Authorization

mangoo I/O ships with a default implementation for handling authorization with JCasbin.

The default implementation is based on the file based handling using model.conf and policy.csv to configure your authorization.

Start by adding a model.conf and policy.csv to your src/main/resources folder.

A basic model.conf could be look like this

# Request definition
[request_definition]
r = sub, obj, act

# Policy definition
[policy_definition]
p = sub, obj, act

# Policy effect
[policy_effect]
e = some(where (p.eft == allow))

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

A basic policy.csv could look like this

p, alice, AuthorizationController:read, read
p, bob, AuthorizationController:write, write

Please note the reference to your controller in the policy.csv. If you want to add authorization to one of your controllers, one needs to add the controller name and the action that you want to add (e.g. read or write).

Please check the JCasbin documentation for details on how to use and configure JCasbin.

Customizing

If you want to add a different handling of your authorization (e.g. database based authorization handling) you need to implement the MangooAuthorizationService in your application and bind your custom Service in the Google Guice Module configuration.

package io.mangoo.services;

import org.casbin.jcasbin.main.Enforcer;
import com.google.inject.Singleton;
import io.mangoo.interfaces.MangooAuthorizationService;

@Singleton
public class MyAuthorizationService implements MangooAuthorizationService {
    private Enforcer enforcer;

    public void AuthorizationService () {
    }

    @Override
    public boolean validAuthorization(String subject, String resource, String operation) {
        return enforcer.enforce(subject, resource, operation);
    }
}

bind(MangooAuthorizationService.class).to(MyAuthorizationService.class);