Highly important guys.. at @01:14 be aware, the role field must be save with "ROLE_" prefix in the DB, (dont know the reason). I wasted alot of time because I entered the authorization role mapping value which is without the "ROLE_" prefix. thank for the tutorial sir, BIG LIKE!

Your way of explaining complicated concepts in a simple manner is outstanding! Thank you so much!

This is what is required on KZbin. Kudos sir Bring full stack courses also. I bet 1 million is not far away then.🙌

Fantastic tutorial, probably the clearest tutorial I've ever watched on a pretty complicated subject. Thank you very much!

I am big fun of your teaching. I don't even want to go for other resources unless I don't find in Java Brains. I really appreciate your contribution to my life. You are such important to me."live long and God bless you."

Epic! Thank you! Please talk about integration with JWT

Sir, you have made Spring Security so easy to understand. Thank you so much for your efforts😀

I saw the whole spring security basic videos, everything till now was explained well. anyone can easily understand these spring security topics. Thank you for your time and effect

Clearest tutorial with minimum time. Easy to understand. Thank you for wonderful lectures sir.

I've been struggling with Spring Security for days. Your tutorial made me able to install an authentication system on my app in two hours. THANKS!

By Far the Best Explanation of Spring Data JPA with Spring Security...got many concept cleared out of this Tutorial

wow, these are the best tutorials on Spring Security I have ever found on the Internet. Please keep up the good job :)

Yes Correct, read query many times for authentication/authorization, we might consider using LDAP. LDAP has fast read query.

Thanks, this is the clearest from scratch video i found so far..so difficult to explain yet you made it look easy

I've watched almost every single video I could find on this subject and this was the clearest and most helpful and actually worked. Thank you for your help!

Great Job Koushik!!! I like your teaching style and JavaBrains has been my main source of learning SpringBoot and java related stuff lately!!

Nice One Koushik, keep the good work up. With addition to all the information, would like to add, spring by default adds "ROLE_" to whatever the role we are trying to check for the user. Thats why Kaushik has inserted ROLE_USER in the roles column of the user table. Now why we are trying to access different urls, spring check the role using the class ExpressionUrlAuthorizationConfigurer which get called from the overriden method configured having HttpSecurity as parameter. Check the implementation for the method hasRole in the method chaining.

You are doing a great service by sharing all these...no praise will ever be enough..👍👍👍

if @Autowired UserDetailsServices in SecurityCnfiguration is showing error it is due to multiple implementations of that interface spring is confused which one to choose. solutiion :add @Primary annotation above MyUserDataService class that will give preference to your implementation

Did anyone try , this project no longer works ? I cloned it and it doesn't work. Says forbidden (403).

Sir, hatsoff to you.. you made learning spring security enjoyable for me.. being dyslexic I hated spring security..

SIR the whole day I've been trying to get this to work... then 10 minutes in this video and it works now. I really thank you a lot!!!

It's importante to note that you must add the prefix ROLE_ in MyUserDetails class otherwise it could return a 403 when trying to log in.

Great start to the weekend.. God bless.. Please cover JWT, OAuth and SAML

Clear and simple, managed to implement my own JPA authorization provider thanks to this video. Great Job !

This security series is absolutely amazing !! All aspects for each type covered.. 😀👍

You are doing fabulous work Sir...( Y) Hats off to you for giving so much content to the community for free.

really good series of tutorials. Great Job! Since spring 6 some things have slightly changed, but you explain the core principles very well. Thanks!

Please🙏 upload LDAP supported Spring security ... Eager to watch

17:20 Spring boot verison 2.3.1.RELEASE When creating a dummy UserDetailsService, you also need to comment out the spring-boot-starter-data-jpa in the pom.xml else the server application will fail to start.

Best tutorial ever! It is definitely worth your time

By far the best tutorials on spring security. Thanks a lot

your explanation is so good i wanna cry

Thank you so much! You explain so clearly, much better than all the paid courses online! 😄

really I'm so lucky to find your video that helped me well to understand and learn with simple method the authentication with spring security, really I appreciate your qualified explanation. big thanks from bottom of my heart ♥

Thanks sir, these are the best tutorials on Spring Security I have seen on the Internet

I never knew . . . Spring Boot Security is this easy . . . thanks to you brother!

I have watched a ton of similar videos, but your videos are best by far!

Thank you so much! This unblocked me on a problem I was having with my Repository.

The best video for Security. easy to understand and all codes works fine. Plz Mr make more videos for spring.

I've been looking for such tutorial. Great video. Thank you!

This is one of the best tutorial i have seen in my entire life :D Thank you so much.

Thank you for uploading such video's. Really helps a lot in Interviews.

I changed the Naming Strategy in properties as the one used in this tutorial is deprecated in Hibernate 5 spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl

The best tutorial i've seen on youtube !! Thanks man !

