Advanced Spring Security - How to create multiple Spring Security Configurations

Поділитися
Вставка

КОМЕНТАРІ • 50

  • @gordanbakalar7441
    @gordanbakalar7441 Рік тому +2

    Thanks!

  • @CauãShmith
    @CauãShmith Рік тому +5

    rare to see a good java content like what you are producting, congrats for that Dan.

  • @ddarkodev2923
    @ddarkodev2923 Рік тому +3

    I'm not getting why the apiSecurityFilterChain ("api/**") matches the "/h2-console"-request.
    15:19

  • @SleepThatBurns
    @SleepThatBurns Рік тому

    Found value? Holy moly...absolutely! Invaluable channel. Period.

  • @benjaminpeljto7408
    @benjaminpeljto7408 7 місяців тому

    Thank you so much, I'm building an app as a university project and I needed separate UserDetails interface implementation for two entities. Tried everything with one configuration and went past your video (thought it's not what I'm searching for). Basically after spending 4 hours you helped me, definitely new sub :) I love Spring.

  • @marouaniAymen
    @marouaniAymen Рік тому +2

    Really thanks you for this series of videos about Spring Security, I start to understand it very well and appreciate how Spring Boot simplifies the security side of our applications.

  • @informatik01
    @informatik01 Рік тому +2

    Really useful tutorial. Short and to the point.
    Thank you!

  • @ILyaCyclone
    @ILyaCyclone Рік тому +2

    Thanks mister Dan. Could you please clarify: I couldn't quite catch why we needed to explicitly specify ant matcher for h2 path? The documentation 16:46 reads "if Spring MVC is in classpath". But we're in Spring Boot app, Spring MVC is obviously in classpath. Or is this about the fact that h2 console is a separate application and we kinda have to know whether it uses Spring MVC inside?

    • @DanVega
      @DanVega  Рік тому +1

      Just because we are in Spring Boot doesn't necessarily mean Spring MVC is on the classpath but in this case you are correct. The /h2-console is a web resource and not a mvc route like /api/posts is and that's why I am using an AntMatcher there.

  • @TheGuroguro12
    @TheGuroguro12 Рік тому +1

    useful, thank you!!! I applied this to your video with resource server with oauth, get token works with basic and API with bearer token

    • @DanVega
      @DanVega  Рік тому

      Glad it was helpful!

  • @justreason5868
    @justreason5868 Рік тому

    Dan makes it look so easy. Thanks buddy!

  • @hasseneayoub4818
    @hasseneayoub4818 Рік тому

    Hey Dan thank you for this awesome tutorial. I'm not finding the annotation @SecurityMatcher can you help me with that.

  • @ankushanandjec
    @ankushanandjec Рік тому +2

    Great video and explanation Dan! It seems that for higher versions of Spring Boot (e.g. 3.1.5), securityFilterChain method has to be modified to specify appropriate MVC matcher. Would you know the reason behind the same? Also, what could be the probable fix?

  • @pad5724
    @pad5724 Рік тому

    Thank you, I need this topic these days..

  • @headshotmaster3401
    @headshotmaster3401 9 місяців тому

    good one! what's the theme of intelliJ? thanks!

  • @fusing17
    @fusing17 Рік тому

    Awesome video! Seems to me this way of decoupling might be useful if I wanna separate my security configurations for my SPA web client and mobile client since both requires different types of filters and possibly different oauth flow

  • @Luisow748
    @Luisow748 Рік тому

    Thanks! Sweet piece of cake!

  • @alefsousaaguiardaniel5472
    @alefsousaaguiardaniel5472 Рік тому +1

    I need to perform LDAP authentication and thus generate a JWT token, do you know how to do this?

  • @galizischebahn2648
    @galizischebahn2648 2 місяці тому

    Will it work for handling different oauth2 providers? Let's say I want to keep two separate SecurityFilterChain for Facebook and Google? Thanks.

  • @sleepycakeawake
    @sleepycakeawake Рік тому

    Thank you for nice content Dan!

  • @ajimulyadi8064
    @ajimulyadi8064 8 місяців тому

    could you please make a video about spring security with oauth2 inside it,,and how does it look like if the be and fe place on different domain

  • @beryalex1798
    @beryalex1798 Рік тому

    Thank you Dan Vega

  • @ХорхеРодригез
    @ХорхеРодригез Рік тому

    Why does one want to use spring jdbc over spring data jpa? And since we are here for security then what is the difference between oauth2 and spring security?

  • @kenduraghav
    @kenduraghav 7 місяців тому

    Really good and useful video.

