When you are sending a request without a token or with the invalid token you will get a 403 status code. But this should be 401. So I make a video demonstrating how to fix it. you can check it from here: ua-cam.com/video/ucx6wo6dp98/v-deo.html
Thank you so much! This is very helpful. I've been struggling a lot with implementing JWT-based security on my api during the last quarter of 2023. Almost all tutorials and guides were already outdated and contained a lot of deprecated methods, and reading the documentations were a pain in the ass too. I got stuck with my personal project cz of it. Until now! You saved a lot of beginners, Iftekhar. Thank you!!!
hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you
Literally I watched lots of videos, didn't understand that much because JWT implementation java a little bit complex and finally got your video sir, this is really amazing for those(like me) who want to understand the architecture behind the implementation and the procedure of implementation. Really appreciate your valuable time and this amazing explanation. Thank a lot sir.
I'm glad my video could help you understand the complex topic of JWT implementation in Java! It's always great to hear that my explanations are helpful to viewers like you. Thank you for watching and taking the time to leave such a positive comment!
My man, you're a life saver, I was building a auth-server microservice for my college class and spring security wouldn't work. Threw that all way and followed your tips and guides, now it's running and the authentication is the sweetest thing. Thank you so much for your help!!!!
This tutorial is awesome, i didn't code for 2 years, now i'am back at it, it was very difficult, but this video was everything i needed, thank you so much.
I really thank you for this tutorial. After searching for a long time this is the first one I found that is no using deprecated mothods for JWT version 12.
I'm impressed🎉, Just for a suggestion when you write something can you please explain it's purpose so we can also understand it more clearly and it will be helpful for future audiences. ❤
I'm so confused about the Spring security as every next person is talking about the up to date tutorial. That means after every six months the security changes? If that's so, how a given application in spring works if things are going deprecated so fast.
Shouldn't we access the endpoints(/demo, /admin_only) with the token generated by the login operation instead of register ? We suppose that we want the token to be different at every new login. Thank you.
Tutorial was good sir. Everything worked. But I would be happier if those configurations and other security implementations explained a bit better. I have to find them separately.
best explanation and its new methods uimplemented in this video .can you make any end to end project with all validations for learning purpose can you please make it. It will help to lots of students .
@LearnWithlftekhar why do you use personal preference as application.yml please use application. property because a guy who is new in programming can confused
hey buddy its like a harry potter stick just wow .... because i have been doing this on today from early morning and stucked at debugging the code why some request permited but still not working and after seeing this tutorial with a source code i just have to change appplication.properties file nothing else and code runs fine. Many thanks for sharing video with us along with latest spring security filter chain implementation without any deprecated warning code. 🙂
brother, thank you for the video. i did everything as you did from what i understand. using postman, login/registration works. but when i log in and generate a jwt token and use that token to login in i get 401 error. i also get 401 error on every page other than the login/register pages. ive been looking at the source code trying to find a difference but i cant.
Thank you for your comment! I'm glad you appreciate the simplicity and cleanliness of the video. It's always great to hear positive feedback from viewers like you.
hello sir , I implemented jwt using your way for my USER entity class but ! there is one more class i.e VISITOR to that entity I also want to generate and validate token , how can i do so . let me remind you both these classes are two different entity classes and have different tables. hope you understand what i mean and I dont use roles and permission
hello, i am able to log in and register but when i use the token to login i receive this error ".HttpMessageNotReadableException: Required request body is missing" and i am unable to log in. any ideas?
Your video has been incredibly beneficial to me, and I want to express my sincere gratitude. At around 58:30, wouldn't it be better to use the HTTP status code 201 Created for the /register endpoint?
Thanks for the great video! I completely copied your project, a new user registers, a token is issued, but when I try to authorize the user on /demo or amine I get 403, by the way, the same in your previous example, the /login page opens, and on /user and /admin I get 403. Tell me what could be the problem? I’m creating a new project, the dependencies are the same, I copy your code completely, I don’t add anything, but I get 403. Thank you in advance!!!!
