Spring Security using OAuth2 in Spring Boot | Tech Primers

Подписаться 135 тыс.

Просмотров 264 тыс.

50% 1

This video covers the Spring Security with OAuth2 in Spring Boot
🔗GitHub Code Link: github.com/Tec...
📌 Related Playlist
================
🔗Spring Boot Primer - • Spring Boot Primer
🔗Spring Cloud Primer - • Spring Cloud Primer
🔗Spring Microservices Primer - • Spring Microservices P...
🔗Spring JPA Primer - • Spring JPA Primer
🔗Java 8 Streams - • Java 8 Streams
🔗Spring Security Primer - • Spring Security Primer
🔗Containers Primer - • Containers Primer
🔗Kubernetes Primer - • Kubernetes Primer
🔗AWS Primer - • AWS Primer
💥Join TechPrimers Slack Community: bit.ly/JoinTec...
💥Telegram: t.me/TechPrimers
💥TechPrimer HindSight (Blog): / techprimers
💥Website: techprimers.com
💥Slack Community: techprimers.sl...
💥Twitter: / techprimers
💥Facebook: TechPrimers
💥GitHub: github.com/Tec... or techprimers.gi...
🎬Video Editing: iMovie
🎼Background Music: Broke For Free - Day Bird
brokeforfree.b...
The Passion HiFi - What We Came To Do
Joakim Karud
---------------------------------------------------------------
🔥 Disclaimer/Policy:
The content/views/opinions posted here are solely mine and the code samples created by me are open sourced.
You are free to use the code samples in Github after forking and you can modify it for your own use.
All the videos posted here are copyrighted. You cannot re-distribute videos on this channel in other channels or platforms.
#SpringSecurity #OAuth2 #TechPrimers

Опубликовано:

5 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 272

@tvrajesh82 7 лет назад

It would have been great if you had provided a detailed explanation on why some methods are overridden from Spring and the use of it with different options. However, this video is a great starting point to analyze further ourselves.

@TechPrimers 7 лет назад

thanks. I had done that in my other video on Spring security authentication using DB. hence didnot want to repeat stuff

@mahichakri007 6 лет назад

Nice informative video. I liked the way it is explained and coded simultaneously. One thing is i observed is, some of the configurations used are deprecated in the latest spring boot 2.X or later. Users need to note that the example demonstrated is in SpringBoot 1.5.6, which should have been the latest one at that moment :)

@michaelwijayagames 5 лет назад

A pretty superb tutorial from tech primers.. Hope this could be helpful for some people.. Something to mention: For auth-server has some deprecated function for version 2 : application property should be : server.port=8081 server.servlet.context-path=/auth and there is a need to make CustomSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter to create bean function @Bean(name = BeanIds.AUTHENTICATION_MANAGER) @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } because @Autowired authenticationManager is not being supported for th Spring version 2 while security.basic.enable=false already deprecated so we need to change things to disable http basic security by not using spring-security-starter.. For the client server: We need to change deprecated extends WebMvcConfigurerAdapter to just implement the WebMvcConfigurer Need to change application.yml configuration into: server: port: 8084 #for running behind proxy purpose use-forward-headers: true servlet: context-path: /ui session: cookie: path: UISESSION Adios and amigos.

@mohammedkamruddin264 5 лет назад

please share client , server code details

@mustufakhan7084 5 лет назад

I m still getting that authentication manager bean error can you please explain how to solve ot

@toml2951 7 лет назад

Great content; the best, simplified explanation of oAuth2 with Spring Boot I've come across. Keep up the good work!

@TechPrimers 7 лет назад

thanks Tom

@javaframeworks6677 6 лет назад

Resource server application is having protected resources which can be accessed only through access token and that token has to be issued through separate application that is authorization server.

@RajKumar-wf8nm 4 года назад

Thanks Buddy for sharing your experience and knowledge...

@viveksingh-rt4py 3 года назад

Hi Ajay, Excellent explanation. Very well done. May I ask one question. We can restrict API access inside a resource server based on Role. In your video you have mentioned that Auth Service can be from google and resource server can be on local machine. If validation happens at Google then how role will be assigned. Google role may not be relevant for our local resource server . Thanks, Vivek

@AmineC88 6 лет назад

also very nice work with editing the video, gives a professional feel to it

@TechPrimers 6 лет назад

thanks amine

@sainathmachunur4138 5 лет назад

Nice video bro..i have one doubt,you explained about Authorizing secure URL etc..and where is the concept of access token and authorization code and where we are generating those.Can you tell how to test this in POSTMAN without that client project?

