Security in domain driven design

11

In a DDD architecture, on what layer is security (access control) implemented? What would the structure look like?

    
asked by anonymous 10.03.2015 / 17:19

1 answer

1

Hello,

The security portion must be in place before the domain events are created. It is not recommended to leave the security part for interface because you will have code repetition.

Let's use the following user story:

O usuário pode editar seu perfil

We would have the following Domain Model example:

UsuarioService
editarperfil(EditarUsuarioCommand command)
    Usuario usuario = usuarioRepository.getOneById(command.id)
    usuario.alterarNome(command.nome)

Access control should be before call UsuarioService.editarPerfil()

Alternatives to performing this access control:

  • (IBAC) based list of identities - recommended for when we have list of users and permissions

    UsuarioService
       @AccessControlList[listaUsuarios]
       editarperfil(EditarUsuarioCommand command)
    
  • (LBAC) recommended for access levels

         @posseses[level=5]
         userteste
    
        UserService
            @requires(level>=3)
            editarperfil(EditarUsuarioCommand command)
    
  • based

    (RBAC)

        @roles[admin]
        userTest
    
        UsuarioService
            @requires(role=admin)
            editarperfil(EditarUsuarioCommand command)
    

Fonts

More about access templates here

DDD Security Discussion here

DDD Security Question here

    
10.03.2015 / 20:07