Code - github.com/ali-bouali/spring-boot-3-jwt-security 👉🏿 Subscribe to @BoualiAli channel - www.youtube.com/@BoualiAli

Table of content 00:00 Intro 01:55 How JWT security works 07:26Create a new spring boot 3.0 project 09:28 Add Data source 12:28 Connect to the database 17:12 Create user class 20:05 Transform the User to an entity 25:22 Extend the user to UserDeatils object 33:32 Create the user repository 35:50 Create the JWT authentication filter 40:58 Checking the JWT token 44:32 Create the JWT service 47:56 Add the JJWT dependencies 49:59 What is a JWT token 53:06 Extract claims from JWT 55:23 Implement the getSignInKey method 01:00:07 Extract a single claim from JWT 01:01:51 Extract the username from the token 01:02:52 Generate the JWT token 01:08:15 Check if the token is valid 01:11:22 Check the user existence in the database (JwtAuthFilter) 01:15:13 Implement the UserDetailsService 01:19:38 Update the SecurityContextHolder and finalise the filter 01:23:53 Add the security configuration 01:32:51 Create the authentication provider bean 01:36:41 Create the authentication manager bean 01:38:14 Create the authentication controller 01:40:55 Create the authentication response class 01:41:47 Create the register request object 01:42:50 Create the authentication request class 01:43:22 Create the authentication service 01:45:37 Implement the register method 01:49:28 Implement the authenticate method 01:52:17 Update the security configuration whitelist 01:53:35 Create a demo controller 01:54:55 Test the changes

I watch alot of your videos but the long ones I have never stuck to this one I stuck though the whole video and followed along every step of the way and understood everything I am so glad you done it as I followed ur example now going to be able to implement it in my own project!

Absolutely what I've been looking for. Just the right amount of high level explainations for someone who's just getting into Spring. Thank you for the amazing content.

Assalomy aleykum. I'm from Kyrgyzstan and I'm sixteen. Currently I'm learning Java backend, this is the 6th month. I started watching your videos 4th months ago. And at the time we were learning Spring Boot + Security+JWT your videos are really useful and at the latest version so I appreciate you and your videos. Keep going. Good luck.

Yesterday, I watched your previous video about Spring Security and realized that some functions are deprecated in the latest Spring Security. And I'm astonished that you uploaded an updated video today. I'm planning to build a blog website for my own and review Spring Security as well, so this video is excellent for many other developers who love Spring and for me. Keep up your great job, and wish you much luck. Happy new year🤩!

I just started watching you, but I'm already glad I'm doing it with your style of lessons, it's awesome! Thank you so much! Hello from Ukraine!

This tutorial is the one I have been looking for. I spent hours looking for a way to implement spring security, however, most of the spring security tutorials that I found are outdated. Luckily, I stumble on this amazing work, my man here explained everything in depth and comprehensible. Thanks for the tutorial and keep up the good work!!

This course is awesome, thank you. More detailed and clearer than the previous one.

I was almost giving up on understanding Spring Security but now I feel like I have an eagle's eye view of what's what based on this and a number of other tutorials from other channels. Keep doing the good work.

Great tutorial. To the point and everything is explained. Easy to follow. Great job!!

I could tell this channel would be a good one to add after watching just one of your videos last year. You make your videos around more niche but interesting (advanced) topics but do so in a way that feels more like you’re hearing it explained by a friend rather than finding yourself lost in abstractions or just bored by the nitty gritty details. Look forward to all the interesting topics that I’m sure will be coming up. Cheers man!

You never disappoint. Of all spring security tutorials this is the one that make sense for me. Also, usage of lombok and an actual database (not in-memory one) is a plus.

Absolutely perfect lecture for Spring boot 3.0+ and Spring Security 5 with JWT. I am non-native english speaker, but My teacher who called Amigoscode teach me SOOOOO kindly. P.E.R.F.E.C.T Thanks to your lec, I will lean more about Spring Echo system.

I watched this video when it was released 10 months ago, and I didn't quite understand the concept, but watching it again 10 months later and understanding a lot more than last time makes me think I'm doing great progress! Thank you for the amazing content, keep up the good work!

You're amazing dude! You saved my diploma project with your work. Everything worked on the first try and taking the time to update this guide is just... great of you. If you are ever in Sofia let me buy you a beer. :D

Прекрасное и внятное объяснение данной темы! Огромная благодарность автору👍👍👍

Hey AmigosCode, I congratulate you for this tutorial, for those who see the negative side of the Internet, this is a sign of generosity, and we must be grateful for that, thanks and regards!!!