Thank you for good video. If somebody see in terminal - "org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL .....", just add jpa: generate-ddl: true
Im having issues with cors not allowing my requests that are coming from my react front end, Im trying to send the POST login request we allowed and cors is blocking me saying "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." do you know what could be causing this issue?
hey, ur video has helped me a lot, but i got an eror 'ERROR: column "role" is of type roleenum but expression is of type character varying Hint: You will need to rewrite or cast the expression.' when i tried to insert user into database, pls help, i already altered the column role in database to enum. Tks a lot
Hello , thank you for the explanation when i register the token is generated , but when i try to login it's forbidden and in the database , the password is not hashed it's written as it is do you know why this might be happenning ?
Thanks for your comment! I'm glad you found the explanation helpful. To use @PreAuthorize in the latest versions of Spring, you can simply annotate your method or class with @PreAuthorize and provide the necessary permissions or roles as arguments. Make sure you have the necessary dependencies added to your project as well. Let me know if you have any specific questions!
@@LearnWithIfte yeah but that's the problem i was facing while using @PreAuthorize I got 403 but while setting up role authorization in config file it works fine.
Please check if you are sending request with proper request body. Request is case sensitive. You can check the code in my GitHub. Link is in the description.
I have seen a lot of videos on JWT and this one again is a different everyone directly jump to the execution of JWD. No one explains how JWT works along with Oauth or standalone how JWT works. No one explains that.
Awesome but the way you implemented is not correct, 1.First user registre then server will send a success response your registration is success now you can login. 2.Then user will login will crendetial now server will send a access token.
Thank you for your work! I have a question. When you are accessing "/demo" without a token, you get a 403 error. But shouldn't it be a 401 in this case? A 403 means that you are authorized but do not have access, while a 401 means that your token is invalid/empty. How can this issue be solved?
Thank you so much for your support and for bringing up this question! It's great to see that you're paying attention to the details. You're right, there seems to be a mismatch in the error codes. I'll look into it and work on finding a solution. Your feedback is truly appreciated!
Hi, I have figured out the solution. We need to add a CustomAccessDeniedHandler to provide 403 error for appropriate cases and also need to add an exception handler in the SecurityFilterChaing method to handle both 401 and 403 status. I have pushed the update to the git. you can check it from github.com/hello-iftekhar/springJwt
Thank you for the latest JWT video. I've a doubt, when I try to access the "/demo" page with the bearer token. it's giving 404 error. I've done exactly the same steps you've done in the video. Do you have any idea what could be wrong.
I think you are wrong returning 403 instead of 401 while authenticating with bad credentials... because: authentication is the process of checking if the user exists with valid credentials and it should return 401 in case of wrong credentials instead of 403, authorization is the process of checking if the user has the permissions (given by roles) to access certain resources, and it should return 403 in case that the user has no permissions...
Yes, you are right about the status code. I have already recorded a new video on It. I will release it soon. However I have already updated my github repo fixing this issue. You can check the fix there.
You need to some tweak. First inside jwt service class you need to create a method to generate other property. below is an example of the method: Map getMyClaimsMap() { Map extraClaims = new HashMap(); extraClaims.put("hello", "world"); return extraClaims; } then you need to update generateToken method as follows: public String generateToken(User user) { Map claims = getMyClaimsMap(); //get extra properties String token = Jwts .builder() .subject(user.getUsername()) .issuedAt(new Date(System.currentTimeMillis())) .expiration(new Date(System.currentTimeMillis() + 24*60*60*1000 )) .claims(claims) // set extra properties in token payload .signWith(getSigninKey()) .compact(); return token; } Hopefully It will help.
It depends on the requirement. In this video, I have shown the fundamental thing. In the real world companies may require an extra level of security. If you can understand the fundamental level, then you will be able to do the advanced levels of work. But you need to study a lot.
When you are sending a request without a token or with the invalid token you will get a 403 status code. But this should be 401. So I make a video demonstrating how to fix it. you can check it from here:
ua-cam.com/video/ucx6wo6dp98/v-deo.html
OK sir thank you so much 👍👍
I tried that but it didn't help
Thank you so much! This is very helpful. I've been struggling a lot with implementing JWT-based security on my api during the last quarter of 2023. Almost all tutorials and guides were already outdated and contained a lot of deprecated methods, and reading the documentations were a pain in the ass too. I got stuck with my personal project cz of it. Until now! You saved a lot of beginners, Iftekhar. Thank you!!!
