Note taking for my ref: Authentication : who is the user ? Authorization : Are they allowed to do certain things Principal : curently logged in user Granted Authority : way of providing Authorization. Roles : Group of authority.
This is _by far_ the best channel I've encountered on Spring/Java. Incredible. I really appreciate that you give great metaphors (security guard etc) in order to better explain how the frameworks and technologies work.
This video is amazing! Explained the most basics of Spring Security with such ease and visual entertainment! By far the easiest and greatest channel to learn Spring!
I cant find the words to describe your work. Your courses are always well structured and rigorously explained. Been folowing for a long time now. Keep up the good work Kashug
You are just Amazing sir!!! You explain things so in depth, with conceptual fundamentals! Love it! I am new in software development space and find it mind boggling, but your videos are that peaceful, satisfying, enriching ride which brings clarity and confidence to keep going ahead. Have become Big Fan of your style!
Thank You Sooo Much Sir for Posting this Video! it was very informative and you taught a lesson in 12 minutes when my teacher took 3-4 weeks, keep it up!!
Thanks for helping the students and the developer community by providing these awesome tutorials. I request you to please make more about Spring Security login logout functionalities. Really, you are doing a great job.
Thank you so much for making videos on this topic. Applications get compromised on a regular basis, but there seems to be a DMZ between app development and app security! :-) If you can, I would like to see you explain how to handle XSS, SQLi, CSRF etc., within the Spring security framework. Secure webservices would be awesome too. I've also been curious how financial apps and banks mash up data securely, so the user sees information from all their institutions in one place. I wouldn't mind paying for your time either. You're good at what you do and deserve to get paid for it.
Authentication: Bob make's a request to the Server (login purposes) and it is the task of the Security part of the Server, to confirm Bob and find out, that he really is who he claims to be. Principle: After the authentification, Bob's details are saved for following requests. Authorization: Is Bob allowed to do a specific thing? Like deleting a user or even view other user details (not the passwords tho). Granted Authority: Basically this is the part, which actually handles the Authorization in Spring Security. A list of Authority for a specific User (if you wouldn't define Roles) must be setup. Roles: It would be a pain to setup for every single person a List of authorities, that's why Roles basically exist. If Bob has the role "User" and in the "Granted Authority" there is set of defined stuff for this role "User", he is only allowed to do the stuff specified. If he would try to do more than allowed, it would'nt be allowed for him (in the frontend-part he shouldn't even see stuff, he can't modify).
hey I really like your videos please make more we need your help can you make java android development tutorials, Gradle and the diff between Gradle and maven and which one is better, and what the ADF is really all about, and if we should use it or not and the diff between him and spring and also java desktop dev and if we can make a spring boot desktop app please we need your help and tx a lot
why does app remember principal, when i use jwt token , I would just go and validate the token...do i need to remember principal in this case? Pls do answer
there are only 2 things authentication , authorization . other things are derivatives , roles are derivative of authorization, Principle of derivation of cookies, grand authorities are derivatives of Roles .
![Spring Security - Аутентификация, Авторизация, oAuth, и все остальное - [СЛИВ]](http://i.ytimg.com/vi/wcbqwYFfG70/mqdefault.jpg)
Note taking for my ref:
Authentication : who is the user ?
Authorization : Are they allowed to do certain things
Principal : curently logged in user
Granted Authority : way of providing Authorization.
Roles : Group of authority.
This is _by far_ the best channel I've encountered on Spring/Java. Incredible. I really appreciate that you give great metaphors (security guard etc) in order to better explain how the frameworks and technologies work.
Feels like JVM & Spring itself teaching me...
Thank you soo much sir from bottom of the heart...
This video is amazing! Explained the most basics of Spring Security with such ease and visual entertainment!
By far the easiest and greatest channel to learn Spring!
Simple. Neat. Perfect! Breaking up some of the most technical/confused concepts to layman level in such succinct manner..
How in the world, did you manage to make this easy-to-understand? It is security. You are awesome, man.
Koushik is definitely one of the best teachers I've ever encountered on the web!
I cant find the words to describe your work. Your courses are always well structured and rigorously explained. Been folowing for a long time now. Keep up the good work Kashug
Thanks!
this is my second tutorial i've watched from this channel and it's amazing always the videos quality is improving
This explanation is sooo simple and incredible!!!!
Omg. This channel makes me learn better and laugh with smiles..
You are just Amazing sir!!! You explain things so in depth, with conceptual fundamentals! Love it! I am new in software development space and find it mind boggling, but your videos are that peaceful, satisfying, enriching ride which brings clarity and confidence to keep going ahead. Have become Big Fan of your style!
Are you professor in Stanford? amazing level of mentoring and knowledge of the subject
Great Presentation, good quality of content, ease understandable by everyone. Awesome Koushik. We all have great respect for you. Thank You.
Thank you for a great explanation. That knowledge are still relevant in September 2022 - so it is very good.
Thank you koushik ... always waiting for your uploads 👌
Thank You Sooo Much Sir for Posting this Video! it was very informative and you taught a lesson in 12 minutes when my teacher took 3-4 weeks, keep it up!!
I’ve been waiting for these videos. Excellent content as always Koushik. I’m hoping this series includes Single Sign-On concepts as well :)
Thanks for helping the students and the developer community by providing these awesome tutorials. I request you to please make more about Spring Security login logout functionalities. Really, you are doing a great job.
A very nice explaination of the basic security concepts. !!!
i'm learning about spring security and it is very userful. concise and well explained! thanks
Thanks man 👍 for this series. Please continue.
