域驱动的设计和安全性 [英] Domain Driven Design and Security
问题描述
这与此问题相关联背部。遵循域驱动设计的基本原理的项目中的安全性实现。让我举个例子
This is linked to this question which seems to have asked a while back. Security implementation in a project that is adhering to basic principles of Domain driven design. let me give an example
银行系统:
用例:正在进行新的银行存款,因为这是第一次存款
Banking System:
Use Case: A new bank deposit is being made and requires approval as it is first deposit
a。如果存款金额小于< 5000
b,文员可以自动授权。管理员可以有两种类型-银行管理员/客户经理。唯一的客户经理可以授权任何存款> 5000
a. Clerk can auto authorize if the deposit amount is <5000
b. Manager can be of two types - Bank manager / Account Manager. ONLY Account manager can authorize any accounts that have deposit >5000
我的担忧如下(请注意,如果关注本身是正确的,请纠正)
My concerns are as follows (Pls correct if the concern itself is correct)
- 不知道我应该在哪里建立以下逻辑-负责检查登录的用户是否有权做某些事情以考虑到他的头衔-(本例为Account经理)。授权是一个用例,但是安全层似乎对域对象
- 有一般的了解(不是身份验证)。我知道基于角色的身份验证会有所帮助,但问题是在哪里-在哪层和呼叫流中。 UI层应该在某个安全层上调用还是域层对所有可能的组合进行验证?
请帮助。它非常混乱。
Please help. Its very confusing.
凹凸以查看是否得到专家注意
Bump to see if this gets experts notice
干杯
推荐答案
安全性是一项跨领域设计功能,会影响所有类,方法和属性。
Security is a cross-cutting design feature which can affect all classes, methods and properties.
来自DDD角度,您将使用规范和角色。
From a DDD perspective you would go with specifications and roles.
在哪里以及如何实现这些规范取决于您的体系结构。您可以使用方面,也可以使用内联电话,事件等。
Where and how those specifications get implemented comes down to your architecture. You could go with aspects, you could go with in-line calls, events, etc.
以下是我将检查的有关安全性和角色的一些链接:
Here are some links I would check out regarding security and roles:
- Security
- Roles
- RBAC
这篇关于域驱动的设计和安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
