specific user data using Spring 3 REST

I'm trying to find the standard way to handle user authentication in a RESTful webservice using spring.

i want to allow a LOGGED IN user to access only specific information that applies to him.

i found 2 ways of doing that:

1. using HandlerInterceptorAdapter i can take the HttpServletResponse and from it i can take the session. in the session i can save the user 开发者_如何学Cand that way i can know if he's logged in and if i can deliver him the data he's requesting.
2. i can create tables in my database that'll contain tokens. when a user logs in he'll receive a token. he'll have to provide that token every time he asks for any information.

what is the standard way of doing that ?

thanks !

You should look at Spring Security