Authorization: Best Layer/Tier to specify logged in user
Hello- My question is rather basic:
Company A is divided into three Divisions. Each Division has two or more Departments. Each Department has 'n' number of employees.
When Company A's President logs in he needs to see the total employees under him (All Employees in all Departments in all Divisions).
When a Divisional Head logs in he should see all employees under him (All Employees in all Departments under his Division).
When a Department Head logs in he should see all employees under him (All Employees in his Department)
The application follows a three layered design and I have the following method chain:
Code:
@Controller
class EmployeeController {
@RequestMapping("Blah")
public List<Employee> getEmployees() {
return employeeService.getEmployees();
}
}
@Service
class EmployeeServiceImpl implements EmployeeService {
public List<Employee> getEmployees() {
return employeeDao.getEmployees();
}
}
@Repository
class EmployeeDAO {
public List<Employee> getEmployee() {
}
}
Let's say There is a class Util:
Code:
class Util {
public User getCurrentUser() {
return SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
}
}
My Question is:
What is right place to specify the currently logged in user? Which of the following is preferable?
EmployeeController.getEmployee() should acquire the current user (through the Util.getCurrentUser()) and pass it as an argument to the Service? The Service and Repository's signatures now include a reference to the currently logged in user:
Code:
EmployeeService.getEmployee(User user)
EmployeeRepository.getEmployee(User user)
Or
The Service should acquire the currently logged in user (using Util) and pass it to the Repository. The repository's signature now becomes:
Code:
EmployeeDAO.getEmployee(User user)
Or the DAO itself should acquire (using Util) the currently logged in user and implicitly filter the SQL based on it?
Code:
@Repository
class EmployeeDAO {
public List<Employee> getEmployee() {
User user = Utils.getCurrentUser();
}
}
Are there any established best practices/patterns around this general authorization problem?
Thank you.
