// No cleanup needed because STATELESS means the context dies with the request
String token = header.substring(7); String username = jwtService.extractUsername(token); spring security in action second edition
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities()); // No cleanup needed because STATELESS means the