The following image shows the generation of a JWT token when a "human" authenticates himself which is shown in the body. In one of the screenshots below I show the code that displays the jwt not only in the headers but also body.
Roles and Authorities
As seen in one of the images below only those who are teachers can "delete". The "toby" guy is a "teacher" and hence can delete.
Unlike Jmort who does not have the same authority and hence gets the 403 forbidden error
General idea:
Details:
First Test Result:
JWT token generation
The following image shows the generation of a JWT token when a "human" authenticates himself which is shown in the body. In one of the screenshots below I show the code that displays the jwt not only in the headers but also body.
Roles and Authorities
As seen in one of the images below only those who are teachers can "delete". The "toby" guy is a "teacher" and hence can delete.
Unlike Jmort who does not have the same authority and hence gets the 403 forbidden error
Security the makes it work -