Amazing content as usual. Always recommend your channel to my friends and colleagues.
such awesome clarity ❤
Thank you so much for making videos on this topic. Applications get compromised on a regular basis, but there seems to be a DMZ between app development and app security! :-) If you can, I would like to see you explain how to handle XSS, SQLi, CSRF etc., within the Spring security framework. Secure webservices would be awesome too. I've also been curious how financial apps and banks mash up data securely, so the user sees information from all their institutions in one place. I wouldn't mind paying for your time either. You're good at what you do and deserve to get paid for it.
hahaha, the principal joke was hilarious ! .... also thanks for the video!
good content! precise and esay to understand
You have the best courses on Spring boot! I am really looking forward to your Java courses on your website
Woww ..
Really awesome videos from javabrains
Simple and more depth .
Thanks a lot sir for your time .
Great animation 👏
Thank you! Very well explained! 💛
Thank you for the grate explanation.
YOU ARE GREAT MAN! MAKE US MORE SUCH GREAT TUTORIALS KOUSHIK
thank you so much...very good explanation in such a simple way....thanks for creating video like this!!!!
Great lesson 👌👍👏💯
Very well explained, highly appreciate the content.
Thanks for uploading this video.So fine grained explanation .
Brilliant explanation. Thank you very much
nice easy to understand . thanks
Very nice .... I like your all videos..simple language with covering all things
superb sir , thanks for nice explanation
So well explained, thank you!
Watching Kaushik @Java brain videos are like an interesting screenplay movie...:))
This is GEM!
Authentication - Who are you?
Authorization- What can you do?
Principal - Currently logged in account
Granted authority
Role
Very clear on these concepts
Really good presentation and well understood the concept of security. It's Valuable to spend time.
Thanks , in this hanel you understand the concept and how to implemante it , great job
THANK YOU SIR..WELL EXPLAINED
Amazing videos always keep waiting for them .. suggest u to bring a series of oauth2 , Redis , pcf and session management using spring boot .. 👍
Nicely explained! Thanks... :)
sir exactly amazing help for me this much of effort for me
Awesome as always!
Well made videos👏
nice video, great info! :)
hey .. I in love with your explanations ..
Thank you koushik
Thank you so much! That will help me a lot ! :)
Thank you, sir. Your courses are great. Good luck
Thank you so much for the effort. Amazingly explained using pictorials. ur very creative
Good content.
Well explained sir. Can u make a video with an small Api with example of the same.
ohh great video
Is perfect explain , thanks
Thank you so much.
thanks a lot very useful
\
thanks love the vidios!
Hi, what could be the approach for context based authorization, like maybe a user should only edit their own comments and not those of other users
Authentication: Bob make's a request to the Server (login purposes) and it is the task of the Security part of the Server, to confirm Bob and find out, that he really is who he claims to be.
Principle: After the authentification, Bob's details are saved for following requests.
Authorization: Is Bob allowed to do a specific thing? Like deleting a user or even view other user details (not the passwords tho).
Granted Authority: Basically this is the part, which actually handles the Authorization in Spring Security. A list of Authority for a specific User (if you wouldn't define Roles) must be setup.
Roles: It would be a pain to setup for every single person a List of authorities, that's why Roles basically exist. If Bob has the role "User" and in the "Granted Authority" there is set of defined stuff for this role "User", he is only allowed to do the stuff specified. If he would try to do more than allowed, it would'nt be allowed for him (in the frontend-part he shouldn't even see stuff, he can't modify).
Hi Sir, could you please upload on Docker or Kubernettes
santhosh.g
+1
+1
Thank you.
Please create complete course on springsecurity thanka
Please make the full course on spring boot security and outh2 .I am waiting for a long time..Thanks
hey I really like your videos please make more we need your help can you make java android development tutorials, Gradle and the diff between Gradle and maven and which one is better, and what the ADF is really all about, and if we should use it or not and the diff between him and spring and also java desktop dev and if we can make a spring boot desktop app please we need your help and tx a lot
That's great
Thanks
Thank You
I hope to reach to your level of communicating one day.
Hi Kowsik.. one small request.. can you please explain why we need to store passwords in char[] array in java.. why not as string..
Does Spring Security support JWT and token verification?
Koushik, how can we think of principal, one user having different roles or having different accounts with same role..?
Principal is just the currently logged in user. That user could have multiple roles
Can you please add a video in which we can use a custom login page, instead of a default one, how do we call the login API from our own form?
Hello Sir, i want to restrict multiple user login usinng spring security.Not able to understand.please help
why does app remember principal, when i use jwt token , I would just go and validate the token...do i need to remember principal in this case? Pls do answer
where actually are principal object stored?
Hello sir, please provide the videos on oauth2 with jwt token using spring security
First view first comment
Joined :)
Hi Java Brains,
Really good presentation!
"Principal" is not specific to Spring Security. It's common across all the security frameworks.
Happy Teacher's day :)
Hi Kaushik, you intro disco song is bit loud. It will be good if you please lower down that.
shuddup bitch
Nice Video but Can you give a real example application that do what you are explained above?
Yup, coming up!
@@Java.Brains waiting
It looks for me Authroization and Granted Authority are same.
Even in possesion based authentication Hacker can hack the phone and still can grab your secrets
"Principal is someone who I used to hate during my schools :D"
👍
Hated principal in primary school 😀😀😀😀
Sir I have Join course
Too many stories bro. Its better to be concise and to the point. Max info given as capsule. Your content is good.
there are only 2 things authentication , authorization . other things are derivatives , roles are derivative of authorization, Principle of derivation of cookies, grand authorities are derivatives of Roles .