@tvlmagoo 6 лет назад

Awesome tutorial. Unfortunately Spring don't provider a clear exception when his return a 404 status. Anyway, thanks for shared!

@sagarbhambhani4239 5 лет назад

same.

@biplabdatta2902 5 лет назад

hi , i want to know , do we need to use oauth2 if we want to login in our application through FB or other application credentials , or if we create our application where user needs to register and with those credential only need to login then alos we can use oauth2. Or just using jwt token we can achieve this without oauth2.Looking for your input

@chatrughanprasad7778 3 года назад

Thank you for providing this

@yogeshchaudhari9971 5 лет назад

hi techprimers... thanks a ton for this video....i didn't get one thing...why it worked after adding the /principal and why it didn't work prior to that....

@ChittipoluSA 4 года назад

It's very nice video thanks lot, can you please post video with JWT and with out form authentication of oauth2

@skd181086 4 года назад

Very good tutorial..thank you so much. Could you please explain why was the oAuth extra dependency required?

@manaseejdas3358 7 лет назад

Hey..great job...very informative....i was searching over the net to find an oauth2 with zuul implementation where all requests to authorization and resource servers go through a zuul proxy...it will be very helpful if you can add zuul feature to this tutorial...

@sriramprabha422 7 лет назад

Great video. Thank you. Also if possible can you also do video on Springboot with SAML SSO.

@TechPrimers 7 лет назад

+Sriram Prabha sure sriram

@erickloningo2252 7 лет назад

Thanks man, just saved my life. live long

@tharageshanbu5170 6 лет назад

Kindly provide a video in how oauth delegates authentication to AD/LDAP. Will be so helpful

@offtube7 6 лет назад

Hi .. Thank you very much for this video ... this is very enlightning .... btw can you also show how to use this oAuth server using Postman (or any rest client) instead of a client app ... I am trying to do it but not able to see any responses in dev tools ..

@Aditya-yn5lk 6 лет назад

Did you get the solution for accessing it with postman. I also need it.

@microsoftsoft3014 2 года назад

Nice video, good explanation, I have a question, can I implement OAuth2 authorization with code flow to call an API from another API?

@nitishparikh7451 5 лет назад

Hi. Awesome video. But I am getting error while click on 'Login to OAuth here'. The error is Full authentication is required to access this resource unauthorized Please help.

@ioansteopoaie 5 лет назад

same issue here. Can anyone help please?

@ivaspasovska1 5 лет назад

I have the same issue as well, any help?

@sumitprakash5637 5 лет назад

Same problem, the login page doesn't display. It is something to do with spring boot 2

@geekgeeks2256 6 лет назад

Thank you so much Ajay..Its of great help to me :) God bless you

@haster66 5 лет назад

setting the token in the cookie is a major vulnerability !!! the correct implementation is that the auth code shall be sent to the server side by web redirect, and then it shall be used in a server to server call to acquire the access token. the access token shall only be used on the back channel, which is the server to server call. single page applications can utilize PKCE update on the auth code grant type.

@shobhanganta8578 5 лет назад

Nice video with In depth understanding of concept

@erickloningo2252 7 лет назад

Can you please make the same video using database authentication and let it also include registering a new user, please.

@TechPrimers 7 лет назад

you can check my video on Spring Security with DB authentication. You can integrate that piece here

@gamingkhtv778 6 лет назад

It's very nice but dont u make video about client in dynamic one more?

@tekieshub5917 5 лет назад

Thank you very much, very good tutorial on OAuth2

@rktechie9070 6 лет назад

I liked your problem-solving skills, Thank you.

@srinumadaka3310 2 года назад

Nice Explanation Sir.....

@MarcoLopez-gg6dl 6 лет назад

Thanks for the tutorial. How can I perform this authentication to protect my REST API and test it from the POSTMAN? How could I customize the login.html with css? The ClientId, Secret, those come from somewhere or do I define them?

@michaelwijayagames 5 лет назад

Oauth basic auth from postman

@rathinmaheswaran 6 лет назад

Hi , perfect tutorial . thanks a lot . Could you pls let us know or post a tutorial on " OAuth 2.0 Authorization server using LDAP authentication" .It is not present anywhere around the internet.

