COUPON Code: *EARLYBIRD20* => Spring Data J PA course: aliboucoding.com/p/the-full-guide-to-master-spring-boot-data-jpa
@michealjohn5288 Жыл бұрын
He is the best Teacher on spring security. i will recommend you anytime and anywhere
@BoualiAli Жыл бұрын
Thank you 🙏. Really appreciate that
@mfarooqwasi10 ай бұрын
Great teacher with clear voice and content, making the life easier for the spring boot developers, great contribution and highly appreciated. Thank you so much 🥰
@saqib-fi4bd7 ай бұрын
Thank you so much for these updated videos. You have no idea how frustrated I got due to the out dated ones when working with Spring boot 3. you're helping me in both my full time job and in my freelance projects especially when it came to security of APIs. Bundle of Thanks
@BoualiAli7 ай бұрын
Glad I could help!
@khanghoang32893 ай бұрын
Thanks for this lecture. With this lecture, I can understand how JWT and Spring Security combines together in order to build the security's structure in Spring Boot. Finally, you are the best teachers, you are a lifesaver with me
@Michaeljamieson10 Жыл бұрын
These are amazing! Refresh tokens would be very useful !
@BoualiAli Жыл бұрын
Thanks. I will create a video about that fir sure
@flyh21c Жыл бұрын
You are the best! Thanks a lot! Mentions every side of the JWT. Basics, logout, refresh token, password change etc...
@BoualiAli Жыл бұрын
Happy you liked it!
@FilipPolitowski9 ай бұрын
This is the best video about Spring Security and JWT. Thanks a lot for this lesson, it helped me incredibly :)
@infinity24719 ай бұрын
¡Gracias!
@BoualiAli9 ай бұрын
Thank you so much for the support. This is so generous from you.
@MarkSatin1 Жыл бұрын
Thank you so much for this and your other Spring Security videos! You break down overwhelming concepts into clear smaller pieces so easily. I learned so much from just going through a couple of your videos. Looking forward to watching more!
@BoualiAli Жыл бұрын
Glad you like them! This motivates me
@erictchindje9765Ай бұрын
Thanks you sir. You explain the hight concept in the simple and amazing way.
@choooaround8 ай бұрын
Thanks, your video goes at a very good pace with clear explanations. Apart from a couple of deprecated codes, it was great. Thanks for your help!
@BoualiAli8 ай бұрын
deprecations are inevitable. I always release new videos for the updates. check the playlists or search in the channel
@yosr. Жыл бұрын
tbarkallah 3la weld bledi thank you so much Ali you're a lifesaver
@BoualiAli Жыл бұрын
Thank youu 🙏 My pleasure
@mohammadobeidat5685 Жыл бұрын
Mashallah, thank you my brother for the clear step-by-step tutorial. Keep it up!
@BoualiAli Жыл бұрын
My pleasure!
@AmineCch2t Жыл бұрын
Hi from Morocco, ur spring security tutorial are perfect, thank you for ur help.
@BoualiAli Жыл бұрын
Glad you like them!
@aziztolearn Жыл бұрын
Excellent videos and playlist! 👍👍👍👍
@vadimsirenko6966 Жыл бұрын
Hello from Russia, man. Thanks for your very helpful videos.
@BoualiAli Жыл бұрын
Greetings from Tunisia 🇹🇳 Happy you like my content
@HYR0720 Жыл бұрын
You are so wonderful! you teaching is very easy to understand. I watched your video 4 about spring security and i added more to watch them later!
@BoualiAli Жыл бұрын
Really happy you liked it
@errahulrajocjp11 ай бұрын
you have saved the IT Industry, Sir!!
@BoualiAli8 ай бұрын
Glad you liked it!
@sharathkumar2018 Жыл бұрын
A lot of videos out there which rarely explain about logout! thanks a lot for this amazing video 🙏
@BoualiAli Жыл бұрын
Happy you loved it 😊
@MohitSharma-uq2vm3 ай бұрын
You saved me from my boss's anger.thankyou very much🙏
@BoualiAli3 ай бұрын
Most welcome 😊
@anirudh51410 ай бұрын
Thank you so much, very well explained!
@mukhammadnajimov844010 ай бұрын
That's soo coool, that you provide such really helpful videos and contents Thank you so much Sir
@BoualiAli8 ай бұрын
Glad you like them!
@mohamednaitmoussa2600 Жыл бұрын
the best one teaching spring 🔥🔥
@BoualiAli Жыл бұрын
Wow, thanks!
