stevehu
commented
5 years ago If you think about the security, there are multiple tiers. The light-oauth2 can only address at the service/endpoint level with scopes. This is technical cross-cutting concerns which applies to all industries. It works in a generic way without considering any business context information. Once the technical cross-cutting concerns are passed, the request will enter the business context and the fine-grained authorization is address here. One of our customers have built a fine-grained authorization based on the rule-book but they are concerned as this library is not maintained for a while already. We have a lot of request for customers to build a workflow engine so that they can migrate the existing workflow application to microservices. As part of our workflow engine, we have developed light-rule and they are trying to convert the rule-book to light-rule now. This presentation contains a page for the cross-cutting concerns and you can see where the JWT verification and fine-grained authorization sit. https://doc.networknt.com/pdf/light-4j.pdf
archenroot
Hi after some time,
I am going to utilize light4j on new project once again :-) I am working on query translator engine services, which will build query from FE in form of GraphQL schemas and translate and route request to storage layer engines which will be standard relational database and graph engines (gremlin supported).
I am looking for object level granularity security authorization framework being enough generic so I can secure both relational structures in fine grained manner (table, row, column, cell, values) and also graph engines. I hope that you faced similar situation in your banking journey and might have some framework available.
Thanks for any kind of hints. I would like to stay away from Spring Security if possible...
Regards,
Ladislav