haven't found anything simpler on JWT Authentication & Authorization than this video! Kudos. You're so so important for the community! Keep making such videos please.
What a man you are ? It's not only tutorial for security .It's the night mare for me to achieve security in spring application.Hats off keep the learning spell always on.Thanks a lot!🌟
I have been binge watching many videos on JWT authentication and luckily found this video, you are simply amazing with the way of delivering things sir, thanks a lot and more power to you to roll out such amazing videos in the future
Hats off to you sir You literally made Spring Security Easy. I've gone through many lengthy videos but nothing worked your spring security videos made me learn within 2hrs including jwt and basic auth.
Thanks for the video. I did learn a lot from it. A few points: 1. the authentication manager is not recommended although it works, you should come up with your own authentication manager. 2. there is a new nimbus package in the latest Spring security which should be used for encoder and decoder. 3. that filter is not necessary as I understand. You simply provide the encoder and decoder, spring security will automatically take care of the security check for all the configured paths.
Sir, thank a lot for your contribution. I have searched so many methods to implement JWT on my project running on Spring 3.1.5 but couldn't find a proper solution. We need more videos on new releases like this. Thanks a lot!!!🤩
Oh wow , thank you so much sir .. i was thinking to request you for this spring security jwt and just found it now . Great ,will cover this in this weekend,thank you 😊
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running. Today an interviewer asked this question to me and I was clueless about it. Pls help.
Sir, plz provide flow diagrams of each classes before you code. And also include entire flow with all classes as summary at the end and if possible at very begining. You know the flow, so you find it super easy naming classes, but its tough for any beginners as classes names are big and similar. My hostel juniors gave me this feedback when I shared them ur lecture.
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running. Today an interviewer asked this question to me and I was clueless about it. Pls help.
In that scenario you need to configure your scheduler related properties in only one instance For example let's say you have instance 1 ,2 and 3 You want to run your scheduler only in instance 1 in that case create all properties of scheduler like cron expression, time zone etc only in instance 1 configuration When i say instance 1 configuration i mean just find a place where you can load required properties
Amazing video with covering all the aspect of JWT in latest version of spring boot. Thank you for the in detailed walkthrough. Please make one video on internals of spring boot security internals with new classes in involved latest version
Sir G- i believe you are saving the life of more than 95% programmer who is getting through your sessions. Because i am damm sure, eventually the search for a good content could have end up to one and only your session.. Thanks Man..
as per my understanding we should not hit db again for jwt token validation and we should recreate token with given header and payload and compare it with resent token, however i understand we can not verify roles with that, so there is some gap in this and i am not sure yet how that will be done.
JWT (JSON Web Tokens) are designed to be self-contained, containing all the necessary information within the token itself. Once a user is authenticated and a JWT is issued, the server can verify the token's integrity and extract relevant information without needing to contact the user database for every request. I see in our example we fetched data from user details db again which may not be right way to use jwt as the purpose of using jwt is to avoid hitting db/cache for every login request, please clarify@@Javatechie
@@JavatechieYes, I too didn't understood couple of things- 1. Y u r generating token through a rest end point via @requestBody param? I think It sud b generated via filter u created. If(extractedToken= null) then create json token and should be set in context..or? 2. In ur filter, u r using userDetailService.loadUserByUserName(username) ..this username is same u extracted from ur token? Then, obviously both will be validated? Instead u should match user from token with the logged on user?
Thats a great stuff as always :) . .. One request to you ..can you create one video on Spring Security OAuth Authorization Server using spring boot 3.0 .. Thanks again.. keep up good work :)
Perfect Example for Spring Securrity ! Sir can you please guide how @PostMapping("/authenticate") end point is working internally? How it reading user from DataBase! although we are not using any repository in this end point. How AuthenticationMangar finds the correct user name from database?
It will be dead easy to understand if you can debug then nothing complex buddy. I would strongly suggest you to refer to the video below to understand the internal flow ua-cam.com/video/1ERV-6cz2xk/v-deo.html
I implemented this JWT Authentication and Authorization, and when I call the endpoints via Postman everything works perfectly. The problem is that I'm trying to write unit tests for my controllers using JUnit 5, but all endpoints always throw 403 Forbidden. Even when I use the @WithMockUser annotation, the same problem continues. Does anyone know what the problem could be? Did someone who implemented this JWT Authentication and Authorization manage to do the unit tests for the controllers?
