Thank for the tutorial. But I don't really agree with your coding style, should be more careful thought. Like the code below, the authentication object should not get from the first place.
protected void doFilterInternal(...) throws ...
var authentication = getAuthentication(request);
var header = request.getHeader(SecurityConstants.TOKEN_HEADER);
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.