Hello, I am a newbie in JavaEE development.
I am just starting a new project. It will be a management system, I decided to implement it using Single Page Application and backend will be available via REST API.
I need to secure my application properly, I have already experience in developing REST API, but this time I had a thought about edge of security.
I wonder where logic for security should be located?
As far as security is part of my application, business assumes different roles for users, all roles has different privileges. This is not related to REST API, JSP or whatever delivery mechanism is used.
So I think it will be correct to put this security logic between REST API and business logic, not directly in REST API.
Could you suggest how to implement this idea if it makes sense. I am using Spring Framework for building my application.
It should be convenient for use, at best like annotation or something concise, but located in separate layer from REST API layer