Hi, Thanks for this tutorial its very helpful. I am new to swagger & need help with one thing. When i secure my endpoints using JWT the response i get in Swagger is as below...ie its returning the swagger html instead of the json response. This happens only for endpoints that i have secured. The non secure ones work fine. Can you please advice how to fix this.I believe it is some swagger config. Below is the response i see in swagger window. Swagger UI $(function() { window.springfox.uiConfig(function(data) { window.swaggerUi = new SwaggerUi({ dom_id: "swagger-ui-container", validatorUrl: data.validatorUrl, supportedSubmitMethods: ['get', 'post', 'put', 'delete', 'patch'], onComplete: function(swaggerApi, swaggerUi) { initializeSpringfox(); if (window.SwaggerTranslator) { window.SwaggerTranslator.translate(); } $('pre code').each(function(i, e) { hljs.highlightBlock(e) }); }, onFailure: function(data) { log("Unable to Load SwaggerUI"); }, docExpansion: "none", apisSorter: "alpha", showRequestHeaders: false }); function addApiKeyAuthorization() { var key = encodeURIComponent($('#input_apiKey')[0].value); if (key && key.trim() != "") { var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("api_key", key, window.apiKeyVehicle); window.swaggerUi.api.clientAuthorizations.add("api_key", apiKeyAuth); log("added key " + key); }

Please explain what those classes mean and why are we doing that. for ex: we are setting authSuccessHandler. What does that do, what logic we have to write there, etc.

@22:12 JwtAuthenticationToken extends UsernamPasswordAuthenticationToken but calling super constructor with null value also returning a null value from super getter methods. Are not we violating SOLID principle "Liskov's Substitution Principle"? Do we have any better design instead?

This is why I hate Spring or Java, there is too much boilerplate code and class needed to be created. And there is a'lot of magic going on behind the scenes where I don't understand what is going on. I have to extend this, and implement this, I have to somehow figure out which classes or interface to extend/implement, plus I have to read the Spring source code itself to understand stuff.

At 17:50 did you mean every URL except those who start with "/rest", right? [[ because in the configure method from WebSecurityConfigurerAdapter you said .authorizeRequests().antMatchers("/rest/**").authenticated() ]]

Truly the best explanation on an implemntation of JwtAuthentication. A question for JwtAuthenticationProvider you autowired JwtUser model to validate the token which consisted of username, id and role but returned UserDetails with username, id, token and List of grantedAuthorities, Is it good practice to include multiple roles as part of the posted message? Also what about the password validation? I want the password check to occur such that bad/expired or locked out password users do not get the token, How do i ensure that?

Hello, I am getting an error on the @Bean public AuthenticationManager authenticationManager() { return new ProviderManager(Collections.singletonList(authenticationProvider)); } with error of the "The constructor ProviderManager(List) is undefined"

Very nice and could you please do a tutorial on rest template with PayPal or paytm integration

But filter is not working when you send header from angular, It has some CORS crossOrigin issues .how to fix that i tried everything .

Hi how to fix this: Base64-encoded key bytes may only be specified for HMAC signatures. If using RSA or Elliptic Curve, use the signWith(SignatureAlgorithm, Key) method instead.

Its JSON WEB TOKEN not Java Web Token :)

Wonderful, and where exactly would I use DB cross-check?

Thanks bro for a nice tutorial. Realy you are doing a great job.

Not sure why I see some dislikes , wonderful video!!! Excellent explanation

Can you publish the video how to set own login form and use blowfish algorithm instead of HS256?

Thanks great video. How can it possible to use JWT from some UI(like angular , react js) and maintain the session of a particular user usiing token.??have some exapmple please share??

With gradle,I tried to run this code but its not validating token, when the generated token i tried to decode in jwt official website its showed the same input bt invalid signing instead of verified. Could u please tell the solution to validate it while accessing /token

Can you please tell me how to invalidate token if user logs out? Thanks in advance.

Thank you very much sir, i have successfully implemented in my local machine..

I found a couple of issues with the code. First it doesn't really prevent any unauthorized users from accessing the /hello endpoint. It allows anyone with a token (valid or invalid) - if this is fixed there is still an incomplete part of the /hello endpoint where the token needs to be validated. Second, the token issued is not valid per JWT.io. I found that the username is in "sub" rather than "userName" label and the "typ" label is missing in the header.

