Spring Security is a powerful authentication and authorization framework, which will help us to provide a secure application. By using Spring Security, we can keep all of our REST APIs secured and accessible only by authenticated and authorized calls.
Let's look at an example to explain this. Assume you have a library with many books. Authentication will provide a key to enter the library; however, authorization will give you permission to take a book. Without a key, you can't even enter the library. Even though you have a key to the library, you will be allowed to take only a few books.
Spring Security can be applied in many forms, including XML configurations using powerful libraries such as JWT. As most companies use JWT in their security, we will focus more on JWT-based security than simple Spring Security, which can be configured in XML.
JWT tokens are URL-safe and web browser-compatible especially for Single Sign-On ...