From a438d0793bd00c3a4c751417d6f01d8171c9f6dd Mon Sep 17 00:00:00 2001
From: svlada <svlada@gmail.com>
Date: Fri, 26 Aug 2016 17:40:37 +0200
Subject: [PATCH] Work on blog.

---
 etc/blog.md | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/etc/blog.md b/etc/blog.md
index b604d6e..0c6a58e 100644
--- a/etc/blog.md
+++ b/etc/blog.md
@@ -447,9 +447,31 @@ public class AjaxAwareAuthenticationFailureHandler implements AuthenticationFail
 }
 ```
 
+### <a name="jwt-authentication" id="jwt-authentication">JWT Authentication</a>
+
+Token based authentication schema's became immensely popular in recent times, as they provide important benefits when compared to sessions/cookies:
+
+1. CORS
+2. No need for CSRF protection
+3. Better integration with mobile
+4. Reduced load on authorization server
+5. No need for distributed session store
+
+In this article we'll explain approach where JWT's are used for token based authentication.
+
+Authentication flow is very simple: 
+
+1. User obtains Refresh and Access tokens by providing credentials to Authorization server
+2. User sends Access token with each request to access protected API resource
+3. Access token is signed and contains user identity(e.g. user id) and authorization claims. It's important to note that authorization claims will be included with Access token.
+
 #### WebSecurityConfig
 
-Extends WebSecurityConfigurerAdapter to configure our custom Security filters.
+WebSecurityConfig class is where all security related configuration reside. 
+
+
+1. AjaxLoginProcessingFilter
+2. JwtTokenAuthenticationProcessingFilter
 
 ```
 @Configuration
@@ -531,11 +553,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 }
 ```
 
-### <a name="jwt-authentication" id="jwt-authentication">JWT Authentication</a>
-
-
-
-
 
 ### Conclusion