Spring Boot - Spring Security + JWT Complete Tutorial With Example | javatechie 

This is not just Spring Security + JWT tutorial rather it is the entire backend project including the new feature of Java 8. Just an Amazing tutorial. I can not thank you enough!!

you are awesome brother! in this fancy world many youtubers are using fancy words and vocabulary to explain even for (a+b)2 but they provide less content and more show off. But you will explain a very complex topic in a simple way which can be understandable by anyone.

I have gone through a lots of tutorial link, but your explanation on any topic is excellent. you start with basic and go through some what internal part what you are picking with help of coding. It's really helpful to anyone who want to learn or do some POC part of any application. Thanks a lot Java Techie.

Such a crisp, to-the-point video with explanation of every Spring security syntax: Thanks a ton, mate. You're making our lives a little easy at work :)

I watched a lot of tutorials about JWT, but this tutorial is the easiest to understand! Thanks a lot !

I'm absolutely loving this channel!! No nonsense, straight to the point. here is your theory, here is the working example... and here is the code.. done...

Amazing . By watching this video one can learn Spring security , H2 db implementation , JWT authentication. Great Work

Whatever new thing i want to learn, there is a video from Java Techie. Thanks alot

you are the best, I have followed many tutorials and read various documentation but on the technical side I could not understand how to do it and there was always a problem, but thanks to you I finally managed to understand both microservices and jwt. thank you

Wow the code and explation both are running perfect thanks a lot for such an informative video

Excellent Basant... Your effort and your knowledge is really appreciable. Earlier I was following Java Brains all tutorial, but watching your videos, am really say thanks to you. You are equal or in some area more than equal to Java brains.

Why does this make so much sense? Bravo!

I am always look upto you for any simplified tutorial yet effective to elaborate end to end implementation. Thumps up and Thank you.

Clear explanation and worth watching entire 39 minutes video

Its great and clear Explanation JavaTechie!! Good Work and its really helpful for those who are striving to understand concepts. I suggest, you can just create a kind of Document like PDF - what you have Explained in the video, and put that all in that document. it will be very great to get the concepts refreshed when people wants to refresh the concepts again!!

This is one of the best JWT video I have seen. Thanks a lot brother for making this video.💯

Thanks a lot. Clearly understand the concept.🙏🙏

Everything is well explained, just 2 points I would like to mention 1. There is no need to validate the token in the filter class as jwtTokenUtil.extractUsername(jwtToken) will return an exception if token is tampered 2. For Get request no need to set the Content-type as the body is empty.

Thank You for making such video ,they are really very helpful in learning concepts with practical approach

Whenever start new topic so first need to understand the basic and your explanation is very basic bro and its really helpful for me and that's why I liked your video....keep it up. Thanks

I have been watching your videos recently and I definitely am a fan of yours. : )

what an amazing tutorial! It's clear, short, and to the point. thank you

Thanks for this live JWT example. It is really helpful to understand the JWT working flow and the usage of all required method and classes. Deep dive and concept wise very understandable. Thank you so much

thanks you for your explanation , i wish you the best

Much complex concept in a easy for the java community.

Thank you Javatechie... 👏👏👏👏Appreciate ur effort and knowledge

Best tutorial related to the JWT authentication...!! 👌🏻

no words once again java techie help me to understand this security concept in a simple way thanks a lot javatechie keep up the good work

Great tutorial. Clear, short and to the point. Thank you for your class !

Keep doing the good work bro 👍.. Thanks for helping others.

Fantastic, You explained a very tough subject in very easy way. Thanks a lot Basant

Very good tutorial, helped me a lot!

Depois de 2 dias pesquisando um que funciona de verdade. Parabéns e sucesso!!! Você me salvou. Obrigado.

Thank you so much sir. This tutorial help me lot very neat and clear explanation.

Great Tutorial to learn Spring Security with JWT

sir your explanation are always awesome 🤩😍 I just enjoy learning from you and never forget.

good youtube tutorial for spring boot JWT. Great keep going....

I appreciate your effort i am soo happy about this.. weldone sir

Nice explanation thank you for your valuable efforts

This one was so well explained. Keep them coming. Thank you so much!

i from VietNamese. I hope you have lots of health and success in your life.

Thank you! You made it very clear and it worked very well.

I would like to appreciate your effort man, one small correction , you are repeatedly telling JWT holds username and password, but as per my knowledge JWT token dont hold any sensitive information, hence JWT token dont hold password. It just keep username and other stuffs.

It's gave lots of confidence for me. And How can I implement this security for all my microservices.

amazing tutorial Thank you Basant!

Thank you - very useful.

Great Job ,You explained very easy way. Thanks a lot Basant

Your video is detailed and completely helpful thanks for creating such a knowledge sharing videos with us. We hope you will keep on doing such a great job and help us with informative videos. Great!👍

Thanks for such a Nice explanation . Did you published any video on Jwt token authorization using public key ?

