I'm impressed - you provided a full example of a JWT implementation. I can follow each step and you explain every step very well. Trying to look all of this stuff up by myself would have cost me months. THANK YOU, SIR!
This is a fantastic tutorial. Even-though some of the concepts like "WebSecurityConfigurerAdapter" are deprecated, it was good to know. This is the first time I have actually understood the flow of authentication and authorization. Thank you.
This was a fun project, I learned how to secure my API routes, how to authenticate & authorize as well as sending a refresh token. It would be awesome if you do this project again but with the best practices. Maybe like a follow up or more advanced video. Thank you both of you guys for providing such an informative tutorial.
I know I'm a bit late but did you also name your main entity class "User". I named my Employee and then used the User class from the security package. And I'm struggling to figure out which one to use for the refresh token part.
I'm already working as developer using Spring (at a major global company) but the code is so unstructured. What you're teaching is really clean and best practice.so good
hello Amigoscode i'm from VietNam. First of all, thank you very much for the knowledge shared in this video. It helped me a lot in my final major assignment in college. Wishing you good health and good luck.
Thanks so much for spreading out your wonderfull knowlegde on this subject. It simply blows my mind how you master the subject and how you are able to explained every single point in the code and how is your profound knowledgement to resolve error when they show up! Congratulations for your expertise on teaching also... I am a true begginner in this area and the way you master this subject is really wonderful.
OMG It's really great tutorial! Thank you man a lot! Also, we can place constant URLs such as "/login" or "/token/refresh" as static final fields in SecurityConfig and just use them wherever we want - in Filters, Resource Controllers, anywhere. And we just have to edit them once only at that point.
Amazing work, i got few questions from your precedent video about spring security but this one helped me to comprehend better, not even asked that you provided for us, thanks a lot pal :)
hello, i realized that websecurityconfigureadapter is deprecated since springboot 2.7.0. Are you going to make video of how to use it , mean without using websecurityconfigureadapter, i tried to apply it, it did not work for me? thanks
At 1:20:08 your screen cuts out on the far right side when dealing with setting up the roles as claims. What is the last part of that statement? .collect(Collect.......
That's awesome as always! It would be also really helpful if you could show us how to configure security without WebSecurityConfigurerAdapter, cause it's deprecated since Spring Security 5.7.0-M2. Thanks!!!
Honestly just want to say thank you so much for taking the time and effort it took to make this really guys, this is legendary. I am super grateful. Thank you.
cool video .. only thing .. when sending a refreshToken to get a new accessToken, it is good practice to create a new refreshToken as well. small thing but it helps, that the refreshToken always has longer expire date-time then the accessToken.
Nelson. thank you for your dedication... i started spring couple of months ago and you have been a blessing to me.. kindly do tutorial on sign up/ register, login and log out in spring boot api using JWT
Wonderful course !!! Thanks a ton for taking time and coming up with something this good. its very helpful.!!! Unable to find the GITHub link for this tutorial, pls share github link 😞
1:48:30 Hey, I didn't see this error but just 403 status code. There shouldn't be a JSON response body because missing "Bearer" results in going to the last else block which doens't handle JSON response.
I can’t exactly remember but you might have to put runtime exception in the last else block. Tbh if you want to actually learn spring security I would watch laur spilicas videos
Hello 👋 Please can you make an updated version of this video since the webSecurityConfigurerAdapter is deprecated and spring recommend using the Filter chain concept Thank you 😊
@2:01:29 you can replace *.equals()* with *.startsWith()* to allow the endpoints starting with a prefix. Therefore, a possible solution is _request.getServletPath().startsWith("/api/token")_
Hi Nelson, I follow your channel and I started programming in Java thanks to your really well done videos. The passion you transmit in teaching is incredible. I am still very inexperienced and I am approaching software applications with microservices architectures. I'm struggling a bit to understand how to start a microservice and how to get them to communicate with them. I can't quite understand how to integrate Docker and Kubernetes. When you get the chance will you be able to make a small example of how to create multiple microservices in spring boot and integrate Docker with Kubernetes? Thanks Nelson. Support from Italy!
