At the moment the security is basically non-existent. The user needs to log in to place an order, but as long as you know user's ID you can access any information related to that user (cart, address, credit card info, etc.) without any authentication or authorization at the service level.
We need to enable Helidon Security for various resources that should be protected (user info, carts, etc.) so only logged in user (based on the cookie provided by the front-end service) or admin can access protected operations and data they provide.
At the moment the security is basically non-existent. The user needs to log in to place an order, but as long as you know user's ID you can access any information related to that user (cart, address, credit card info, etc.) without any authentication or authorization at the service level.
We need to enable Helidon Security for various resources that should be protected (user info, carts, etc.) so only logged in user (based on the cookie provided by the front-end service) or admin can access protected operations and data they provide.