@@BoualiAli Hi bouali, I have a question. I am currently working on a project that requires to store the roles and permissions in a database. In this case, how can we apply and use the stored permissions in the database to authorize the actions? 🤔
i'm wondering if this video belongs to a playlist 'cause i see that when he start de videeo already has some code there, so please share the link to start from the begining with this wonderful example, thanks for the greate knowledge
Great video, great content.Kindly next time we can make the roles and permissions configurable so that different actions can be assigned to different roles via an endpoint for scalability.
Maasha Allah, Wollah I'm just so so happy that I don't even know what to say. Thank you so much Alibou, this is exactly one of the things I wa thinking to add to my app and Boom 💥 here is it. Waiting for the Swagger docs 😁 Thank you so so much, JazaakAllahu khairan ❤
Great Job Brother, Tried watching different videos to get better understanding, but yours was too good. Also, Your debugging part was impressive, consider making a video on it too.
Thanks for your videos, you provide AWESOME content in great depth. IF you can also do project based videos like e-commerce,learning management system, content management system so that we get a full scope to how to do projects,Thanks again
Great video, thanks for that and for the rest of your Spring tutorial. Would be great if you can combine this Roles and Permissions Based Authorization together with Oauth2 and show how the provider (i.e. google) goes together with user, roles and permissions entities.
Great video and explanation. Personally i prefer the PreAuthorize annotation on methods - to have a grainer control for the endpoints. But as Ali mentioned - it depends on what you want to achieve and how it works for you.
Great video! Could you also make a small video on the intellij shortcuts to cut down our development time like the one you used to replace the word on multiple lines at a single time?
Awesome video I really appreciate you , can make video how to create dynamic role and permission which admin user can change it anytime for any endpoint dynamically
Thank you, one of the best tutorial on Permissions and Roles I have ever seen. Please create a new tutorial about how to implement granularity and hierarchy of each role. Let's say I have list of 1000 companies from 100 countries, I would like an user responsible for updating ONLY companies from Germany, while other ONLY from USA, and UK . How would you do it? Would you create 100 Permissions? for each country?
Hey, first and foremost, I want to express my gratitude for your time and the incredible effort you put into creating quality content for us. Your tutorials have been immensely helpful in my learning journey. I am currently working on a project where I would like to incorporate JWT (JSON Web Tokens) into my Spring Boot/Angular application. After conducting extensive research on the subject, I couldn't find anything that clarifies the concept and its implementation better than your videos. If possible, I kindly request if you could expedite the creation of a tutorial that demonstrates the integration of JWT in both the backend (Spring Boot) and the frontend (Angular). I truly value your expertise, and having your guidance in this particular area would be invaluable to me. I understand if this request might be challenging or time-consuming, so please let me know if it is feasible within a reasonable timeframe. Lastly, I would like to mention how much I appreciate your channel and the valuable insights you consistently provide. Your tutorials have been instrumental in deepening my understanding of various concepts, and I truly admire your teaching style. Thank you once again for your dedication and contribution to the learning community.
I really appreciate your comment and how motivating it is. I'm already working on an angular course that should be released soon. I will cover almost everything in it
@Boulaali Ali ---- Can we handle roles or add new roles to system/app from db or file etc.. dynamically may be from UI etc. with our restarting application in Spring Boot. And also needs to apply these ne roles and permissions on ui pages as well with easy. Please consider PhpRad application where we Can define roles to existing pages from UI
Thank you for uploading such important educational video.. sir please upload Oauth 2.0 complete course, how can manage resource URL to Authorised for different particular user(role-base Authorization using OAuth2). And your all videos are deserving to get five star feedback.
I hope this message finds you in good health. I would like to express my deep appreciation for discovering your channel, and I am truly grateful for the valuable content you provide. Your work has been immensely helpful to me. I do have a question that I would like to pose. As a novice in the field of Spring Security, I am wondering if it would be beneficial for me to watch your previous video titled "Spring Boot 3.0 - Secure your API with JWT Token [2023]" as a starting point. Is this video considered a foundational resource that would aid in better comprehension before proceeding further? Thank you for your continuous efforts, and I eagerly anticipate your response.
I really appreciate your comment and feedback and I'm always happy to help. the answer is yes, start with that video, the the logout video, after that the refresh token video and finally this one. I will post a video combining all the security tutorials I created so you can have a full one
great , i want access all users from user controller it is not working code is correct , for custom controller working please check if we want access all users is it working or no ?
It was a very helpful video. One thing I wanna ask is that if we have two different entities lets say buyer and seller which have there own controllers and repositories then how will we be managing their repositories in ApplicationConfig. Thanks and waiting for a reply
very nice tutorial, but I have a doubt that how to give permissions dynamically like if a new user added to the system then how to give roles and permissions to that user? if any one know please let me know ):
Hello~ thank you for sharing your tutorial! I appreciate it!. I just followed your code in spring security. I just have a problem which are not allowed different kind of users for login. I have no idea why.