Thanks for the vid, woah that is a heck of a lot of info to take in for someone who is new. Guess I'm gonna have to use this project I made alongside the video as a "cheat" when working on this in the future
Wow! your video is really awesome and information you have depicted is precise. Love you and following your channel. Thank you so much for your video and love to see more videos in youtube.
I just wanted to ask about the end point "/login" I did not see it somewhere. Please can you explain when you sue /login end point the flow on the code works? Thank you very much
This tutorial is amazing! Since the WebSecurityConfigurerAdapter has been deprecated in the latest version of Spring Boot/Security, is there a new video planned to update the content of this portion of the tutorial? It would be nice to see how set the SecurityConfiguration class using the @EnableGlobalMethodSecurity annotation, use the SecurityFilterChain class. Meanwhile, I'll try to convert that portion of the tutorial and figure it out. Again, thank you! Very informative!
Hey Nelson, first of all I wanted to thank you for your videos and the work you put into them. I wanted to ask you, if you could make a updated version of this video, with the new Bean based Security configuration stuff. I just don't get it to work. It always breaks and I have tried pretty much everything that came in my mind or what I found on google. I am not using spring for that long so I am still kinda new to the whole topic. I would really appreciate it! Keep it up man!
This video can't get any better. I've been searching for a video that explains the working of these security classes. All that regular courses included were spring auto security configuration, usage of jsp pages and not really getting into the core and playing around.
Following this tutorial, it's cool so far, good lookin' out! Just a little comment: you mentioned calling the class "User" is a bad idea, but actually, it's a terrible idea. I picked PostgreSQL instead of MySQL, and apparently, User's a restricted keyword there, so it was crashing, until I changed User into something else ("Member" in my case)
also you can add new property in applicatiom.properties file: spring.jpa.properties.hibernate.auto_quote_keyword=true This will be add quote to keywords
I'm not sure I understand why at 1:44:05 you let a request continue even though the request doesn't have an authorisation header and is not an authentication request. What scenario could there be for this?
Aleykum Selam brother, you and getarrays are awesome. May Allah bless you thanks to these free courses which helping people a lot. Greetings from Turkey 🇹🇷
Thank you so much again, Nice Video, I hope you make a new video that talking about best practices of using Spring Security with other microservices and with API gateway existence.
Great video. One word of warning though. Be careful catching all exceptions as is done in doFilterInternal method as is done at 1:43:50. Any exceptions coming from later in the filter will be caught here and you may end up with a red herring "401 unauthorized error" which is nothing to do with authorization. I hope this saves someone the frustration of trying to debug an authorization problem which isn't even there.
![Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation [NEW] [2023]](http://i.ytimg.com/vi/KxqlJblhzfI/mqdefault.jpg)
![Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation [NEW] [2023]](/img/tr.png)
I'm impressed - you provided a full example of a JWT implementation. I can follow each step and you explain every step very well. Trying to look all of this stuff up by myself would have cost me months. THANK YOU, SIR!
This is a fantastic tutorial. Even-though some of the concepts like "WebSecurityConfigurerAdapter" are deprecated, it was good to know. This is the first time I have actually understood the flow of authentication and authorization. Thank you.
His voice is so calm and soothing, it didn't stress me at all. Good job!
after searching for clean and understandable explanation for 3 months
i finally found the best one . nice & clean
Yesterday I was looking for this exact tutorial on your channel and today you upload this! Just perfect! Thanks 😁
This was a fun project, I learned how to secure my API routes, how to authenticate & authorize as well as sending a refresh token. It would be awesome if you do this project again but with the best practices. Maybe like a follow up or more advanced video. Thank you both of you guys for providing such an informative tutorial.
I know I'm a bit late but did you also name your main entity class "User". I named my Employee and then used the User class from the security package. And I'm struggling to figure out which one to use for the refresh token part.
@@brandonalfaro42 you have to use your personal class User, beacause he use the repository on it.
Simple, direct and efficient. You have the gift of explaining!
Nothing more to say. Thank you sir!
Man, you saved me. This is exactly I was looking for, with examples and the explanation of each line you're into.
Amazing tutorial, the best one about Spring Security and JWT I've seen so far, thank you very much for posting this for free!
I just got back at studying Spring, and this video came in PERFRECT timing. Love your content, thank you!
Man you explain everything so well and in detail. Very few people on the internet do this. Thank you ! :)
Amazing like always Nelson!
Thanks for the richest content you provide to the community.
I'm already working as developer using Spring (at a major global company) but the code is so unstructured. What you're teaching is really clean and best practice.so good
That was one of the best tutorial I have seen in youtube. As always you deserve like and comment bro. Good job.
hello Amigoscode i'm from VietNam. First of all, thank you very much for the knowledge shared in this video. It helped me a lot in my final major assignment in college. Wishing you good health and good luck.
Your video contains a lot of best practices, that's among things that distinguish it from other tutorials.
Thank you and keep going.
Gotta love how the video quality increases each time! Well done Nelson
IF FBI watch this security video . We also must watch this video ))
Best security course hands-on I have seen so far , take my hat off
Thanks so much for spreading out your wonderfull knowlegde on this subject. It simply blows my mind how you master the subject and how you are able to explained every single point in the code and how is your profound knowledgement to resolve error when they show up! Congratulations for your expertise on teaching also... I am a true begginner in this area and the way you master this subject is really wonderful.
Boa sorte na tua jornada, estou aprendendo por conta e parece impossível
Best Video on UA-cam about JWT Token in Spring Boot
OMG It's really great tutorial! Thank you man a lot!
Also, we can place constant URLs such as "/login" or "/token/refresh" as static final fields in SecurityConfig and just use them wherever we want - in Filters, Resource Controllers, anywhere. And we just have to edit them once only at that point.
Good tip Constants are quite useful here.
Amazing work, i got few questions from your precedent video about spring security but this one helped me to comprehend better, not even asked that you provided for us, thanks a lot pal :)
Your videos are amazing I rarely saw such a good content with good explanations when it is needed. Great job and thank you!
As usual, your tutorial/course is awesome. Thank you so much!
hello, i realized that websecurityconfigureadapter is deprecated since springboot 2.7.0. Are you going to make video of how to use it , mean without using websecurityconfigureadapter, i tried to apply it, it did not work for me? thanks
At 1:20:08 your screen cuts out on the far right side when dealing with setting up the roles as claims. What is the last part of that statement? .collect(Collect.......
Really a best explanation and great video in UA-cam for JWT implementation 👌🏻 keep rocking bro
Salaam Brother - Eid Mubarak. Long waited for video. MANY THANKS
That's perfectly matched what I need! Thanks for the high-quality tutorial.
That's awesome as always! It would be also really helpful if you could show us how to configure security without WebSecurityConfigurerAdapter, cause it's deprecated since Spring Security 5.7.0-M2. Thanks!!!
I had the same issue, I decided to change my Spring Boot version to
@@JamesSmith-us3ne See my comment above
Very good tutorial!
In my opinion, it is currently the best on youtube for that topic
Thank You bro for this wonderful lesson!i finished this lession , simple, efficient, nothing more to say ! Thank you !:)
Honestly just want to say thank you so much for taking the time and effort it took to make this
really guys, this is legendary.
I am super grateful.
Thank you.
I love you for this. You are the only one that knew how to explain. Thank you so much! Liked and Subscribed!
cool video .. only thing .. when sending a refreshToken to get a new accessToken, it is good practice to create a new refreshToken as well. small thing but it helps, that the refreshToken always has longer expire date-time then the accessToken.
Nelson. thank you for your dedication... i started spring couple of months ago and you have been a blessing to me.. kindly do tutorial on sign up/ register, login and log out in spring boot api using JWT
WebSecurityConfigurerAdapter depreciated. Need help introducing SecurityFilterChain please.
Walaikum assalam brother... I m very happy to see you here...
