You had me in the first 20 seconds , tutorial hell has brought me here i was almost loosing my mind on spring security

This video hit the nail on the head, I watched countless other videos from other people before I found this one, and the content was either outdated or poorly explained. I appreciate that you did everything from scratch and explained each step. Wish I found this video about 8 videos earlier, but I finally understand the whole implementation process for Jwt's. 11/10 will watch again.

All I could say this is an extraordinary tutorial. I tried all of the spring security tutorials but they did not cover the nitty gritty aspects of it like the jwt token creation and authorization but you just were superb. Thank you very much for uploading a gem ❤

You just revived my passion for spring boot based backend development. Thank you so much. This is the best spring security crash course I've found on KZbin even better than the inspirations you mentioned in this video. The reason is, that you used less jargon and fancy Java. You showed basic Java skills to explain an already complex spring security concept which feels smooth. Most of the creators from the Java community tend to use a lot of fancy Java design patterns and advanced Java features which causes great difficulty for freshers to understand such complex concepts. Constructive Criticism: I have one small suggestion for you, the cutting of your voice is really not good. There are no pauses between your speech, leading to you sounding monotonous even when you're not. Also, it made me rewind many times since I never understood where one sentence ended and the other began. Love your content. keep going ♥

This video is a compilation of everything useful that is said in the other videos, discarding all the other useless things that are said, updating it to the latest versions of spring. Liked the video, keep it up.

What a fantastic to the point video it is, Thank you so much Ethan for sharing valuable knowledge with all of us, my knowledge before and after watching this video has increased very much, looking forward to more of your videos. I had watched a bunch of videos on this topic, but your explanation made it much easy to follow and code along with you.

What I usually want to see in security videos is handling security for different type of roles. E.g a backend service for sellers and buyers, drivers and riders, students and teachers and so on

Great video and working around the deprecated methods wasn’t too bad and was a very good practice of working with documentation. Thanks for putting this all together. 👏🏼👏🏼👏🏼

Thank you so much! I highly recommend this video to anyone who wants to learn about Spring Security. It is a comprehensive and informative resource :)

Fantastic Video, Thank you for putting all this together in one place and having it explained very clearly and at a steady pace. Great work!!!

After thousands of videos on spring security, I finally found an excellent one

You are a true champion by not using Lombok Sir. Lol. When you did your first round of Encapsulation, I immediately implemented Lombok ;D

Absolute gold of a video

Finally found a video for working around the older deprecated methods. Thank you very much. Edit: Unable to generate the jwt token during login, and getting a 401 Unauthorized error response back. Might be an issue with the deprecated jwt() method in oauth2ResourceServer(oauth2ResourceServerConfigurer::jwt()). But even with the new code oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults())) which provides a default implementation of the oauth2ResourceServerConfigurer class its not working. If anyone has faced the same issue and solved it, Please let me know. Thank you.

The Best explanation I have even seen for spring security and jwt authentication. Thanks alot.

Holy crap. Thank you so much; this is amazing. Top tier content. I learned so much from this compared to hours of Amigoscode or Dan Vega. Nothing against those guys, they just have so much content to get through and a lot of it is outdated. Thank you so much for putting this together. I got what I needed out of it and then some.

Well done. Had some troubles with dependencies but overall your video is quite amazing! Thank you so much!

Amazing video! Such a complex topic was explained in a relatively simple way, thank you!

this guy is a true legend fr

Wow, first time I get it right. Thank you! This channel should have much more followers. I had some issues using Lombok, but when I did all the constructors, getters, setters manually it's finally worked! I guess I need more experience with constructors first, then use lombok.

thanks for this amazing masterclass

This was fantastic! I followed it, but changed JPA to jdbcTemplate, because the road to Hell is paved with too much abstraction. Doing it that way, everything made perfect sense. Thank you!

Liked the video! Here's an idea for future tutorials, can you create git branches for each chapter? this way we can go back and forth between different chapters to compare and contrast the changes.

Wow, you had me in the first 20 seconds. Got the problem absolutely spot on. thanks

Absolute legend for making this

perfect video, everything will go smoothly without getting any blocker for me, thanks brother for such a nice video😍

Thanks, for this great tutorial. Concise and blazingly fast.

tôi mới học khá lúng túng với spring security nhưng xem hết video của bạn tôi đã hiểu hơn rất nhiều, cảm ơn video của bạn.

Yeah, very true.about 80% of the videos sessions use deprecated modules

clear and concise, great video mate!

Spring Security is confusing but you did a great job. I found a lot of things in one place it helped me a lot. Thanks

Man, this video is top notch. It is exactly what was missing from youtube. Could you, please, share with us, how did you figure all this out? What materials did you use for documentation or how was your thought process? Or maybe is it just experience? I watched Dan Vegas' video about JWT and I was really wondering how to achieve role authorization. I wouldn't have figured it out by myself.

Good video, I watched it to the end, kinda hard to understand the whole thing because I've just started learning this framework but with the time for sure I will comeback and watch it again!

fyi if you are struggling with deprecated methods, or other things (example: I was unable to run project due to an error with the security filter chain method, request matchers specifically. You can always just downgrade the version of Spring Boot in your POM.xml to use what was used in the video and everything will work.