Such a helpful, important video. Just got new into creating websites with Spring and it's such the best video seen so far! Can really recommend it to everyone.

This is an amazing course. It helped me to crack the interview. Thank you so much!

First of all, thank you so much for the hard work and commitment in doing this video. I would like to know if you have another video using angular to consume this backend api with roles and permissions especially

This is unique, definitely what I was looking for, I appreciate the time you spend doing this course

Thanks for the Video and Ali Bouali for the repo!

"But there is one extra step we need to do. Easy peeezzy" ..😅 I just finished watching and implementing this. Feels like i just got back from the gym. Learn from the experts . Awesome tutorial. Keep up the good work.

Hi Ali, I found your tutorial very useful and using this I was able to add JWT to my project. I would like to know how can I write test cases for this code, could you make a tutorial regarding the same. Thanks again !

Quality content. Thank you very much! Your channel is one of the best on KZbin for learning Java and Spring.

I was so thankful for this video literally I was struggling with jwt you made everything crisp and clear💯

In the JwtAuthenticationFilter class, changing "Authentication" to "Authorization" in the line "final String authHeader = request.getHeader("Authentication")" is necessary for proper functioning of the DemoController class. Original code: final String authHeader = request.getHeader("Authentication"); Corrected code: final String authHeader = request.getHeader("Authorization");

Great video! It was very helpful. Works like a charm. Is there also a updated version of creating refresh tokens?

Really clear tutorial! Showing the architecture and explaining how the JWT validation mechanism works helped understanding the implementation!

I'm so happy for this notification 😍 I was waiting for this.

Hi alibou, can you make the frontend part of your JWT code, with react or angular, preferably react, your tutorial was very helpful to me, but i would like a frontend to understand it better

Thanks for the video. It would be appreciated if various authentication-related functions such as reset password, find password, and authentication activation using e-mail were also performed.

An amazing tutorial! A definite must see for those who need to learn how authentication/authorization works in spring boot!

The length of the different steps through it and the calm, exactly explanation was very helpful and make a lot of fun...thanks a lot...

Thank you very much for sharing your knowledge with all of us. I wanted to ask you if you have any video in which you link everything you shared here, but including Swagger? I ask you why I was testing your code but if I try to add swagger to it, it always returns 403 because JwtAuthenticationFilter is executed and automatically if you don't have the required headers, it doesn't let you continue, so in the case of swagger is it really necessary to do that filter?

Hi, this is a great course and I just need a small help. The url for the encryption key generator which you've specificied in this video isn't accessible. Can you please provide any other link? Thanks in advance :)

Thanks for this awesome video. Just in time, as i was trying to figure out Spring Security for my app and was kind of lost between different tutorials. Cannot wait for video on how to get frontend right for this app. Cheers 🤗

Many thanks, this awesome video helped me fix a problem I've been having with spring security for over a week. You guys are amazing!!!

Great course.. But I would love it more if you have implemented the refresh token and blacklisting the previous one

I really like the tutorial in general! I do have one point of constructive criticism on it: JWT was created with the intent that you can check the validity of your token without persisting it. It should be along the lines of: - You create the token, which contains a small amount of information about the user it belongs to - Token gets send with future requests - When authenticating the token, you decrypt the payload and check if the information in the token is valid, by checking it against the original user in your db it was created for You might have confused the standard token with the refresh token from JWT, which should be persisted in the DB. If you are just going to persist the tokens in the DB, you might as wel create some general token system without JWT. But aside from that, I do think the tutorial is great!

Free top class content! Thanks Nelson and Bouali!

Thanks Nelson, I was waiting for this course

Thanks, this video is really cool and usefult! But one moment is a littble bit unclear: what will we need to do when token expires?

Mashaalloh brother, my long-awaited lesson 👍

I'm a new Java developer and I find the JWT implementation so confusing and complicated but, this video makes it much simpler to understand and implement. Thanks Amigo.

I would like to take the time to thank you and say that I appreciate you for your content. It's wholesome and helps me a lot!

Awesome content. So glad you did the explanation at the end with postman.