@TechPrimers 6 лет назад

+rathin maheswaran thanks. Sure. Will try mate

@chinmayabehera513 5 лет назад

Awesome Video. I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs. 1st I got the access_token from that Service. Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know.

@PraveenKumar-px6bw 6 лет назад

Simple and straight forward, Very good indeed. Thank you.

@TechPrimers 6 лет назад

my pleasure Praveen. Glad that was useful

@PraveenKumar-px6bw 6 лет назад

In fact its good way to share knowledge and that too practical.Really Appreciate your efforts and knowledge. Dont know your location, any plans to work in the UK then let know, please.

@PraveenKumar-px6bw 6 лет назад

Just a quick question How to expose rest api with spring boot standalone app with 2 curl-able endpoints. • Endpoint 1 - GET /sayHai public endpoint running on port 80 that will return a json payload with the message “Hello World”. • Endpoint 2 - GET /manager will be a management endpoint on port 8080 that will return a json payload “Hello Management”

@TechPrimers 6 лет назад

Thanks Praveen. I'm in Bangalore.

@TechPrimers 6 лет назад

Check this thread which is related to the same question you asked: stackoverflow.com/questions/36357135/configure-spring-boot-with-two-ports Out of curiosity - why do you need to expose them in 2 different ports? Are you targetting any specific usecase?

@snakepat332 6 лет назад

Very nice video! Can you do an exmple with an Implicit grant flow for a javascript webapp (SPA) ?

@manishagawai8216 5 лет назад

Thank you for such nice tutorial.

@venkateshveduri5005 4 года назад

Thanks for this video...But I need a Combination of Angular+ Springboot with Oauth2. I have searched in youtube but I didn't find any reference with the combination of these. I am new to the Spring boot and Oauth2.

@raguram4974 2 года назад

Hi @venkatesh veduri Did you find any videos for the above issue? If so please do share here. Thanks in advance.

@SaiK18021993 6 лет назад

Thank you So much !! is it the smae for client credentials grant type aswell ?

@pavankumar-zi5le 4 года назад

how to implement authorization in swagger can you prepare that video please

@sz54dc 7 лет назад

thank you so much. Great tutorial. i like it. so where do i get an advance tutorial vid ?

@CarlosAntonio-bp5gv 6 лет назад

Very good tutorial. I would like to know can we create a custom login page.

@TechPrimers 6 лет назад

Yes Carlos, you can create a custom login page and use it as well.

@suryakumar5978 6 лет назад

Very nice, can u pls xplain how to write oauth2 client in Springfox swagger2 implementation??

@shalinithennarasu2069 2 года назад

Thanks!!

@msnawaz444 5 лет назад

Thank you so much. It is totally worthful.

@sivaramakrishnanulakani8879 6 лет назад

Hi Tech Primers, could you please explain Oauth2 with angular4 ??

@athulr2215 5 лет назад

Hi. Nice explanation. I have one question for you. I have my authorization server set up and running. I want to build open Id connect upon it. Can't we build a custom provider ourself without relying another party? Is there any good reference or sample available?

@andyhgnguyen 5 лет назад

Great tutorial! How about the hello() method in resource server, how can we call this method from a controller for example and display on themeleaf template?

@pawepietrzykowski9893 6 лет назад

This example will not work in Spring Boot > 2.0.0.M4. Looks like the @EnableOAuth2Sso have been moved to : 'org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.0.0.RELEASE' also problems with AuthenticationManager in Spring Boot > 2.0.0.M4 are discussed here: github.com/spring-projects/spring-boot/issues/11136

@narkhedeulka 3 года назад

Hi, I am using same code but I am getting this error This XML file does not appear to have any style information associated with it. The document tree is shown below. Full authentication is required to access this resource unauthorized

@Mohamed-uf5jh 4 года назад

Great Job , Thank you So much !!

@pujaawasthi6823 6 лет назад

Thank you. Could you also explain if client is web service instead of web page, which interface I have to implement on client side. I have to write rest web service client to consume oauth secure rest webservice

@dansb8432 3 года назад

Great video bruh

@anandvr1456 5 лет назад

Awesome tutorial

@rameshc8772 5 лет назад

Hi I am Ramesh, please explain me what is diff b/w restful and microservice.

@sunilbiswal4672 4 года назад

good job sir

@chittimallachandrashekar2329 5 лет назад

thanks for the video.. I have one question. Generally we have 2 tokens in oAuth: Auth code token and Access token. In this tutorial we have Access token. I think Auth code token is generated after authorization. where is that in our example?How and where it is used... please explain. thanks in advance.

