Win a copy of Spring in Action (5th edition) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Application security, cross cutting concerns, REST API, JSP, Spring  RSS feed

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello, I am a newbie in JavaEE development.
I am just starting a new project. It will be a management system, I decided to implement it using Single Page Application and backend will be available via REST API.

I need to secure my application properly, I have already experience in developing REST API, but this time I had a thought about edge of security.
I wonder where logic for security should be located?

As far as security is part of  my application, business assumes different roles for users, all roles has different privileges. This is not related to REST API, JSP or whatever delivery mechanism is used.

So I think it will be correct to put this security logic between REST API and business logic, not directly in REST API.

Could you suggest how to implement this idea if it makes sense. I am using Spring Framework for building my application.

It should be convenient for use, at best like annotation or something concise, but located in separate layer from REST API layer

I would be grateful for any suggestions.
 
Bartender
Posts: 9494
184
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you looked at Spring Security? It handles a lot of these things for you before your request hits any of your controllers.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!