If you are getting a 403 make sure that the role column in USER table = "ROLE_ADMIN"

Thank you once again, Kaushik for your time and teaching!

I tried the Exact same as you explained. But when I login with "/admin" {There was an unexpected error (type=Forbidden, status=403).} this error is comming. Please help

Thank you so much, its always pleasant to watch your videos, crystal clear, in details and precise to point. Thank you so much for your tutorial.

We are just passing the username for fetching the user details, how does the password is verified during authentication. As in all cases till now we are not verifying the password.

Art of coding ,simple and quick

Great tutorial!!!. btw for authorization, since we are using authorities in Userdetails, we should use hasAuhtority instead of hasRole. .antMatchers("/admin").hasAuthority("ADMIN") .antMatchers("/user").hasAnyAuthority("USER","ADMIN").

this man is the greatest of all time!!!

Really AWESOME!! One of the best videos I watched.

If u are getting 403 error. Change SQL insert example: insert into user (username, password, isactive, roles) values ('admin', 'admin', true, 'ROLE_ADMIN'); //or 'ROLE_USER' but not 'USER'

Excellent, Thank you Kaushik, May God bless you!

Thanks for coming back !!

thank you very much for putting this together. Your explanations are very clear, concise and to the point!

If your authorization not working properly after fetch user info from database, remember to name the roles in your DB like "ROLE_USER", "ROLE_AMDIN". Otherwise, your hasRole method will not work!!!!!

This is good stuff ! Now my weekend is productive as I learned something new from this ! Long live KK !

A very informative video on spring security. Thanks a lot. Cheers

Finished the tutorial! great job and explanation

Sir, you deserve a noble.

This is pure awesomeness thankyou very much. Amazing!!!!

Best video on spring security !! Thanks Kaushik :)

Spring Security + JWT Authentication would be superb!

Very good tutorial, nice and clear explanations. Thanx a LOT!!

I tried the JPA with MySQL but I am getting bad credentials. Could you please help me with this??

Please emphasis that SecurityConfiguration has "ADMIN" while SimpleGrantedAuthority is ROLE_ADMIN Though some people knows Spring security, some don't know.

Fantastic tutorial. Well explained and easy to follow along.

Tjank you so much brother... It was the best spring security tutorial i've ever watched so far...💜

Indeed, very well explained! I loved it! Subscribed + Shared!

Could you make few tutorials that talks about handling user session management after login, thread local etc

Thanks for your hard effort to make the things done. Awesome

Before I watched I just click like button 👍

You made it look so easy. Thank you.

In the MySQL implementation, where are you verifying the password? You are simply taking the username, getting the user details, and passing it to MyUserDetails(). Does that mean, for the above code, you can give any password and it will work?

In sql database active data type is ?

Best I've ever seen on youtube .. thks man 😀👍

Perfect teaching skills.

very good video bout spring security, usage of lamda expression also very nice

this is exactly i was looking for! thanks!

Great Video. God bless you. Regards from Mexico!

Amazing tutorial, thank you for creating this video

Thanks a lot Prof, you're my best teacher

Awesome explanation man,

Congratulations #JavaBrains. It's the best tutorial I've read about Spring Security + JPA. It's almost complete. Thanks you very much! Pd: I think you should endcoder your password with other tecnique, because it inserts plain-text password.

Very nicely explained. Can you make a tutorial on Spring security + oauth2

wow , amazing explanation, waiting your video on spring boot with keycloak

some DBs (like postgresql) does not allow to create database with name 'springsecurity' and table with name 'user' .. probably because they are reserved words .. try using different names in such cases

Thank you so much for these videos. They are very helpful ❤❤❤

Quick question: I have understood and implemented all of this. I have a user that exists inside the DB, and when I try to log him in, all is fine, I get a jwt back and all of that stuff. But when I try to access the /login rest point with invalid credentials, I get a 403 forbidden instead of "username not found". What am I doing wrong? Note: I also set my requests to permitAll(), so that's not to blame.

Great job Sir. This is what required.. thank you v much.

Hey Koushik, Please use white background for IntelliJ - its difficult to view

Suscribed and like and thanks

This tutorial is really helping me alot. Explained so perfectly. here we have created our MyUserDetailsService, but autowired instance of UserDetailsService. Still worked !! Should we MyUserDetailsService ?

ROLE prefix is the default behaviour of SimpleGrantedAuthority. It took me some time to figure out why Authorization was failing. It was due to this prefix .

Sir, Thanks for you effort to provide us great quality content. I really like your video style. :)

Video is great and usefull. Use mvcMatchers instead of antMatchers for trailing slash / issue. We may use hasAuthority in place of hasRole. This not required ROLE_ prefix in code as well as database.

Early morning .. good start