@TechPrimers 5 лет назад

Access Token is used for accessing the Authorization Server. ID Token/Code Token is used for accessing your Resource Server (Eg. accessing User's data post authentication and authorization)

@chittimallachandrashekar2329 5 лет назад

@@TechPrimers Thanks for reply...... I saw 'What is OAuth2? How does OAuth2 work?' video. according to that, 1. first client will request for Authorization, we get a token in return. 2. next client will again request for access token by sending the above token. 3. we get access token in the above step... that token is used for accessing the resource server (eg: for getting account details). My question is: we are saving the access token in cookie(ui-session), but how can I get the token which we got in step 1? Is there any way to get it ?

@AhmedMkhinini 6 лет назад

thks. But How to make a cal for my rest services from my client using the users credentials ?

@pankajsharma31 2 года назад

The spring started you added is missing while i was working

@simmy565 6 лет назад

Why I am getting error as "Consider revisiting the conditions above or defining a bean of type 'org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateFactory' in your configuration."

@horstweinert7204 3 года назад

Would this still work currently? I followed this 100% but currently it critizies me for missing authentication and does not load the pages

@johnplayerks 7 лет назад

Thanks for these videos man

@TechPrimers 7 лет назад

thanks David. Glad it was helpful

@vivekm2674 3 года назад

I think this is just authentication. You have not done any authorization here. The principal you are displaying is returned during authentication. Authorization would involve making a call to the auth server with grant_type= authorization_code and code=. That call will return an access token, which will then be used to call a protected resource. That flow is called Grant type: Authorization Code There is another one called Grant Type: Client credentials, where you pass client id and client secret to the auth server and directly get access token (the call to get auth code is skipped).

@omertopuz5083 4 года назад

I think AuthenticationManager is redundant in ResourceServerConfig.java. You already use the inMemoryAuthentication method. And also I have made a pull request for this from GitHub. Please check and return me back if i am right or not

@abdulmajidkhan4355 7 лет назад

very informative, i am able to do it with the help of your vdo, but not able to logout from all client application. pls help for logout

@TechPrimers 7 лет назад

expire the token for logging off.

@syedrahim7695 3 года назад

Excellent

@nageshkumarvs1348 5 лет назад

Can you provide oauth with only rest api example

@ratikantapradhan1537 6 лет назад

Great video! Do you have a vdo of this with angular(2,4,5)? or can share some link from where I can get it?

@TechPrimers 6 лет назад

+Ratikanta Pradhan nope. I'm yet to learn TypeScript

@ratikantapradhan1537 6 лет назад

Okay, please make a video if you can after learning. I have this problem in angular {error: "invalid_grant", error_description: "Bad credentials"}, could you guess, what could be the error?

@sudhiris056 5 лет назад

Doesn't work following this tutorial. It throws AuthenticationManager authowired bean exception while starting up the authorization server

@alihussainmoosakhan3522 6 лет назад

Hi can you explain how can we add our custom login page instead of by default OAuth2 login page.

@robinrusli9486 7 лет назад

can you show us how to add more details in principal

@narayanaswamyboppa3840 3 года назад

Hi, When we need to go for OAuth2 and we need to go for JWT, and in which scenario goes for the certificates in the app server.

@mikesheva3 5 лет назад

ResourceServerConfig should extend ResourceServerConfigurerAdapter

@SoumikNathan 4 года назад

just wanted to understand if the Oauth authorization along with authentication that you have shown in your code - is it covering OIDC flow as well?

@soniajain07 4 года назад

Hi Ajay, I was looking for integration of spring boot with keycloack. Without using keycloak adapter . I want to use oauth2 and keycloak for rest api. I dont need any login screen just rest api which takes access token

@sathiits 6 лет назад

Can I get example to access third party like Facebook or google..

@akashdeeproy71 6 лет назад

Thanks for the video. I have one question How the access token which is provided by Authentication server is getting validated at Resource server. Because without validating if some one changes the access token then also it will work.

@NotTheRealEru 7 лет назад

Thank you! great tutorial!

@DeepakPanda-ex7en 6 лет назад

Nice Video. When I run the example cloned from github I get "403 Forbidden" error. What could be the issue?