Hi @amigoscode & @boualiali I love your content on Spring security 6. Also please can you update some code or provide some resources for logout functionality. As you guys are implanting only authenticate and sign in

32:00 Well.. What if I want users to have multiple roles? I save my roles in a database (as part of making them dynamic, so I can make more roles if I need to, after deploying the app), and the connection between User and Role is ManyToMany. I think by default that is the desired implementation of roles. How can I make my example work with this getAuthorities method? (Also notice, getAuthorities is plural, meaning it's expected to have multiple authorities)

man your understanding of java is just awesome I love your content!!!

Love from India sir, Your way of delivering the concepts is absolutely marvelous. You made this complex topic a cakewalk. Lots of appreciations for your effort.❤❤❤

Thank you for the lesson! How to make the same theme idea?

Great tutorial video, thank you. However, in the securityFilterChain(HttpSecurity http) method of the SecurityConfiguration class, some methods of the HttpSecurity object have been @Deprecated(since = "6.1", forRemoval = true). I would be very happy if you could do a refactor work on this.

Thank you for the tutorial. All this stuff with spring security is looking much more complicated than in express framework for node js

Awesome video! I had to implement Spring Security in an application at my company without prior knowledge and I was able to do that in less than 2 days by using your video as a reference.

🎯 Key Takeaways for quick navigation: 00:00 🚀 *This video covers JWT authentication and authorization in Spring Boot 3.0 using Spring Security 6 and Postgres.* 00:54 🛡️ *Understanding Spring Security and JWT is crucial for securing APIs; the tutorial emphasizes their importance.* 01:29 🌐 *Source code for the implementation is available in the video description, enabling viewers to follow along and apply the concepts.* 03:37 🔒 *The JWT authentication mechanism involves an internal check, user details service call, and validation process based on the user's email extracted from the token.* 07:11 🛠️ *The tutorial guides through the implementation steps, including creating a Spring Boot project, configuring a Postgres database, and setting up the data source.* 28:33 🚀 *Spring Security 6 and Spring Boot 3.0 allow for customization of user details handling, including roles and authentication settings.* 29:02 🛡️ *Implementing user details involves overriding methods, and you can choose to extend the Spring Boot user class or create your own class.* 30:22 📝 *When dealing with roles, creating an enum and using `SimpleGrantedAuthority` simplifies the process, especially when users have a single role.* 37:24 🗝️ *Implementing JWT authentication involves creating a filter by extending `OncePerRequestFilter` and extracting the JWT token from the request header.* 47:03 🔑 *Understanding JWT structure: JWT tokens have three parts - header, payload, and signature; claims in the payload include registered, public, and private claims.* 56:44 🔐 *In JWT, a signing key is a secret used to digitally sign the token, ensuring the sender's authenticity and message integrity.* 57:36 🛠️ *The signing key, along with the algorithm specified in the JWT header, creates the signature. Key size and algorithm depend on security requirements.* 58:23 🧰 *To generate a signing key for JWT, online tools like keysgenerator.com can be used, with a minimum size of 256 bits for security.* 01:00:20 🤖 *Implementing `getSigningKey` method using the JJWT library involves decoding the secret key and creating an HmacSHA256 key for verification.* 01:04:32 🚀 *Implementing a method to generate JWT involves setting claims, subject, issue date, expiration date, and signing with a key and algorithm.* 01:26:41 🛠️ *Spring Security Configuration: Implementing security configuration in a Spring Boot 3.0 application involves creating a class annotated with `@Configuration` and `@EnableWebSecurity`, with a method that returns a `SecurityFilterChain` responsible for configuring HTTP security.* 01:29:17 🚦 *Whitelisting URLs: To implement whitelisting, where certain endpoints do not require authentication, configure security to permit specific requests and authenticate all others. This is achieved by specifying a list of patterns for permitted requests.* 01:31:34 🔐 *Stateless Session Management: Ensure stateless session management by configuring the session creation policy as `SessionCreationPolicy.STATELESS`. This ensures that the session remains stateless, and each request is authenticated independently.* 01:32:51 🔄 *Chaining Filters: Add a JWT authentication filter before the `UsernamePasswordAuthenticationFilter` to execute it before the default authentication filter. This ensures that JWT authentication is performed before checking username and password.* 01:41:10 ⚙️ *Controller and Endpoints: Implement authentication and registration endpoints in a controller class (`AuthenticationController`). Secure the endpoints by specifying them in the security configuration to ensure proper access control.* 01:58:47 🚧 *Secured Endpoint: Demonstrates accessing a secured endpoint (`/API/V1/democontroller`) without authorization results in a 403 Forbidden response.* 02:00:11 🔄 *Authentication Process: Shows the authentication process, indicating that attempting to authenticate a non-existing user results in a 403 Forbidden response.* 02:00:58 ✅ *Successful Registration: After registering a new user (`alibu` with email `alibu@atme.com` and password `1234`), successfully generates a JWT token as a response.* 02:01:49 📅 *JWT Token Payload: Examines the payload of the generated JWT token, including information such as the subject (user email), creation date, and expiration date.* 02:02:42 🔐 *Authentication with Correct Password: Illustrates successful authentication with the correct password, generating a JWT token as a response.* Made with HARPA AI

even for register endpoint status is showing forbidden please help!