If you face this error -> Access denied and loop error issue, after creating get user request/update user. Watch Bouali's video titled 'How To Fix Infinite Recursion Loop in Spring Boot'. Thanks, Bouali.
Hello, and thank you for the excellent course and quality content on your channel. I've been following the series for a while, making some adjustments to fit my directory structure and architecture, but nothing significant. However, I'm encountering a problem where, regardless of the role I use, I get a 403 error when accessing the DemoController. The roles and permissions code is identical (I made sure to copy and paste your code from the repository), yet the issue persists. The console output correctly identifies the user role and details, but the 403 forbidden error persists. Did I overlook something? Perhaps I missed a detail or misunderstood a part of the instructions. What steps can I take to debug this issue? Many thanks in advance. P.S.: I apologize if my English isn't perfect; it's not my native language.Hello,
Many thanks for this! Just one thing puzzles me, why do you include ADMIN_* permissions in hasAnyAuthority of requestMatchers(*, "/management"), wouldn't it work already if you just included MANAGER_*? I think you defined the admin role as containing all the manager permissions, wouldn't that be sufficient already?
Very nice and clear video. I also wanted to ask is it common in java that the permissions are hard coded and not stored in db for an example. I see many people doing this approach, but didn't come across any that used db to store user permissions.
Yes if you have already all the scopes predefined. Otherwise it can be stored into a database to make more dynamic and scalable. I will try to make a video explaining that
Hi Ali, Great tutorial. I was wondering, if I wanted to implement a situation where the manager can grant or revoke permissions to admins i.e have a table of permissions mapped to a user(admin) and the manager can add and remove permission to different resources from the admins permission list. How do I go about this instead of hardcoding the resources that all admins should be able to access. Thanks again for this lesson.
Great video as it explains Authorisation in more details. I am having an issue when I am trying to add a new role after the data has been loaded to MySQL DB. So if I create a new role "READ_ONLY" , and add that role during service call, I get 403 Error with message that "Data truncated for column 'role' at row 1". Now if I use "ddl-auto=create-drop", then it will work because this will always pre-populate the Role values from scratch but if I am using "ddl-auto=update", and add new Role like mentioned above, I will get the above error. Not sure if this is happening with MySQL only.
Question In your video 42:10min above of AdminController class you used @PreAuthorize("hasRole('ADMIN')") Now you deploy your code it works fine but In database I added another role called "SUPER_ADMIN" And want to apply in the AdminController then is it possible to achieve without deploying the app with the value like This @PreAuthorize("hasRoles('ADMIN, SUPER_ADMIN')") hardcoded with controller 1. I don't want to deploy I will assign any ROLE to ANY USER using UI click it will save database 2. I don't what to use @PreAuthorize as hard coded without using @PreAuthorize I will check api URL and check user has permission to access that in each request. How I may achieve that any IDEA Moreover I found ROLE in spring security is simple STRING it don't allow any custom object as my own defined It's a huge obstacle to build custom security
@@BoualiAli Thanks for the reply brother ... it's not always true that (If you add a new role to your application ==> this means that you have new requirements / logic) but for now I agree to with you but I don't to hard code like this { @PreAuthorize("hasRole('ADMIN')") } it will apply on fly I mean run time when request enters in the method. on the other hand spring security role only takes string and all it's implementation it's another barrier to customise it smoothly. By the way Thanks you and Take Care bro
hello Bouali, i want to ask how can i implement an option for deleting an account and that the user that created an account can delete his own account.
hello alibu and congratulations for the perfect job. I build a rest api and i have an entity called event. I use command objects for response and i am wondering how i can implement the authorities because for example in a Get ~/event/ request if user is admin I need to return adminEventCommandObject if use is HR i need to return hREventCommandObject etc.
Hello sir! is it possible to store files/folders (server) in a multiuser app so that only users with certain roles or only the owner can access it read/modify after. How to do this in springboot. A similar project would help me but I can't find any on github. Can you help me?
I think you should specify the videos that you write the codes before in description because we dont know what kind of things you have done before and you are using those in this video.
Thanks so much, boss, I'm a bit skeptical about what and while we need to seperate authority i.e (admin:create, admin:delete etc.) , are you saying if i use (admin:create) on all the endpoint(methods), i will not be able to access the resources? Like. Thnaks
Hello! I attempted to follow your instructions and had some success. However, when I tried to use the @PreAuthorize annotation in either the admin or management controller, I consistently received a 403 error (the previous requestMatchers worked fine)