@amruteshwarbichewar1731 4 года назад

u have to elaborate more the concept of configuration

@kuldipbajwa_ 6 лет назад

Can you demo this using Postman?

@anandkhot5633 6 лет назад

When I am entering as "localhost:8082/ui/" it is redirecting me directly to "localhost:8081/auth/login" . I am not getting what could be the problem?

@shishirkumar4932 5 лет назад

At 34.55, my project didn't build untill i specified the version for thymeleaf security - org.thymeleaf.extras thymeleaf-extras-springsecurity4 2.1.2.RELEASE

@shishirkumar4932 5 лет назад

found the solution. i was using java 11. changed to java 8.

@divinejakiro3656 4 года назад

May i know what is the Oauth2 version in this video? the one i tried, seem like no more "@EnableOAuth2Sso"

@पापानटोले 6 лет назад

Good one but you speak with bullet train speed. Also how to know which annotations to use?

@TechPrimers 6 лет назад

Practice only dude

@prashanthjoshi6851 7 лет назад

Really nice contents.

@TechPrimers 7 лет назад

+Prashanth Joshi thanks Prashanth. Glad that was helpful

@get4gopi 6 лет назад

You have not shown on how to access "HelloResource" rest API? localhost:8081/auth//rest/hello when I access it says 401 unauthorized.

@srikanthmandula7776 6 лет назад

Hi, Are you able to resolve this ? I ma also facing the same error

@makhijaroma 4 года назад

Hi, is it possible to have two different oauth providers in the same application. And use them conditionally based on the requested url?

@vidyasagarareddyagraharam9648 5 лет назад

Hi Ajay, I've one requirement, I will need to get the access token using OAuth2.0 first, I don't need to redirect after getting the token, what I'll need to do is, based on this token, I will need to invoke multiple REST API's. Currently I'm stuck how to get the token alone first?. Please help me out, what changes I will need to do in properties file and in any java component file?.

@ashwinpalesha7410 5 лет назад

I want to integrate google fit into my application and get data from there. How can i do this?

@vaigashoyo 6 лет назад

I am getting the same error : "Failed authenticationManager in AuthorizationServerConfig required a bean of type 'org.apringframework.security.authentication.AuthenticationManager'

@abdulmajidkhan4355 7 лет назад

i am able to do logout, but if i have multiple spring boot application i need to logout form each application.can i have single sign off also with oauth and spring boot?

@cmuthukumar83 5 лет назад

Thanks buddy!

@bootavo 5 лет назад

Perfect, but How can I implement this AUTH on Client side using @RestController, because I configured a server auth with port:8098 and other other project like microservice with port:8092 and when I tried to call an rest-api in port:8092 and it didn't redirect to me to port:8098, just showed me a login interface but my credentials from mysql database didn't work. All the time said me "Your login attempt was not successful, try again.", Can you show us how to implement Auth2 with Client using @RestController instance of index.html?

@shekarscreativethinks7603 5 лет назад

Hi bro, can you please explain how can we login jenkins from url which is there at outlook email

@anilnaidu4751 7 лет назад

hi bro your are doing good i have one doubt how spring boot can handle high traffic could you please answer

@TechPrimers 7 лет назад

Hi Anil, Spring Boot is using Embedded Tomcat for hosting the files. Hence its same as Tomcat.

@Aditya-yn5lk 6 лет назад

Hey, Thanks for the video. Also, I have a query i.e. What If I want to access server-side APIs with Postman. Please help!

@TechPrimers 6 лет назад

hey Aditya, you can take a look my Postman video for accessing server side APIs using it ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-8yrhSyNPalM.html

@niteshdimri27 6 лет назад

Nice work ajay

@kuldipbajwa_ 6 лет назад

Hi for the resourceserver didn't you need to extend the RespurceServerConfigurerAdapter?

@TechPrimers 6 лет назад

since i did not override any config there, i did not extend it

@keshavchourasiya1352 6 лет назад

hello sir i want video which is using facebook and google login authentication

@danieldelafuentes9177 7 лет назад

Awesome video, thank you very much. I need a bit of help though, I have been back & forth with the video and your GitHub & I don't see any differences with any of my code. After I login I come to a 404 page "There was an unexpected error (type=Not Found, status=404). /ui/secure.html" do you know what I could've done wrong? I have all dependencies, & have secure.html in templates package.

@TechPrimers 7 лет назад

Hi Dan, either the tomcat is not UP or the path is incorrect. can you verify them