Amazing video, you explained it all very well. Thanks for making a Spring Security video with an updated version😁

Hi there. I really appreciate your effort in doing this valuable course on Spring Security. Even though I consider you have not considered validating if the user already exists to avoid registering the same user more than once. Thanks so much Ali!!

Thanks for the video. However, it is very sad that spring security does not provide us a built in feature to deal with jwt, and expect us to manually include 3 jwt-related external dependencies (with the version included). Hopefully in future, there is a spring boot starter that include these 3 dependencies, and appear in spring initializer website. Also hopefully spring security has built-in feature to automatically generate jwt for us and function to extract claim , without us having to write ourselves.

how come I am getting a 403 error even after following the tut?

I can not tell how much I appreciate your content! Keep up the good work!

Great explanation, had to go through it twice but at the end understood it completely... Thank you

bro why is this shit so complicated, I do auth in Nodejs in 20 minutes tops with two packages (jwt and bcrypt) . get email/username -> compare password to hashed password in DB -> give token. get token -> verify token against secret key -> get user id/email/username from payload. How hard is that??!!! why do I need a bunch of things in Spring boot.

Perfect lesson! Thank you very much

The best tutorial of Spring Security. Thank's my friend!!

At 1:20:21, when I have the line " private final UserRepository repository;", I get this error: "The blank final field repository may not have been initialized" However, it is not showing up on your screen. Why is this?

Anyone else got the problem of constantly getting 403 when trying to access the demo-controller after generating the token. Token is looking good to me. Debugger shows he passes the JWT Filter and sets the authentication. Even failed using your cloned repo.

You are the best man, Ive been writing frontend for a year, this accelerated my java skill 100%

Original video: kzbin.info/www/bejne/eIfHgmafqtSpnZI

For those of you who have issues with deprecated methods, downgrade your spring version to 3.0.5 for this example to work.

thank you very much for such a detailed guide! I thought it was impossible to find guides with the usage of recommended classes and methods until I found this video

First comment of ever on youtube, but that course is just excellent. I have never had such a clear course in my training center.

The explanation of how JWT auth works is not correct. If for every request the DB is going to be accessed, the point of JWT is lost.

I'll be honest, I hated the previous video for the audio lags and all that. But this one is pure gold! Damn, you have redeemed yourself😏

thanks for your effort in this course. well explained and structured.

Wow! Thank you very much. May Allah repay you a hundredfold for the satisfaction I had after I finished listening to the video

Thank you so much, i've done my first part of whole project base on your video.

Thank a lot Ali and Nelson. Impation to see the next one about refresh token Good job guys ☝

What a tutorial 5/5!!! Bravo!

wow, I'm waiting for this , thank you Amigoscode

Crystal clear. Works like a charm!

Thank you ! I`m try to realize this 2 weeks before i find you ! Love!

Thanks a lot for such wonderful content!! It is very helpful

Best tutorial for spring boot 3 JWT, and I got everything running fine on first attempt, thanks for the share

This course is awesome, I learn a lot!

I've watched this tutorial from start to end. Thank you for this video ❤

Thank you for so kindly and useful lesson!

Thank you, a lot, it`s the best, clear and awesome guide i have ever seen😍

Thank you very much !! You work is really helpful, interesting and unique!! I learned a lot!

BoualiAli is explaining so good. It is really easy to follow him. Very good work. Thanks for this Video :)

This content is amazing..keep up the good work

Thank you for uploading this Video on JWT

Thank you. You have do a great job. thanks for your time.

I was in class and my teacher said that she "loves you" because you helped her with the content of her class

Oh thank you! I spended a lot of time searching the manner of create my authentication service in Spring Boot, is incredible how fast it changes this tecnology, absoluting all librarys are deprecated.

Awesome course... Thank you. Need more related to JWT .

You rock, awesome masterclass, thank you very much!

This video is really good and helped me a lot! Thanks!