Answer the question
In order to leave comments, you need to log in
In which layer of a layered web application architecture should access control be implemented?
In which layer of a layered web application architecture should access control be implemented?
Answer the question
In order to leave comments, you need to log in
Are you sure this is a June question? I would say it all depends. And what was funny was hanging it all on 2 lower levels
Authentication and authorization are protocol-dependent, usually, respectively, and control is carried out at the level of controllers. The service layer or data access layer has nowhere to know about JWT, for example.
If we talk about angular, then this is the service level + interceptor. The first one simply holds the login/logout method of the session, i.e. starts the authorization process, the second extracts / substitutes a previously known access token in all ongoing requests so that the client is authorized, again referring to the same service in order to catch the moment when the service reports that the client is no longer logged in and the old token must be deleted.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question