Thank you for watching. I am glad to know that it was helpful for you.
hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you
Literally I watched lots of videos, didn't understand that much because JWT implementation java a little bit complex and finally got your video sir, this is really amazing for those(like me) who want to understand the architecture behind the implementation and the procedure of implementation. Really appreciate your valuable time and this amazing explanation. Thank a lot sir.
I'm glad my video could help you understand the complex topic of JWT implementation in Java! It's always great to hear that my explanations are helpful to viewers like you. Thank you for watching and taking the time to leave such a positive comment!
same here, watched tons of videos but this one is the best of the best. everything is explained. short and sweet
My only response is wow😲❤❤
I have watched so many videos related to spring security but not like this. Finally found one. ❤❤❤❤ Huge respect.
Can you please share or list the videos you've watched already? As, I've also watching a bunch of videos to gather concepts and solidify things.
THANK YOU! Best video because you used up-to-date methods and not many deprecated ones like other videos
I'm glad you found the video helpful!
true
My man, you're a life saver, I was building a auth-server microservice for my college class and spring security wouldn't work. Threw that all way and followed your tips and guides, now it's running
and the authentication is the sweetest thing. Thank you so much for your help!!!!
This tutorial is awesome, i didn't code for 2 years, now i'am back at it, it was very difficult, but this video was everything i needed, thank you so much.
Thank you for watching. I am glad to know that it was helpful for you.
You don't have a clue how much this video has helped me!
Sir, I understood the concepts well because of your teachings.
Very informative. I traversed so many spring boot auth videos and this one is the best
I saw this same comment of yours on another video as well. Why you doing so?
❤You are making complex to very easy with your professional explanations. 🙌 ❤
I really thank you for this tutorial. After searching for a long time this is the first one I found that is no using deprecated mothods for JWT version 12.
Thank you for watching. I am glad to know that it was helpful for you.
I'm impressed🎉, Just for a suggestion when you write something can you please explain it's purpose so we can also understand it more clearly and it will be helpful for future audiences. ❤
Thank you. I'll definitely consider explaining the code and its purpose in my future videos.
Здесь не хватает русского комментария.
Спасибо.
Сейчас тяжело найти актуальную JWT.
Thank you for watching.
I had a hard time finding a tutorial that uses version 12.x.x
This one solved my problems
Thanks so much
Thank you for watching. I am glad to know that it was helpful for you.
Thank you for the updated and detailed tutorial on this subject
Thankyou, it really worked for me! learned something new 👍
Thank you for watching.
Best video so far on Spring Boot security.Respect!
Thank you for the kind words, glad you enjoyed the video!
I'm so confused about the Spring security as every next person is talking about the up to date tutorial. That means after every six months the security changes? If that's so, how a given application in spring works if things are going deprecated so fast.
it's a good one. clean explanation. It would be great if you could include refresh token as well.
Thank you for your comment! I'm glad you found the explanation helpful. I'll definitely keep your suggestion in mind for future videos.
Love the way you teach simple and perfect keep doing it
Thank you so much for your kind words! I'm glad you find my teaching style helpful.
Please consider a tutorial spring boot with keycloak. Your explanation is really great ❤
Thank you for the suggestion! I'll definitely consider making a tutorial on Spring Boot with Keycloak.
This really helped me a lot. Thanks for such a tutorial
Thank you for watching. I am glad to know that it was helpful for you.
vaiya,spring boot micro services with real time projects er ekta complete playlist er jonno onurodh roilo in english please...love u....
Great video!! It really helped me, I found difficulties since a long time in security but thanks for help
Thank you so much! I'm glad the video was helpful for you in overcoming your security difficulties. Keep up the good work!
Such a good video and very clear explanation!
sir can you please do the same in spring mvc project(Using thymeleaf) for frontend
I am getting a 401 error. I appreciate the video defining 403 vs 401, but could you do a video that fixes the 401 errors?
Sir could you please add the refresh token as well to this lecture?? That would be really helpful.. thank you.
Shouldn't we access the endpoints(/demo, /admin_only) with the token generated by the login operation instead of register ? We suppose that we want the token to be different at every new login. Thank you.