This is good. My suggestion to you would be, in your videos you are asking many times, we have to do this that, right? Well, We don't know that is why we are here to learn. Imagine if you don't know anything and you are in the class of a online learning for an hour and you don't know why we have to do what we have to do? you will quickly get bored or frustrated. My Suggestion would be: Explain the chain what we are doing and why we have to do it? If you feel the video is becoming longer then split it in multiple videos. That will definitely give you advantage. You are sharing a knowledge which is hard to come by but it has to be more meaningful. Your efforts are much appreciated, hands down. Please make it more engaging. Thanks.

Hey bRother, nice video But I stuck in a problem, Like I have existing Spring MVC project which I have moved in Spring Boot, And need to implement JWT But confused with its file system. Can you please help me here...

What about creating a client appliction to consume this rest?

Can you do one video for latest spring boot version as 2.1.7 release and spring security 5.1.6 version, I see one issue as client secret trying to decode of the password encoder and getting hexadecimal error

Thanks bro . I wanted to implement this in a freelance project . I am an experienced java dev working somewhere

Great tutorial. Please help me retrieve the payload from the jwt token supplied inside a spring controller.

Sir I did not see any use of user role here. This can be refer as authentication but this is not an authorization. Kindly share some stuff on hasRole significance in authorization context

At the first time user is supposed to enter user id and password and then the token should be returned. Subsequent requests can be authenticated using jwt, but the first request must be authenticated using userid and password. username, id and role are not secured info to authenticate a user.

Xml Configurations were so good back then...

Thank you very much. Nice tutorial! Spring Security - it's such a nightmare!

Is there a video modifying this project to work with a database?

Hello Thanks a lot to share all kinds of tutorials. All are very good. Can you suggest how can I implement Anonymous token in the case when an Anonymous user need to access some endpoint? Thanks in advance

I downloaded project from git and trying to run, continuously giving unsupported media type. Provided JSON request body with same media type... please help

Good work, But it may be greatfull if you have working witht JPA entities for User and Roles in order to make sign in by user that exists in database

Hello I tried this same service but everytime I hit the service it shows error Unauthorized. Same code I used even then. In the browser it goes to a login URL, although there is no path /login described. I am kind of stuck in that. Can you please help me with this?

While generating token i pass any random json which does not contain username ,id and role. But it is able to generate token and the token is working fine for accessing /rest/hello. How is it possible?

Great tutorial. I am new to JWT and this is a wonderful help. I was able to run in eclipse but when I try to deploy on Websphere, since its spring boot, its not working. So, my question is what changes do I have to make if I want to use this same code but with Spring MVC? Please let me know ASAP as I need to demo something today. Thanks for your help!

Hi ...Can you build a tutorial on how you can implement security in zuul api gateway?

Hi. I implemented the exact code that you explained. But when I try to access /token endpoint, i get unauthorized error in postman (401 error) which says needs authentication. Can you tell me what is the problem exactly?

Thank you , Spring security is No Joke. A comment maybe, on the spellings, e.g Authorisation most use Authorization, and on the Token in security, most use Bearer as the default. But other than that, great tutorial and code.

how to pass Athorization token every request ,then how to everytime automatically write token in the header pls help

it is helpful a lot for me. But I am suffering one thing is to customize the exception from this method "protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException" of "public class JwtAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider" if any exception we caught like tokenExpired or invalidToke etc. Please help me.

I am not getting token from postman and I don't have any errors what can I do ? please help me

sir for one user i am creating a one token and it is expire in 15 minutes but after 10 minutes i am creating a new token for same user so how to destroy all old token .plese give me a solution for that.

now how do we implement database and check if user exits in our database then only generate token and send to user

Could you please explain where the token generated is getting saved for the user and how it is verified?

Hi Tech Primers, how to change the status from 500 to 401, because i believe when token is missing, the server should return 401 unauthorized right?

Very helpful tutorial Thanks. Can you give a demo on 2 factor authentication?

Thanks a lot for this tutorial. how do i add expirationdate to token? thanks

sir please make an example of spring boot+jwt+mysql+web

Can you please upload a video for logout ? BTW this video is the best example.Thank you

Really appreciate the detailed guide. Can I use Single-Sign-On with this?

