Highly important guys.. at @01:14 be aware, the role field must be save with "ROLE_" prefix in the DB, (dont know the reason). I wasted alot of time because I entered the authorization role mapping value which is without the "ROLE_" prefix. thank for the tutorial sir, BIG LIKE!
The hasRole and hasAnyRole methods used for authorizing requests accept parameters starting with "ROLE_". If you look at the java description for these methods, the parameters that are passed will be automatically appended with ROLE_ in the beginning. So definitely your database needs to have data starting with ROLE_ corresponding to role field or wherever you hard-code the authority value. This is my understanding.
I am big fun of your teaching. I don't even want to go for other resources unless I don't find in Java Brains. I really appreciate your contribution to my life. You are such important to me."live long and God bless you."
I saw the whole spring security basic videos, everything till now was explained well. anyone can easily understand these spring security topics. Thank you for your time and effect
I've watched almost every single video I could find on this subject and this was the clearest and most helpful and actually worked. Thank you for your help!
Nice One Koushik, keep the good work up. With addition to all the information, would like to add, spring by default adds "ROLE_" to whatever the role we are trying to check for the user. Thats why Kaushik has inserted ROLE_USER in the roles column of the user table. Now why we are trying to access different urls, spring check the role using the class ExpressionUrlAuthorizationConfigurer which get called from the overriden method configured having HttpSecurity as parameter. Check the implementation for the method hasRole in the method chaining.
You can find well explained implementations of spring security with JWT in Laurentiu Spilca's spring security playlist: ua-cam.com/video/zA3uxv8RMF0/v-deo.html There is pure gold information that really helped me to understand the basics of security for monolith applications and microservices applications. Hope it will help you! :)
Well, authentication happens only once per session. Also, JPA could be supported by a caching mechanism so that an entity is not looked up more than once.
really I'm so lucky to find your video that helped me well to understand and learn with simple method the authentication with spring security, really I appreciate your qualified explanation. big thanks from bottom of my heart ♥
if @Autowired UserDetailsServices in SecurityCnfiguration is showing error it is due to multiple implementations of that interface spring is confused which one to choose. solutiion :add @Primary annotation above MyUserDataService class that will give preference to your implementation
17:20 Spring boot verison 2.3.1.RELEASE When creating a dummy UserDetailsService, you also need to comment out the spring-boot-starter-data-jpa in the pom.xml else the server application will fail to start.
I thought there was a problem in SQL server and I was going to remove the mysql driver dependency from the pom.xml Thanks for your help @Dinesh Shekhawat
Congratulations #JavaBrains. It's the best tutorial I've read about Spring Security + JPA. It's almost complete. Thanks you very much! Pd: I think you should endcoder your password with other tecnique, because it inserts plain-text password.
We are just passing the username for fetching the user details, how does the password is verified during authentication. As in all cases till now we are not verifying the password.
I tried the Exact same as you explained. But when I login with "/admin" {There was an unexpected error (type=Forbidden, status=403).} this error is comming. Please help
I changed the Naming Strategy in properties as the one used in this tutorial is deprecated in Hibernate 5 spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
This tutorial is really helping me alot. Explained so perfectly. here we have created our MyUserDetailsService, but autowired instance of UserDetailsService. Still worked !! Should we MyUserDetailsService ?
If your authorization not working properly after fetch user info from database, remember to name the roles in your DB like "ROLE_USER", "ROLE_AMDIN". Otherwise, your hasRole method will not work!!!!!
If u are getting 403 error. Change SQL insert example: insert into user (username, password, isactive, roles) values ('admin', 'admin', true, 'ROLE_ADMIN'); //or 'ROLE_USER' but not 'USER'
Video is great and usefull. Use mvcMatchers instead of antMatchers for trailing slash / issue. We may use hasAuthority in place of hasRole. This not required ROLE_ prefix in code as well as database.
