Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation [NEW] [2023]

  Рет қаралды 823,154

Amigoscode

Amigoscode

Күн бұрын

Пікірлер: 1 300
@amigoscode
@amigoscode Жыл бұрын
Code - github.com/ali-bouali/spring-boot-3-jwt-security 👉🏿 Subscribe to @BoualiAli channel - www.youtube.com/@BoualiAli
@faridaragab_
@faridaragab_ Жыл бұрын
Thanksssss Amigocode for this wonderful tutorial about JWT .. I have watched the two tutorials before this ... And every time I'm learning something new ... I need some help .. how to store the secret key in an efficient way? And if i wanted to deployment my app, who should i deal with the secret key?
@shaigrustamov5115
@shaigrustamov5115 Жыл бұрын
Thanks for the video. Can you call here JWT-Security what you did as Oauth2?
@izzatullatoshpulatov2251
@izzatullatoshpulatov2251 Жыл бұрын
Keys.hmacShaKeyFor(keyBytes) method is throwing exception: 'int io.jsonwebtoken.SignatureAlgorithm.getMinKeyLength()' Can anyone help me?
@MehranHosseini-po9eg
@MehranHosseini-po9eg Жыл бұрын
great course. Only one question in my head, i read the spring in action 6 book and after not being able to understand spring security, i watched your video to understand what is what. Now i'm just left with this question, what is main difference between Auth server/client and resource server and your architecture, which you explained in your tutorial. I think it would be great if you can also cover that topic and explain what are the differences or maybe make an tutorial for that one also. I found it really complicated to understand spring security with Auth server
@CheeseStickzZ
@CheeseStickzZ Жыл бұрын
I like how his name is ali bou ali, lmao
@akramseid
@akramseid Жыл бұрын
Table of content 00:00 Intro 01:55 How JWT security works 07:26Create a new spring boot 3.0 project 09:28 Add Data source 12:28 Connect to the database 17:12 Create user class 20:05 Transform the User to an entity 25:22 Extend the user to UserDeatils object 33:32 Create the user repository 35:50 Create the JWT authentication filter 40:58 Checking the JWT token 44:32 Create the JWT service 47:56 Add the JJWT dependencies 49:59 What is a JWT token 53:06 Extract claims from JWT 55:23 Implement the getSignInKey method 01:00:07 Extract a single claim from JWT 01:01:51 Extract the username from the token 01:02:52 Generate the JWT token 01:08:15 Check if the token is valid 01:11:22 Check the user existence in the database (JwtAuthFilter) 01:15:13 Implement the UserDetailsService 01:19:38 Update the SecurityContextHolder and finalise the filter 01:23:53 Add the security configuration 01:32:51 Create the authentication provider bean 01:36:41 Create the authentication manager bean 01:38:14 Create the authentication controller 01:40:55 Create the authentication response class 01:41:47 Create the register request object 01:42:50 Create the authentication request class 01:43:22 Create the authentication service 01:45:37 Implement the register method 01:49:28 Implement the authenticate method 01:52:17 Update the security configuration whitelist 01:53:35 Create a demo controller 01:54:55 Test the changes
@rodrig0miranda
@rodrig0miranda Жыл бұрын
thank's for this ;)
@arwahsapi
@arwahsapi Жыл бұрын
Mashaallah brother
@lmrl021
@lmrl021 Жыл бұрын
Thank you bro for the bookmark.
@congdatt
@congdatt Жыл бұрын
Hey everyone, I followed the video and went to the autheticate (after signing up). Although I enter the correct email & password, but always get 403 error I don't know how to debug. Everyone please help me
@HiRevRacing
@HiRevRacing Жыл бұрын
@@congdatt Same problem here. Did you find out the solution?
@mechy2k2000
@mechy2k2000 Жыл бұрын
Thanks for the Video and Ali Bouali for the repo!
@_07mashrap0v
@_07mashrap0v Жыл бұрын
Assalomy aleykum. I'm from Kyrgyzstan and I'm sixteen. Currently I'm learning Java backend, this is the 6th month. I started watching your videos 4th months ago. And at the time we were learning Spring Boot + Security+JWT your videos are really useful and at the latest version so I appreciate you and your videos. Keep going. Good luck.
@quantmvo
@quantmvo Жыл бұрын
Yesterday, I watched your previous video about Spring Security and realized that some functions are deprecated in the latest Spring Security. And I'm astonished that you uploaded an updated video today. I'm planning to build a blog website for my own and review Spring Security as well, so this video is excellent for many other developers who love Spring and for me. Keep up your great job, and wish you much luck. Happy new year🤩!
@maitoshikigami4035
@maitoshikigami4035 Жыл бұрын
This tutorial is the one I have been looking for. I spent hours looking for a way to implement spring security, however, most of the spring security tutorials that I found are outdated. Luckily, I stumble on this amazing work, my man here explained everything in depth and comprehensible. Thanks for the tutorial and keep up the good work!!
@LifeOfMohammed
@LifeOfMohammed Жыл бұрын
I watch alot of your videos but the long ones I have never stuck to this one I stuck though the whole video and followed along every step of the way and understood everything I am so glad you done it as I followed ur example now going to be able to implement it in my own project!
@ofastora
@ofastora Жыл бұрын
Absolutely what I've been looking for. Just the right amount of high level explainations for someone who's just getting into Spring. Thank you for the amazing content.
