Hi Dan, This is the tutorial that was missing in 2022. Thanks a lot. I was struggling with those outdated tutorials and dependencies to make a working solution. this saved me lots of time. Looking forward to your next videos.

Wow. Learned a lot of very relevant security implementation in a very smooth and clean fashion and in such a short time.

Great video. This is like the only one guide about this topic that is quite easy to follow and does not break your spirit (I have tried to follow like 2 different videos just to realize half way into 3 hour videos that implementation was changed/got deprecated and I wasted my time).

These videos are so concise and easy to follow, appreciate you.

Thank you so much..I was just working on a project and had a lot of difficulties understanding JWT, I opened youtube and I found your video. How lucky I am!

Straight to the point, no fluff. Looks looks like a bare-minimum implementation.

Thank you for making this tutorial. As you mentioned in the beginning there are so many more complicated ways of doing out there because the are not using what is built in to Spring Security. I unfortunately had used one of those more complicated ways so now I'm going to use what I learned in your tutorial to simplify my project code!

Thank you for this, Dan. I would love to see a follow up video for implementing "Refresh Token" on top of this :) I know people will love it.

Great video! Really helpful to get people started with latest Spring Security stuff and JWT! Few questions/comments though: 1. It would be good if you can extend the github repo and add a branch which shows the symmetric key approach - i guess it would be easy for the Decoder as u mentioned, but would like to see how to change the Encoder 2. Maybe to make it more realistic instead of HttpBasic - it would be good to have a UserNamePassword Authentication where the user calls an endpoint with username/password as body and the token generation happens based on that 3. Building on top of 2), it would be great if this gets connected to a database where hashing + salting is used as this can be used as a starter for real projects 4. Having roles in the example/video would be great Looking forward to your next video Dan!

Just what I needed after struggling with an issue whereby a single user's token expiry invalidates all other users' valid tokens leading to error 403 even for authenticated users. Thanks a lot for this 💯💯

Thanks a lot for this tutorial. I have been stuck in other tutorials for hours.

thank you Dan, this video help me a lot to understand how to generate JWT in Spring. the only one site where I found the explanation with the new version of spring security and works. regards from Colombia

Hello @Dan, it's amazing! Great video. Please keep producing videos regarding Spring Security, I think it's a black hole in the Spring modules. A lot of specific concepts and it deserves good videos with good explanations like yours. Congratulation and thanks for sharing the content.

I am a nodejs and Golang API. I found this tutorial very help for my current work using Spring-boot. One thing about Spring-boot is that, when you use Spring-Boot with higher version some errors like this shows up: This error occurs in the NimbusJwtDecoder.validateJwt method of the org.springframework.security.oauth2.jwt.NimbusJwtDecoder class. The NimbusJwtDecoder class is used to decode JSON Web Tokens (JWTs) and is part of the Spring Security OAuth 2.0 framework.

Great video my start to spring security wouldn't have been great without this. A big salute.

This is a great tutorial. You have a way of explaining complex topics in simple terms. I have subbed to your channel.

finally, an informative tutorial that ACTUALLY uses BUILTIN jwt tools, and not some filters and JwtUtility classes to secure an app

I really appreciated this video. Wishes your channel get bigger n bigger.

Thanks for sharing this. I used your example to solve a problem I was working on and it worked. You are a lifesaver

Amazing, how simple it is when explained by experts. Thanks for the great content. Well explained, with the right level of details to understand without getting overwhelmed. I still have to review the blog post if I am not missing any details. Looking forward for the next video :)

Nice video you just earn a subscriber I actually love the fact you don't define another class just to write another method like other youtubers do

Very good video, if anybody haven't mentioned yet, it would be good to replace inMemory user with UserDetailsService on data base. Additionally securing rest api with roles. Video would be a bit longer than 1hours, but woud cover topic from A to Z

I'm guilty of rolling up my custom solution, pulling in a third party library. Thanks for this video, Dan! Gotta refactor a bit!

Hi Dan, I love the way you explain and it’s much better than a lot of tutorials i have gone through. I have searched in udemy for a springboot course by you but i see it’s outdated. It would be wonderful if you could create a new course or atleast a series of videos of spring topics. Thank you.

finally up to date spring security tutorial :) very good explanation

Thank you Dan. I meant A LOT! Would you consider to create a video for those like me with a title "How to read Spring documentation and connect things together"? Lol. Thanks again!

Hey Dan, New question, obviously us as viewers are following along and just basically copying the code that you write down - but you seem to know exactly what we need and why we need it. Are there any resources you can point me to that could potentially help me understand the architecture of spring security in more detail but also how you learned this to a point where you just know what you need to use? Bit of a loaded question, but i’m keen to learn as much as possible. Right now all it feels like is that i’m copying code from you without truly understanding why we’re doing certain things. Cheers

Hi Dan, can you also please talk about how spring mvc works internally, like dispatcher servlet, how by default exceptions are handled in rest apis etc.

Awesome Dan! Thanks for the rich tutorial

I really enjoyed this video. Thank you for providing such great content.

Great information. I think a simple video will also be helpful which explains how to protect API using Okta or Keycloak since in most situations you don’t write authorization server yourself.

Great tutorial and topic. Really clears things out. Would be great to show next how to update JWT to include user's roles and permissions. And of course looking forward for Spring Authorization server!

Thanks for asymmetric rsakeys knowledge you've shared.

Thanks Dan, really educative content that's very well and clearly presented. Exactly what I was looking for!

