KC Tech

This week at work, I've been working on migrating our application to containers to shift to the cloud. We decided a good point to start would be with the Access Control application which takes care of the authentication and authorization of users to our application. Since we're a Java/Spring Boot shop, this was built upon Spring Security which led to down the rabbit hole of investigating/learning how Spring Security works and this blog page summarizes my learning. A lot of the information in this book has been taken from [1] and I highly recommend the resource to learn in-detail about Spring Security! Introduction Before we dive into Spring Security, we need to understand the difference between Authentication and Authorization. Authentication is proving who you say you are; the most common way this is done is with a username and a password. Authorization on the other hand is about what services/pages you have access to following the authentication process, this is usually hand...