Newsler Project uses Spring Security and JWT (JSON Web Tokens) for authentication and authorization. Spring Security is a powerful and customizable framework that provides a wide range of security features, while JWT is a widely-used standard for securely transmitting information between parties as a JSON object.

In Newsler Project, users can authenticate themselves using email and password. Upon successful authentication, the server generates a JWT token that is sent back to the client. This token is then included in the header of subsequent requests to authenticate the user.

For now authorization is turned off. We base fully on JWT (it is temporal!) and we are aware that makes our app vulnerable :(

The JWT token is used to authenticate users and authorize their actions. It is generated by the server upon successful authentication and contains information about the user, including their roles. The token is then sent to the client, where it is stored and included in the header of subsequent requests.

The token contains three parts: a header, a payload, and a signature. The header and payload are encoded as base64 strings and separated by a period (.). The signature is generated using a secret key and is used to verify the authenticity of the token.

The security configuration in Newsler Project is done using Java configuration files. The security configuration file defines the authentication and authorization settings, as well as the endpoints that are secured.

• Authentication Manager - this manages the authentication process and is responsible for verifying user credentials.
• User Details Service - this provides user details, including their roles and permissions.
• JWT Filter - this checks the incoming request headers for a valid JWT token and extracts the user details from the token.
• Security Config - this defines the security settings for the application, including the secured endpoints and the allowed roles.

Using Spring Security and JWT provides several benefits for Newsler Project, including:

• Secure authentication and authorization - by using industry-standard security protocols, the application is protected against unauthorized access and attacks.
• Flexibility - Spring Security is highly customizable, allowing the application to be tailored to the specific needs of its users.
• Scalability - by separating the authentication and authorization logic from the application's core business logic, it is easier to scale the application by adding or modifying security configurations.
• Overall, the combination of Spring Security and JWT provides a secure and flexible foundation for Newsler Project, allowing it to protect user data and control access to sensitive information.