@USONOFAV
@USONOFAV Жыл бұрын
You never disappoint. Of all spring security tutorials this is the one that make sense for me. Also, usage of lombok and an actual database (not in-memory one) is a plus.
@juliocesarvieirasantos3219
@juliocesarvieirasantos3219 Жыл бұрын
I watched this video when it was released 10 months ago, and I didn't quite understand the concept, but watching it again 10 months later and understanding a lot more than last time makes me think I'm doing great progress! Thank you for the amazing content, keep up the good work!
@GROOVETECHSETS
@GROOVETECHSETS Жыл бұрын
What's going on with SpringSecurity? "HttpSecurity" is also marked for removal... All tutorials become obsolete after a few months.
@mezennermohamed8754
@mezennermohamed8754 Ай бұрын
httpSecurity .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth -> auth.requestMatchers("/api/v1/auth/**").permitAll().anyRequest().authenticated()) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authenticationProvider(authenticationProvider) .addFilterBefore(jwtAuthenticationFilter , UsernamePasswordAuthenticationFilter.class);
@gregsayshi
@gregsayshi Жыл бұрын
I could tell this channel would be a good one to add after watching just one of your videos last year. You make your videos around more niche but interesting (advanced) topics but do so in a way that feels more like you’re hearing it explained by a friend rather than finding yourself lost in abstractions or just bored by the nitty gritty details. Look forward to all the interesting topics that I’m sure will be coming up. Cheers man!
@congdatt
@congdatt Жыл бұрын
Hey everyone, I followed the video and went to the autheticate (after signing up). Although I enter the correct email & password, but always get 403 error I don't know how to debug. Everyone please help me
@shockin95
@shockin95 Жыл бұрын
​@@congdatt I've got a similar issue: I am actually being able to authenticate, but when I copy/paste the token to test the GET requisition from another secured endpoint which is not in the matcher/filter, even with the correct input I'm still getting a 403 Forbidden response. Would any of you guys know what this could be?
@waishingheung9898
@waishingheung9898 Жыл бұрын
@@shockin95 Did you find the solution? Thanks I got the same problem :(
@abdellahguennioui1568
@abdellahguennioui1568 Жыл бұрын
@@congdatt hello everyone, have you solving this problem or not yet?
@congdatt
@congdatt Жыл бұрын
OMG I solved this. But I forgot to take note @@abdellahguennioui1568
@dennismasinde3030
@dennismasinde3030 Жыл бұрын
I was almost giving up on understanding Spring Security but now I feel like I have an eagle's eye view of what's what based on this and a number of other tutorials from other channels. Keep doing the good work.
@TheEBPO
@TheEBPO Жыл бұрын
I just started watching you, but I'm already glad I'm doing it with your style of lessons, it's awesome! Thank you so much! Hello from Ukraine!
@guillermoguir4745
@guillermoguir4745 Жыл бұрын
Hey AmigosCode, I congratulate you for this tutorial, for those who see the negative side of the Internet, this is a sign of generosity, and we must be grateful for that, thanks and regards!!!
@charithsathsara1405
@charithsathsara1405 Жыл бұрын
In the JwtAuthenticationFilter class, changing "Authentication" to "Authorization" in the line "final String authHeader = request.getHeader("Authentication")" is necessary for proper functioning of the DemoController class. Original code: final String authHeader = request.getHeader("Authentication"); Corrected code: final String authHeader = request.getHeader("Authorization");
@usamaqamar2353
@usamaqamar2353 Жыл бұрын
man u saved the day, awesome
@ramsharan4229
@ramsharan4229 Жыл бұрын
This is an amazing course. It helped me to crack the interview. Thank you so much!
@Eikenv1
@Eikenv1 10 ай бұрын
What position did you apply for and how did it go? I want to do backend/fullstack also
@defnotdev1
@defnotdev1 5 ай бұрын
This tutorial is so clearly. I have a difficult time to understand JWT flow in Spring Boot. And you explain in one video. It's so crazy. You have a good explaination way. Thank you so much bro.
@david_kariuki
@david_kariuki Жыл бұрын
This course is awesome, thank you. More detailed and clearer than the previous one.
@martintrenkov4609
@martintrenkov4609 10 ай бұрын
An amazing tutorial! A definite must see for those who need to learn how authentication/authorization works in spring boot!
@jungkiyoon902
@jungkiyoon902 Жыл бұрын
Absolutely perfect lecture for Spring boot 3.0+ and Spring Security 5 with JWT. I am non-native english speaker, but My teacher who called Amigoscode teach me SOOOOO kindly. P.E.R.F.E.C.T Thanks to your lec, I will lean more about Spring Echo system.
@Ganiovi
@Ganiovi 2 ай бұрын
This is the second time building a new project using your video! First time was harder than i expected, fut second time makes everything more sense
@watchdennyplay21314
@watchdennyplay21314 Жыл бұрын
You're amazing dude! You saved my diploma project with your work. Everything worked on the first try and taking the time to update this guide is just... great of you. If you are ever in Sofia let me buy you a beer. :D
@myanch200
@myanch200 Жыл бұрын
Поздрави, братле сигурно си завършил и забравил, аз тепърва почвам със Springboot 😀
@antoniobukovac7869
@antoniobukovac7869 Жыл бұрын
Great tutorial. To the point and everything is explained. Easy to follow. Great job!!
