In simple applications, authentication might be enough – as soon as a user authenticates (confirms their identity), they can access any part of the application. However, in some situations, not all authenticated users should be granted access to some app resources. Authorization is the process during which the system decides if an authenticated client has permission to access the requested resource. Authorization always happens after authentication.

Spring Security Crypto

When developing a backend application, you must know how to store user information in the database in a secure manner. It doesn’t matter whether you are a freelancer or a multi-billion dollar corporation — you need to assume that somebody may one day break into your database. You are always exposed to the risks of a hacker attack from the outside or a data leak…