currently i'm working on an application using a domain driven design approach, one of my User modules is responsible for user management.
When it comes to authentication, authorization, I’m looking for the best way to implement security, where it’s supposed to be implemented in the domain or in another layer?
If you have any experience in DDD project please share with me your feedback .
I expect to have feedback on a security implementation using DDD as approach
The objective of DDD is the representation of the business domain. If the functional specification indicates that a user must be authenticated before doing something, it must be represented in the domain. Certainly, authentication as such is a purely technical implementation, because it is necessary to load the user's data from a data source (persistence layer) taking into account the input data (presentation layer), but in your business layer (domain), you can have an entity representing the user and indicating whether he is authenticated or not. This entity is absolutely not the class used neither in the presentation layer nor in the persistence layer.
Structure of your classes:
Presentation layer:
UserDTO
Domain layer:
User
Persistence layer:
PersistedUser