(c) Explain the methods by which access to Spring Boot RESTful Web Service endpoints can be secured from unauthenticated access.
In your answer include the default web security supplied by Spring Boot for testing purposes.
Spring boot can secure REST endpoints using default security or JWT.
By default, adding spring-boot-starter-security enables HTTP Basic authentication, where endpoints are secured and credentials are sent with each request. This approach is stateful and suitable for testing.
In your answer include the method using JSON Web Tokens (JWT)
In production JWT authentication is commonly used. The authenticates once and receives a JSON Web token, which is then sent in the Authorization: Bearer header with each request. The server validates the token and does not maintain session state, making the approach stateless and scalable
What are the three components of a JSON Web Token (JWT), and which component verifies that the token has not been tampered with?
Header, Payload (Claims), and Signature. The Signature verifies that the token has not been tampered with, using a secret key known only to the server