@meetsamseen Жыл бұрын
Awesome tutorial man! 48:20 was spot on, you got me right there.
@BoualiAli Жыл бұрын
Awesome, thank you!
@ismailforeveryone6889 Жыл бұрын
Amazing please keep going this topic of security is very rare, specially with this updates of spring security 6
@BoualiAli Жыл бұрын
Thank you, I will
@ismailforeveryone6889 Жыл бұрын
@@BoualiAli Thank you so much Mr
@devynlab Жыл бұрын
Just finished watching the previous video implementing JWT, and adding this on top of that I've learnt a lot. Super thanks man 🔥.
@BoualiAli Жыл бұрын
Happy to know that. Happy you liked it
@pateldharmesh1361 Жыл бұрын
It really cool and superb content.
@BoualiAli Жыл бұрын
Happy you liked it!
@serdarsen6099 Жыл бұрын
Thank you so much for this and your other Spring Security videos! Your work is truly wonderful; please keep it up!
@BoualiAli Жыл бұрын
Thank you! Will do!
@mouradeljayi584 Жыл бұрын
Amazing, Thank you and please keep uploading videos like this cause we really learn a lot from you .
@BoualiAli Жыл бұрын
Thanks 🙏 I will absolutely continue uploading. You’re my source of motivation
@behzadfazelasl9581 Жыл бұрын
Very useful and clear explanation. Thanks Ali
@BoualiAli Жыл бұрын
Glad it was helpful!
@mrpipiskin4 Жыл бұрын
Thaks for your job. These guides save a lot of time for beginners
@BoualiAli Жыл бұрын
Happy you liked it
@dipak-t6v Жыл бұрын
wonderfull !!! what a enrgy sir. Appriciated....
@BoualiAli11 ай бұрын
So nice of you
@kdvamja Жыл бұрын
Such amazing and useful content and a better way to explain it in an easy way. We love your work and efforts. Thank you for such amazing content like this ❤.
@BoualiAli Жыл бұрын
Happy you liked it
@sandeepkumar-yz6lw Жыл бұрын
Thankyou Sir for sharing your knowledge.
@BoualiAli Жыл бұрын
My pleasure
@nuhali4729 Жыл бұрын
Thanks for this video Ali !
@BoualiAli Жыл бұрын
My pleasure
@shraddhaparajuli7531 Жыл бұрын
Applause to your effort. Need to say this video is really informative and helped me extremely for implementing logout with jwt tokens. It would be really helpful if you could start a youtube series on implementing the microservices with all the features provided by spring cloud.
@BoualiAli Жыл бұрын
I already started preparing for such course. Preparation take really long time
@erichhc9698 Жыл бұрын
excellent Ali, I don't miss any video I learn a lot from you 😎
@BoualiAli Жыл бұрын
Happy to know that. This motivates me
@QSC3Ай бұрын
best video out there, shoutout to u
@bogdanjovanovic27378 ай бұрын
16:50 The query will return the tokens for the user that are either not expired or not revoked which means that will include tokens that are expired but not revoked, as well as tokens that are revoked but not expired. Was that the intention or we should return tokens that are neither expired nor revoked? For example instead of: ``` where u.id =:userId and (t.expired = false or t.revoked = false) ``` We can return non-expired and non-revoked tokens: ``` where u.id = :userId and t.expired = false and t.revoked = false ```
@arohawrami8132 Жыл бұрын
Thanks a lot Bouali. It was very beneficial as always. I really admire your high quality work and please continue creating more content.
@BoualiAli Жыл бұрын
Happy you liked it
@arohawrami8132 Жыл бұрын
@@BoualiAli Thank you Ali
@DurgeshChaubey-o2k Жыл бұрын
Thank you so much loved the video. I was stuck and looking for a resource. It helped me alot. Love from India
@BoualiAli Жыл бұрын
Happy to have you here. Happy you like my content
@amirkenesbay1615 Жыл бұрын
Wow broooo u r amazing. This tutorial helped me to solve my problem in my project))
@BoualiAli Жыл бұрын
Happy to know that bro.
@soukainaj5 ай бұрын
Thank you for the amazing tutorial
@lowCostCoder9 ай бұрын
it was really a great tutorial. Thanks for sharing your knowledge with us
@osekagorska2330 Жыл бұрын
Well done, keep up the amazing work!
@BoualiAli Жыл бұрын
Thanks, will do!
@ВолодимирЖуківський Жыл бұрын
Топ контент. Дякую
@BoualiAli Жыл бұрын
my pleasure!
