I plan a more or less social site in CUBA.
The portal portion will be public faced web site, where users can register and use the services after login (messages, mails, galery, etc)
The CUBA general ui portion will be the backend admin site where moderators and admins can administer the site and the public users
The portal portion will be more or less a pure api server, with AngularJS frontend (when the CUBA will have anonymous use pattern maybe we’ll switch over)
How we can protect the API End points? We think about JWT but in spring we can only use JWT with security filters, because Spring security does not support JWT out of the box. Or can be such way the every registered web user will create an sys$user entity? Is that is feasible with several thousands of public user?