Wanted to add one point: if we are generating token only when user register or login then in validation process, we can skip fetching user details from db because if the token is modified then it will be invalid token when we match it using our secret. So, If the token is valid then we can save it to our security context always.This is my understanding. Please add to it if something is incorrect or I am missing something.
Spring data jpa will create for you. Manual intervention is not required just make Sure to configure hbm2.auto.ddl.in application.yml or properties file
such great tutorial, explained in simple way, help be crash course through it and build a new micro service implementing spring JWT authentication, thank you so much
At 17:45, how did you define the key string with the class label SECRET? I cannot find documentation on this and I have no idea how you did it. It happened very fast.
Hi , I have a small request. Might be funny for some. Can you please create a small video on roadmap. Like roadmap for spring security, roadmap for spring boot or core. So that everyone can have a idea what to start first and what not. Thank you
No it's not at all funny Budd y don't worry. spring boot road map i will prepare one video where i will cover all modules. Most probably this weekend or next okay
One thing I realized, in your extractAllClaims method, the jtw parser throws exceptions that are not caught. For example, if the token is expired it throws a ExpiredJWTException! So you checks for istokenexpired is moot.
Well done Basant but I have a question.. Let's say i have multiple instances of my app.. How do I configure the authentication manager with Redis.. Thanks
![Spring Boot 3.0 Security | Authentication and Authorization | [New Changes] | javaTechie](http://i.ytimg.com/vi/R76S0tfv36w/mqdefault.jpg)
![Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation [NEW] [2023]](/img/n.gif)
Спасибо!
Bro i don't know who are you.. you are God's gift. I am search for a job.. once I got it..I will give super thanks to you
Thanks buddy 😊 . Keep learning
Did you got job ?
@dipakkale2723 yes..already enrolled in his courses..
Did you get the job.
He is Basant Hota
haven't found anything simpler on JWT Authentication & Authorization than this video! Kudos. You're so so important for the community! Keep making such videos please.
One thing I can say..........the best channel I have ever seen....thank u so much sir
What a man you are ? It's not only tutorial for security .It's the night mare for me to achieve security in spring application.Hats off keep the learning spell always on.Thanks a lot!🌟
Thank you so much Gokul . Glad to hear that 😊 . Keep learning
".It's the night mare for me to achieve security in spring application." ,, ...... really ?
@Supriya are you facing any issue?
I have been binge watching many videos on JWT authentication and luckily found this video, you are simply amazing with the way of delivering things sir, thanks a lot and more power to you to roll out such amazing videos in the future
Thank you so much Karthik for appreciating it . I am glad to hear that people are getting benefitted with my content
Hats off to you sir You literally made Spring Security Easy. I've gone through many lengthy videos but nothing worked your spring security videos made me learn within 2hrs including jwt and basic auth.
Crystal clear explanation and implementation. No need to watch any other video after this.
Thank you.
Thanks buddy keep learning 👍
Basanth,
All your courses are simple, straight forward, easy to understand for all levels. Kudos to your efforts.💯
I never thought i would be able to understand JWT until i found this video. you really Blessing to us
Simply amazing Sir. I was struggling for authorization configuration in springboot 3.2.0. You have covered it well.
Thanks for the video. I did learn a lot from it.
A few points: 1. the authentication manager is not recommended although it works, you should come up with your own authentication manager. 2. there is a new nimbus package in the latest Spring security which should be used for encoder and decoder. 3. that filter is not necessary as I understand. You simply provide the encoder and decoder, spring security will automatically take care of the security check for all the configured paths.
Thank you for your suggestion buddy. I will definitely take a look into these changes
you mean bcryptpasswordencoder?
Your communication is OK kind. But your content, efforts, presentation are really awesome. Keep up your good work sir
Sir, thank a lot for your contribution. I have searched so many methods to implement JWT on my project running on Spring 3.1.5 but couldn't find a proper solution. We need more videos on new releases like this. Thanks a lot!!!🤩
incredible! didn't expect to find usage ready solution here, but you nailed it. thanks!
Great tutorial those who are moving spring security 6. Awesome! job.
Starting to learn Spring Boot security now, Thanks for your effort as always.
I appreciate the detailed description of this video. Thanks for sharing.
Really Your Tech Gem .. Hands of your clear explanation .. LOVE IT :)
No words Mind Blowing session
Watching your complete series because of the migration project, Thanks a lot again
I have learned everything I needed to learn, thanks a lot man
Just amazing as always. May God bless you.
