This is not just Spring Security + JWT tutorial rather it is the entire backend project including the new feature of Java 8. Just an Amazing tutorial. I can not thank you enough!!
you are awesome brother! in this fancy world many youtubers are using fancy words and vocabulary to explain even for (a+b)2 but they provide less content and more show off. But you will explain a very complex topic in a simple way which can be understandable by anyone.
I have gone through a lots of tutorial link, but your explanation on any topic is excellent. you start with basic and go through some what internal part what you are picking with help of coding. It's really helpful to anyone who want to learn or do some POC part of any application. Thanks a lot Java Techie.
Such a crisp, to-the-point video with explanation of every Spring security syntax: Thanks a ton, mate. You're making our lives a little easy at work :)
I'm absolutely loving this channel!! No nonsense, straight to the point. here is your theory, here is the working example... and here is the code.. done...
@@Javatechie We all should be thankful for your efforts!! b.t.w I just watched your Springboot+Key Cloak example. Did you get a chance to extend this example to Angular App. I'm looking for Angular+API GATEWAY+ Spring Registry+REST APIs with Key Cloak. you covered everything except Key Cloak + Angular.
you are the best, I have followed many tutorials and read various documentation but on the technical side I could not understand how to do it and there was always a problem, but thanks to you I finally managed to understand both microservices and jwt. thank you
Excellent Basant... Your effort and your knowledge is really appreciable. Earlier I was following Java Brains all tutorial, but watching your videos, am really say thanks to you. You are equal or in some area more than equal to Java brains.
Its great and clear Explanation JavaTechie!! Good Work and its really helpful for those who are striving to understand concepts. I suggest, you can just create a kind of Document like PDF - what you have Explained in the video, and put that all in that document. it will be very great to get the concepts refreshed when people wants to refresh the concepts again!!
Everything is well explained, just 2 points I would like to mention 1. There is no need to validate the token in the filter class as jwtTokenUtil.extractUsername(jwtToken) will return an exception if token is tampered 2. For Get request no need to set the Content-type as the body is empty.
Whenever start new topic so first need to understand the basic and your explanation is very basic bro and its really helpful for me and that's why I liked your video....keep it up. Thanks
Thanks for this live JWT example. It is really helpful to understand the JWT working flow and the usage of all required method and classes. Deep dive and concept wise very understandable. Thank you so much
I would like to appreciate your effort man, one small correction , you are repeatedly telling JWT holds username and password, but as per my knowledge JWT token dont hold any sensitive information, hence JWT token dont hold password. It just keep username and other stuffs.
Your video is detailed and completely helpful thanks for creating such a knowledge sharing videos with us. We hope you will keep on doing such a great job and help us with informative videos. Great!👍
Amazing tutorial. Please add the user roles management (ADMIN, USER, etc) to this workflow. And add some examples of the use of @Secured and @PreAuthorize
Hi @Java Techie - Can you please help with one full-lengh video of "Request-Response Flow" in Spring Boot with Microservices Tools and Cloud? We use many tools in different layers. So, above flow should help understand the tools used and data flow through them.
Sir, how to do saml and ldap configuration using 2 websecurityconfig class in single application? Already i implemented saml with jwt, now i need to do for ldap but when i call ldap controller for login it expecging jwt token before itself. When i tried to use web.ingore then also i couldnt exculde that login api. How to do sir
Great video sir , but u hve few questions : 1. In the last step why we are adding the filter before ?(http.addFilterBefore(..) 2. In the authenticationManagerBuilder we r setting userdetails obj(our custom) , then why in our custom filter SecurityContextHolder.getContext().getauthentucation() is null ?? It should have the userdetails obj already right . Thanks in advance
HI Basanth The video tutorial is really awesome. Explains us how to work with security in spring/spingboot framework in gr8 detail. Can u plz help us with a nice video as usual for OAuth style which is very much demand in job interviews for experienced.. awaiting Sir.
for the people who have this issue: There is no PasswordEncoder mapped for the id “null”: try {noop} before the password like this: return new User(user.getUsername(), "{noop}"+user.getPassword(), new ArrayList());
Thank you so much for your clear explanation..Instead of a username and password, if we wanted to implement though any third party authentication along with JWT. Do you have any video, kindly share
You have not configure the H2 database credentials like url, username, password etc in you application.properties file, how is application saving data in H2 database and retrieving it back while authenticating the user details ?
Hi , Really helpful and great video. Just have one question though . You had set token time for 10 hrs. So for 10 hrs , where sill be that token will be stored? Is it in session storage of browser?
Hi Basant bhai, I have one doubt. What is the difference between the basic functionality of an Interceptor and a Filter in the Spring framework? Can they be used interchangably? If you have any videos/resources to understand this, please let me know. I will go through it. I was asked this in an interview, more precisely I was asked how can we extract parameters from an API request header, and when I replied we can implement an Interceptor he said that's not the correct answer.
What happens if token is not valid? How the filter chain breaks?What we did is authentication.Those claims are i think for roles which can be used for authorisation also?
@@Javatechie let's say I have a admin users with some roles.. And seller with other roles.. And buyer with different roles.. So based on roles I want to protect different apis... Is it possible using jwt.. If yes.. Please make a video on that
Yes it's possible using jwt Currently we are only storing username and password to claim so here we need to add role so that while generating token it will add roles to token Now wherever you will pass token from tokanen we can get the role and can validate it's action
Hello Sir , I am learning all this concept Recently , So pardon me if I am asking a very stupid question . My first doubt , Is not it a one kind of Oauth flow implementation .? Although As per my understanding it is not the OAuth flow implementation which we follow in Microservice , but this implementation is kind of OAuth flow implementation ? IS that a correct understanding ? like for example user --> go to Authorization server (here in this case /Authenticate service which is giving a access token -->and then this token is getting used for the actual resource(in this case the / restcall )). Please let me know I am understanding is correctly or not ?
even though using lombok @Data for User.java class, getting error as user.getUserName() and user.getPassword() are not exists and recommend to create those in User.java class
I am generating token A fir client A, and Token B for client B, in provided code there is no validation done for , if client A sends request with Token B ,it is getting authorized for accessing other rest end points , how to do this sir?
Hi Basant, Thanks for neat and so easy to understand explaination. I had one query how JWT validates if token is expired or not. Does it store the token anywhere along with expiry time. Thanks.