Security with JWT Token (Spring Security)
Spring Security has always been one of my favourites which I explore often, since the time of xml configuration. This time I tried to implement Security with JWT token using Spring Security module (Java config) and I must say the java config has changed much since the time of XML configuration. Let’s chalk out the high level flow first: 1) User at first will fetch the JWT token from the URL: http://localhost:8080/SpringToken/auth by passing the user id and password in json format in the request body. We will make this URL “permit all” in Spring Security so that Spring does not enforce any authentication or authorization rule for this URL and anonymous authentication is implemented with AnonymousAuthenticationToken. This URL invokes a Handler method which generates JWT token sets it in the Security Context holder and returns it to the client. 2) The client while making subsequent request to access resources need to set the token in the request header named X-Aut