> -----Ursprüngliche Nachricht----- > Von: Borislav Sabev [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 13. Juli 2005 18:54 > An: Struts Users Mailing List > Betreff: [OT] olipmic rings metaphor > > How do you classify Security and Authorization issues in this > metaphor? > > In my current project I have troubles since code that is > related somehow to Authorization is spread over all "rings. > Still it's difficult to me to have a clear understanding how > to implement in a nice, consistent way. I'll appreciate any > suggestions or recommendations about this problem. >
I think each layer has its own security and authorization sublayers (a layer itself can be composed of multiple layers) in the corba world better known as interruptors. But each layer should only make decision based on the knowledge which the layer itself posseses. So the presentation layer decides whether a user is allowed to execute a specific use case by checking user's permissions and roles. The business layer decides whether the specific method can be called from specific caller (a host for example), and the persistence layer decides which process/host can access the database. If you think about what you want to protect from whom, and act accordingly. I think it makes little sense to have a per-user check in the business layer, since access controls are best in front of something not behind it or within. But its just an opinion. Regards Leon --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
