Jesus, the person who actually worked on the framework explaining things, I smell professionalism! Thank you and much love!

Dan, you are amazing. This video landed just in time when I was searching for the correct way of replacing the deprecated configuration. Thank you so much.

Super quick introduction to the new feature. Thank you very much

I am also glad to get that replacement on video. Thank you very much

simple a good tutorial, it helps me understand the confusion of spring security > 2.7, thanks

Dan, your tutorials are well structured and explains the concept very clearly. Thank you and appreciate your effort. With Spring 3.0.x Spring security has changed with many methods getting deprecated. I request you to kindly explain the correct way to do LDAP authentication and return JWT using spring security 3.0 Thank you.

This video is great, I find easy to understand how to move from the WebSecurityConfigurerAdapter to the lambda DSL with the example given. And that for Spring Boot to pick the changes up it has to find it in a @Bean

Thank you Dan. I just finished this tutorial and now I am sure to said "this is an amazing tutorial for beginners, it is clear, easy to understand and useful" Thank you Dan. I just finished this tutorial and now I am sure to said "this is an amazing tutorial for beginners, it is clear, easy to understand and useful"

Perfect timing That's what I am looking for.

Awesome video man!

Your video is great. you teach like a pro. btw this is the first time i see you. you just got my subscribe and ill check more videos of yours.

Good and helpful tutorial 👍

Thanks so much bro, you have all the new ones that we need

I didn't like this approach at first but being honest is way better than the previous one, I can't count how many times someone could not create a authentication manager bean because they overrode authenticationManager method and not authenticationManagerBean method

This is exactly what I am looking for. Thank you so much!!!

Thank you so much for this tutorial it helped out a lot.

Dan, thank you so so much! It was very useful!

Excellent Dan thank you so much for sharing knowledge. Could you make a video about jakarta ?

Great content as always ❤️.. waiting for the next one.. keep it up good work 👍

Dan thank you so much

Thanks for the video! After spending hours as I am new to JAVA and especially security side of things, your video helped me bypass the CORS issue. Being new to JAVA how to keep track or update myself in the best practices in JAVA? any recommendations is appreciated!

Thank you, exactly what I needed

Amazing video thank you so much! I was stuck with this just the other day 😊

Very helpful video, thanks!

Thank you Dan

Great tutorial man! Thank you!

Great video Dan. Concise and to the point. I have a quick question about the deprecation - the blog post says WebSecurityConfigurerAdapter has been deprecated, as we encourage users to move towards a component-based security configuration. My question is why? What advantage would that give us as a developer which we couldn't have with WebSecurityConfigurerAdapter? Hope to hear from you soon and once again - thank you very much for taking the time to make this video

Dan I can't express how good your tutorials are, love the structure, goal-setting and the on-point explaining without any gibber-gabber, One question is: will you update your course on Udemy to reflect the deprecations in the newer versions of Spring? so far Spring security is a very important subject, many do touch on it but there is no good structured course out there for this specific topic. Thanks again.

Hi Dan. always great content, thanks a lot!

Thanks Dan, very concise video. What I don't like about the new configuration is that there is no easy way to get the underlying AuthenticationManager as a bean. We need custom login flows, so we need to call Authenticationmanager manually. In WebSecurityConfigurerAdapter, we can easily get the AuthenticationManager, but now, there is no way to do it AFAIK.

thanks!!!

Great video. Thank you so much! Is there a way to refresh the token or log it out ?

Den! Hi what about very intensivly corrupted outdated docs about kervberos 1release in spring in aspects of new 6 security they cannot be together at all

great video

Thanks Dan for this video. Could you make another security video, this time involving API Keys?

Thanks you

Thank you so much Dan, I really like the way you try to explain how to use it. I think it’s really important to use it in a Spring suggested way tooo. I have one question regarding on the SecurityFilterChains, does it mean that if I create two different SecurityFilterChains, is Spring be able to create two different sets of filter behavior?

Hello, my friend! Could you explain what is the difference between @EnableMethodSecurity and @EnableMethodSecurity? Also, why are they needed? Thanks in advance

Dan, thank you very much but why we didn't do the production practice from the beginning. Again thank you.

thank you

Great video as always! Keep up the good work and it will be awesome to see more videos on this topic. Since nowadays most apps are REST API's with SPA framework and JWT flows are used - it will be great if Spring Team implements this flow (REST API, Role based Authentication/Authorization against the Database - with bcrypted password, etc) out of the box. Do the new Spring Security changes simplify this flow in any way? Because right now to implement such flow there is a lot of boilerplate code which would be better if it is implemented and can be used from Spring Security!

