- Annotations -> No need to create instances of classes manually like in a normal format. The Spring framework with its annotations handles it automatically.
- Beans -> Used for dependency injection, along with annotations.
-
Email and Password -> We cannot store plain passwords in the database. If hacked, a hacker can get everything. Instead, we store the email and hashed password.
- Hashed Password: A word can be hashed into a string. The same word will always hash to the same string, allowing us to match passwords, but we cannot get back the original string from a hashed string. Even if a hacker gets the hashed password, they cannot recover the original password.
-
Bcrypt -> The library used for hashing passwords.
-
JWT Token (JSON Web Token) contains 3 parts:
- Header -> Algorithm & token type (e.g.,
"alg": "HS256", "typ": "JWT") - Payload (claims) -> Actual data (user info, expiry, etc.). Claims are the data fields inside the payload.
- Signature -> Secret key (proof that the token was created by your server)
- Header -> Algorithm & token type (e.g.,
- In backend systems, state means the server remembers something about the client between requests.
- Stateful -> The server stores information (state) about a user’s session after they log in.
- Stateless -> The server does not remember anything between requests — every request is self-contained and must prove the user’s identity again (usually via a token).