It was indeed an absolute Behemoth of a video! Great tutorial, loved the pacing and the explanations. My subscribe and like is your good sir.

Excellent tutorial. This is just what I needed to get started.

This is a really great tutorial. Thanks for this

Thank you so much after searching alot i found this video that covered my ground up spring security and jwt thank you man.

thanks for a clear video. its incredible how spring security team has no good documentation for spring security 6

one of the best security tutorial, clear explanation, am now confidence about spring security. Thank you @Unknown Coder

This video is the best spring security video ❤

This is a greate tutorial. Thanks for that!

great content video with proper explanation keep doing contents like this 😍, i was looking for this type content for many days, i just wasted a lot of time but this saved my time and can explain how to save roles in DB annd retrieve it from DB and also about OAuth 2.0

Trust me I haven't started this tutorial, I just read the description and I know Spring Security is bagged already😆😅

Thank for the detailed explanation, please suggest how to do authentication for an application using Thymeleaf and MVC controller.

Brother, you are a lifesaver!

Much needed video on the upgraded ways of Spring Security, I'm glad that i was able to find it I have a request though, could you also post a video on formLogin using spring security

Absolutely amazing video, learned a lot from this, Thanks!!

excellent tutorial, and thank you for the timestamps!

Wow. Thank you for this. Brilliant

Great Video!

Bro this is golden

Toturial hell got me here bro 🗿👍🏿

mega tutorial man, THANKS !

Thanks for the vid, the deprecated APIs were a pain in the ass!

Great video, really helpful!

Thank you so much bro, you are a life saver

Thank you for your content!

fantastic video thanks lot

Thank you for the video!

Wonderful! Thanks!

fantastic video

thanks for this awesome tutorial! very helpful!

Fantastic video...only problem I recieved was at 1:35:00 during login There is no PasswordEncoder mapped for the id "null" i don't know if I have done something wrong or need to update spring security....it doesnt work with admin as well

Lovely just what i needed ... i'm new to this level of spring security ... so I hope this question isn't a silly one ... i would like to know how and where you generated the public and private key in you code... thank you :)

Great Content!!! Can you make a video on how this authentication backend works with API gateway ? Any of the members if know

Thank You! That was very helpful

Insane video. Ty so much

This video is amazing

Big thanks, Sir 🥰🥰🥰

Well done. A 1000 thanks

Thanks for this video!

Great content, thanks a lot!!

sick hoodie man

great video helped me a lot

Great Video..Thank you so much

Hey @Unknown Koder, I fixed the bug you encountered at 1:41:35, apparently this stems from a deprecated use of the jwt() Method, this is the correct way of configuring it as of Spring Security 6.1.x: .oauth2ResourceServer((oauth2) -> oauth2 .jwt(jwtConfigurer -> jwtConfigurer.jwtAuthenticationConverter(jwtAuthenticationConverter())))

in first minutes I subscribed

It was brilliant, please add oauth 2 support for the same repo

Hi man, i have this erro in my securityConfiguration. line : .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) Error: 'jwt()' is deprecated and marked for removal Do you no fix?

great video!

Thank you for your tutorial

Greate tutorial, Am asking for getting an end-point which returns an access token by accepting refresh token, Note Access token should also be returned on login attempt.

Thanks very much for the vid! Really enjoy your teaching style! I am having a bit of a problem though, when I change the loadUserByUsername() method inside the UserService class to call findUserByUsername on the repo, the app stops accepting a valid username & password combination of admin. I have checked the database and the user admin tuple is definately there but I get an error 401 no matter what I enter? Have been stuck on this for a few days so would appreciate any help! Thanks very much in advance!

very good content

Awesome video, I followed everything you said (mostly) and got postman working at the end, but Im a bit confused on how to implement a login page and move to a secured page?

I am using DOMA, I can't declare the Set authorities as it says it is not supported as persistent type.

Thank you for the video, do you know how i can be able to display this information in my next js project

How to validate jwt is invalid or expired?

TU É FODA MAN, VC É INCRIVELLLLLLLL

Thanks a lot mate. Could you add Refresh Token?

THANK YOU

Hi, this was an exhaustive example I've been looking for. Thank you very much! I would like to extend this project with static HTML pages. How can I do that? I've added HTML pages (e.g. an index.html under resources/static) but I can't access any of the pages. they're all blank and I get 401 responses to them. I tried to add the static path to auth request matchers, but no joy so far. Any ideas what's missing? Thanks in advance!

Mind blowing

I would be great if you upload separate small lecture like 15-25 min length tutorial, Long lecture are so overwhelming and it looser the interest.

best ever

Thank you !!!!

Very nice video! Can you tell me how to log out with a jwt token? Should I store it in tokenRepo and disable it on logout? Thanks!

Do we really need to return user credentials (even if it's wrapped into some DTO without any sort of sensitive information)? I mean is it so-called "best practice" or we can just return simple status code? Is it mandatory to return anything or we can just use void methods in such cases?

Hello, good tutorial. Can you please tell me how to deal with CORS? Simply adnotating the controller wont work