If you are running ubuntu just open terminal and write: keytool -genkeypair -alias myssl -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore myssl.p12 -validity 3650 Nice video btw :)
Just to add on to this great video if you are using your Spring Boot app as a restful service like I am (AKA Spring Boot app is ONLY used as your backend) you may have tried to send an HTTP request via Postman, rather than the browser. When you try this, you will initially get "Could not get a response" and the reason is because Postman by default rejects self-signed certificates. Go into the Postman settings -> general -> and toggle off the ssl-certificate feature and then it will work. This is of course until you buy a truly signed cert for deployment
Thanks for the great tutorial. Same issue as FG-69 reported below. Post 15 Enable HTTPS/SSL in Spring Boot the roles for ADMIN and MANAGER do not work anymore after putting in the code mentioned in the video. Maybe its resolved in future episodes. The rest endpoint authorities based security still work. Just the roles based security does not work. Please check when you get some time.
i saw that you covered this issue in 18 - Database Authentication - User Repository video. When authorities and roles are used together authorities takes precedence. Thanks
@@rohaslob2 Thank you for this information. I had the same problem, and a I didn’t have Idea. I am going to copy only for reinforce "" When authorities and roles are used together authorities takes precedence "" Thank you, best!
Hey, how can I disable the ssl? I tried to comment out the configuration in the application.properties and in both methods in BootSecurityApplication (httpToHttpsRedirectConnector, servletContainer) but it still doesn't work.
Hi I have .crt .csr .key and .ca-bundle files but not the .p14 file from the video. Can you please help me to get the .p14 file or can you show me how I can use the other files. Thank you.
Hi there, I tried from the code at GH to go back from https to http, comenting the settings at application.properties and commenting the code at BootSecurityApplication: the @Bean and the redirector, but then authentication fails at login as it is not triggering loadUserByUsername. I have no idea why !?!?!? Can any explain what else must be reverted to get an http connection? (please, don't ask why i need http if i have https... i'm just willing to understand the details, ok?)
Hello! Thanks for the message. Self signed certificates are not recognized and validated by any certificate authority. The browsers will issue warning messages due to this and it will decrease trust levels among users. You probably would not input your bank details in a form that uses self signed :)
Hopefully this explanation helps a bit, but if you have ever worked with springboots controller, service, and repository setup for domain objects (so just objects stored to a database), then you can think of UserDetailsService as the service class to UserDetails. AuthenticationProvider is what you actually customize to authenticate a user attempting a login by overriding Authenticate() method. The only difference between UserDetails and say for example just a custom User entity that has a controller, service, and repository class is that UserDetails is not persisted to a database. So it's basically just a way to model a user trying attempting to login. Hopefully that made sense, I'm not the best at explaining things.
![[Spring Boot Security] #15 Enable HTTPS/SSL in Spring Boot](/img/logo.svg){kind=logo}
