Look through the @RequestScope! As a part of creating a RESTful API for a conversion project, the existing security in place leveraged a deep hierarchy in the object containing users accessing the API via an Angular client.
Read full article on Dzone