There are two levels of security we can manage: fine-grained and coarse-grained.

When we mention the term coarse-grained in the context of security, we refer to security systems that are generally handled at high levels within the application. The examples in Chapter 2, The Importance of Securing Web Services, in which a user with any role can make use of the services, is a perfect example of coarse-grained because the coarse-grained option is used when the security restrictions give access to users without worrying about roles or more specific features about the authenticated user. This means that in order for the system to allow access to functions, we just verify the user identity; in other words, it authenticates the user. However, it is not enough to have an authenticated user of the application in real life. It will also be necessary that the user is authorized to use certain features. We can achieve this using fine-grained controls. Validating...