Quick question: I have understood and implemented all of this. I have a user that exists inside the DB, and when I try to log him in, all is fine, I get a jwt back and all of that stuff. But when I try to access the /login rest point with invalid credentials, I get a 403 forbidden instead of "username not found". What am I doing wrong? Note: I also set my requests to permitAll(), so that's not to blame.
some DBs (like postgresql) does not allow to create database with name 'springsecurity' and table with name 'user' .. probably because they are reserved words .. try using different names in such cases
In the MySQL implementation, where are you verifying the password? You are simply taking the username, getting the user details, and passing it to MyUserDetails(). Does that mean, for the above code, you can give any password and it will work?
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
Your way of explaining complicated concepts in a simple manner is outstanding! Thank you so much!
Highly important guys.. at @01:14
be aware, the role field must be save with "ROLE_" prefix in the DB, (dont know the reason). I wasted alot of time because I entered the authorization role mapping value which is without the "ROLE_" prefix.
thank for the tutorial sir, BIG LIKE!
@Haim you are a life-saver. Spent like 1 hour to find out what was wrong.
BIG THANKS MY MAN!
The hasRole and hasAnyRole methods used for authorizing requests accept parameters starting with "ROLE_". If you look at the java description for these methods, the parameters that are passed will be automatically appended with ROLE_ in the beginning. So definitely your database needs to have data starting with ROLE_ corresponding to role field or wherever you hard-code the authority value. This is my understanding.
I am big fun of your teaching. I don't even want to go for other resources unless I don't find in Java Brains.
I really appreciate your contribution to my life. You are such important to me."live long and God bless you."
Fantastic tutorial, probably the clearest tutorial I've ever watched on a pretty complicated subject. Thank you very much!
This is what is required on UA-cam. Kudos sir
Bring full stack courses also. I bet 1 million is not far away then.🙌
Clearest tutorial with minimum time. Easy to understand. Thank you for wonderful lectures sir.
By Far the Best Explanation of Spring Data JPA with Spring Security...got many concept cleared out of this Tutorial
I saw the whole spring security basic videos, everything till now was explained well. anyone can easily understand these spring security topics. Thank you for your time and effect
wow, these are the best tutorials on Spring Security I have ever found on the Internet. Please keep up the good job :)
I've been struggling with Spring Security for days. Your tutorial made me able to install an authentication system on my app in two hours. THANKS!
SIR the whole day I've been trying to get this to work... then 10 minutes in this video and it works now. I really thank you a lot!!!
Sir, you have made Spring Security so easy to understand. Thank you so much for your efforts😀
Thanks, this is the clearest from scratch video i found so far..so difficult to explain yet you made it look easy
I've watched almost every single video I could find on this subject and this was the clearest and most helpful and actually worked.
Thank you for your help!
Sir, hatsoff to you.. you made learning spring security enjoyable for me.. being dyslexic I hated spring security..
Great Job Koushik!!! I like your teaching style and JavaBrains has been my main source of learning SpringBoot and java related stuff lately!!
Nice One Koushik, keep the good work up. With addition to all the information, would like to add, spring by default adds "ROLE_" to whatever the role we are trying to check for the user. Thats why Kaushik has inserted ROLE_USER in the roles column of the user table. Now why we are trying to access different urls, spring check the role using the class ExpressionUrlAuthorizationConfigurer which get called from the overriden method configured having HttpSecurity as parameter. Check the implementation for the method hasRole in the method chaining.
By far the best tutorials on spring security. Thanks a lot
Clear and simple, managed to implement my own JPA authorization provider thanks to this video. Great Job !
You are doing fabulous work Sir...( Y) Hats off to you for giving so much content to the community for free.
Epic! Thank you!
Please talk about integration with JWT
yes, eager to watch that integration with JWT,
Yess JWT 🙄🙄🙄🙄🙄
You can find well explained implementations of spring security with JWT in Laurentiu Spilca's spring security playlist:
ua-cam.com/video/zA3uxv8RMF0/v-deo.html
There is pure gold information that really helped me to understand the basics of security for monolith applications and microservices applications.
Hope it will help you! :)
really good series of tutorials. Great Job! Since spring 6 some things have slightly changed, but you explain the core principles very well. Thanks!
I have watched a ton of similar videos, but your videos are best by far!
You are doing a great service by sharing all these...no praise will ever be enough..👍👍👍
Best tutorial ever! It is definitely worth your time
The best tutorial i've seen on youtube !! Thanks man !
I never knew . . . Spring Boot Security is this easy . . . thanks to you brother!
Yes Correct, read query many times for authentication/authorization, we might consider using LDAP. LDAP has fast read query.
Well, authentication happens only once per session. Also, JPA could be supported by a caching mechanism so that an entity is not looked up more than once.
This is one of the best tutorial i have seen in my entire life :D Thank you so much.
really I'm so lucky to find your video that helped me well to understand and learn with simple method the authentication with spring security, really I appreciate your qualified explanation.
big thanks from bottom of my heart ♥
Thanks for coming back !!
I've been looking for such tutorial. Great video. Thank you!
The best video for Security. easy to understand and all codes works fine.
Plz Mr make more videos for spring.
This security series is absolutely amazing !! All aspects for each type covered.. 😀👍
Thanks sir, these are the best tutorials on Spring Security I have seen
on the Internet
if @Autowired UserDetailsServices in SecurityCnfiguration is showing error it is due to multiple implementations of that interface spring is confused which one to choose.
solutiion :add @Primary annotation above MyUserDataService class that will give preference to your implementation
Or use @Qualifier("myUserDetailsService")
@Autowired
UserDetailsService userDetailsService;
Did anyone try , this project no longer works ? I cloned it and it doesn't work. Says forbidden (403).
Thank you so much! You explain so clearly, much better than all the paid courses online! 😄
This is good stuff ! Now my weekend is productive as I learned something new from this ! Long live KK !
17:20
Spring boot verison 2.3.1.RELEASE
When creating a dummy UserDetailsService, you also need to comment out the spring-boot-starter-data-jpa in the pom.xml else the server application will fail to start.
Thanks bro , i was thinking the problem was in Mysql
I thought there was a problem in SQL server and I was going to remove the mysql driver dependency from the pom.xml
Thanks for your help @Dinesh Shekhawat
It's actually a problem with having 2 UserDetailsService beans.
You have to qualify which to use.
@@zephyrred3366 so which to use?
@@zephyrred3366 @Qualifier doesnt work.It gives the same error
Really AWESOME!! One of the best videos I watched.
Congratulations #JavaBrains. It's the best tutorial I've read about Spring Security + JPA. It's almost complete. Thanks you very much!
Pd: I think you should endcoder your password with other tecnique, because it inserts plain-text password.
Yes, I do mention that use no-op encoding for simplicity. check out the password encoding tutorial on my channel to learn about password encoding!
Great start to the weekend.. God bless.. Please cover JWT, OAuth and SAML
your explanation is so good i wanna cry
It's importante to note that you must add the prefix ROLE_ in MyUserDetails class otherwise it could return a 403 when trying to log in.
Thanks for this.. i have been facing this issue.. But , how can we get rid of this explicitly.
Finished the tutorial! great job and explanation
Thank you once again, Kaushik for your time and teaching!
Thank you for uploading such video's.
Really helps a lot in Interviews.
this man is the greatest of all time!!!
A very informative video on spring security. Thanks a lot. Cheers
Best video on spring security !! Thanks Kaushik :)
Thank you so much, its always pleasant to watch your videos, crystal clear, in details and precise to point. Thank you so much for your tutorial.
Thank you so much! This unblocked me on a problem I was having with my Repository.
Excellent, Thank you Kaushik, May God bless you!
Indeed, very well explained! I loved it! Subscribed + Shared!
