Hi Allard et all.
So here’s a couple of question:
regarding AXON-281, what is the status of it? Is it only for v3.0?
you said in one of the threads
If possible, I would annotate the commands themselves and use an interceptor to validate commands against the roles of the principal sending them.
Why is that? I understand that allows to validate at a early stage, but what about security concerns like the “man-in-the-middle”? If the command contains it’s own ACL, that can be changed in transit thus surpassing the end-point security.
Also related, the use of @MetaData to hold Id’s and Acl’s couldn’t also have this problems?
- you also said
On my own projects, I use a specific command gateway instance for internal components (e.g. sagas) that attaches a special authentication token to commands.
Can you elaborate a little on that?
Ans now to my own concerns. At the moment (and this is already the production design) I’m using the AsynchronousCommandBus and the AsyncAnnotatedSagaManager. The intention here is to use only the Spring SecurityContextHolder to propagate the authentication. We have (for now) two interceptors:
AuthenticationInterceptor implements CommandDispatchInterceptor
AuthorizationInterceptor implements CommandHandlerInterceptor
Is no problem to propagate the Context between the (and further on the line to the Aggregate) by using the MODE_INHERITABLETHREADLOCAL instead of the default one. The problem is after the Aggregate. After a event is raised, a Saga is invoked, that in turn it sends some commands to the bus. It is in the Saga that the authentication is lost.
The obvious solution will be, I think, to catch the thread that is started by the AsyncAnnotatedSagaManager and set the authentication on the new thread as well. If this is indeed the solution, where should this be made?
The rest is not so bad until now I have a loosely based implementation of the Human-Task specification (one aggregate and a couple of sagas and listeners) that looks stable enough and will be now used by other parties, hopefully without much fuss.
It’s quite difficult to troubleshoot and debug this kind of designs, if there are any “rules of thumb” or “good practices” I would love to hear it.
I’ll be following your webinar today, so I’ll hear you soon…
BTW, I also saw this post regarding a Axon Event Store Server, is there any news on it?