Thank you so much, I'm building an app as a university project and I needed separate UserDetails interface implementation for two entities. Tried everything with one configuration and went past your video (thought it's not what I'm searching for). Basically after spending 4 hours you helped me, definitely new sub :) I love Spring.
Really thanks you for this series of videos about Spring Security, I start to understand it very well and appreciate how Spring Boot simplifies the security side of our applications.
Thanks mister Dan. Could you please clarify: I couldn't quite catch why we needed to explicitly specify ant matcher for h2 path? The documentation 16:46 reads "if Spring MVC is in classpath". But we're in Spring Boot app, Spring MVC is obviously in classpath. Or is this about the fact that h2 console is a separate application and we kinda have to know whether it uses Spring MVC inside?
Just because we are in Spring Boot doesn't necessarily mean Spring MVC is on the classpath but in this case you are correct. The /h2-console is a web resource and not a mvc route like /api/posts is and that's why I am using an AntMatcher there.
Great video and explanation Dan! It seems that for higher versions of Spring Boot (e.g. 3.1.5), securityFilterChain method has to be modified to specify appropriate MVC matcher. Would you know the reason behind the same? Also, what could be the probable fix?
Awesome video! Seems to me this way of decoupling might be useful if I wanna separate my security configurations for my SPA web client and mobile client since both requires different types of filters and possibly different oauth flow
Why does one want to use spring jdbc over spring data jpa? And since we are here for security then what is the difference between oauth2 and spring security?
This is good information but I need to have multiple logins and security configurations for different user types. I need a login page for regular users and a login for administrators backed by a postgres database. My security for the regular users works fine but the security for admin users is not working always goes back to the login page for managers. Do you have any security videos for different user types?
Hi Dan. You are doing a great job by explaining updates after 2.7.0 springBoot version. Could you explain please why I can still access secured pages even after I logged out? and how It could be fixed? thanks
In the example that I posted if you try and access /private you will be redirected to a login page. Do you have an example repo where this problem is happening?
@@DanVega Sorry but I don't have a repo but I will, put here how I've configure securityFilterchain(HttpSecurity http): public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers("/addNewUser").permitAll() .antMatchers("/addNewDog").authenticated() .antMatchers("/getAllUsers").hasRole("ADMIN") .antMatchers("/getAllDogs").hasAnyRole("USER", "ADMIN") .antMatchers(" /dog/{dogId}/user/{userId}").hasRole("USER") .and() .formLogin() .and() .logout().permitAll() .deleteCookies("dummyCookies") .and() .authenticationProvider(daoAuthenticationProvider()) .httpBasic(); return http.build(); }
Perfect... I love your content...You just don't paste some functions but explain the idea and methods to implement it. I'll follow up upcoming posts. I believe you gonna have a reference channel with million subscribers. Thank you.
Hi, thank's for this video, I just needed this for my work this week ! Is it possible to do a video on Spring Security ACL with Domain Object Security ? Have a good day !
Thanks Dan for this intro, do know what is required to handle this multiple authentication filter based on either header or query param, and for ex may be same endpoint /api/V1/auth/ for both authentications ?
I wish i would have watched this video before writing my Rest api with the help of outdated code while still learning the framework. Now i have to spend my day migrating all of my code to a newer version of spring just because i wanted to build some basic Security. btw. its not that bad. Im just frustrated because i spent multiple hours trying to even understand why nothing works.
When I run application I get error org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'postController' defined in file [/Users/aibar/IdeaProjects/Advanced-Spring-Security/target/classes/com/example/Advanced/Spring/Security/controllers/PostController.class]: Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'postRepository'
Thanks!
rare to see a good java content like what you are producting, congrats for that Dan.
I'm not getting why the apiSecurityFilterChain ("api/**") matches the "/h2-console"-request.
15:19
Found value? Holy moly...absolutely! Invaluable channel. Period.
Thank you so much, I'm building an app as a university project and I needed separate UserDetails interface implementation for two entities. Tried everything with one configuration and went past your video (thought it's not what I'm searching for). Basically after spending 4 hours you helped me, definitely new sub :) I love Spring.
Really thanks you for this series of videos about Spring Security, I start to understand it very well and appreciate how Spring Boot simplifies the security side of our applications.
Really useful tutorial. Short and to the point.
Thank you!
Thanks mister Dan. Could you please clarify: I couldn't quite catch why we needed to explicitly specify ant matcher for h2 path? The documentation 16:46 reads "if Spring MVC is in classpath". But we're in Spring Boot app, Spring MVC is obviously in classpath. Or is this about the fact that h2 console is a separate application and we kinda have to know whether it uses Spring MVC inside?
