11
On a DDD architecture, what layer does security (access control) implement? What would the structure look like?
1 answer
1
Hello,
The security part should stay before the creation of the domain events. It is not recommended to leave the security part to interface as you will have code repetition.
We will use the following use case (user story):
O usuário pode editar seu perfil
We would have the following example Domain Model:
UsuarioService
editarperfil(EditarUsuarioCommand command)
Usuario usuario = usuarioRepository.getOneById(command.id)
usuario.alterarNome(command.nome)
Access control should stay before the call UsuarioService.editarPerfil()
Alternatives to perform this access control:
(IBAC) based on identity list - recommended for when we have the list of users and permissions
UsuarioService @AccessControlList[listaUsuarios] editarperfil(EditarUsuarioCommand command)(LBAC) recommended for access levels
@posseses[level=5] userteste UserService @requires(level>=3) editarperfil(EditarUsuarioCommand command)(RBAC) based on roles
@roles[admin] userTest UsuarioService @requires(role=admin) editarperfil(EditarUsuarioCommand command)
Sources
More about access models here
Discussion on DDD safety here
Question about safety in Ddds here
-
Hello. It would be correct to do in Cross Cutting or should be in below?
-
Regarding user and role as would?
-
1
The idea is to leave the authentication in the cross Cutting layer, by the greater isolation and reuse.
-
And what would the structure look like? I ask this because it has the entities and viewmodels, repositories and etc
Browser other questions tagged ddd
You are not signed in. Login or sign up in order to post.
The access control belongs to the application layer. In this layer is treated which visions and services (speaking of services facade to the interface and not the standard services) the user or other system has access permission. I did not understand the question about the structure. If you want to know how technically this is implemented it is necessary to inform the platform you use and the type of system you are developing.
– Caffé