Perfect video sir, this very help full for me. Thank you for make this video!
Thank you for watching. I am glad to know that it was helpful for you.
Thank u sir for amazing explanation all concept is Crystal clear 🙌 so Thank you❤❤
I'm glad the explanation was helpful! Thank you for your kind words.
Tutorial was good sir. Everything worked. But I would be happier if those configurations and other security implementations explained a bit better. I have to find them separately.
Thanks for watching. I will try to add explanation in my future tutorials.
Love your content. Sir please post a video in a week🧡🧡
Thank you for yout support. I will try my best to do this.
very easy to understand. thank you!!
Thank you for watching.
Thanks! It was perfect, ! It really helped me!
Its really an amazing detailed video. Will you please enhance it by securing multiple microservices with this JWT authentication ?
Thanks from Brazil 🎉
Thank you @LearnWithIfte!!!! Really helpful for my studies.
Thank you.
bro great job, thank you so much
Keep Going, You are going a long way. All the best
Thank you for the encouragement!
That was very useful. Thank you.
47:03 | 'Reactive' not use "new WebAuthticationDetailsSource", because ServerHttpRequest. pls!
Please check the source code from github. You will find it in the description.
best explanation and its new methods uimplemented in this video .can you make any end to end project with all validations for learning purpose can you please make it. It will help to lots of students .
Thank you for watching. I am glad to know that it was helpful for you.
Great job! You have helped me a lot!
Thank you for watching. I am glad to know that it was helpful for you.
Can you please tell me the color theme you used for this video? Also thank you for this lesson sir, helped me a lot.
This is Material UI theme
@@LearnWithIfte thank you very much!
nice tutorial, but please what could be the course of error 403
Amazing video!!!🤙
Thanks!!
Love this! Keep going brother!
Thank you so much for the support! Glad you enjoyed the video!
Why don't you separate the responsibility from User Model and make a UserSecurity class and then implement UserDetails? 17:29
Its just one way to implement it. If you want to make a seperate UserSecurity class, go for it. Both techniques are right
@LearnWithlftekhar why do you use personal preference as application.yml please use application. property because a guy who is new in programming can confused
Thank you for your input! I appreciate your concern.
hey buddy its like a harry potter stick just wow .... because i have been doing this on today from early morning and stucked at debugging the code why some request permited but still not working and after seeing this tutorial with a source code i just have to change appplication.properties file nothing else and code runs fine.
Many thanks for sharing video with us along with latest spring security filter chain implementation without any deprecated warning code. 🙂
Wow. Thank you for watching. I am glad to know that it was helpful for you.
What kind of font family do you use on your intellij ?
brother, thank you for the video. i did everything as you did from what i understand. using postman, login/registration works. but when i log in and generate a jwt token and use that token to login in i get 401 error. i also get 401 error on every page other than the login/register pages. ive been looking at the source code trying to find a difference but i cant.
Please double-check the return value of *isValid* method in *JwtService class.* There is a _ "!"_ symbol, you have may missed.
@@LearnWithIfte i have the "!" symbol, its in "!isTokenExpired" im not sure what else it could be
Please share your code. learnwithiftekhar@gmail.com
@@LearnWithIfte i just sent the email, the subject is "github source code of jwt". thank you brother this means a lot
Thank you sir ,but I have a question when I do register I found thé 401 code but i dont know why???
It's my fault, thank you so much for this video, now it's working very well
Do Dear Iftekhar have a developer community group that asks for things they don't understand in any sociel network tg, instagramm or any other?
Why we are not using @Autowired instead of constructor injection
You can check this video to understand it: ua-cam.com/video/fUsKNjGO4Is/v-deo.htmlsi=eMrMs8vECrNY90eT
thanks a lot.
Jajakallah khairan
thanks for your video its very helpful
You are welcome
Thalaiva your great 💥💥
Simple and clean... 👍👍👍
Thank you for your comment! I'm glad you appreciate the simplicity and cleanliness of the video. It's always great to hear positive feedback from viewers like you.
hello sir , I implemented jwt using your way for my USER entity class but ! there is one more class i.e VISITOR to that entity I also want to generate and validate token , how can i do so . let me remind you both these classes are two different entity classes and have different tables. hope you understand what i mean and I dont use roles and permission
hello, i am able to log in and register but when i use the token to login i receive this error ".HttpMessageNotReadableException: Required request body is missing" and i am unable to log in. any ideas?
