Hi Dan, This is the tutorial that was missing in 2022. Thanks a lot. I was struggling with those outdated tutorials and dependencies to make a working solution. this saved me lots of time. Looking forward to your next videos.

These videos are so concise and easy to follow, appreciate you.

This is a great tutorial. You have a way of explaining complex topics in simple terms. I have subbed to your channel.

Great video. This is like the only one guide about this topic that is quite easy to follow and does not break your spirit (I have tried to follow like 2 different videos just to realize half way into 3 hour videos that implementation was changed/got deprecated and I wasted my time).

Thank you so much..I was just working on a project and had a lot of difficulties understanding JWT, I opened youtube and I found your video. How lucky I am!

Wow. Learned a lot of very relevant security implementation in a very smooth and clean fashion and in such a short time.

Thanks for the great video!! It helped me a lot!!!!

Thanks a lot for this tutorial. I have been stuck in other tutorials for hours.

Straight to the point, no fluff. Looks looks like a bare-minimum implementation.

Hi Dan, I love the way you explain and it’s much better than a lot of tutorials i have gone through. I have searched in udemy for a springboot course by you but i see it’s outdated. It would be wonderful if you could create a new course or atleast a series of videos of spring topics. Thank you.

thank you Dan, this video help me a lot to understand how to generate JWT in Spring. the only one site where I found the explanation with the new version of spring security and works. regards from Colombia

Thank you for this, Dan. I would love to see a follow up video for implementing "Refresh Token" on top of this :) I know people will love it.

Thank you for making this tutorial. As you mentioned in the beginning there are so many more complicated ways of doing out there because the are not using what is built in to Spring Security. I unfortunately had used one of those more complicated ways so now I'm going to use what I learned in your tutorial to simplify my project code!

Just what I needed after struggling with an issue whereby a single user's token expiry invalidates all other users' valid tokens leading to error 403 even for authenticated users. Thanks a lot for this 💯💯

I really appreciated this video. Wishes your channel get bigger n bigger.

I am a nodejs and Golang API. I found this tutorial very help for my current work using Spring-boot. One thing about Spring-boot is that, when you use Spring-Boot with higher version some errors like this shows up: This error occurs in the NimbusJwtDecoder.validateJwt method of the org.springframework.security.oauth2.jwt.NimbusJwtDecoder class. The NimbusJwtDecoder class is used to decode JSON Web Tokens (JWTs) and is part of the Spring Security OAuth 2.0 framework.

Hello @Dan, it's amazing! Great video. Please keep producing videos regarding Spring Security, I think it's a black hole in the Spring modules. A lot of specific concepts and it deserves good videos with good explanations like yours. Congratulation and thanks for sharing the content.

thank you so much ❤

Awesome Dan! Thanks for the rich tutorial

Great video! Really helpful to get people started with latest Spring Security stuff and JWT! Few questions/comments though: 1. It would be good if you can extend the github repo and add a branch which shows the symmetric key approach - i guess it would be easy for the Decoder as u mentioned, but would like to see how to change the Encoder 2. Maybe to make it more realistic instead of HttpBasic - it would be good to have a UserNamePassword Authentication where the user calls an endpoint with username/password as body and the token generation happens based on that 3. Building on top of 2), it would be great if this gets connected to a database where hashing + salting is used as this can be used as a starter for real projects 4. Having roles in the example/video would be great Looking forward to your next video Dan!

Great video my start to spring security wouldn't have been great without this. A big salute.

top quality content. very infomative

Thanks for this Dan.

finally up to date spring security tutorial :) very good explanation

U have a nice way to explain, great work!!!

Wonderful. Very helpful. Thanks for sharing!!

Thanks for sharing this. I used your example to solve a problem I was working on and it worked. You are a lifesaver

I really enjoyed this video. Thank you for providing such great content.

Thank you very much! Greetings from Greece!!!

Amazing, how simple it is when explained by experts. Thanks for the great content. Well explained, with the right level of details to understand without getting overwhelmed. I still have to review the blog post if I am not missing any details. Looking forward for the next video :)

Nice video you just earn a subscriber I actually love the fact you don't define another class just to write another method like other youtubers do

Thank you for the tutorial

Thanks for sharing dan !

Thank you Dan! Great work!

Thanks Dan, really educative content that's very well and clearly presented. Exactly what I was looking for!

Hi Dan, can you also please talk about how spring mvc works internally, like dispatcher servlet, how by default exceptions are handled in rest apis etc.

Thanks for asymmetric rsakeys knowledge you've shared.

Thanks for a great tutorial. The article is very useful and helpful.

Nice tutorial Dan! Thanks a lot.

Amazing !!!! Great video, Thanks 👌

Great tutorial and topic. Really clears things out. Would be great to show next how to update JWT to include user's roles and permissions. And of course looking forward for Spring Authorization server!

Very good video, if anybody haven't mentioned yet, it would be good to replace inMemory user with UserDetailsService on data base. Additionally securing rest api with roles. Video would be a bit longer than 1hours, but woud cover topic from A to Z

Thanks Dan. it was crystal clear

Amazing. I used to secure my smalls projects implementing jwt encoder/decoder with the help of libraries like jjwt directly, as well as overriding filter methods from classes/interfaces such as UsernamePasswordAuthenticationFilter, OncePerRequestFilter. But this way you showed us has simplified it a lot. One more subscriber!

finally, an informative tutorial that ACTUALLY uses BUILTIN jwt tools, and not some filters and JwtUtility classes to secure an app

Many thanks, Dan. Your content is quite valuable for someone like me harnessing input to get better at building Enterprise grade applications. Merci beaucoup!!!