Really helped me for my internship
Oh wow , thank you so much sir .. i was thinking to request you for this spring security jwt and just found it now . Great ,will cover this in this weekend,thank you 😊
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running.
Today an interviewer asked this question to me and I was clueless about it. Pls help.
Yr explanation is just amazing👍👍
Sir, plz provide flow diagrams of each classes before you code. And also include entire flow with all classes as summary at the end and if possible at very begining. You know the flow, so you find it super easy naming classes, but its tough for any beginners as classes names are big and similar. My hostel juniors gave me this feedback when I shared them ur lecture.
Thanks Raj for your suggestion. Noted this and will work on it
Nevertheless, it's a big-time first-class tutorial regardless.
Yes. This is the only thing this tutorial is missing.
this happens the first time for me, i just needed a walkthrough in spring3 + jwt and spring security. and well, you provided it 22 minutes ago. +sub
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running.
Today an interviewer asked this question to me and I was clueless about it. Pls help.
@@kshitijbansal3672 holy ffffu. it's more like:
- how many hours did you mess with spring framework, tinkering here and there?
- yes
@@kiryls1207 if you know the solution, you can, don't ask unnecessary questions
@@kshitijbansal3672 i saw guides and tutorials about spring concurrency and threading. i don't know the solution, i just started with spring
In that scenario you need to configure your scheduler related properties in only one instance
For example let's say you have instance 1 ,2 and 3
You want to run your scheduler only in instance 1 in that case create all properties of scheduler like cron expression, time zone etc only in instance 1 configuration
When i say instance 1 configuration i mean just find a place where you can load required properties
thanks, great video. I have followed lots of youtube videos only this code working properly. thanks again.
Amazing video, you made so easy, understood every part
Thanks basant for the detailed video about jwt
Another nice explanation video ❤
Nice explanation.......❤
This is so well explained! Thank you!
Your explanation is really good, thanks for making tutorial
Great explanation sir thanks lot
This is very right way explain.
Present when needed. Thank you!
Thankyou so much for this
I have got a task to build jwt auth
This will be very helpful for me
Thank you very much ❤
Nice ...keep posting some complex spring boot projects...
Great video, thanks for all the explanation!
Nicely covered both authentication and authorization.
Thanks for choosing this topic. And make a Oauth 2 verification video in spring boot 3
Amazing video with covering all the aspect of JWT in latest version of spring boot.
Thank you for the in detailed walkthrough.
Please make one video on internals of spring boot security internals with new classes in involved latest version
Glad it was helpful! Yes it's in my queue soon i will do that
Love the popping sounds
i from vietnam, thanks your video
Greate explanation sir! as always 🙏🙏.
Worth watching your videos
Really helpful thanks.
thank you man, that was very helpful
Sir G- i believe you are saving the life of more than 95% programmer who is getting through your sessions. Because i am damm sure, eventually the search for a good content could have end up to one and only your session.. Thanks Man..
Thank you so much sonu for your word. Keep learning that's what my gift 🎁 buddy
Thank you sir, more videos , I'm beginner :)
as per my understanding we should not hit db again for jwt token validation and we should recreate token with given header and payload and compare it with resent token, however i understand we can not verify roles with that, so there is some gap in this and i am not sure yet how that will be done.
We do validate roles with annotation @PreAuthorize
JWT (JSON Web Tokens) are designed to be self-contained, containing all the necessary information within the token itself. Once a user is authenticated and a JWT is issued, the server can verify the token's integrity and extract relevant information without needing to contact the user database for every request. I see in our example we fetched data from user details db again which may not be right way to use jwt as the purpose of using jwt is to avoid hitting db/cache for every login request, please clarify@@Javatechie
@@JavatechieYes, I too didn't understood couple of things-
1. Y u r generating token through a rest end point via @requestBody param? I think It sud b generated via filter u created. If(extractedToken= null) then create json token and should be set in context..or?
2. In ur filter, u r using userDetailService.loadUserByUserName(username) ..this username is same u extracted from ur token? Then, obviously both will be validated? Instead u should match user from token with the logged on user?
Thank you sir for this video. It is really very helpful.
bro just nailed it
Nice tutorial sir
Best Tutorial ever bro thank you somuch
Thats a great stuff as always :) . .. One request to you ..can you create one video on Spring Security OAuth Authorization Server using spring boot 3.0 .. Thanks again.. keep up good work :)
Okay sure noted
Again an amazing tutorial. I can't thank you enough. ❤
Amazing. Thank you so much
Thanks , your tutorial clips are the best.
