Spring Security Token Authentication - RESTful JSON Service

Question

I\'m looking to use Spring Security for a Spring MVC application which will strictly be a JSON web service. I\'ve done some research and read a few articles but haven\'t really

Answer 1

"I want the application to be completely stateless"

I'd reconsider what you're trying to do. There's a reason why you can't find good examples of your solution: You simply can't have an application that's both stateless and secure. Also if you're storing the tokens somewhere, you're not being stateless. Even if you aren't storing the tokens (like using JWT to encode them), you have to protect against CSRF attacks if users will be accessing this in a web browser. If you do go your route, expect to be writing a lot of customized security code (which is a bad thing). See a discussion of this here: https://spring.io/blog/2015/01/12/the-login-page-angular-js-and-spring-security-part-ii