Win a copy of The Journey To Enterprise Agility this week in the Agile and Other Processes forum! And see the welcome thread for 20% off.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Junilu Lacar
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Ganesh Patekar
  • Tim Moores
  • Pete Letkeman
  • Stephan van Hulst
Bartenders:
  • Carey Brown
  • Tim Holloway
  • Joe Ess

Application security, cross cutting concerns, REST API, JSP, Spring  RSS feed

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello, I am a newbie in JavaEE development.
I am just starting a new project. It will be a management system, I decided to implement it using Single Page Application and backend will be available via REST API.

I need to secure my application properly, I have already experience in developing REST API, but this time I had a thought about edge of security.
I wonder where logic for security should be located?

As far as security is part of  my application, business assumes different roles for users, all roles has different privileges. This is not related to REST API, JSP or whatever delivery mechanism is used.

So I think it will be correct to put this security logic between REST API and business logic, not directly in REST API.

Could you suggest how to implement this idea if it makes sense. I am using Spring Framework for building my application.

It should be convenient for use, at best like annotation or something concise, but located in separate layer from REST API layer

I would be grateful for any suggestions.
 
Saloon Keeper
Posts: 9121
172
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you looked at Spring Security? It handles a lot of these things for you before your request hits any of your controllers.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!