Authentication and authorization in REST Services with Liferay

Question

We are building some services that will be exposed through a RESTful API. Primary customers of this API are Liferay portlets using Angular JS, meaning there are direct calls

Answer 1

I can't uprate someone's answer with my current rating but The answer above is probably the right direction. It sounds like what you need to investigate is something named CORS which provides security with cross site scripting. I'm sorry I don't quite know how it works yet (I'm in the same situation) but this is the main topic of this NSA document on REST

For Spring, try here to start maybe?