Help with REST Services consumes by another app

Hi, I’m trying to implement the REST API with assured and glassfish, where I can successfully make a GET and POST.
Is it correct to use the user and password from hard code?.
I´ve noticed that the user should be in administrator group to used successfully the rest services, but I don´t now how validate roles and permissions from my app. Do you have any suggestion?

nope but roles and permissions are the same from the gui