@jordankerthcotrinacoronel6715
@jordankerthcotrinacoronel6715 9 ай бұрын
Hi there. I really appreciate your effort in doing this valuable course on Spring Security. Even though I consider you have not considered validating if the user already exists to avoid registering the same user more than once. Thanks so much Ali!!
@ogookafor2137
@ogookafor2137 Жыл бұрын
"But there is one extra step we need to do. Easy peeezzy" ..😅 I just finished watching and implementing this. Feels like i just got back from the gym. Learn from the experts . Awesome tutorial. Keep up the good work.
@Father_Of_Sudeera_Muthusinghe
@Father_Of_Sudeera_Muthusinghe 8 ай бұрын
this is the second tutorial I followed from your channel. it is really cool. Btw let me to give a feedback,,, When you are explaining things sometimes you missed some syntaxes to explain (like why do we use this and what does this do etc.) But fortunately you do it less frequently than most of the other programming youtubers do. In this video it happens mostly like after 01:30:00 hr. Anyways still this is a really understandable and cool stuff comparatively with other videos on the same topic. Thank you so much. Learnt a lot. Will stick with you channel.. God bless you..!
@МаксимСамойлов-р6ф
@МаксимСамойлов-р6ф Жыл бұрын
Прекрасное и внятное объяснение данной темы! Огромная благодарность автору👍👍👍
@SaltyFeaRz
@SaltyFeaRz Жыл бұрын
Such a helpful, important video. Just got new into creating websites with Spring and it's such the best video seen so far! Can really recommend it to everyone.
@sandhya4808
@sandhya4808 Жыл бұрын
Hi, this is a great course and I just need a small help. The url for the encryption key generator which you've specificied in this video isn't accessible. Can you please provide any other link? Thanks in advance :)
@kevinygk4121
@kevinygk4121 5 ай бұрын
This was a really awesome tutorial. I've been reading the spring docs for days but this put everything together in such a great way, thanks!!!
@mariemoore5273
@mariemoore5273 Жыл бұрын
First of all, thank you so much for the hard work and commitment in doing this video. I would like to know if you have another video using angular to consume this backend api with roles and permissions especially
@atsglobalservices6136
@atsglobalservices6136 7 ай бұрын
You are the best man, Ive been writing frontend for a year, this accelerated my java skill 100%
@Ravengerblade
@Ravengerblade Жыл бұрын
I really like the tutorial in general! I do have one point of constructive criticism on it: JWT was created with the intent that you can check the validity of your token without persisting it. It should be along the lines of: - You create the token, which contains a small amount of information about the user it belongs to - Token gets send with future requests - When authenticating the token, you decrypt the payload and check if the information in the token is valid, by checking it against the original user in your db it was created for You might have confused the standard token with the refresh token from JWT, which should be persisted in the DB. If you are just going to persist the tokens in the DB, you might as wel create some general token system without JWT. But aside from that, I do think the tutorial is great!
@johndickerson2937
@johndickerson2937 Жыл бұрын
What about if you have multiple nodes behind a load balancer and no session replication across the nodes - then is it not good to use the DB? - am not an expert - just thinking about why the token could be saved to the DB instead of being saved in memory.
@jynxxnerd
@jynxxnerd Жыл бұрын
@@johndickerson2937 Mister Princess is is slightly wrong as well. When authenticating the token you dont check it against the original user in the db. You check the payload of the token against the signature in the token. So you take the payload, encrypt it with your secret key, and if the result matches the signature in the token, then the data in the payload is valid. This way you dont need to hit the database or set any session vars.
@ВернитеСтену
@ВернитеСтену Жыл бұрын
​@@jynxxnerd Hi, would you happen to know how to deal with unauthenticated customers and their carts using JWT? Or in this case I should use the session-based approach only?
@Jamin_Hu
@Jamin_Hu Жыл бұрын
@@jynxxnerd Sorry, Who is Mister Princess?
@tugrulkarakaya
@tugrulkarakaya Жыл бұрын
you dont need any record to verify token. just signature would be enough. @@johndickerson2937
@dmode1535
@dmode1535 Жыл бұрын
I'm a new Java developer and I find the JWT implementation so confusing and complicated but, this video makes it much simpler to understand and implement. Thanks Amigo.
@IvanRandomDude
@IvanRandomDude Жыл бұрын
Wait until you find out that Spring Security has built-in support for JWT and you don't need to create your own filters at all. But I guess they need to create the same tutorial over and over again for content. Or, more terrifying scenario, they don't know about it.
@A90Ross
@A90Ross Жыл бұрын
@@IvanRandomDude link to tutorial ?
@Arthur-cb8ce
@Arthur-cb8ce 2 ай бұрын
@@IvanRandomDude wait they have ??? whrere can i watch a vedio of it ?
@IvanRandomDude
@IvanRandomDude 2 ай бұрын
@@Arthur-cb8ce What video bro? Just check official Spring Security docs. Built-in support for JWT is there since 2020. I cannot give you links because youtube does not allow comments with links.
@fabianoaono
@fabianoaono Жыл бұрын
Awesome video! I had to implement Spring Security in an application at my company without prior knowledge and I was able to do that in less than 2 days by using your video as a reference.
@TheSandraamore
@TheSandraamore Жыл бұрын
hii can u pass me the code please? i need the securityConfiguration class because in the video some methods are deprecated :(
@bluex217
@bluex217 9 ай бұрын
@@TheSandraamore http.authorizeHttpRequests( auth -> auth.requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.POST, "/api/v1/auth/**")) .permitAll().anyRequest().authenticated()); http.sessionManagement((SessionManagementConfigurer httpSecSessManConf) -> httpSecSessManConf .sessionCreationPolicy(SessionCreationPolicy.STATELESS));
@omkarshingade3412
@omkarshingade3412 Жыл бұрын
even for register endpoint status is showing forbidden please help!
@tunganhnguyen7534
@tunganhnguyen7534 2 ай бұрын
Senior Backend engineer here. Well done! I learnt something new today.
@poorpanda9033
@poorpanda9033 Жыл бұрын
OMG, This type of content on youtube for freee ?? What a amazing course, loved the detailed explanation of each topics. Loved the way you're explaining each variable & method not just writing them & moving on ! Thanks a lot
@a.k.n.b
@a.k.n.b Жыл бұрын
Mashaalloh brother, my long-awaited lesson 👍
@AyoubBenayache
@AyoubBenayache 7 ай бұрын
just wow, highly professional, impeccably organized, and accompanied by clear and helpful explanations. big thanks for such outstanding work
@teddykwak1957
@teddykwak1957 Жыл бұрын
Thanks for the video. It would be appreciated if various authentication-related functions such as reset password, find password, and authentication activation using e-mail were also performed.
@amigoscode
@amigoscode Жыл бұрын
Coming soon
@congdatt
@congdatt Жыл бұрын
Hey everyone, I followed the video and went to the autheticate (after signing up). Although I enter the correct email & password, but always get 403 error I don't know how to debug. Everyone please help me
@__meilleur
@__meilleur Жыл бұрын
@@congdatt me too bro
@lukagolubovic3641
@lukagolubovic3641 Жыл бұрын
@@amigoscode What you mean by "soon", it's been 5 months, that dude (any many others) are waiting, I don't wanna see another "Chat GPT" video, it is pointless, just provide high quality Java / Spring Boot content and people will be extremely happy
@BlaiseTAYOU
@BlaiseTAYOU 6 ай бұрын
@@lukagolubovic3641 Dude, WTF? Is this the right way to ask for something you are not even paying for? 😮‍💨
@ezoz
@ezoz Жыл бұрын
This is unique, definitely what I was looking for, I appreciate the time you spend doing this course
@janas111
@janas111 Жыл бұрын
32:00 Well.. What if I want users to have multiple roles? I save my roles in a database (as part of making them dynamic, so I can make more roles if I need to, after deploying the app), and the connection between User and Role is ManyToMany. I think by default that is the desired implementation of roles. How can I make my example work with this getAuthorities method? (Also notice, getAuthorities is plural, meaning it's expected to have multiple authorities)
@AlexDuSixO
@AlexDuSixO Жыл бұрын
same here, i can't make it work with multiple authorities
@gerwinterpstra8698
@gerwinterpstra8698 Жыл бұрын
Really clear tutorial! Showing the architecture and explaining how the JWT validation mechanism works helped understanding the implementation!
@ikramdagc1516
@ikramdagc1516 Жыл бұрын
Great tutorial video, thank you. However, in the securityFilterChain(HttpSecurity http) method of the SecurityConfiguration class, some methods of the HttpSecurity object have been @Deprecated(since = "6.1", forRemoval = true). I would be very happy if you could do a refactor work on this.
@TheSandraamore
@TheSandraamore Жыл бұрын
hi, you got the solution?:)
@manu.esparza
@manu.esparza Жыл бұрын
As someone said here, downgrade your spring version to 3.0.5
@samirbettahar7602
@samirbettahar7602 Жыл бұрын
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); http.httpBasic(withDefaults()); return http.build(); }
@samirbettahar7602
@samirbettahar7602 Жыл бұрын
just lest the IDE override it, but that basic auth will not work. maybe they changed it
@ikramdagc1516
@ikramdagc1516 Жыл бұрын
I found the solution, but when I share it here, my comment gets deleted. I've tried multiple times, but I don't know the reason.
@nicolasov2076
@nicolasov2076 Жыл бұрын
man your understanding of java is just awesome I love your content!!!
@nikolas4786
@nikolas4786 Жыл бұрын
Hi alibou, can you make the frontend part of your JWT code, with react or angular, preferably react, your tutorial was very helpful to me, but i would like a frontend to understand it better
@muhendis_
@muhendis_ 15 күн бұрын
by reading about these concepts, I'm returning back and I understand more. These really good infos
@yoennisgarridovargas3387
@yoennisgarridovargas3387 Жыл бұрын
Thank you very much for sharing your knowledge with all of us. I wanted to ask you if you have any video in which you link everything you shared here, but including Swagger? I ask you why I was testing your code but if I try to add swagger to it, it always returns 403 because JwtAuthenticationFilter is executed and automatically if you don't have the required headers, it doesn't let you continue, so in the case of swagger is it really necessary to do that filter?
@arthurcampolina9940
@arthurcampolina9940 Жыл бұрын
Many thanks, this awesome video helped me fix a problem I've been having with spring security for over a week. You guys are amazing!!!
@dukeofmbitikiyai
@dukeofmbitikiyai Жыл бұрын
how come I am getting a 403 error even after following the tut?
@Stiff951
@Stiff951 Жыл бұрын
Anyone else got the problem of constantly getting 403 when trying to access the demo-controller after generating the token. Token is looking good to me. Debugger shows he passes the JWT Filter and sets the authentication. Even failed using your cloned repo.
@muhohojeremy4861
@muhohojeremy4861 Жыл бұрын
I landed on the same issue.
@muhohojeremy4861
@muhohojeremy4861 Жыл бұрын
The Cloned repo works though
@tatsuya370
@tatsuya370 Жыл бұрын
You have to copy the token without the double quotes.. Now it will work
@vlloydb3876
@vlloydb3876 Жыл бұрын
It still doesn't work
@vlloydb3876
@vlloydb3876 Жыл бұрын
I also have the same issue
@GROOVETECHSETS
@GROOVETECHSETS Жыл бұрын
Quality content. Thank you very much! Your channel is one of the best on KZbin for learning Java and Spring.
@anderson19929
@anderson19929 Жыл бұрын
🎯 Key Takeaways for quick navigation: 00:00 🚀 *This video covers JWT authentication and authorization in Spring Boot 3.0 using Spring Security 6 and Postgres.* 00:54 🛡️ *Understanding Spring Security and JWT is crucial for securing APIs; the tutorial emphasizes their importance.* 01:29 🌐 *Source code for the implementation is available in the video description, enabling viewers to follow along and apply the concepts.* 03:37 🔒 *The JWT authentication mechanism involves an internal check, user details service call, and validation process based on the user's email extracted from the token.* 07:11 🛠️ *The tutorial guides through the implementation steps, including creating a Spring Boot project, configuring a Postgres database, and setting up the data source.* 28:33 🚀 *Spring Security 6 and Spring Boot 3.0 allow for customization of user details handling, including roles and authentication settings.* 29:02 🛡️ *Implementing user details involves overriding methods, and you can choose to extend the Spring Boot user class or create your own class.* 30:22 📝 *When dealing with roles, creating an enum and using `SimpleGrantedAuthority` simplifies the process, especially when users have a single role.* 37:24 🗝️ *Implementing JWT authentication involves creating a filter by extending `OncePerRequestFilter` and extracting the JWT token from the request header.* 47:03 🔑 *Understanding JWT structure: JWT tokens have three parts - header, payload, and signature; claims in the payload include registered, public, and private claims.* 56:44 🔐 *In JWT, a signing key is a secret used to digitally sign the token, ensuring the sender's authenticity and message integrity.* 57:36 🛠️ *The signing key, along with the algorithm specified in the JWT header, creates the signature. Key size and algorithm depend on security requirements.* 58:23 🧰 *To generate a signing key for JWT, online tools like keysgenerator.com can be used, with a minimum size of 256 bits for security.* 01:00:20 🤖 *Implementing `getSigningKey` method using the JJWT library involves decoding the secret key and creating an HmacSHA256 key for verification.* 01:04:32 🚀 *Implementing a method to generate JWT involves setting claims, subject, issue date, expiration date, and signing with a key and algorithm.* 01:26:41 🛠️ *Spring Security Configuration: Implementing security configuration in a Spring Boot 3.0 application involves creating a class annotated with `@Configuration` and `@EnableWebSecurity`, with a method that returns a `SecurityFilterChain` responsible for configuring HTTP security.* 01:29:17 🚦 *Whitelisting URLs: To implement whitelisting, where certain endpoints do not require authentication, configure security to permit specific requests and authenticate all others. This is achieved by specifying a list of patterns for permitted requests.* 01:31:34 🔐 *Stateless Session Management: Ensure stateless session management by configuring the session creation policy as `SessionCreationPolicy.STATELESS`. This ensures that the session remains stateless, and each request is authenticated independently.* 01:32:51 🔄 *Chaining Filters: Add a JWT authentication filter before the `UsernamePasswordAuthenticationFilter` to execute it before the default authentication filter. This ensures that JWT authentication is performed before checking username and password.* 01:41:10 ⚙️ *Controller and Endpoints: Implement authentication and registration endpoints in a controller class (`AuthenticationController`). Secure the endpoints by specifying them in the security configuration to ensure proper access control.* 01:58:47 🚧 *Secured Endpoint: Demonstrates accessing a secured endpoint (`/API/V1/democontroller`) without authorization results in a 403 Forbidden response.* 02:00:11 🔄 *Authentication Process: Shows the authentication process, indicating that attempting to authenticate a non-existing user results in a 403 Forbidden response.* 02:00:58 ✅ *Successful Registration: After registering a new user (`alibu` with email `alibu@atme.com` and password `1234`), successfully generates a JWT token as a response.* 02:01:49 📅 *JWT Token Payload: Examines the payload of the generated JWT token, including information such as the subject (user email), creation date, and expiration date.* 02:02:42 🔐 *Authentication with Correct Password: Illustrates successful authentication with the correct password, generating a JWT token as a response.* Made with HARPA AI
@Lavless12
@Lavless12 Жыл бұрын
I would like to take the time to thank you and say that I appreciate you for your content. It's wholesome and helps me a lot!
@stefanwimmer1902
@stefanwimmer1902 Жыл бұрын
Great video! It was very helpful. Works like a charm. Is there also a updated version of creating refresh tokens?
@gorkaurzelai5072
@gorkaurzelai5072 Жыл бұрын
hello have you found something? I also want the refresh token
@stefanwimmer1902
@stefanwimmer1902 Жыл бұрын
@@gorkaurzelai5072 I used the older tutorial to get the knowledge of using refresh tokens. Spring Boot and Spring Security with JWT including Access and Refresh Tokens kzbin.info/www/bejne/jIfRaoJ9btOZfpI&ab_channel=Amigoscode
@andriikniaziev9242
@andriikniaziev9242 Жыл бұрын
Thank you for the tutorial. All this stuff with spring security is looking much more complicated than in express framework for node js
@KunalWalkoli0
@KunalWalkoli0 Жыл бұрын
Hi Ali, I found your tutorial very useful and using this I was able to add JWT to my project. I would like to know how can I write test cases for this code, could you make a tutorial regarding the same. Thanks again !
@cowice7582
@cowice7582 9 ай бұрын
A good approach to implement the entire concept of JWT in coding level. Thank a lot.
@MrSaurus
@MrSaurus Жыл бұрын
At 1:20:21, when I have the line " private final UserRepository repository;", I get this error: "The blank final field repository may not have been initialized" However, it is not showing up on your screen. Why is this?
@dharmawangsa9592
@dharmawangsa9592 Жыл бұрын
me too, until now still have no idea why it happen, i just erase "final" keyword and the error solved.
@MrSaurus
@MrSaurus Жыл бұрын
@@dharmawangsa9592 Were you able to complete the whole project? Also, do you know where I can learn how to create a working login screen?
@dharmawangsa9592
@dharmawangsa9592 Жыл бұрын
Yes just finished today You mean the UI or frontend for login screen? My main focus for now, only for backend services. In future devs, I think I will try to combine it with vue.js.
@MrSaurus
@MrSaurus Жыл бұрын
@@dharmawangsa9592 Hi I was referring to the front end for a login screen yes
@tatsuya370
@tatsuya370 Жыл бұрын
It is because you haven't updated your project settings. Have you installed Lombok using jar?(Check online how to install it in your ide). Then open your project again, this error will go. Because we are using RequiredArgsConstructor, we no need to initialize the final again.. If u install lombok correctly, RequiredArgsConstructor will take care of it
@mohammedharoon1167
@mohammedharoon1167 Жыл бұрын
I was so thankful for this video literally I was struggling with jwt you made everything crisp and clear💯
@1mamedov679
@1mamedov679 Жыл бұрын
Thank you for the lesson! How to make the same theme idea?
@1mamedov679
@1mamedov679 Жыл бұрын
Settings -> Appearance and Behavior -> New UI (Beta) -> Enable new UI Requires IntelliJ Idea 2022.3.1
@ghassenjemiai
@ghassenjemiai Жыл бұрын
Great course.. But I would love it more if you have implemented the refresh token and blacklisting the previous one
@gorkaurzelai5072
@gorkaurzelai5072 Жыл бұрын
hello have you found something? I also want the refresh token
@malnad_raja
@malnad_raja Жыл бұрын
Great explanation, had to go through it twice but at the end understood it completely... Thank you
@Артем-п6ф9э
@Артем-п6ф9э 9 ай бұрын
Thank you bro, the only video that explains almost everything out of all the ones I found. You really helped me, thank a lot again
@p.shpyro
@p.shpyro Жыл бұрын
Thanks, this video is really cool and usefult! But one moment is a littble bit unclear: what will we need to do when token expires?
@DivineVision201
@DivineVision201 5 ай бұрын
thank you for such awesome content. Your way to teaching is so smooth that I was able to grasp everything you are doing. At the same time i was writing code by understanding it. Thank you.
@drax432
@drax432 Жыл бұрын
Thanks for the video. However, it is very sad that spring security does not provide us a built in feature to deal with jwt, and expect us to manually include 3 jwt-related external dependencies (with the version included). Hopefully in future, there is a spring boot starter that include these 3 dependencies, and appear in spring initializer website. Also hopefully spring security has built-in feature to automatically generate jwt for us and function to extract claim , without us having to write ourselves.
@SomeUser8031
@SomeUser8031 Жыл бұрын
Of cause the spring security autorisation server does provide a way to generate a jwt without adding these 3 dependencies. It's also possible to custom the token if you wish which is also straightforward but learning Spring Security is a process. You can't expect to see everthing you need to know about Spring security in a 2 hours video
@LS-tj3nc
@LS-tj3nc Жыл бұрын
​@@SomeUser8031 Where can I learn that? spring docs are so confusing
@MyBinaryLife
@MyBinaryLife Жыл бұрын
you cant find it in ANY video is the problem@@SomeUser8031
@Ace-yt7eo
@Ace-yt7eo Жыл бұрын
Came here to know jwt implementation. You even covered each and every piece of code, arguments used and annotations that are coming on the way. Surely going to check videos from your channel first before going to other random vedios.
@michaelumeokoli
@michaelumeokoli 11 ай бұрын
bro why is this shit so complicated, I do auth in Nodejs in 20 minutes tops with two packages (jwt and bcrypt) . get email/username -> compare password to hashed password in DB -> give token. get token -> verify token against secret key -> get user id/email/username from payload. How hard is that??!!! why do I need a bunch of things in Spring boot.
@adiabajacob9189
@adiabajacob9189 11 ай бұрын
Java is just boilerplate code. I dont know why they say it fast
@Alexander-zt9kz
@Alexander-zt9kz 9 ай бұрын
Spring security is by far the worst and most difficult thing you will ever deal with in spring
@pitchwaiz
@pitchwaiz 7 ай бұрын
Coming from php 8, symfony 7 i'm wondering the same (also 2 bundles used). It's just obnoxious. 2 hour tutorial for login. I mean, all I could use is simple login and when i need advanced stuff i'll jump right to it. This is just insane.
@saisandeep8741
@saisandeep8741 5 ай бұрын
so true i have been building MERN stack projects and never had any trouble but this makes it looks so complicated
@MinhPham-eh6lr
@MinhPham-eh6lr Жыл бұрын
I can not tell how much I appreciate your content! Keep up the good work!
@sairohith8013
@sairohith8013 Жыл бұрын
Hi @amigoscode & @boualiali I love your content on Spring security 6. Also please can you update some code or provide some resources for logout functionality. As you guys are implanting only authenticate and sign in
@kaitlynethylia
@kaitlynethylia Жыл бұрын
The API is stateless, there is no logout function because you are never "signed in", All that "Logging in" does is tell you the token you need to send to the API to know its you, its usually down to the frontend to keep this token in some kind of session
@mishelrodri
@mishelrodri Жыл бұрын
I was in class and my teacher said that she "loves you" because you helped her with the content of her class
@nikiuktc
@nikiuktc Жыл бұрын
For those of you who have issues with deprecated methods, downgrade your spring version to 3.0.5 for this example to work.
@akshayanatarajan2350
@akshayanatarajan2350 Жыл бұрын
thank you, this helped:)
@Heavenset
@Heavenset Жыл бұрын
but isnt downgrading security methods bad?
@maxi-g
@maxi-g 9 ай бұрын
DO NOT DO THAT dont be lazy and just check the current documentation
@bluex217
@bluex217 9 ай бұрын
Deprecated securityfilter chain stuff here at least up until at least Spring Security V 3.2.3: ​ http.authorizeHttpRequests( auth -> auth.requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.POST, "/api/v1/auth/**")) .permitAll().anyRequest().authenticated()); http.sessionManagement((SessionManagementConfigurer httpSecSessManConf) -> httpSecSessManConf .sessionCreationPolicy(SessionCreationPolicy.STATELESS));
@evanilsonp.8183
@evanilsonp.8183 8 ай бұрын
You should delete this comment. The right thing to do is to search for a solution.
@megafuse_yt
@megafuse_yt Жыл бұрын
dude... after 4 days of struggle i finally made my Spring Data Rest API work with Spring security. thanks
@TERALAPRASHANTH
@TERALAPRASHANTH Жыл бұрын
Original video: kzbin.info/www/bejne/eIfHgmafqtSpnZI
@arsalansarwer
@arsalansarwer Жыл бұрын
Best tutorial for spring boot 3 JWT, and I got everything running fine on first attempt, thanks for the share
@tehillahInc
@tehillahInc Жыл бұрын
even your demo controller? Does it work well?
@lhxperimental
@lhxperimental Жыл бұрын
The explanation of how JWT auth works is not correct. If for every request the DB is going to be accessed, the point of JWT is lost.
@CwanyBob
@CwanyBob 8 ай бұрын
Not exactly. You may want to implement blacklist table to invalidate tokens on user logout, password change etc. Also, you could verify token against blacklist in gateway and then pass the token between microservices without need to call authorisation service from every microservice as you would have to with session.
@youssefahmad8690
@youssefahmad8690 4 ай бұрын
THANK YOU, IDK WHY IS NO ONE TALKING ABOUT THIS. The apis are not truly stateless anymore and this isn't really any different from using a normal session that is stored in the db
@petitpoids6433
@petitpoids6433 Жыл бұрын
First comment of ever on youtube, but that course is just excellent. I have never had such a clear course in my training center.
@mehmetfarukbaran9893
@mehmetfarukbaran9893 Жыл бұрын
I'm so happy for this notification 😍 I was waiting for this.
@BeSeechMV
@BeSeechMV Жыл бұрын
Man, you have just saved at least a month of my life. You are the real hero. And I am not kidding. Thank you
@gerhardbuttchereit1492
@gerhardbuttchereit1492 Жыл бұрын
The length of the different steps through it and the calm, exactly explanation was very helpful and make a lot of fun...thanks a lot...
@andrzejszczepanski9992
@andrzejszczepanski9992 Жыл бұрын
Thanks for this awesome video. Just in time, as i was trying to figure out Spring Security for my app and was kind of lost between different tutorials. Cannot wait for video on how to get frontend right for this app. Cheers 🤗
@Vishall-lu9ko
@Vishall-lu9ko 5 ай бұрын
at 1:53:30 you are checking credentials are correct or not but after that you are finding user and check if it exist or not, this is unnecessary cuz if username doesn't exist then they won't even be authenticated, also you are creating custom login endpoint but you are putting jwtfilter before usernamepasswordauthenticationfilter instead of replacing it. Which would make more sense cuz now since we have custom auth we won't be using soring security login. Also checking whether user is valid or not is unnecessary action since when you call userdetailsservice method loadByUsername it already checked that
@Raphael-et6ig
@Raphael-et6ig Жыл бұрын
BoualiAli is explaining so good. It is really easy to follow him. Very good work. Thanks for this Video :)
@vivichambel3620
@vivichambel3620 Жыл бұрын
Amazing video, you explained it all very well. Thanks for making a Spring Security video with an updated version😁
@And1997Ruz
@And1997Ruz Жыл бұрын
I'll be honest, I hated the previous video for the audio lags and all that. But this one is pure gold! Damn, you have redeemed yourself😏
@laminefaty9340
@laminefaty9340 Жыл бұрын
Fantastic . I follow bouali Yesterday it was Amazing
@dmode1535
@dmode1535 Жыл бұрын
me too.
@lowabstractionlevel3910
@lowabstractionlevel3910 Жыл бұрын
This channel is gold! (the only thing I have not understood in this tutorial is why we give the same type of response for "register" and "authenticate", I thought that when we register we should just communicate to the user that his own record was created in the database, so that now he is free to use his email to "authenticate")
@Dunc4n1d4h0
@Dunc4n1d4h0 Жыл бұрын
Same for me. I already have working app with jtw not based on this video code, and I'm little confused, because for me register would be just creating new user record in db, so he can login after that with his data. I mean in my case I just have admin panel (user controller) where I can add/edit/delete user entities, and auth is login/logout. Anyway great content.
@lowabstractionlevel3910
@lowabstractionlevel3910 Жыл бұрын
@@Dunc4n1d4h0 I opted for the same solution as you, plus I removed much other code that I found redundant. But anyway, when you say "logout" what do you mean? In a stateless application the user cannot actively "logout", am I missing something?
@Dunc4n1d4h0
@Dunc4n1d4h0 Жыл бұрын
@@lowabstractionlevel3910 Remember as long you have valid token, you don't need password for access. That's the clue for logout. Also check git, there is much more code added there.
@pearlvtv412
@pearlvtv412 8 ай бұрын
great tutorial:) one thing you should add is how to access endpoint with user's data, e.g. to return "hello from secured endpoint, {user email}!". greetings from Poland!!
@anamrzv
@anamrzv Жыл бұрын
thank you very much for such a detailed guide! I thought it was impossible to find guides with the usage of recommended classes and methods until I found this video
@blackblather
@blackblather 9 ай бұрын
This video was a great starting point to using the Spring Security package. Thank you 👍👍
@vulgomacumbeiro
@vulgomacumbeiro 7 ай бұрын
The best class EVER! Thanks for sharing!
@BamBam-uk1vw
@BamBam-uk1vw Жыл бұрын
Thank you ! I`m try to realize this 2 weeks before i find you ! Love!
@maxthon2391
@maxthon2391 Жыл бұрын
Amazing tutorial. The only problem that i had was with deprecated elements but it was easy to fix. One more time great video.
@samymohsen505
@samymohsen505 Жыл бұрын
could you please share with me how you managed to fix it, please?
@JavaMoth
@JavaMoth Жыл бұрын
Omg how?
@Bruno-dev-pdl
@Bruno-dev-pdl 9 ай бұрын
@@samymohsen505 search spring security migration and the deprecated methods
@felipeweigel4415
@felipeweigel4415 Жыл бұрын
The best tutorial of Spring Security. Thank's my friend!!
@gonzaloramirez3261
@gonzaloramirez3261 Жыл бұрын
Oh thank you! I spended a lot of time searching the manner of create my authentication service in Spring Boot, is incredible how fast it changes this tecnology, absoluting all librarys are deprecated.
@dilipkumarbk7657
@dilipkumarbk7657 Жыл бұрын
Love from India sir, Your way of delivering the concepts is absolutely marvelous. You made this complex topic a cakewalk. Lots of appreciations for your effort.❤❤❤
@user-ex3ek9rf2u
@user-ex3ek9rf2u 11 ай бұрын
Awesome course... Thank you. Need more related to JWT .
10 Spring and Spring Boot Common Mistakes You Need To STOP
15:49
Amigoscode
Рет қаралды 160 М.
Spring Security Architecture Explained
14:41
Amigoscode
Рет қаралды 116 М.
How many people are in the changing room? #devil #lilith #funny #shorts
00:39
УДИВИЛ ВСЕХ СВОИМ УХОДОМ!😳 #shorts
00:49
Lamborghini vs Smoke 😱
00:38
Topper Guild
Рет қаралды 69 МЛН
Session Vs JWT: The Differences You May Not Know!
7:00
ByteByteGo
Рет қаралды 284 М.
Spring Security 6 with Spring Boot and JWT Tutorial
3:14:14
Telusko
Рет қаралды 154 М.
Vue.js Course for Beginners [2021 Tutorial]
3:39:56
freeCodeCamp.org
Рет қаралды 1,3 МЛН
JAVA DTO Pattern Tutorial | Simplify Your Code
19:12
Amigoscode
Рет қаралды 216 М.
Implementing JWT Authentication in ASP.NET Core
23:51
Nick Chapsas
Рет қаралды 44 М.
What Is JWT and Why Should You Use JWT
14:53
Web Dev Simplified
Рет қаралды 1,2 МЛН
How many people are in the changing room? #devil #lilith #funny #shorts
00:39