So I want to make a bank spring rest api, which after the user logs in, their details will be available for frontend to use.

I am really confused on how to structure this program as I want it so that the front end which consumes the api retrieves your data.

I know how to implement the controllers etc, however when implementing spring security, would I have all the fields including balance, transaction count, creation date etc in the User class which spring security uses for login, or would I have it in a separate DTO class.

I've done some research on Baeldungs website but I'm still really confused for my use case.

Im new to Spring REST, any advice would be appreciated

CodePudding user response：

I believe there should be clear separation between domain model and data model. If your application demands that for each transaction that may be initiated from the front end, balance, transaction count needs to be used, then you can put these details in your Authentication object. But in case they don't, please go ahead with minimum set of attributes that are absolutely requried for each transaction - userId / bankId / clientId.

With this sorted out, your application can send a GET /user request on front end application initialization where you can pull all details that are required at front end.

TLDR: Store attributes that are required in each request and which should never come from user - logged in user id - in SecurityContext as these end up in Session object. For everything else, you can trigger a GET request to fetch and cache it on your front end application.