Advanced Spring Security - How to create multiple Spring Security Configurations

Подписаться 56 тыс.

Просмотров 29 тыс.

50% 1

In this comprehensive tutorial, we'll guide you through the process of setting up and managing multiple Spring Security configurations for your applications. We will demonstrate real-world scenarios and best practices, ensuring that you understand the fundamentals of implementing various authentication and authorization schemes.
🔗Resources & Links mentioned in this video:
GitHub Repo: github.com/danvega/ssc
👋🏻Connect with me:
Website: www.danvega.dev
Twitter: / therealdanvega
Github: github.com/danvega
LinkedIn: / danvega
Newsletter: www.danvega.dev/newsletter
SUBSCRIBE TO MY CHANNEL: bit.ly/2re4GH0 ❤️

Наука

Опубликовано:

19 апр 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 48

@marouaniAymen Год назад

Really thanks you for this series of videos about Spring Security, I start to understand it very well and appreciate how Spring Boot simplifies the security side of our applications.

@informatik01 10 месяцев назад

Really useful tutorial. Short and to the point. Thank you!

@user-vg8wm1mw4p Год назад

rare to see a good java content like what you are producting, congrats for that Dan.

@SleepThatBurns Год назад

Found value? Holy moly...absolutely! Invaluable channel. Period.

@benjaminpeljto7408 Месяц назад

Thank you so much, I'm building an app as a university project and I needed separate UserDetails interface implementation for two entities. Tried everything with one configuration and went past your video (thought it's not what I'm searching for). Basically after spending 4 hours you helped me, definitely new sub :) I love Spring.

@justreason5868 9 месяцев назад

Dan makes it look so easy. Thanks buddy!

@pad5724 Год назад

Thank you, I need this topic these days..

@sleepycakeawake Год назад

Thank you for nice content Dan!

@MradnanBIH Год назад

@Dan Vega Thank you very much for this very much useful video! You're doing good job, very clean and concise explanations. :)

@beryalex1798 Год назад

Thank you Dan Vega

@Luisow748 8 месяцев назад

Thanks! Sweet piece of cake!

@kenduraghav Месяц назад

Really good and useful video.

@gordanbakalar7441 Год назад

Thanks!

@MsPrettyg00d 5 месяцев назад

Thank you so much ❤

@naim-cd9tx 2 месяца назад

really good work. thanks

@fusing17 6 месяцев назад

Awesome video! Seems to me this way of decoupling might be useful if I wanna separate my security configurations for my SPA web client and mobile client since both requires different types of filters and possibly different oauth flow

@TheGuroguro12 6 месяцев назад

useful, thank you!!! I applied this to your video with resource server with oauth, get token works with basic and API with bearer token

@DanVega 6 месяцев назад

Glad it was helpful!

@ankushanandjec 7 месяцев назад

Great video and explanation Dan! It seems that for higher versions of Spring Boot (e.g. 3.1.5), securityFilterChain method has to be modified to specify appropriate MVC matcher. Would you know the reason behind the same? Also, what could be the probable fix?

@zubayerahamed7771 9 месяцев назад

awesome.

@DanVega 9 месяцев назад

Glad you think so!

@Trodix89 Год назад

Hi, thank's for this video, I just needed this for my work this week ! Is it possible to do a video on Spring Security ACL with Domain Object Security ? Have a good day !

@saravanavel2802 Год назад

Hi Dan. Thank you for enlightening with new tech advances in spring. However, looks like antmatcher is deprecated. But you are using it?

@hasseneayoub4818 11 месяцев назад

Hey Dan thank you for this awesome tutorial. I'm not finding the annotation @SecurityMatcher can you help me with that.

@GeoLimiar 8 месяцев назад

thankssss

@chrispure7461 11 месяцев назад

Great. Can you also explain how to handle 2 different authorization servers like jwt token can be from Keycloak auth server or Spring Auth server?

@ddarkodev2923 Год назад

I'm not getting why the apiSecurityFilterChain ("api/**") matches the "/h2-console"-request. 15:19

@headshotmaster3401 3 месяца назад

good one! what's the theme of intelliJ? thanks!

@ILyaCyclone Год назад

Thanks mister Dan. Could you please clarify: I couldn't quite catch why we needed to explicitly specify ant matcher for h2 path? The documentation 16:46 reads "if Spring MVC is in classpath". But we're in Spring Boot app, Spring MVC is obviously in classpath. Or is this about the fact that h2 console is a separate application and we kinda have to know whether it uses Spring MVC inside?

@DanVega Год назад

Just because we are in Spring Boot doesn't necessarily mean Spring MVC is on the classpath but in this case you are correct. The /h2-console is a web resource and not a mvc route like /api/posts is and that's why I am using an AntMatcher there.

@mubarakahmed9060 Год назад

Greate

@rajeshhazari Год назад

Thanks Dan for this intro, do know what is required to handle this multiple authentication filter based on either header or query param, and for ex may be same endpoint /api/V1/auth/ for both authentications ?

@DanVega Год назад

I'll have to dig into that and see if it's possible. Can you give me an example of where you might want to do this?

@ajimulyadi8064 2 месяца назад

could you please make a video about spring security with oauth2 inside it,,and how does it look like if the be and fe place on different domain

@uigreseu5756 Год назад

Hi Dan. You are doing a great job by explaining updates after 2.7.0 springBoot version. Could you explain please why I can still access secured pages even after I logged out? and how It could be fixed? thanks

@DanVega Год назад

In the example that I posted if you try and access /private you will be redirected to a login page. Do you have an example repo where this problem is happening?

@uigreseu5756 Год назад

@@DanVega Sorry but I don't have a repo but I will, put here how I've configure securityFilterchain(HttpSecurity http): public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers("/addNewUser").permitAll() .antMatchers("/addNewDog").authenticated() .antMatchers("/getAllUsers").hasRole("ADMIN") .antMatchers("/getAllDogs").hasAnyRole("USER", "ADMIN") .antMatchers(" /dog/{dogId}/user/{userId}").hasRole("USER") .and() .formLogin() .and() .logout().permitAll() .deleteCookies("dummyCookies") .and() .authenticationProvider(daoAuthenticationProvider()) .httpBasic(); return http.build(); }

@maziartary Год назад

Perfect... I love your content...You just don't paste some functions but explain the idea and methods to implement it. I'll follow up upcoming posts. I believe you gonna have a reference channel with million subscribers. Thank you.

@jopadjr Год назад

56th...Thanks Dan

@user-dx6zd2fk8s 10 месяцев назад

Why does one want to use spring jdbc over spring data jpa? And since we are here for security then what is the difference between oauth2 and spring security?

@alefsousaaguiardaniel5472 9 месяцев назад

I need to perform LDAP authentication and thus generate a JWT token, do you know how to do this?

@alefsousaaguiardaniel5472 9 месяцев назад

Which IDE are you using?

@rydmerlin Год назад

If you are qualifying the path why is order annotation still needed?

@lukestardoinstuff1237 5 месяцев назад

I wish i would have watched this video before writing my Rest api with the help of outdated code while still learning the framework. Now i have to spend my day migrating all of my code to a newer version of spring just because i wanted to build some basic Security. btw. its not that bad. Im just frustrated because i spent multiple hours trying to even understand why nothing works.

@aibardulatov 11 месяцев назад

When I run application I get error org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'postController' defined in file [/Users/aibar/IdeaProjects/Advanced-Spring-Security/target/classes/com/example/Advanced/Spring/Security/controllers/PostController.class]: Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'postRepository'