Securing your backend with a JSON Web Token
In the previous section, we covered how to use basic authentication with a RESTful web service. Basic authentication doesn’t provide a way to handle tokens or manage sessions. When a user logs in, the credentials are sent with each request, which can cause session management challenges and potential security risks. This method is not usable when we develop our own frontend with React, so we are going to use JSON Web Token (JWT) authentication instead (https://jwt.io/). This will also give you an idea of how you can configure Spring Security in more detail.
The other option for securing your RESTful web service is OAuth 2. OAuth2 (https://oauth.net/2/) is the industry standard for authorization and it can be used quite easily in Spring Boot applications. There is a section later on in the chapter that will give you a basic idea about how to use it in your applications.
JWTs are commonly used in RESTful APIs for...