Art of coding ,simple and quick
We are just passing the username for fetching the user details, how does the password is verified during authentication. As in all cases till now we are not verifying the password.
Best I've ever seen on youtube .. thks man 😀👍
thank you very much for putting this together. Your explanations are very clear, concise and to the point!
Fantastic tutorial. Well explained and easy to follow along.
Spring Security + JWT Authentication would be superb!
If you are getting a 403 make sure that the role column in USER table = "ROLE_ADMIN"
Very good tutorial, nice and clear explanations. Thanx a LOT!!
very good video bout spring security, usage of lamda expression also very nice
Sir, you deserve a noble.
I tried the Exact same as you explained. But when I login with "/admin" {There was an unexpected error (type=Forbidden, status=403).} this error is comming. Please help
I tried the JPA with MySQL but I am getting bad credentials. Could you please help me with this??
wow , amazing explanation, waiting your video on spring boot with keycloak
Amazing tutorial, thank you for creating this video
Tjank you so much brother... It was the best spring security tutorial i've ever watched so far...💜
this is exactly i was looking for! thanks!
You made it look so easy. Thank you.
This is pure awesomeness thankyou very much. Amazing!!!!
I changed the Naming Strategy in properties as the one used in this tutorial is deprecated in Hibernate 5
spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
This fixes my issue as well.
Please🙏 upload LDAP supported Spring security ... Eager to watch
ua-cam.com/video/-wDUChgvYgU/v-deo.html
Awesome explanation man,
Perfect teaching skills.
Great Video. God bless you. Regards from Mexico!
Sir, Thanks for you effort to provide us great quality content. I really like your video style. :)
Thanks for your hard effort to make the things done. Awesome
This tutorial is really helping me alot. Explained so perfectly.
here we have created our MyUserDetailsService, but autowired instance of UserDetailsService. Still worked !! Should we MyUserDetailsService ?
Could you make few tutorials that talks about handling user session management after login, thread local etc
Thanks a lot Prof, you're my best teacher
If your authorization not working properly after fetch user info from database, remember to name the roles in your DB like "ROLE_USER", "ROLE_AMDIN". Otherwise, your hasRole method will not work!!!!!
Thanks for help.Now my project is working
Great effort, great explanation.. Thank you...!
If u are getting 403 error. Change SQL insert example: insert into user (username, password, isactive, roles)
values ('admin', 'admin', true, 'ROLE_ADMIN'); //or 'ROLE_USER' but not 'USER'
Thank you, It worked :)
U do best videos for beginners too....I like the way u explain....can u please explain how u created that instance service class in
Before I watched I just click like button 👍
I'm getting forbidden from both my code and the one downloaded from github
Great job Sir. This is what required.. thank you v much.
Hello , thank you so much for your work ! We ARE waiting for LDAP lessons please :) !
Video is great and usefull.
Use mvcMatchers instead of antMatchers for trailing slash / issue.
We may use hasAuthority in place of hasRole. This not required ROLE_ prefix in code as well as database.
Hey Koushik, Please use white background for IntelliJ - its difficult to view
Quick question: I have understood and implemented all of this. I have a user that exists inside the DB, and when I try to log him in, all is fine, I get a jwt back and all of that stuff. But when I try to access the /login rest point with invalid credentials, I get a 403 forbidden instead of "username not found". What am I doing wrong? Note: I also set my requests to permitAll(), so that's not to blame.
At the end of presentation if you do recap of slides in short it will be great help. Thanks for these video's
some DBs (like postgresql) does not allow to create database with name 'springsecurity' and table with name 'user' .. probably because they are reserved words .. try using different names in such cases
In the MySQL implementation, where are you verifying the password? You are simply taking the username, getting the user details, and passing it to MyUserDetails(). Does that mean, for the above code, you can give any password and it will work?
Very nicely explained.
Can you make a tutorial on Spring security + oauth2
Thank you so much for these videos. They are very helpful ❤❤❤
thank you so much for the amazing tutorial