Hi, Dan. Do we need to still leave EnableWebSecurity annotation? Looks to me it works without it. Btw, great video.

How do i define the AuthenticationManager bean following the deprecation of WebSecurityConfigurerAdapter?

I love the way you present the ideas to work with. Simple and well designed!! Could you please add the zip file of your demo project on the description so that anyone can download and practice more. Thank you

thx dear

Sir, Why annotate with @Configuration when @EnableWebSecurity has @Configuration annotation in it??

Thank you for this amazing Tutorial! Can you also explain how to do the same thing if we have multiple Configurations with different @Order?

How do you create integration tests for these controllers that use the InMemoryUserDetails?

I cannot use antMatchers here why? it gives :Cannot resolve method 'antMatchers' in 'AuthorizationManagerRequestMatcherRegistry'

I love you

Can you make a video on how to enable csrf on spring security and use it with Angular app.

Thanks for this, Dan! btw, I thought mvcMatchers() were preferred over antMatchers()? Also, keeping config in a separate class, outside of the Application class, makes it easier to replace inside tests.

amazing ...! sir can you please do spring security with using mysql database data

I get a very strange error: authorizeRequests() is depricated. How do I solve this?

Thank you for the great video Dan! I tried adding 'springdoc-openapi-ui' to document the api while using basic auth security but for some reason it did not work. I was able to send a request even if I logout. Can you please make a tutorial in which you demonstrate how to use 'springdoc-openapi-ui' in our project while having basic auth and also JWT auth (I know that we can have one at a time but it would be great to see both implementations). Thank you in advance!

Thanks for a very good tutorial. However I am stuck at the login loop. I am using Kotlin. How can you assist me?

Does this configuration also work for Spring Web MVC?

Hi what happen to AuthenticationManagerBuilder object ?

I see that in @EnableWebSecurity has also @Configuration, so do we need to add @Configuration again at line 11? When I remove @Configuration at line 11, application still working.

The GitHub link seems to be not having the code demonstrated here. Could you please update that?

Thanks for sharing, would you mind to share some opinion or suggestion for my recent use case. I'm developing a microservice architecture and spring security is in the core library project that included in each of the services. I have different set of api to mark as permitAll() for each of them. Basically I want to avoid create almost identical filter chain bean that consist of csrf.disable(), cors and etc. Can filter chain bean be extended?

How come you're using antMatchers instead of requestMatchers?

What is this http terminal tool

👍

The video is great but I was following along and can't call either of the secured API's user / admin. I've tried with curl and Chrome passing in basic auth (Chrome prompts you for credentials). I have the security config annotated as a @Configuration and both methods annotated as @Bean. I'm sure it's user error :(

I would like a new video all about relationship(hibernate)

Thanks for this video, it's really helpful But I can't .antMatcher() after authorizeRequests() . Please help me solve this error. Thankssss

Dan, u are going very fast, u are no telling the internals and how it is happening, u just fired a request http -a user:password :8080/admin and logged in as user , i understood whats happenin, but want to know how it works will it go as header or better u should have used postman to avoid confusions

07:00

Sir, Can you Please Tell How to Write Authentication Manager Builder in New Spring boot Version

Upload spring security jdbc

stu mllunar

Omg. Just 6 months ago and this is outdated. WTF is happening with Spring Security :(

Most of the things in this video are now deprecated...whata shitty framework

Hi There, I am using Spring Boot 2.75 and I used your tutorial up to a point. I managed to dig around Google and founs some useful pointers but using your tutorial I wrote this and it worked. Thanks for your help @Bean public InMemoryUserDetailsManager userDetailsManager(){ //In Spring 5 we need to encode our password as standard. This is different from how we use to do it in Spring 4 PasswordEncoder encoder=PasswordEncoderFactories.createDelegatingPasswordEncoder(); UserDetails user=User.withUsername("user") .password(encoder.encode("password")) .roles("USER") .build(); UserDetails admin=User.withUsername("admin") .password(encoder.encode("password")) .roles("ADMIN") .build(); return new InMemoryUserDetailsManager(user,admin); }

I have an error even after doing this changes I got this err while runing the app : org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration$WebSecurityEnablerConfiguration]: class path resource [org/springframework/web/servlet/config/annotation/WebMvcConfigurerAdapter.class] cannot be opened because it does not exist

thanks sir , im appreciating your open mind for helping peoples , im from india , can you give me your facebook im a java developer from kerala