This week's book giveaway is in the iOS forum.
We're giving away four copies of Classic Computer Science Problems in Swift and have David Kopec on-line!
See this thread for details.
Win a copy of Classic Computer Science Problems in Swift this week in the iOS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Application security, cross cutting concerns, REST API, JSP, Spring  RSS feed

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello, I am a newbie in JavaEE development.
I am just starting a new project. It will be a management system, I decided to implement it using Single Page Application and backend will be available via REST API.

I need to secure my application properly, I have already experience in developing REST API, but this time I had a thought about edge of security.
I wonder where logic for security should be located?

As far as security is part of  my application, business assumes different roles for users, all roles has different privileges. This is not related to REST API, JSP or whatever delivery mechanism is used.

So I think it will be correct to put this security logic between REST API and business logic, not directly in REST API.

Could you suggest how to implement this idea if it makes sense. I am using Spring Framework for building my application.

It should be convenient for use, at best like annotation or something concise, but located in separate layer from REST API layer

I would be grateful for any suggestions.
 
Saloon Keeper
Posts: 8730
162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you looked at Spring Security? It handles a lot of these things for you before your request hits any of your controllers.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!