Great explanation. Thanks
Thank you so much for your kind words! I'm glad I could provide a clear explanation for you.
Your video has been incredibly beneficial to me, and I want to express my sincere gratitude.
At around 58:30, wouldn't it be better to use the HTTP status code 201 Created for the /register endpoint?
Great video, great job
Thank you!
Beautifuly explained
Thank you so much! I'm glad you found the explanation helpful.
Please make a video on Oauth2 resource server with jwt
Thanks for the great video! I completely copied your project, a new user registers, a token is issued, but when I try to authorize the user on /demo or amine I get 403, by the way, the same in your previous example, the /login page opens, and on /user and /admin I get 403. Tell me what could be the problem? I’m creating a new project, the dependencies are the same, I copy your code completely, I don’t add anything, but I get 403. Thank you in advance!!!!
Can you please share your code?
Oh, I added the code from your repository and it worked! Thank you! Now I’m thinking about how to combine this with thymeleaf)))@@LearnWithIfte
With thymeleaf you do not need this jwt token. You can check this video ua-cam.com/video/jPmkcFjbQCM/v-deo.htmlsi=u-KrMMBnNBmdu2KD
Thanks a lot dada
springSecurity by default puts UserDetails isAccountNonExpired, isAccNonLocked, isCredentialsNonExpired as true
Thank you for good video.
If somebody see in terminal - "org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL .....",
just add
jpa:
generate-ddl: true
Im having issues with cors not allowing my requests that are coming from my react front end, Im trying to send the POST login request we allowed and cors is blocking me saying "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." do you know what could be causing this issue?
Hi, you can check this www.baeldung.com/spring-cors
this is another excellent resource: spring.io/guides/gs/rest-service-cors
thank you so much!!!!!
You're welcome!
hey, ur video has helped me a lot, but i got an eror 'ERROR: column "role" is of type roleenum but expression is of type character varying
Hint: You will need to rewrite or cast the expression.' when i tried to insert user into database, pls help, i already altered the column role in database to enum. Tks a lot
Can you please share your code? You can share your github link. learnwithiftekhar@gmail.com
Very helpfull video! Could you please tell me what Theme you use for IntelliJ? I really like the colors of your editor :)
I'm glad you found the video helpful! The theme I use for IntelliJ is called Material Theme UI, it's one of my favorites too!
Excellent explanation
Thank you for your kind words! I'm thrilled that my explanation resonated with you.
@@LearnWithIfte I would loved to see fullstack guide with react to fully cover spring security, like you did in Auth0. Keep up the good work man!
Amazing, good english, good explain
Thank you so much for the kind words, I really appreciate it!
Hello, could you make a video on how to connect this with Angular app on front?
Thank you for your suggestion! I'll definitely consider making a on that. Stay tuned for future content!
Hello , thank you for the explanation when i register the token is generated , but when i try to login it's forbidden
and in the database , the password is not hashed it's written as it is
do you know why this might be happenning ?
Hey, thanks for watching. Unfortunately I don't have any idea why this is happening. Please check my code on github.
clean explanation
Thank you for watching! I'm glad you found the explanation helpful.
celan explanation. It would be great if you could include refresh token as well.
Thank you for your comment! I'm glad you found the explanation helpful. I'll definitely keep your suggestion in mind for future videos.
Great work sir, if possible make videos on chat applaication suing web socket
Thanks for the heads up! I'll definitely make a tutorial on this. Keep an eye on my channel for more updates!
Can we get new video for writing test cases for this project?
Sure.
It would be interesting to see how to host a spring project)
Thank you for your suggestion! I'll definitely consider making a video on hosting spring boot. Stay tuned for future content!
Thanks for video, and what about cors? If we will call this api from frontend.
Thanks a lot for watching my video. I will write a blog on this and will share with you here. Hopefully, it will be helpful for you.
Great Explanation. I also got problem in using @PreAutorize like how can we use it in latest versions of spring
Thanks for your comment! I'm glad you found the explanation helpful. To use @PreAuthorize in the latest versions of Spring, you can simply annotate your method or class with @PreAuthorize and provide the necessary permissions or roles as arguments. Make sure you have the necessary dependencies added to your project as well. Let me know if you have any specific questions!