Thank you buddy 😊
amazing tutorial!
A really nice explanation . Very helpful
Very good content. Thank you very much!
Perfect Example for Spring Securrity !
Sir can you please guide how @PostMapping("/authenticate") end point is working internally? How it reading user from DataBase! although we are not using any repository in this end point. How AuthenticationMangar finds the correct user name from database?
It will be dead easy to understand if you can debug then nothing complex buddy.
I would strongly suggest you to refer to the video below to understand the internal flow
ua-cam.com/video/1ERV-6cz2xk/v-deo.html
@@Javatechiewow luckely I was already wathcing it ! Thank you so much for your respone ! Thank you again for making things very simpliers
Well explained 🙂
Hi I have a question, at 34:13 while checking for null and bearer, why we are giving space after Bearer?
In postman while selecting auth header by default it will add one additional space
@@Javatechie but if we give just the bearer.. without any space will it not work or there would be multiple result for tha string?
No it won't work . To do quick testing just add a break point in filter class and check the value
@@Javatechie ok thanx 😊, very informative video though 👍🏼
Thank you so much sir.
very nice explanation
Excellent! Love it
Love you bro ! Thanks alottttt
I implemented this JWT Authentication and Authorization, and when I call the endpoints via Postman everything works perfectly. The problem is that I'm trying to write unit tests for my controllers using JUnit 5, but all endpoints always throw 403 Forbidden. Even when I use the @WithMockUser annotation, the same problem continues.
Does anyone know what the problem could be?
Did someone who implemented this JWT Authentication and Authorization manage to do the unit tests for the controllers?
Wanted to add one point: if we are generating token only when user register or login then in validation process, we can skip fetching user details from db because if the token is modified then it will be invalid token when we match it using our secret. So, If the token is valid then we can save it to our security context always.This is my understanding. Please add to it if something is incorrect or I am missing something.
Thank you so much master, te amo
Thanks , love it
Where u create product table ? Or I need to create it
Spring data jpa will create for you. Manual intervention is not required just make Sure to configure hbm2.auto.ddl.in application.yml or properties file
Thank you for this, is there a chance of you making a full stack tutorial with Java and React in future. It will be really helpful.
Yes I will
in this flow can we add authentication using goolge etc.?
Yes absolutely we can
thanks for excellent video
such great tutorial, explained in simple way, help be crash course through it and build a new micro service implementing spring JWT authentication, thank you so much
Thanks buddy, What are you looking for here it is ua-cam.com/video/MWvnmyLRUik/v-deo.html
you passed claims map empty (During token generation), what is the use of that i did n't get that point? can you please elaborate that little more.
Highly appreciated
❤Great demo
27:20 How does AuthenticationManager knows it needs to lookup 'userinfo' table to verify username ?
At 17:45, how did you define the key string with the class label SECRET? I cannot find documentation on this and I have no idea how you did it. It happened very fast.
Option+cmd+c
Thank you 💖
Can you please do this using Reactive approach, it will help us.
Thank you sir
Thanks Buddy, can you make a video integrating jwt on api gateway
Please check this ua-cam.com/video/qODoDq5_hAM/v-deo.html
do you have any example with Keycloak RBAC ? or any help?
Excellent video. I also wanted to know how to implement logout. Can you show a sample with the same example?
Hi , I have a small request. Might be funny for some. Can you please create a small video on roadmap. Like roadmap for spring security, roadmap for spring boot or core. So that everyone can have a idea what to start first and what not.
Thank you
No it's not at all funny Budd y don't worry. spring boot road map i will prepare one video where i will cover all modules. Most probably this weekend or next okay
One thing I realized, in your extractAllClaims method, the jtw parser throws exceptions that are not caught. For example, if the token is expired it throws a ExpiredJWTException! So you checks for istokenexpired is moot.
Have a question about roles. I saw some video where they didn't user preauthorize annotation. But used enum role. What is the best approuch ?
Without @PreAuthorize not sure . Will check and update
Can you help me with an implementation idea about asymmetric encryption
can we use both controller and Restcontroller in single apllication
Yes you can
If i use restcontroller jsp page is not working
Hell yeah thanks man 🔥
Well done Basant but I have a question.. Let's say i have multiple instances of my app.. How do I configure the authentication manager with Redis.. Thanks
You need to configure it in API gateway not in each microservice
@@Javatechie yes I understand but I am talking of monolith applications but scaling to multiple instances.. How do I go about that
please share that Encryption key generator website
It's there in the video description please check