Amazing tutorial. Please add the user roles management (ADMIN, USER, etc) to this workflow. And add some examples of the use of @Secured and @PreAuthorize

Hi @Java Techie - Can you please help with one full-lengh video of "Request-Response Flow" in Spring Boot with Microservices Tools and Cloud? We use many tools in different layers. So, above flow should help understand the tools used and data flow through them.

Thanks for your time ❤️❤️ awesome lecture

It's very clear and easy to understand.

It’s really nice. Its good if you can add refresh token functionality

Thank you so much for this tutorial, you explained it clean and neat

Very nice tutorial. I would like to give you one suggestion. Please format your code so that each line of code might be visible on screen completely.

Thank you so so much for this video😘😘😘!

Please explain with a class diagram flow. So It will be easy to understand while you writing code

good content as always. keep up the good work. blessing from Sri Lanka.

Thank you buddy, you got a new subscriber 8)

WebSecirityConfigureAdapted class is deprecated. Do we have any alternate to it?

Awesome video. concept clear sir..

Sir, how to do saml and ldap configuration using 2 websecurityconfig class in single application? Already i implemented saml with jwt, now i need to do for ldap but when i call ldap controller for login it expecging jwt token before itself. When i tried to use web.ingore then also i couldnt exculde that login api. How to do sir

thank you sir ,for provide this video,❤

The hierarchy of the type JwtFilter is inconsistent - this exception i am getting

Great video sir , but u hve few questions : 1. In the last step why we are adding the filter before ?(http.addFilterBefore(..) 2. In the authenticationManagerBuilder we r setting userdetails obj(our custom) , then why in our custom filter SecurityContextHolder.getContext().getauthentucation() is null ?? It should have the userdetails obj already right . Thanks in advance

Nice video! Amazing explanation!!

Learnt a lot from your tutorials 😎😎

Nicely covered all the steps. Thanks

Nice, can you also share any other videos on Spring security also

Thanks a lot very well explained!!.

Thank you again, I'm learning a lot

Thank you explained on security

Very helpful.. explained all the things in details

It's amazing thanks for this.

Very good one. But a small pointer - If it can be a bit more slow and elaborative would have been even better.

thank you so much , keep going you are awesome

well explained with clarity

Bro le quitaste 5 hrs a mi socio, le falta un trim al username cuando creas el token, igual buen video crack

HI Basanth The video tutorial is really awesome. Explains us how to work with security in spring/spingboot framework in gr8 detail. Can u plz help us with a nice video as usual for OAuth style which is very much demand in job interviews for experienced.. awaiting Sir.

Great tutorial .. pls keep going

Good explanation.....can you also explain @preauthorize based authoruzation using method level authorization..

Really nice tutorial. Thanks a lot.

for the people who have this issue: There is no PasswordEncoder mapped for the id “null”: try {noop} before the password like this: return new User(user.getUsername(), "{noop}"+user.getPassword(), new ArrayList());

Thanks a lot for the explanation

Thank you very much for the great tutorial, can you please also add explanations and code for refresh token scenario as well,

Thank you so much for your clear explanation..Instead of a username and password, if we wanted to implement though any third party authentication along with JWT. Do you have any video, kindly share

Great video, learned alot!

You have not configure the H2 database credentials like url, username, password etc in you application.properties file, how is application saving data in H2 database and retrieving it back while authenticating the user details ?

in main class of jwt authentication how to get the list of users

Hi , Really helpful and great video. Just have one question though . You had set token time for 10 hrs. So for 10 hrs , where sill be that token will be stored? Is it in session storage of browser?

Hi Basant bhai, I have one doubt. What is the difference between the basic functionality of an Interceptor and a Filter in the Spring framework? Can they be used interchangably? If you have any videos/resources to understand this, please let me know. I will go through it. I was asked this in an interview, more precisely I was asked how can we extract parameters from an API request header, and when I replied we can implement an Interceptor he said that's not the correct answer.

Thanks for sharing contains, Excellent !!!!!!!!

What happens if token is not valid? How the filter chain breaks?What we did is authentication.Those claims are i think for roles which can be used for authorisation also?

I am new to spring security can you please explain what is the functionality security context holder class?

It is easy to work on jwt now. Thanks.

Hello Sir , I am learning all this concept Recently , So pardon me if I am asking a very stupid question . My first doubt , Is not it a one kind of Oauth flow implementation .? Although As per my understanding it is not the OAuth flow implementation which we follow in Microservice , but this implementation is kind of OAuth flow implementation ? IS that a correct understanding ? like for example user --> go to Authorization server (here in this case /Authenticate service which is giving a access token -->and then this token is getting used for the actual resource(in this case the / restcall )). Please let me know I am understanding is correctly or not ?

even though using lombok @Data for User.java class, getting error as user.getUserName() and user.getPassword() are not exists and recommend to create those in User.java class

I am generating token A fir client A, and Token B for client B, in provided code there is no validation done for , if client A sends request with Token B ,it is getting authorized for accessing other rest end points , how to do this sir?

Hi Basant, Thanks for neat and so easy to understand explaination. I had one query how JWT validates if token is expired or not. Does it store the token anywhere along with expiry time. Thanks.