1
1
.
.
1
1
.
.
1
1
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
I
I
n
n
f
f
o
o
Authentication answers question: "Who are you?" => By using Credentials: Username, Password, Temporary Code
Authentication concerns itself with how to
● define Users (application.properties, Class, Database)
● enable Users to provide their Credentials (Login form, Authentication Header)
Authentication can be
● Database Authentication if Users are defined in DB
● In-memory Authentication if Users are defined in Application
○ Default User and autogenerated Password user/506e6f00-2b11-4036-96d6-74633e94da2d
○ Single User defined in application.authorities spring.security.user.name / password / roles
○ Multiple Users defined in SecurityConfig Class .username("myuser").password("mypass").roles("ADMIN")
After User gets Authenticated, User Object is created to hold User data (Username, Password, Authorities).
This User Object is then used to Authorize access to different Endpoints based on User's Authorities (Roles).
