I'm trying to find the standard way to handle user authentication in a RESTful webservice using spring.
i want to allow a LOGGED IN user to access only specific information that applies to him.
i found 2 ways of doing that:
- using
HandlerInterceptorAdapteri can take theHttpServletResponseand from it i can take the session. in the session i can save the user and that way i can know if he's logged in and if i can deliver him the data he's requesting. - i can create tables in my database that'll contain tokens. when a user logs in he'll receive a token. he'll have to provide that token every time he asks for any information.
what is the standard way of doing that ?
thanks !