we have an application in Spring boot using Spring Security for authorization and authentication of REST API's.
We have a REDIS server running, which along with spring security stores X-AUTH-TOKEN and sends it as a HEADER parameter for 404 RESPONSE to user who executes a /login attempt.
This X-AUTH-TOKEN can then be used as a header parameter to authenticate other REST API's.
The problem here is that user can copy this X-AUTH-TOKEN and use it from another machine and bypass the login credentials on which X-AUTH-TOKEN is generated.
How to disable this security breach in Spring Security token based?
Please help