I am trying to understand security with MDD.In my scenario, a user
submits a document. I want to ensure that when the document is updated,
the person who updated the document is the one who is updating the
document.My concern: If the submittedByUserID is returned to the client,
a malicious authenticated user can falsify the headers to change the
submittedByUserID.My initial thoughts: I need to have a userServiceImpl
that has a loginUser() method. The loginUser() method sets the user's ID
in the ...