Commands/Queries and authorisations


  1. Whats the best way to handle authorisations with commands? Some users are for example not allowed to do certain commands…. or can only do commands if they are the owner of this data (aggregate instance). How would you pass this user information/token to service? As a field of the Command, as metadata of the Command, … . How to implement this authorisation check? As an interceptor or part of the Command handler.

  2. Same question for queries. What if some users are not allowed to query some data. Or should only get partial results. Should this user information/token be part of the Query as a field, metadata, …


Hello Koen,

before we dig too deep into this, have you seen this answer Keycloak integration - #5 by Steven_van_Beelen? If so, is this something that would work in your case?

Or is your question more about the general concept rather then how to implement it with AxonFramework?