So you've heard about this fabulous JWT and want to implement it into your Spring application? Good, let's see how can be done.
Suppose you have your fancy authentication all up and running with Spring Security, but you have to manage also authorization. You don't want to handle permissions based only on the authorities granted to the user, but want something like hasPermission('some_domain', 'permission') to check. This is where the Spring PermissionEvaluator comes into play.
Let's say you have to secure your REST API, but can't or don't want to use a secure connection (why u no use SSL/TLS!?!?), what you can do is implementing a HMAC mechanism to handle authentication.