@@LearnWithIfte yeah but that's the problem i was facing while using @PreAuthorize I got 403 but while setting up role authorization in config file it works fine.
@@arunsara2183 can you please share your code via github?
why do we need to save JWT token into database?
Please check this video. Here I have explained the reason. ua-cam.com/video/OpSU0VgfkL4/v-deo.html
vaiya ,please make a video on bkash ,nagad payment gateway with spring boot please...
Sir my auth header is coming null how to debug it
Great tutorial however after ı wrtie the config class ı get 403 for my any POST request include login and register to (yes i disabled csrf)
Please check if you are sending request with proper request body. Request is case sensitive. You can check the code in my GitHub. Link is in the description.
@@LearnWithIfte I found my issue(my 168 bits key does not enough for jwt. I found it when i debugging @EnableWebSecurity(debug = true)) thanks
Excellent
Thank you so much for your kind words! I'm glad you enjoyed the video.
damn brooo thanks
😁
I have seen a lot of videos on JWT and this one again is a different everyone directly jump to the execution of JWD. No one explains how JWT works along with Oauth or standalone how JWT works. No one explains that.
Awesome but the way you implemented is not correct,
1.First user registre then server will send a success response your registration is success now you can login.
2.Then user will login will crendetial now server will send a access token.
Thank you for your work! I have a question. When you are accessing "/demo" without a token, you get a 403 error. But shouldn't it be a 401 in this case? A 403 means that you are authorized but do not have access, while a 401 means that your token is invalid/empty. How can this issue be solved?
Thank you so much for your support and for bringing up this question! It's great to see that you're paying attention to the details. You're right, there seems to be a mismatch in the error codes. I'll look into it and work on finding a solution. Your feedback is truly appreciated!
Hi,
I have figured out the solution. We need to add a CustomAccessDeniedHandler to provide 403 error for appropriate cases and also need to add an exception handler in the SecurityFilterChaing method to handle both 401 and 403 status. I have pushed the update to the git. you can check it from github.com/hello-iftekhar/springJwt
I have made a video fixing this issue. You can check it from here:
ua-cam.com/video/ucx6wo6dp98/v-deo.html
Thank you for the latest JWT video. I've a doubt, when I try to access the "/demo" page with the bearer token. it's giving 404 error. I've done exactly the same steps you've done in the video. Do you have any idea what could be wrong.
Can you please share your code?
I was facing the same issue. But I sorted it out.
I think you are wrong returning 403 instead of 401 while authenticating with bad credentials... because:
authentication is the process of checking if the user exists with valid credentials and it should return 401 in case of wrong credentials instead of 403,
authorization is the process of checking if the user has the permissions (given by roles) to access certain resources, and it should return 403 in case that the user has no permissions...
Yes, you are right about the status code. I have already recorded a new video on It. I will release it soon. However I have already updated my github repo fixing this issue. You can check the fix there.
Hey, I have made another video where I have shown how to fix this issue. You can check it from here: ua-cam.com/video/ucx6wo6dp98/v-deo.html
I am using java 1.8 , it is not working after your 6 mins video as well
The minimum required Java version for this is 17.
Hello, what if I want to add more than the username in the JWT payload ?
You need to some tweak. First inside jwt service class you need to create a method to generate other property. below is an example of the method:
Map getMyClaimsMap() {
Map extraClaims = new HashMap();
extraClaims.put("hello", "world");
return extraClaims;
}
then you need to update generateToken method as follows:
public String generateToken(User user) {
Map claims = getMyClaimsMap(); //get extra properties
String token = Jwts
.builder()
.subject(user.getUsername())
.issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + 24*60*60*1000 ))
.claims(claims) // set extra properties in token payload
.signWith(getSigninKey())
.compact();
return token;
}
Hopefully It will help.
In company also security services build like this or any difference is there?
It depends on the requirement. In this video, I have shown the fundamental thing. In the real world companies may require an extra level of security. If you can understand the fundamental level, then you will be able to do the advanced levels of work. But you need to study a lot.