I'm guilty of rolling up my custom solution, pulling in a third party library. Thanks for this video, Dan! Gotta refactor a bit!

Thanks for sharing about JWT

Great Explanation

Thanks a lot, can you create new video for spring boot 3

Thank you Dan. I meant A LOT! Would you consider to create a video for those like me with a title "How to read Spring documentation and connect things together"? Lol. Thanks again!

Great information. I think a simple video will also be helpful which explains how to protect API using Okta or Keycloak since in most situations you don’t write authorization server yourself.

Excellent video! Need to test spring security with Ping Federate.

Excellent! Thank you.

wonderful tutorial, thank toy very much 😊

Thanks, very nice explaind.

You are great man

Everything works great!

Thank you Dan. nicely explained and Really helpful.

Thanks for the video ❤

First, thank you for such a comprehensive explanation of the new spring security. I'm going to take minor issue with it because, as with just about every tutorial I've seen for spring boot security, the user logon and Jwt generation is in the same sever as the Jwt consumer for endpoint security. This would never happen in the wild and creates confusion as to which SecurityConfig configurations are needed for each.

Hi! Great video, like all your videos! Especially now that Spring Security 6 is mixed in with older tutorials on the web this is very helpful. A suggestion: this is now already deprecated: ".oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)" and has to be replaced with ".oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults())". Also a question, how do you get this snippet-functionality at 30:00?

great tutorial thanks!

Very good take there.

your outro music is so good

For me as a complete beginner it was so easy to follow. Thanks for this tutorial, it was really helpful.

Thanks you. Can please explain also keycloak with spring.

Great content, really helpful thank you

Amazing, thanks a lot!

Thanks a lot Dan!

amazing as usual !

I super like your video, I have learned a lot form it

Hi Dan, really a good video. One functionality which could be added is adding refresh token feature, thanks

Hi Dan. Since we're already on Spring Boot 3.2+ would you mind an update video on this matter? Keep up the good work!

awesome video! subscribed!

Hey Dan, New question, obviously us as viewers are following along and just basically copying the code that you write down - but you seem to know exactly what we need and why we need it. Are there any resources you can point me to that could potentially help me understand the architecture of spring security in more detail but also how you learned this to a point where you just know what you need to use? Bit of a loaded question, but i’m keen to learn as much as possible. Right now all it feels like is that i’m copying code from you without truly understanding why we’re doing certain things. Cheers

Also to use the authorization as a micro service and export it, import it in multiple application across the company portfolio for a aligned one platform!

That was great! What about video about OAuth2 with Auth/Resource/Client?

THANK YOU THANK YOU!!!!

Thank you Dan, it's a greate tutorial for beginners. Can you please make a guide about refreshing jwt please.

Great video! You make it so easy to grasp the concept. A quick question. How would you secure the APIs using JWT if the application is using (username & password) in some cases and also biometrics authentication in other cases.

Thank you Dan! It is a great video. I wood like if you can provide a video showing how to consume these API from an other Spring boot Web application using Feign client how with JWT (aut he ti cation for the web app is throw the same api )

Great Video, keep up the good work

Thank you teacher

great video very useful

thank you very much !!! this is bread and butter even honey. if anybody wondering how to configure http basic to be used only for /token and all other endpoints with bearer check Den Vega -> how to create multiple spring security multiple configuration

Perfect video. Thank you, Dan! Like+Sub

Hey Dan, it's amazing, but is there any mechanism in order the user logged out of the system, how we can invalidate the user token?

hello great video btw can you do a video on opaque token that are stock in database

Thank you so much for such a great Video Dan, One suggestion I would give is Please try to make video a little more short I know you are videos are so helpful but they can be a little more concise

Good video It's really useful🥰🥰!

a video on keycloak and SSo auth? thank you! good video

Hey! Great video! But how did you do to autogenerate code just by typing jwt? Thanks a lot!

awesome

hey, this is one great :) ... but for some reason, this error showed up after trying to run the app (26:36) :( Any ideas?:/ We are forced to use Java 8 which does not include records yet.. so I created RsaKeyProperties class instead.. Parameter 0 of constructor in com.greenfoxacademy.springwebapp.config.RsaKeyProperties required a bean of type 'java.security.interfaces.RSAPublicKey' that could not be found. Action: Consider defining a bean of type 'java.security.interfaces.RSAPublicKey' in your configuration.

When the jar is run manually, there is a filenotfound exception. How do we handle this?

Are you able to create another video using the other method you mentioned. Where we do not manually create the keys?

Hi, please can you do a tutorial on combining JWT authentication with google's Oauth2 SSO?

Awesome tutorial as always. I have quick one... When using assymetric encryption do we use the private key to encrypt the data or the public key? With the little knowledge I have on encryption, I'm pretty sure we use the public key for encryption and the private key for decryption.

First off awesome video Dan. I have seen no code/logic on the resource server side to validate token. Is this optional on resource server end or its a must.