@iivailo94 Жыл бұрын
really useful videos, keep going! I appreciate your course videos
@BoualiAli Жыл бұрын
I’m really happy that you like my content. This motivates me to create more
@khalilmarzouki636 Жыл бұрын
good job, keep going ali 🤩🤩
@BoualiAli Жыл бұрын
Thank you 🙏
@mustafasametsonmez7034 Жыл бұрын
These videos are amazing thanks a lot. I searched many videos about jwt security in java spring boot but they wasn't easy to understand but I can learn easily and clearly with your videos thanks. access and refresh token would be great
@BoualiAli Жыл бұрын
Thank you for the good feedback. I will make a video about refresh token
@arsalansarwer Жыл бұрын
great tutorial, and code works fine
@BoualiAli Жыл бұрын
Happy to know that
@boubacarbarry222 Жыл бұрын
Thank you again, it's very clear !
@BoualiAli Жыл бұрын
My pleasure ❤️
@etodemerzel10118 ай бұрын
Perfection !!!! 👍
@BoualiAli8 ай бұрын
Glad you like it!
@ramakrishnamogilipuri1647 Жыл бұрын
nice content.thank you
@BoualiAli Жыл бұрын
Glad you liked it!
@ramakrishnamogilipuri1647 Жыл бұрын
Can you also make videos for Authorization using database roles instead of enum
@BoualiAli Жыл бұрын
@@ramakrishnamogilipuri1647 will do that
@Vidayat110 ай бұрын
Thank you. Good job!
@BoualiAli8 ай бұрын
Glad it was helpful!
@inderpreetsingh5126 Жыл бұрын
Thanks and Keep It Up Bro
@BoualiAli Жыл бұрын
Thank you. I will
@jeanmorisanato6458 Жыл бұрын
Thanks for his sweet video
@BoualiAli Жыл бұрын
Happy you liked it
@codingsavid6509 Жыл бұрын
I have a question, in 43:11 why do you inyect the logouthandler as LogoutHandler and not as the LogoutService?
@BoualiAli Жыл бұрын
Using the service is safe and make the app loosely coupled.
@adilhanoun9754 ай бұрын
Bonjour Mr Bouali j'ai cru comprendre que stocker le JWT en Bdd pouvais être vu comme une mauvaise pratique pour des soucis de performance comment contré cette argument ? MERCI A VOUS
@userozancinci Жыл бұрын
27:48 instead of making invalid of all tokens, why dont we just delete them so that token table would be lighter and be faster for future queries?
@BoualiAli Жыл бұрын
As mentioned, this is just an example. feel free to delete or do any logic you need
@LucenStuff2 ай бұрын
From a security stand point, is useful to know if someone's trying to login with an expired token. You are able to know if a session token was stolen for example. ^^
@sekharjamallamudi9531 Жыл бұрын
so much thankful to you sir giving this videos very useful for me. Sir pls do video on forgot reset password
@BoualiAli Жыл бұрын
Already done. Subscribe and enable the notifications and you won't miss any of my new videos
@augustinegoat5 ай бұрын
Thank you for your tutorial, I have a question that if every time the user authenticates and logs out, the token will be set revoked to false and expired is also false, but if that is the case, the database will contain corrupted fields. It's redundant and makes the database bigger when having to store the data. Can I clean up that extra data?
@НорбертТовт Жыл бұрын
Helpful and useful video , but it could be in easier way, you could create a new method called logout , then decode jwt , then change it date and it is all . Your explaining is very clear . Thank you
@BoualiAli Жыл бұрын
Thanks for the comment. Just one question regarding you way of doing it. How would you for the user to update the token? (Token is stored on client side)
@KhalilChargui-jm1fj9 ай бұрын
Amazing, Thank you
@GoncaloSilva137 Жыл бұрын
Hi, are we updating the database accessToken expired parameter when the accessTokenExpiration time finish ?
@BoualiAli Жыл бұрын
I didn’t get your question can you please elaborate more?
@kevinameda2711 Жыл бұрын
Thank you brother, this is inspiring and realy helped me a lot thank you. Can you pls help create a lecture for messaging queues like kafka or rabbitMQ? Stay blessed
@BoualiAli Жыл бұрын
Thank you for the feedback. MQ is coming soon
@guesmiachraf642Ай бұрын
There's a problem with cros origin configu, after updating spring boot,,(when set Credentials: true)
@damian98772 Жыл бұрын
If someone has a problem with LazyInitializationException occuring, in my case it was because i had @Data annotation in both User and Token Entities, that annotation contains @ToString which caused an infinite loop, I just replaced it with @Getter and @Setter.
