문제

Amongst others I have a holding, a company and an employee domain class. What is the best practice to make sure that an employee of company A, can only access company A related data? I read about spring security core,filters, criteria, interceptor, etc etc, but now still wondering what is the best solution. What is the typically Grails solution, and should I use redundant keys in my domain classes because of performance reasons?

도움이 되었습니까?

해결책

I'm still using the Hibernate Filter plugin and still recommend it as one of the best solution I know of (I also answered Sergio's linked question). There are some more advanced plugins, but their complexity require maintenance of the plugins which sometimes seem to fall a bit behind. I'd recommend a company_id per domain class, i.e. use redundant keys, also recommend that you use the excellent Spring Security Core plugin.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top