83a0f7275c
Replaced the ApiKey concept with ephemeral tokens. Users and apps obtain a token by authenticating the user credentials (to be implemented). The service then generates a temporary token that is stored by the client and sent with every request using the `Authorization-Token` header. The server verifies this token to recognize and authenticate the request. With an authenticated user, the server can use the user's role to authorize requests. This implementation uses JSR 250 SecurityContext and security annotations.
4 lines
71 B
Java
4 lines
71 B
Java
package com.jdbernard.nlsongs.model;
|
|
|
|
public enum Role { admin, user }
|