@BoualiAli Жыл бұрын
Really thank you for sharing. Keep this great mindset
@anirudh51410 ай бұрын
You saved several hours of time for me. Thank you very much for this suggestion which is hard to notice!!!
@michaelroyf4766 Жыл бұрын
Thanks for the video! I just didn't understand why we need to create a token during registration. and what about the refresh token?
@BoualiAli Жыл бұрын
The token in the registration is just to avoid re logging Refresh token will come soon
@djoleezcool Жыл бұрын
37:03 should we get there 401 as unauthorized not 403 forbidden?
@BoualiAli Жыл бұрын
Depends on your logic.
@djoleezcool Жыл бұрын
@@BoualiAli hm, it seems you are right.
@developers1081 Жыл бұрын
Thax Sir Realy Helped
@BoualiAli Жыл бұрын
Happy you liked it
@saifchtourou5083 Жыл бұрын
Good Job !
@BoualiAli Жыл бұрын
Thank bro
@sheldonlawrence8798 Жыл бұрын
Excellent, a video on refresh token would help
@BoualiAli Жыл бұрын
Thanks, I will create one
@khalilelemam134910 ай бұрын
why did you use inner join when trying to fetch the tokens in 16.56 ? you can do it without making use of joins !! also you said you want the expired and revoked should equal to false and then using or how that?
@thapelomusic12093 ай бұрын
Good tutorial. I have a question. the way in which this is implemented does it mean a user cant log in many devices ? Because the way I see it every time you log into another device all the other devices are logged out automatically
@mbilal6462 Жыл бұрын
i think that in the LogoutService before clearing the SecurityContextHolder, in addition to checking for the existence of the token in our database, we should also check that it's not been revoked or expired.
@alifka681510 ай бұрын
Thanks for the informative video, the only thing I did not understand is why we do the same checks in LogoutHandler as in the filter, because if there is no Authorization header or it does not start with Bearer, then the filter will not skip this request, and if the filter missed us in EndPoint /logout, it means that the Authorization header is there and the token starts with Bearer and it is also not zero, am I right?
@mmge3967 Жыл бұрын
Thanks for your effort in jwt. But i want to ask you a simple question Should we delete the previous tokens for specific user so we don't have alot of rows that we don't need in the database or not? Thanks in advance.
@BoualiAli Жыл бұрын
This also can be an option if you don’t need the already revoked token
@mmge3967 Жыл бұрын
@@BoualiAli ok thanks
@theold_new16318 ай бұрын
Thank you for the video! I have a question. When I log out, Are the tokens just left permanently in the database? I am curious about what processing is common in a practical environment.
@BoualiAli8 ай бұрын
you can create a script to clean the DB. By the way, Better use keycloak I will release a new video next week
@hafedhbaazouzi3617 Жыл бұрын
Good Job Thanks
@BoualiAli Жыл бұрын
My pleasure
@Ideastorys Жыл бұрын
Thank you so much!
@BoualiAli Жыл бұрын
You’re welcome
@maisen7168 Жыл бұрын
Thanks for the video! Why do you have expired and revoked flags? From my point of view expired flag is useless and confuses, cause token might not be expired but only revoked. It's two independent states.
@BoualiAli Жыл бұрын
I mentioned in the video that these flags might be helpful in the future. Maybe not in this tutorial
@autogenes9 ай бұрын
Nice one :)
@qossayjawadzeinelddin67279 ай бұрын
great
@werghiaziz29439 ай бұрын
before watch this video ,after doing the login process and using in my react project and user registre and login ,i save the token in storage to use for others api ,this is good or no ? and when he choose to logout i distroy the token storage.clean()
@sidof8065 Жыл бұрын
Thanks for the tutorial. i have some question How allow access to another resource like /api/v1/course when we already been logged (api/v1/auth/) with token. so we will not provide a token any time to another resource ?
@BoualiAli Жыл бұрын
For secured resources, you need to always pass the token
@sidof8065 Жыл бұрын
@@BoualiAli okay sir i noticed
@bartdiako1 Жыл бұрын
Thanks Bouali ! this Security vids have been a great help ❤. You are awsome!!! Just wondering if you're going to do a change password vid to? forgotten password and e mail verification ?
@BoualiAli Жыл бұрын
Yes I will
@دردشةفيالهوى4 ай бұрын
thank you so much
@bartosztoropolski8191 Жыл бұрын
Great tutorial! Will you create video about refresh token?
