Web Browser Security Layer Controller Service Layer DAO Database Web Browser Security Layer Security Layer Controller Service Layer DAO Authentication and Authorization Database Security Layer Authentication and Authorization • “Authentication” is the process of establishing a principal is who they claim to be (a “principal” generally means a user, device or some other system which can perform an action in your application) • “Authorization” refers to the process of deciding whether a principal is allowed to perform an action within your application http://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html Web Browser Controller Security Layer Controller Service Layer Business logic DAO Database Web Browser Service Layer Security Layer Controller Service Layer DAO Services should call DAOs and perform business operations Database Service Layer Services should call DAOs and perform business operations The service layer is there to provide logic to operate on the data sent to and from the DAO and the client Very often these pieces will be bundled together into the same module, and occasionally into the same code, but you'll still see them as distinct logical entities http://softwareengineering.stackexchange.com/questions/220909/service-layer-vs-dao-why-both Services should call DAOs and perform business operations Service Layer User ID Name Email User User ID Address http://softwareengineering.stackexchange.com/questions/220909/service-layer-vs-dao-why-both User ID Name DAO Email Service Layer User User ID DAO Address http://softwareengineering.stackexchange.com/questions/220909/service-layer-vs-dao-why-both Controller Web Browser DAO Data Access Object Security Layer Controller Service Layer DAO Database A data access object (DAO) is an layer that provides an abstract interface to communicate with database Thank you for watching! ... business operations The service layer is there to provide logic to operate on the data sent to and from the DAO and the client Very often these pieces will be bundled together into the same module,... Service Layer DAO Authentication and Authorization Database Security Layer Authentication and Authorization • “Authentication” is the process of establishing a principal is who they claim to be... generally means a user, device or some other system which can perform an action in your application) • “Authorization” refers to the process of deciding whether a principal is allowed to perform