a certain endpoint. Above rule will apply for each request of PM user with the PROJECTS_VIEW permission and a condition will be evaluated.
What is your mind about that?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.