Hi! Great video, like all your videos! Especially now that Spring Security 6 is mixed in with older tutorials on the web this is very helpful. A suggestion: this is now already deprecated: ".oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)" and has to be replaced with ".oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults())". Also a question, how do you get this snippet-functionality at 30:00?

U have a nice way to explain, great work!!!

Amazing. I used to secure my smalls projects implementing jwt encoder/decoder with the help of libraries like jjwt directly, as well as overriding filter methods from classes/interfaces such as UsernamePasswordAuthenticationFilter, OncePerRequestFilter. But this way you showed us has simplified it a lot. One more subscriber!

Excellent video! Need to test spring security with Ping Federate.

Thanks for the great video!! It helped me a lot!!!!

Many thanks, Dan. Your content is quite valuable for someone like me harnessing input to get better at building Enterprise grade applications. Merci beaucoup!!!

Wonderful. Very helpful. Thanks for sharing!!

Thank you very much! Greetings from Greece!!!

Thanks for a great tutorial. The article is very useful and helpful.

Thanks for this Dan.

First, thank you for such a comprehensive explanation of the new spring security. I'm going to take minor issue with it because, as with just about every tutorial I've seen for spring boot security, the user logon and Jwt generation is in the same sever as the Jwt consumer for endpoint security. This would never happen in the wild and creates confusion as to which SecurityConfig configurations are needed for each.

Nice tutorial Dan! Thanks a lot.

top quality content. very infomative

Thank you Dan! Great work!

Hi Dan, really a good video. One functionality which could be added is adding refresh token feature, thanks

your outro music is so good

For me as a complete beginner it was so easy to follow. Thanks for this tutorial, it was really helpful.

Hi Dan. Since we're already on Spring Boot 3.2+ would you mind an update video on this matter? Keep up the good work!

Thanks Dan. it was crystal clear

Amazing !!!! Great video, Thanks 👌

Thank you Dan, it's a greate tutorial for beginners. Can you please make a guide about refreshing jwt please.

Thank you for the tutorial

Thanks for sharing about JWT

Thanks for sharing dan !

wonderful tutorial, thank toy very much 😊

That was great! What about video about OAuth2 with Auth/Resource/Client?

Thank you so much for such a great Video Dan, One suggestion I would give is Please try to make video a little more short I know you are videos are so helpful but they can be a little more concise

Great Explanation

Thanks you. Can please explain also keycloak with spring.

Thank you Dan. nicely explained and Really helpful.

Also to use the authorization as a micro service and export it, import it in multiple application across the company portfolio for a aligned one platform!

Everything works great!

Great video! You make it so easy to grasp the concept. A quick question. How would you secure the APIs using JWT if the application is using (username & password) in some cases and also biometrics authentication in other cases.

Thanks a lot, can you create new video for spring boot 3

I super like your video, I have learned a lot form it

Very good take there.

Excellent! Thank you.

Thanks for the video ❤

Thanks, very nice explaind.

You are great man

Great content, really helpful thank you

great tutorial thanks!

Thanks a lot Dan!

thank you so much ❤

thank you very much !!! this is bread and butter even honey. if anybody wondering how to configure http basic to be used only for /token and all other endpoints with bearer check Den Vega -> how to create multiple spring security multiple configuration

Amazing, thanks a lot!

amazing as usual !

Fantastic content! A couple of suggestions request is to extend this video (or create a new one) where you actually secure a couple of REST endpoints using JWTs. Perhaps use the Spring Cloud Config Server to store the keys and the username and password or even better the Hashicorp Vault?

hello great video btw can you do a video on opaque token that are stock in database

Thank you Dan! It is a great video. I wood like if you can provide a video showing how to consume these API from an other Spring boot Web application using Feign client how with JWT (aut he ti cation for the web app is throw the same api )

Perfect video. Thank you, Dan! Like+Sub

Thanks for this video, it is like a revelation for me. But I think it would be better if we used HTTPS instead of HTTP for our endpoint URLs because of the BASIC type login.

Awesome tutorial as always. I have quick one... When using assymetric encryption do we use the private key to encrypt the data or the public key? With the little knowledge I have on encryption, I'm pretty sure we use the public key for encryption and the private key for decryption.

Great Video, keep up the good work

awesome video! subscribed!

a video on keycloak and SSo auth? thank you! good video

Are you able to create another video using the other method you mentioned. Where we do not manually create the keys?

Thank you teacher

Very good your video!!! I have a question for you: since you said that this is the beginning with jwt and not the goal, what other functions can I do with jwt?

Hey Dan, it's amazing, but is there any mechanism in order the user logged out of the system, how we can invalidate the user token?

Great video! Thanks a lot! I just have one question though: In Postman, you use bearer token as authorization type. The dropdown also offers "JWT token". Why did you not choose this option and took "bearer token" instead?

First off awesome video Dan. I have seen no code/logic on the resource server side to validate token. Is this optional on resource server end or its a must.

Hey! Great video! But how did you do to autogenerate code just by typing jwt? Thanks a lot!

hello dan, thanks for such a good content, this topic is complex but thanks to you I have been able to understand it better. I only have a small question, why is it necessary to disable csrf?

Great video! Is there a way to user roles with the currente JWT configuration in this video?

Hello Dan, do you always need to encrypt ? If you care only on integrity and not on confidentiality of the token wouldn't be enough with signing the token (JWS vs JWE) ? Thanks!