  • @andrelong7230
    @andrelong7230 4 місяці тому

    This is good information but I need to have multiple logins and security configurations for different user types. I need a login page for regular users and a login for administrators backed by a postgres database. My security for the regular users works fine but the security for admin users is not working always goes back to the login page for managers. Do you have any security videos for different user types?

  • @uigreseu5756
    @uigreseu5756 Рік тому +2

    Hi Dan. You are doing a great job by explaining updates after 2.7.0 springBoot version. Could you explain please why I can still access secured pages even after I logged out? and how It could be fixed? thanks

    • @DanVega
      @DanVega  Рік тому

      In the example that I posted if you try and access /private you will be redirected to a login page. Do you have an example repo where this problem is happening?

    • @uigreseu5756
      @uigreseu5756 Рік тому

      @@DanVega Sorry but I don't have a repo but I will, put here how I've configure securityFilterchain(HttpSecurity http):
      public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
      http
      .csrf().disable()
      .authorizeRequests()
      .antMatchers("/addNewUser").permitAll()
      .antMatchers("/addNewDog").authenticated()
      .antMatchers("/getAllUsers").hasRole("ADMIN")
      .antMatchers("/getAllDogs").hasAnyRole("USER", "ADMIN")
      .antMatchers(" /dog/{dogId}/user/{userId}").hasRole("USER")
      .and()
      .formLogin()
      .and()
      .logout().permitAll()
      .deleteCookies("dummyCookies")
      .and()
      .authenticationProvider(daoAuthenticationProvider())
      .httpBasic();
      return http.build();
      }

    • @maziartary
      @maziartary Рік тому

      Perfect... I love your content...You just don't paste some functions but explain the idea and methods to implement it. I'll follow up upcoming posts. I believe you gonna have a reference channel with million subscribers. Thank you.

  • @chrispure7461
    @chrispure7461 Рік тому

    Great. Can you also explain how to handle 2 different authorization servers like jwt token can be from Keycloak auth server or Spring Auth server?

  • @saravanavel2802
    @saravanavel2802 Рік тому

    Hi Dan. Thank you for enlightening with new tech advances in spring. However, looks like antmatcher is deprecated. But you are using it?

  • @MradnanBIH
    @MradnanBIH Рік тому

    @Dan Vega
    Thank you very much for this very much useful video! You're doing good job, very clean and concise explanations. :)

  • @naim-cd9tx
    @naim-cd9tx 8 місяців тому

    really good work. thanks

  • @MsPrettyg00d
    @MsPrettyg00d 11 місяців тому

    Thank you so much ❤

  • @alefsousaaguiardaniel5472
    @alefsousaaguiardaniel5472 Рік тому

    Which IDE are you using?

  • @Trodix89
    @Trodix89 Рік тому

    Hi, thank's for this video, I just needed this for my work this week !
    Is it possible to do a video on Spring Security ACL with Domain Object Security ?
    Have a good day !

  • @rydmerlin
    @rydmerlin Рік тому

    If you are qualifying the path why is order annotation still needed?

  • @rajeshhazari
    @rajeshhazari Рік тому

    Thanks Dan for this intro, do know what is required to handle this multiple authentication filter based on either header or query param, and for ex may be same endpoint /api/V1/auth/ for both authentications ?

    • @DanVega
      @DanVega  Рік тому

      I'll have to dig into that and see if it's possible. Can you give me an example of where you might want to do this?

  • @zubayerahamed7771
    @zubayerahamed7771 Рік тому +1

    awesome.

    • @DanVega
      @DanVega  Рік тому

      Glad you think so!

  • @GeoLimiar
    @GeoLimiar Рік тому

    thankssss

  • @lukestardoinstuff1237
    @lukestardoinstuff1237 11 місяців тому

    I wish i would have watched this video before writing my Rest api with the help of outdated code while still learning the framework. Now i have to spend my day migrating all of my code to a newer version of spring just because i wanted to build some basic Security. btw. its not that bad. Im just frustrated because i spent multiple hours trying to even understand why nothing works.

  • @mubarakahmed9060
    @mubarakahmed9060 Рік тому

    Greate

  • @jopadjr
    @jopadjr Рік тому

    56th...Thanks Dan

  • @aibardulatov
    @aibardulatov Рік тому

    When I run application I get error
    org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'postController' defined in file [/Users/aibar/IdeaProjects/Advanced-Spring-Security/target/classes/com/example/Advanced/Spring/Security/controllers/PostController.class]: Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'postRepository'