Just because we are in Spring Boot doesn't necessarily mean Spring MVC is on the classpath but in this case you are correct. The /h2-console is a web resource and not a mvc route like /api/posts is and that's why I am using an AntMatcher there.
useful, thank you!!! I applied this to your video with resource server with oauth, get token works with basic and API with bearer token
Glad it was helpful!
Dan makes it look so easy. Thanks buddy!
Hey Dan thank you for this awesome tutorial. I'm not finding the annotation @SecurityMatcher can you help me with that.
Great video and explanation Dan! It seems that for higher versions of Spring Boot (e.g. 3.1.5), securityFilterChain method has to be modified to specify appropriate MVC matcher. Would you know the reason behind the same? Also, what could be the probable fix?
Thank you, I need this topic these days..
good one! what's the theme of intelliJ? thanks!
Awesome video! Seems to me this way of decoupling might be useful if I wanna separate my security configurations for my SPA web client and mobile client since both requires different types of filters and possibly different oauth flow
Thanks! Sweet piece of cake!
I need to perform LDAP authentication and thus generate a JWT token, do you know how to do this?
Will it work for handling different oauth2 providers? Let's say I want to keep two separate SecurityFilterChain for Facebook and Google? Thanks.
Thank you for nice content Dan!
could you please make a video about spring security with oauth2 inside it,,and how does it look like if the be and fe place on different domain
Thank you Dan Vega
Why does one want to use spring jdbc over spring data jpa? And since we are here for security then what is the difference between oauth2 and spring security?
Really good and useful video.
This is good information but I need to have multiple logins and security configurations for different user types. I need a login page for regular users and a login for administrators backed by a postgres database. My security for the regular users works fine but the security for admin users is not working always goes back to the login page for managers. Do you have any security videos for different user types?
Hi Dan. You are doing a great job by explaining updates after 2.7.0 springBoot version. Could you explain please why I can still access secured pages even after I logged out? and how It could be fixed? thanks
In the example that I posted if you try and access /private you will be redirected to a login page. Do you have an example repo where this problem is happening?
@@DanVega Sorry but I don't have a repo but I will, put here how I've configure securityFilterchain(HttpSecurity http):
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/addNewUser").permitAll()
.antMatchers("/addNewDog").authenticated()
.antMatchers("/getAllUsers").hasRole("ADMIN")
.antMatchers("/getAllDogs").hasAnyRole("USER", "ADMIN")
.antMatchers(" /dog/{dogId}/user/{userId}").hasRole("USER")
.and()
.formLogin()
.and()
.logout().permitAll()
.deleteCookies("dummyCookies")
.and()
.authenticationProvider(daoAuthenticationProvider())
.httpBasic();
return http.build();
}
Perfect... I love your content...You just don't paste some functions but explain the idea and methods to implement it. I'll follow up upcoming posts. I believe you gonna have a reference channel with million subscribers. Thank you.
Great. Can you also explain how to handle 2 different authorization servers like jwt token can be from Keycloak auth server or Spring Auth server?
Hi Dan. Thank you for enlightening with new tech advances in spring. However, looks like antmatcher is deprecated. But you are using it?
@Dan Vega
Thank you very much for this very much useful video! You're doing good job, very clean and concise explanations. :)
really good work. thanks
Thank you so much ❤
Which IDE are you using?
Hi, thank's for this video, I just needed this for my work this week !
Is it possible to do a video on Spring Security ACL with Domain Object Security ?
Have a good day !
If you are qualifying the path why is order annotation still needed?
Thanks Dan for this intro, do know what is required to handle this multiple authentication filter based on either header or query param, and for ex may be same endpoint /api/V1/auth/ for both authentications ?
I'll have to dig into that and see if it's possible. Can you give me an example of where you might want to do this?
awesome.
Glad you think so!
thankssss
I wish i would have watched this video before writing my Rest api with the help of outdated code while still learning the framework. Now i have to spend my day migrating all of my code to a newer version of spring just because i wanted to build some basic Security. btw. its not that bad. Im just frustrated because i spent multiple hours trying to even understand why nothing works.
Greate
56th...Thanks Dan
When I run application I get error
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'postController' defined in file [/Users/aibar/IdeaProjects/Advanced-Spring-Security/target/classes/com/example/Advanced/Spring/Security/controllers/PostController.class]: Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'postRepository'