@BoualiAli Жыл бұрын
Happy you like it. I will soon
@balazsvarga4216 Жыл бұрын
I watched also the prev video about JWT. This videos are very straightforward and to the point. Just a little bit remark: why do you use var declaration instead of naming the proper type?
@BoualiAli Жыл бұрын
It is just shorter to write 😅
@dzemik559 ай бұрын
43:30 Shouldn't you use LogoutService?
@lucasmagalhaes1573 Жыл бұрын
Hello Bouali! Great tutorial as always, thank you! Quick question: doesn't revoking the user's token on every authentication forbids them to log in to the application in different devices at the same time?
@BoualiAli Жыл бұрын
Yes, true
@georgepro8481 Жыл бұрын
16.35 Is it correct ? (t.expired = false OR t.revoked = false) ??? I think AND instead of OR.
@BoualiAli Жыл бұрын
Try it and let me know in the comment
@georgepro8481 Жыл бұрын
@@BoualiAli Pardon-moi! I am not able to test thoroughly . Because I use MongoDb . So I have used another way . I think that AND means that BOTH expressions must be TRUE. But OR means that TRUE must be at least ONE expression.
@ggriffaw Жыл бұрын
Thanks for the video. Does anything cause "expired" to be set to true when the token expires? The code seems to always have expired and revoked with the same value.
@BoualiAli Жыл бұрын
your point is totally valid. As I mentioned in the video, I said this might be useful for you in some specific cases. But in our case, revoked is fairly enough
@manospat1066 Жыл бұрын
Amazing work! Just a question, why we generate jwt token both in register and the authenticate methods? In my understanding, in register the token is generated and then in each coming request user must pass the jwt token. Also, I thought that one user has only one token associated with him, so the relationship between user-token should be one-to-one and not one-to-many? Thanks
@BoualiAli Жыл бұрын
Totally true what you said. Just as I mentioned in the video, it is just for the tutorial to have a token after registration. But in real life no need for it. Feel free to adjust ass you need
@dinobulja Жыл бұрын
Hello and thank you for your video. In terms of JWT logout, you are assuming we are doing authentication against a database where we record JWT and have a flag indicating if token is revoked meaning user has logged out. But more often than not do we use database to record that. Often we authenticate against LDAP, for example. There, we don't have such luxury. How do you logout if we don't have user in a database table or we don't have luxury to touch database and add these fields for tracking JWT revocation?
@BoualiAli Жыл бұрын
You can use a caching mechanism (redis maybe or even system cache) to store and invalidate tokens. But don’t forget to invalidate the token when the application stops (this is the down side of using cache). Otherwise you can have a case where a token is still valid for the user but not existing in your cache, you need also to take care of that use case. I hope I guided you through what you need
@dinobulja Жыл бұрын
I never used redis. Is it implemented in the API or client side? What if API (or client) is restarted? Does user has to log in again?
@BoualiAli Жыл бұрын
@@dinobulja redis is also backend Q2: depends on your logic, i would say yes user needs to relogin
@dimkaddd7674 Жыл бұрын
Can you provide HTTP only implementation of the refresh token ?
@BoualiAli Жыл бұрын
I already published a video about refresh token (If I get your request correctly) Otherwise, please explain more
@VoxNews01 Жыл бұрын
How can I implement the same in microservice context.. Sir.. please do single microservice projects event driven approach ( kafka or saga axon serve)
@BoualiAli Жыл бұрын
You can implement the security on the gatway level. I recommend using OAuth 2 provider like Keycloak (free, open source) Regarding event driven approach, it is coming (working on it)
@hamidoubalde2517 Жыл бұрын
great video @Ali Bouali. I have a question. For you what is best for implementing jwt between custom jwt like you did or use Oath2 resource server which hold jwt implementation. In the last case how to implement logout? Thanks
@BoualiAli Жыл бұрын
Both of them are jwt based. You can use both of them I’m working on a new course that covers both, jwt and oauth 2 with a frontend built with angular. I will publish the a waiting list soon enough so you can register and get discount
@hamidoubalde2517 Жыл бұрын
@@BoualiAli thanks
@VitaliiSmahlenko-i5h11 ай бұрын
Very cool explained everything thank you!!! One question. Isn't it more logical to just delete tokens so as not to store a bunch of invalid tokens in the database?
@medAmineRg10 ай бұрын
i guess you can do it. it just a matter of history