The video is producing a strange noise, I thought my HD was done for.

In JwtValidator we are using secret = "youtube" in plaintext. Is there any way to protect it?

I am facing difficulties in following this tutorial, could you please provide a theory season with some diagrams, so that it is easy to understand the implementation

Haah , Excellent video from the Scratch .. This will be very much helpfull for those who are starting to learn spring security . Tnx a ton mate.. Learned the basics from your video . Cheers .. Do more video's . #Subscribed_after_seeing_this_video

well done man ,,, please keep it up, But I think it needs some enhancements ... I see the cycle is executed twice and Successfully Authentication is printed twice .. Kindly check and feed me back

Hey techie I need ur help...when I'm trying to run jwt it running properly but it saying that "not eligible for auto proxying".help me to solve this

but how can I put the token value into the request header in a form post ? can a browser automatically put it into the request header from response header ?

But how can we let a user first authenticate with username and password and create a token for subsequent requests and return it back ?

Do you have the same tutorial for Authorization Server and Client with Spring Security 5? I appreciate if you can point me to any running sample of Authorization Server and Client with Spring Security 5 - OAuth2 | JWT.

trying to run this module through another, I added application properties to second module and dependencies on authorization but it still doesn't work controller, if someone has idea would be glad to hear

How roles will work here, i couldnt restrict api with roles as per this srccode, have u tested this with role per url ?

Great job dude, Excellent tutorial. Keep it up

Great tutorial. here is the starting point for learning JWT with spring for sure!

Hii ,can we use same code for basic authorization? If yes ,can u please tell me where to change the code. Thanks

Finally i got the answer sir you are great Thank YOU

Hi, is it normal if the JwtGenerator generates the same token everytime the api endpoint is hit ?

Great video Bro !! Could you pls create a video for login authentication using React (or any frontend framework) as the entry point and then using JWT authentication (spring boot) and the token remains valid for all the rest api calls made by the user . Also if the user closes the browser (like gmail or facebook) the token remains valid and next time if the same user logs in he should directly redirect to the home page.

can you please do it with role based and using MySql database? It will be great.

Helpful Tutorial :D if you can explain this flow with the client as an android app calling java rest APIs, What changes are needed ? or tell any reference to that

Do you have a videos on SpringBoot Security with JWT and AngularJS4

Excellent tutorial man you are a master Thanks!!!

Hi, Can you please tell me how to configure Logout ?

Can you help me out why jwtfilter is filtering all the rest api

thank you so much it's helped a lot ,thanks

Thanks for the comprehensive tutorial. It was really helpful.

Thanks for the video. Excellent work... It's very helpful for me. Can you please upload tutorial Spring security with CSRF. Thanks In advance

Thank you so much, for create the tutorial. Its really help me alot. May God bless you!

Hi, Thank you for an excellent tutorial into spring security. Could you please explain with DB integration?

Thank you So much, Hi Could you please upload a video of JWT refresh token

Thanks so much for sharing knowledge. Could you make video JWT security with database and how to rest api call by web portal.

good tutorial and excellent tradition how to code.

thanks ...can you make with the same video with Spring webFlux

Hello, How to add partitioning by roles, for example, user and admin?

if try to accede an method after the generation of token i catch this error > some one can help me please

can you please post a video for login/logout using spring security+jwt+angular

Can you do some knowledge sharing session on Kafka, spark, kubernetes please...

Spring developers: Spring is lightweight Me: Yeah right, good joke.

Can we use the same implementation to secure the SOAP based resource?

i have follow your same step but i got a login id and password input box after a url request

could you please make a video with mysql database?

Excellent Tutorial if possible upload video related topic(spring boot security( jwt) with angular )

Hello, Is the code available at Github. Could you pls share the link. Many thanks.

Stupid question but is this for the backend or frontend? Or both?

Thank you, nicely done, it helped me to understand the concept and implement it.

Good tutorial but you are explaining how to do it. Many of the Spring classes names are 1 mile long with 2 mile long method names... How to memorize?

How can I return the payload data in HelloController page?

Thank you Sir. You are doing a fantastic job.

Hii Amazing video but I'm getting CORS error on browser, please help