T
T
tukbaevbr2021-01-10 17:15:32
Software design
tukbaevbr, 2021-01-10 17:15:32

In which layer of a layered web application architecture should access control be implemented?

In which layer of a layered web application architecture should access control be implemented?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
V
Vladimir Korotenko, 2021-01-10
@firedragon

Are you sure this is a June question? I would say it all depends. And what was funny was hanging it all on 2 lower levels

S
Sergey Gornostaev, 2021-01-10
@sergey-gornostaev

Authentication and authorization are protocol-dependent, usually, respectively, and control is carried out at the level of controllers. The service layer or data access layer has nowhere to know about JWT, for example.

A
acwartz, 2021-01-11
@acwartz

If we talk about angular, then this is the service level + interceptor. The first one simply holds the login/logout method of the session, i.e. starts the authorization process, the second extracts / substitutes a previously known access token in all ongoing requests so that the client is authorized, again referring to the same service in order to catch the moment when the service reports that the client is no longer logged in and the old token must be deleted.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question