Protect Services
Learn how to protect services in a Vaadin application based on user roles.
A secure application relies on multiple layers of protection, including both views and application services. Even when your views are protected, you should also protect the application services.
In React-based applications, service protection is the main security layer, as views alone provide no protection.
In Flow-based applications, service protection acts as a safety net, preventing privilege escalation if a view is misconfigured.
The following guides explain how to secure application services and control access based on user roles: