[Spring Boot Security] #29 JWT - Implement JWT Authentication

Рет қаралды 22,618

Күн бұрын

Пікірлер: 20

@ashishg931 5 жыл бұрын

Very nice tutorials. Thank you #Romanian Coder . Just one mismatch while i was following, {while creating Jwt login token in JwtAuthenticationFilter.class you need to select algorithm with Algorithm.HMAC512(JwtProperties.SECRET.getBytes()) instead of HMAC512(JwtProperties.SECRET.getBytes()).

@angtanqui1390 3 жыл бұрын

Thanks Or import static com.auth0.jwt.algorithms.Algorithm.HMAC512;

@asinkan 2 жыл бұрын

Great vid.

@alilat.tech.dz.advisor 5 жыл бұрын

Dan thank you for the video. I have some questions and hope you'll cover theme. Question 1 : I see you haven't talk about the refresh token, is it necessary? Question 2: is it good idea to store the generated jwt token in database? Question 3 : how long is the best expiration time? Question 4 : will you talk on how to implement remember me and session timeout in jwt. Question 5: you've user maven oauth0 dependency, is it the best for jwt? Because I saw that some others have used io. Jsonwebtoken dependency ', how to choose? Last question, best place to store jwt in production? Memory storage, session storage or cookies with http secure? If so how to access the authorities when used rest controller and angular Thanks in advance!

@sushantshiwakoti5578 5 жыл бұрын

my question as well

@RomanianCoder 5 жыл бұрын

Hello! Thanks a lot for the feedback :) 1) The jwt token has expiration period. So it is the refresh token. 2) I would not store it in a database. You pass it around on each request until it expires. At which point, you re authenticate and grab a new one. 3) Depends on your app. But definetly not days. Maybe 60 or 30 minutes. 4) Unfortunately no. I did not use remember me with tokens.

@RomanianCoder 5 жыл бұрын

I would only keep the token at client level. Not store it anywhere but maybe these were mybuse cases. You should probably make some googleing and see other strategies:)

@PrevalentAA 2 жыл бұрын

Just chipping in even if it's 3 years later lol, for someone else who might be wondering the same. Don't store jwt in database, keep it in client side(such as localStorage, state store, etc), else you defeat its main purpose which is avoiding something that relies on database hits so much, as sessions do.

@ahmedghanem161 5 жыл бұрын

Thanks a lot for these videos ! I just have few questions If I want to use the Spring Boot Security configurations you used in the previous videos for the views , and use JWT with the API ... is that possible ? if it is , do I have to separate the configuration files? what is the best practice to implement it ?

@ramanjaneyappan7964 5 жыл бұрын

Authentication auth=AuthenticationManager.authenticate(authenticationToken); gives an error Cannot make a static reference to the non-static method authenticate(Authentication) from the type AuthenticationManager. Please solve the error

@alilat.tech.dz.advisor 5 жыл бұрын

Amazing!

@razer10343 5 жыл бұрын

Very nice approach :) What font and font size do you use in IntelliJ ? Cause your font looks so smooth instead of mine

@rudranarayandash1466 5 жыл бұрын

dracula

@zaaap0 5 жыл бұрын

You can use lombok you know ;) Saves you lots of boilerplate code

@fireburn95rs 3 жыл бұрын

for the purposes of a tutorial not focused on lombok, it's better to stick to traditional methods so as to not confuse someone who may be learning about this concept before they've learned about lombok

@yd13029 5 жыл бұрын

JWT.create( ) is not working anymore. help me : (

@danielpinzon3511 5 жыл бұрын

you need auth0 dependency bro! please include in pom

@gogira 4 жыл бұрын

I do not understand why are you implementing the whole JWT Authentication mechanism? It is already implemented in Spring Security. The whole resource server OAuth2 defined role is perfectly available out of the box from the framework. Is there a reason?

@gogira 4 жыл бұрын

My bad, you're actually implementing a minimal version of the OAuth2 user credentials authorization flow from the authorization server role. This is also provided by Spring Security.