Doing great work brother...
Perfect. it was really useful . Ur content is always rich and I learned so much from U.
Thank U amigoscode.
You helped me out a lot Amigo! I'm looking forward to an Angular masterclass.
I'm really impressed this tutorial.
Thank you very much for sharing this amazing tutorial 😊
Excellent video mate! Thank you for sharing knowledge in such clear manner :)
Wonderful course !!! Thanks a ton for taking time and coming up with something this good. its very helpful.!!!
Unable to find the GITHub link for this tutorial, pls share github link 😞
It would be nice to add front-end to this project, to see how the front side of the application deals with the tokens
am stuck here like i have to post the data through front end tried everything
@@AKIvarma you can use postman/curl/any other tool that does requests or write some tests to simulate the requests and etc to do what you want.
can we get updated version? This method was deprecated in 5.7.0
🙏 Much much appreciated !!
You're becoming my reliable resource for my study 👍
As-salamu alaykum ☺
Thanks for the great explanation and tutorial. It really really helps me.بَارَكَ اللهُ لَكَ
Beautiful course on Spring Security! Congratulations.
1:48:30 Hey, I didn't see this error but just 403 status code. There shouldn't be a JSON response body because missing "Bearer" results in going to the last else block which doens't handle JSON response.
This helped me tremendously
@@brando3179 Please how did you resolved the issue because I'm facing the same thing here
I can’t exactly remember but you might have to put runtime exception in the last else block. Tbh if you want to actually learn spring security I would watch laur spilicas videos
@@brando3179 I'm facing the same, I'd really appreciate it if you could double check?
Hello 👋
Please can you make an updated version of this video since the webSecurityConfigurerAdapter is deprecated and spring recommend using the Filter chain concept
Thank you 😊
Really amazing content, Amigo! You're awesome at explaining things.
Salam Amigos - A react course would go viral and would be appreciated by the internet world
@2:01:29 you can replace *.equals()* with *.startsWith()* to allow the endpoints starting with a prefix. Therefore, a possible solution is _request.getServletPath().startsWith("/api/token")_
Thanks for posting these videos . It's very helpful. Keep post such great content
Hi Nelson, I follow your channel and I started programming in Java thanks to your really well done videos. The passion you transmit in teaching is incredible. I am still very inexperienced and I am approaching software applications with microservices architectures. I'm struggling a bit to understand how to start a microservice and how to get them to communicate with them. I can't quite understand how to integrate Docker and Kubernetes. When you get the chance will you be able to make a small example of how to create multiple microservices in spring boot and integrate Docker with Kubernetes? Thanks Nelson. Support from Italy!
Hi 👋🏿 thanks for the comment. Coming soon what you are asking
@@amigoscode Thank you so much Nelson!
I would love to see this examples of microservices talking to each other! Thanks Nelson!
Im very excited to see your video course about jwt with refresh token, thanks:)
Hello, i can login with x-www-form-urlencoded, but when i using json username and password is null, how can i fix it?
Thanks for the vid, woah that is a heck of a lot of info to take in for someone who is new. Guess I'm gonna have to use this project I made alongside the video as a "cheat" when working on this in the future
Jazaka Allaho Khayr Bro Neslon! Just on time.
Wow! your video is really awesome and information you have depicted is precise. Love you and following your channel. Thank you so much for your video and love to see more videos in youtube.
Wow!This is a reaaaaaaaally good course. Thanks my friend.
I just wanted to ask about the end point "/login" I did not see it somewhere. Please can you explain when you sue /login end point the flow on the code works? Thank you very much
1:30:10
1:20:24 The code after "Collector" can't be seen clearly
You are such a talented explanator. Thank you
Is there a git repo that we can chek out?
thank you very much for creating this video...cleared my concepts on spring security
This tutorial is amazing! Since the WebSecurityConfigurerAdapter has been deprecated in the latest version of Spring Boot/Security, is there a new video planned to update the content of this portion of the tutorial? It would be nice to see how set the SecurityConfiguration class using the @EnableGlobalMethodSecurity annotation, use the SecurityFilterChain class. Meanwhile, I'll try to convert that portion of the tutorial and figure it out. Again, thank you! Very informative!
Very nice, thanks for sharing your knowledge.
1:44:00 at line number 55, in the else statement you are allowing all requests with no authorization header. They should he blocked right?
thank you, i love well-rounded tutorials like this. very useful.
Thank you for share your knowledge, this would be very helpful for my personal projects :D
Hello! Thank you very much!! Now WebSecurityConfigurerAdapter seems to be deprecated, any suggestions?
at 1:33:02 wouldn't it be more correct to put swap line 41 and 42? Or how does the order work?
Outdated tutorial but all required information are given ! Thanks :)
Good job guys! Thank you for sharing your knowledge! 👌🌄
1:53:35 , I get an exception: " .filter.CustomAuthorizationFilter : Error logging in: Cannot read the array length because "array" is null "
Hey Nelson, first of all I wanted to thank you for your videos and the work you put into them. I wanted to ask you, if you could make a updated version of this video, with the new Bean based Security configuration stuff. I just don't get it to work. It always breaks and I have tried pretty much everything that came in my mind or what I found on google. I am not using spring for that long so I am still kinda new to the whole topic. I would really appreciate it! Keep it up man!
I benefited a lot from this course thank you very much brother Nelson
This video can't get any better. I've been searching for a video that explains the working of these security classes. All that regular courses included were spring auto security configuration, usage of jsp pages and not really getting into the core and playing around.
Wa Aleykoum Salam brother
Good to see you again
Amazing course!! Very well done, thankyou!
Following this tutorial, it's cool so far, good lookin' out! Just a little comment: you mentioned calling the class "User" is a bad idea, but actually, it's a terrible idea. I picked PostgreSQL instead of MySQL, and apparently, User's a restricted keyword there, so it was crashing, until I changed User into something else ("Member" in my case)
I encountered the same problem, luckily I decided to check the comments pretty quickly. Thank you, you saved me hours of debugging and research!
%100, thank you.
Thanks buddy.
You also can specify table name like @Table(value="users") on entity and postgres accepts it
also you can add new property in applicatiom.properties file:
spring.jpa.properties.hibernate.auto_quote_keyword=true
This will be add quote to keywords
this tutorial is pure gold! Awesome!
what theme you use for intellij idea?
I'm not sure I understand why at 1:44:05 you let a request continue even though the request doesn't have an authorisation header and is not an authentication request. What scenario could there be for this?
Asslam o Alaikum Sir first of all great effort great course thank you soooooo much for that
May grant you best reward for this
Thanks a lot for your video lessons! They are great and easy to understand and implement!
Is possible to implements this configuration to an angular frontend login and registration forms?? Thank you
Aleykum Selam brother, you and getarrays are awesome. May Allah bless you thanks to these free courses which helping people a lot. Greetings from Turkey 🇹🇷
Awesome, please make more videos junior with authentication...oauth....
Loved it!!!!!
Thank you so much again,
Nice Video, I hope you make a new video that talking about best practices of using Spring Security with other microservices and with API gateway existence.
Thanks a lot!
However, where can I find the example source code for this? At 32:38, you say it is in the description, but it isn't.
Great tutorial brother! JazakAllah Khayr
I have been waiting for something like this for a while
thanks brrrooooo!!,but where can i download you color theme for java ? it is so fancy!
what color theme are you useing in IntelliJ ?
If I see 404 error when I'm trying to access to localhost:8080/login, what should I do?
Damn! this tutorial is everything! Thanks Amiscode
good job Nelson, excelent explanation as usual!
Great video. One word of warning though. Be careful catching all exceptions as is done in doFilterInternal method as is done at 1:43:50. Any exceptions coming from later in the filter will be caught here and you may end up with a red herring "401 unauthorized error" which is nothing to do with authorization.
I hope this saves someone the frustration of trying to debug an authorization problem which isn't even there.
Yeah, better to catch JWTVerificationException