Thank you so much Vinoth. Keep learning 😃

This is my exact thought after watching this. 😢

Correct

Yes absolutely correct

@@Javatechie alway try to make a real picture otherwise understanding is easy but it you will take it other way it will waste so much time to think why you did that or that if your explaination is not exactly correct, right it is 4am

that's the exact question i have after watching this comprehensive tutorial...

Yes we have done the same right. In case if I missed it then you are absolutely right here

Keep learning Ivan 😊

I haven't done this but I'm sure i will add it. Thanks for your suggestion

Just add below pieces of code in your backend code @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*") .allowedHeaders("*"); } }; }

Hello! It can be stored in session

How can you compare without storing the token buddy?

No buddy no tools available so far you need to fix manually. Like security, batch , micrometre related changes

@@Javatechie ok thanks Basant

In ui, you can store the token in session storage. And for the secret key, use spring vault or store in consul properties.

Storing jwt in cookie is also good option.

No frontend and what error you are getting?

Service mesh i haven't used buddy so will explore and update

At that time you should use gateway in that gate way you should make security configurations to applicable for all apis

If you don't then user don't have to login anytime and continue using the session for lifetime😂

Yes correct let's say i generate refresh token whose expiration time is 10 min so I assumed i went out and came back and opened my system then definitely it will show logout as within 10 min i haven't refresh token

​@@Javatechie Sir then One FollowUp Question , Lets say I had created a jwt token which expires at 30mins , then what should be our refreshToken expiry time ? should this be more than of jwt token expiry time ??like 40mins 60mins like that ?? And Sir in ur impl for refresh token api whenevr you are generating new jwt token , you are not creating new refresh token same refreshtoken we are returning , lets say for 2nd time also our 3 mins jwt token expired but after just 5 mins of expiry i came again since 10min refresh token window is there and hit refresh token then it wont return me new jwt token , i have to go for login again , that's not correct approach right , since 10mins refresh token expiry is there , no matter how many times i go out and come but i m hitting refresh token within 10mins means , it should always generate new jwt token , if i exceeded 10mins and try to generate jwt token then only it should be throw error ,but within 10 mins if i m coming and hitting refresh token means it should always give , shouldnt expire na , please clear this doubt sir , I m considering this 3 mins 10mins expiry time for example.

No that random token has an expired limit until that user can use that random string to renew a new token .

Yes we can do that your frontend app needs to involve that api

I am pretty sure and even verified It will delete

@@Javatechie In most of the production code, i have seen @Transactional annotation at Dao layer. In the example here, since Service is acting as a dao layer, The problem starts occurring when i put @Transactional(propagation = Propagation.REQUIRED) at Service class. I have not been in too dip into @transactional annotation, but i am pretty sure you can hardly ignore this annotation in a production code. Update: By adding below annotation in a method will meanwhile solve the problem. But still not sure what the @transactional annotation was doing. Thanks !! @Transactional(transactionManager = "transactionManager", propagation = Propagation.NEVER)

Okay I will do that

Please configure Lombok in your ide. That will solve your issue

You have to add annotation @Builder on your class.

Sorry for the inconveniences. Updated please check now

Okay sure

@@Javatechie Thank you so much, you are very good at learning and teaching. you are really helping persons who dont get good projetcs but still want to learn.

Hello buddy it seems you are misinterpreting microservice architecture no worries usually API gateway is the component who handles this security mechanism in microservice so even though internally you call one service from another that's absolutely fine . Your first api calls need to re authenticate if the token expires. Hope this clears your doubts . Do let me know if you need any further information

@@Javatechie Thank you for clearing the doubt. 👍

saroj . Yes exactly

First of all this needs to be integrated with the UI and in the UI there should be a button to refresh where this id will map behind the scene . Nothing will be visible to the user

ACL i am not aware about this buddy any reference please

@@Javatechie I was meaning (does not mean that I am right) that you should check in backend the role based on username. I didnt mean to be a jack a**, I know that this suppose to write more "unnecessary" code but this is my approach due to vulnerabilities that exist in the wild.

@@Javatechie Btw, you helped me a lot with the SpringBoot, your videos are veeerrrrry good. I was stuck with refresh token.

Yes you can update expiration time to 0

@@Javatechie yaa got it. Thanks 👍

What is your question ❓ i didn't get you man

What's your suggestions? Perform full authentication process on each request?

Check your application.properties file whether you configured hbm2.auto.ddl true or not

@@Javatechie while fetching products details in postman api the products details nots came

Are you able to store product in db