finds.dev← search

// the find

apache/casbin-jcasbin

★ 2,639 · Java · Apache-2.0 · updated Jun 2026

An authorization library that supports access control models like ACL, RBAC, ABAC in Java

jCasbin is a Java port of the Go Casbin library that handles authorization policy enforcement — ACL, RBAC, ABAC, and combinations of them — through a configurable policy model defined in INI-like config files. It's a good fit for Java/Spring applications that need flexible, externalized authorization logic without rolling their own. It does enforcement only: authentication and user storage are your problem.

The PERM metamodel (Policy, Effect, Request, Matchers) is genuinely clever — you swap authorization models by changing a config file, not by rewriting code. Cross-language policy compatibility is a real differentiator if you run multiple stacks; the expression validator added in 1.98.1 actually enforces this at runtime rather than just documenting it. The `SyncedEnforcer` and `CachedEnforcer` variants are thoughtful additions for concurrent environments, and the watcher interface gives you a clean hook for distributed cache invalidation. Test coverage is solid — 20+ test classes covering every model type with benchmarks included.

The Java implementation lags the Go original — features land in Go first and sometimes never make it over. Policy files are flat CSV, which works until you have thousands of rules and need to reason about them; there's no built-in tooling to audit or visualize a large policy set beyond the external web UI. AviatorScript as the expression engine is an obscure choice that the project is now actively restricting (as of 1.98.1) to maintain cross-platform parity — if you've been using AviatorScript-specific syntax, that's a silent `false` waiting for you after an upgrade. Documentation lives on casbin.org rather than in the repo, so the README points you to URLs that can go stale or drift out of sync with the code.

View on GitHub → Homepage ↗

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →