Cracked 2 interviews by watching your videos.. I love your videos bcoz they are to the point. The knowledge that you provide is priceless.. Can't Thank you enough.. But still Thank you Sir.! 😎
Thanks bro, I had been fixing my exception handler within my Jwt Authentication Filter since i saw you video. Please keep you're doing bro... I love you
I Watched all your 3.0 security really you working hard to educate people with your great content tanks!!!!!Can you please explain how to handle if you give wrong url while htting in postman we need to get response url not found
I've searched this everywhere how to handle the authentication exceptions but there were no good methods. Thanks a bunch ❤❤❤. And also is there a way to handle Username not correct Password not correct as 2 exceptions, do we need to create a custom authentication manager for that or can we somehow do it in an easier way ?
Thanks buddy but No we can't handle this whether the username is incorrect or the password because authentication failure means either one of them is incorrect
Hi , why did you use contructor to inject the bean could you please clarify ? is there anything I am missing out that could cause an error ? as I was able to create Bean of HandlerExceptionResolver by declaring it like this : @Autowired @Qualifier("handlerExceptionResolver") private HandlerExceptionResolver exceptionResolver;
Constructor injection is always recommended because Constructor injection in Spring is like building with LEGO blocks where you get all the pieces you need to assemble something, making it easier to build and change.
Hi can you please make a video on how to debug enterprise level applications and make changes on those applications….that would be really helpful..also I have learned a lot spring security and also❤micro-services from you
Amazing, but I have one question: Why can't @Component annotation remain on the JwtAuthFilter class with @Autowired HandlerExceptionResolver (and its @Qualifier) inside this JwtAuthFilter instead of making @Bean out of this class with constructor injection? Both seem to work, so what is the difference?
The JwtFilter should not be registered in the spring context (that is, it will be called every time we intercept a request). It should be registered only in the spring security context. Remove the bean defnition.
@@Javatechie yes sir in video you can also mention like this user should be unique other wise exception will come sir because it can't load 2 different people at a time to verify hibernate error will come myself resolved issue sir
i have an issue here, if my api returns a token expiration exception and i try any other api endpoints they are now returning token expiration exception unless if i restart my server. what coud be the problem...
another one is that my application doesn't seem to throw access denied exception when i use a valid token to access resources a user is not authorized. its returning 403 without body but i defined that. what am i missing here?...
sir if in uri i pass worng method name or wrong method type pass then which error will come? full authonication required to acees this resources or Norml error Get not supported if request is post or any another normal error will come?
sir for role based acess i was getting 200 when i am giving user token instead of admin token i am not getting 403 instance of AccessDeniedException is not calling remaing 3 exceptions working properly any issue
but You have not tested with wrong username only you tested with wrong password , this scenario you missed and I struggling with this scenario because my UserNotFoundException is being wrapped by some spring security related exception.
Yes vinodh , even I am not getting a proper solution for it . In one post I saw that we need to segregate service based on roles then implement that predicate in filter but not sure whether that is a feasible solution or not. Will do more research and update
Like { "userId": "1706ceb0", "userSecret":"1706ceb0-236dfv" } So there are two authentication one is by token and second is userId and userSecret but when hit the api by user I'd and userSecret then disable jwt+oauth and when hit the api by token then enable jwt+oauth, userId and userSecret given in header
![[Episode 38] Handling Spring Security Exceptions Using @ControllerAdvice](http://i.ytimg.com/vi/sCYoQIBND6w/mqdefault.jpg)
![Spring Boot 3.0 Security | Authentication and Authorization | [New Changes] | javaTechie](/img/n.gif)
Cracked 2 interviews by watching your videos.. I love your videos bcoz they are to the point. The knowledge that you provide is priceless.. Can't Thank you enough.. But still Thank you Sir.! 😎
First of all many many congrats and I feel so happy for your achievements. Keep learning 👍
@@Javatechie Thank you so much sir! 😊
Thanks bro, I had been fixing my exception handler within my Jwt Authentication Filter since i saw you video. Please keep you're doing bro... I love you
Awesome explanation. Very informative session. God bless you, Basant.
you are my hero @Java Techie. You saved my day...
I was looking for this solution too, I really appreciate your contribution thanks good man
The instance/path field is automatically defined? That's awesome.
I Watched all your 3.0 security really you working hard to educate people with your great content tanks!!!!!Can you please explain how to handle if you give wrong url while htting in postman we need to get response url not found
Thank you buddy 😊.
If you are giving the wrong URL by default it will give you 404 . What else you needed here
Every time is getting 403 error only@@Javatechie
I've searched this everywhere how to handle the authentication exceptions but there were no good methods. Thanks a bunch ❤❤❤. And also is there a way to handle Username not correct Password not correct as 2 exceptions, do we need to create a custom authentication manager for that or can we somehow do it in an easier way ?
Thanks buddy but No we can't handle this whether the username is incorrect or the password because authentication failure means either one of them is incorrect
What an informative topic bro.
Thanks a lot.
I was looking for this solution for so long thanks a lot man.
Hi ,
why did you use contructor to inject the bean could you please clarify ? is there anything I am missing out that could cause an error ?
as I was able to create Bean of HandlerExceptionResolver by declaring it like this :
@Autowired
@Qualifier("handlerExceptionResolver")
private HandlerExceptionResolver exceptionResolver;
Constructor injection is always recommended because Constructor injection in Spring is like building with LEGO blocks where you get all the pieces you need to assemble something, making it easier to build and change.
Awesome video its very informative.thanks
good session, thx for ur time and effort
thanks a lot. My problem is solved
Hi can you please make a video on how to debug enterprise level applications and make changes on those applications….that would be really helpful..also I have learned a lot spring security and also❤micro-services from you
Hello Sunder , how to debug i already explained please have a look
ua-cam.com/video/Kon1DGwbtzg/v-deo.html
make a video using authenticationentrypoint and accessdeniedhandler
Fantastic video. Is it possible to share the source code in the description to import and try from our end.
Yes it's already there in the video description please check
Thanks a lot 😍
Happy teachers day sir 🎉❤
Thank you murali 😃. Keep learning 👍
Can you please make a video on how to communicate multiple microservices using Kubernetes similar to Netflix Eurekha?
Yes it's in my queue
Amazing, but I have one question: Why can't @Component annotation remain on the JwtAuthFilter class with @Autowired HandlerExceptionResolver (and its @Qualifier) inside this JwtAuthFilter instead of making @Bean out of this class with constructor injection? Both seem to work, so what is the difference?
You can do either or . I prefer to go with bean approach but what you are asking us correct you can do that way
Same question. I tried this way and it worked for me.
Thank you
add one video to write test cases in security
Hi Javatechie,
Can you please create video on managed worflow orchestrator nowadays it's a common requirement in any project?
I don't have any idea on it . Will check and update
The JwtFilter should not be registered in the spring context (that is, it will be called every time we intercept a request). It should be registered only in the spring security context. Remove the bean defnition.
can you write a mockito unit test code for the code you wrote because in the job it's highly required, code review won't happen without it.
Great video sir I follwed jwt video I am getting 403 inseted of 401 I explicitly giving wrong password
No it shouldn't be please debug your controller advice class and also make sure you are using correct http methods
No sir you just demonstrate at starting of video same like that only
Are you giving the correct http method type in postman. Also did you add users in your database?
@@Javatechie yes sir in video you can also mention like this user should be unique other wise exception will come sir because it can't load 2 different people at a time to verify hibernate error will come myself resolved issue sir
sir do a video on swagger
Swagger already there please search with OpenApi in my channel
i have an issue here, if my api returns a token expiration exception and i try any other api endpoints they are now returning token expiration exception unless if i restart my server. what coud be the problem...
another one is that my application doesn't seem to throw access denied exception when i use a valid token to access resources a user is not authorized. its returning 403 without body but i defined that. what am i missing here?...
That's correct you should receive 403 only
What's the problem?
@@Javatechie the body is missing of which i need to return a 403 together with a response body...
Awesome.
i can use the authentrypoint to handler these sir
yes I tried but I couldn't figure out how to handle SignatureException and ExpiredJwtException
sir if in uri i pass worng method name or wrong method type pass then which error will come?
full authonication required to acees this resources or Norml error Get not supported if request is post or any another normal error will come?
It will give 403 . Because filters don't know which resource you want to access
sir for role based acess i was getting 200 when i am giving user token instead of admin token i am not getting 403 instance of AccessDeniedException is not calling remaing 3 exceptions working properly any issue
No it should work which endpoint you are trying to access
@@Javatechie I got it sir wrong package got imported for acess denied exception
4 hrs I am trying to solve it
No worries this kind of small mistake happened with everyone 🤪🤪🤪🤪
but You have not tested with wrong username only you tested with wrong password , this scenario you missed and I struggling with this scenario because my UserNotFoundException is being wrapped by some spring security related exception.
Can you do in the cloud gateway auth rules, we are waiting, that only pending I think, thanks
Yes vinodh , even I am not getting a proper solution for it . In one post I saw that we need to segregate service based on roles then implement that predicate in filter but not sure whether that is a feasible solution or not. Will do more research and update
@@Javatechie thanks, I will also research will help
Yeah sure and do let me know if you find some solution
how can I handle such type of error in auth2 resource server (like invalid token and expired token)?
are the fundamentals not the same?...
Mine is still not working
But how to authenticate I'd and secret key without token
Which secret key 🔐 ?
Like {
"userId": "1706ceb0",
"userSecret":"1706ceb0-236dfv"
}
So there are two authentication one is by token and second is userId and userSecret but when hit the api by user I'd and userSecret then disable jwt+oauth and when hit the api by token then enable jwt+oauth, userId and userSecret given in header
sir AccessDenied not work for me
👍👍👍👍👍👍👍👍
Happy teachers day sir ❤💐
Thank you 😊