Sir , i have been following you since your first video on youtube and javabrains. I have gone through all your videos and learnt a lot. I work for a MNC company, and trust me it is because of only YOU. Thank you .Indeed.
Good to know! In that case, according to the rules, you now owe me 25% of your salary! 😜 Seriously though, thanks for following me over the years! Really appreciate it!
Hi Javabrains, I love all your videos very relatable and smooth but for the security video, web security adapter has been deprecated, I would love it if we could get the updated version of this lesson. Thank you sir.
Thank you! It would be great if you added a guide on upgrading WebSecurityConfigurerAdapter - it's deprecated now. But once again - thank you very much for the guides! They're awesome!
If anyone runs the code with no errors, but can't access your routes even with a successful login, do the next tutorial part. I had a problem where, even though the login form doesn't return "bad credentials" feedback, it didn't reroute me and I couldn't manually change to those routes. Finish part 5 and you'll be good. Thank you for your great courses @Koushik!!!
Note for my ref: How to configure authentication configure () method provided by the authenicationmanager class Two steps for this 1. Get hold of authenicationmanager builder class 2.set the configuration @enablewebsecuirty Extend websecuityconfigureadapter class and override configure() method .setauthorizationtype() . user () .password()
Hey, try looking up REST interfaces. It is basically the same, but your Spring Boot controllers listen to those RESTful HTTP requests. Once you get the hang of it, it is really easy to see that it really doesn't matter what context you are in because all communication is done via RESTful requests. :D
As you know, in Spring-Security websecurityconfigureradapter is deprecated, now how to configure AuthenticationManagerBuilder and HttpSecurity using In-Memory, JPA and JWT. Please explain.
Hi Christian, you could leverage knowledge acquired through these awesome videos to do the following tutorial - spring.io/guides/gs/authenticating-ldap/
Sir you have the idea whats going behind each and every method you explain. How you are getting that knowledge , through spring documentation or any other reading material. Knowing that will be really helpful when a new concept/version comes in or any changes happen, then we can follow those steps and learn ourself.
At 5:50, The method configure will have @Autowired also. Otherwise, It is not reading the configuration. Request you to please update the video a bit. Many Thanks for the videos.
Hi Sir, The video is great. However wanted to point out that from SpringBoot 2, WebSecurityConfiguerAdapter is deprecated. As SpringBoot 2 supports only Java 8 and above, they took the advantage of default methods in interfaces and introduced WebSecurityConfiguer interface. You can implement the interface and there is no change in any of the methods though. Request you to mention it in further videos. Many thanks for the great job done by you.
Hi Koushik, Could you please take examples of securing apps you created in microservices series it will cover two topics security in general and with spring cloud.... Thanks 😊
In order to extend WebSecutiryConfigurerAdapter I had to use @Configuration annotation before the class declaration and use these dependencies - org.springframework.boot spring-boot-starter-security org.springframework.security spring-security-test test
hi I found this videos useful and i like the way you teach but while using your concepts while practicing i cannot use WebSecurityConfigurerAdapter class for instatiating the AuthenticationManagerBuilder later i came to knew that WebSecurityConfigurerAdapter has been deprecated and cannot be used so how can i proceed with the hands on experience kindly guide me thanks in advance for your time and consideration
Incase someone is facing issues with the code not running properly use this code: @Configuration public class SecurityConfiguration { @Bean public InMemoryUserDetailsManager userDetailService() { UserDetails user = User.builder() .username("blah") .password("{noop}blah") .roles("USER") .build(); return new InMemoryUserDetailsManager(user); } }
new way of getting in memory authentication (SpringBoot 3.2.0): @Configuration public class SecurityConfiguration { @Bean public InMemoryUserDetailsManager userDetailsService() { UserDetails user = User .withUsername("user") .password("password") .roles("USER") .build(); return new InMemoryUserDetailsManager(user); } @Bean public PasswordEncoder getPasswordEncoder(){ return NoOpPasswordEncoder.getInstance(); } }
Will you please update this tutorial because WebSecurityConfigurerAdapter does not exist in Latest Spring-Security Version 6.2.2. As all spring boot version above 3.0.0 using security versions above 6.
Thanks! Can you please elaborate on your suggestion? Do you mean separate design pattern tutorials or explaining patterns as they occur? (I’m assuming you’re referring to the builder pattern that we encounter in this video)
@@Java.Brains I am just learning design patterns. And I find them helpful for understanding when I manage to recognize them. So I wish you would mention them. For example, the role of WebSecurityConfigurerAdapter as an adapter, when AuthenticationManager builds. Maybe it is excessive it is up to you. Nevertheless you gave more than enough information. Thank you!
Hi Koushik, Help me understand a bit, do I need to configure EVERY user in SecurityConfiguration ? What if I have 3600 users ? Do i need to configure everyone ? What if one changes a password ? Do I need to remake the configuration every time ? Thanks
I think you would most likely save the user's data in a external DB by letting them save their data through the registration process. Then, when they try to change their pw, the request would change the corresponding value in the DB. You would have to implement the methods and endpoints, but i do not think that you have to configure everything in the Configurer, unless you want to hardcode something for test purposes
Hello Java Brains and other users, Pls help me to understand: When we bootstrap spring security overriding configure(AuthenticationManagerBuilder auth), why authenticationManager gets initialised with User data and AuthenticationProvder. What is the use of it? As per say, AuthenticationManager implementation is provided by ProviderManager during request flow via Filter chaining process. Pls help me with understanding.
Hi thaks for your tutorial. I have followed your Microservice tutorials and was learning zuul and all. But stuck with an issue. i don't know if my issue is relevant on this video. I have set up zuul and spring security with micro service. But with out authentication i can use all microservices via zuul. It works perfectly. But when i incorporated JWT authentication while accessing microservices after authentication throwing CORS issue from accessing Angular. Could you please comment what should i take care to avoid this issue.
Is your API server on a different host from whatever is serving your Angular page? If so, you'll need CORS enabled for your API server. If this is the issue, it should really have nothing to do with Spring Security or JWT.
@@Java.Brains yes both on different machines. httpSecurity.authorizeRequests() .antMatchers("/**/cart/**").permitAll() These statement allow me to enter into cart service. Even in different hosts. I belive zuul proxy do something here. But when i add Authentication am getting the error. That's why i doubt security has something to do with zuul. Or i doubt i miss some configuration.
I am getting java: cannot access javax.servlet.Filter class file for javax.servlet.Filter not found in SecurityConfiguration which is extending WebSecurityConfigurerAdapter
you can use this one: @Configuration public class SecurityConfiguration { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authz) -> authz .anyRequest().authenticated() ) .httpBasic(); return http.build(); } }
In spite of extending WebSecurityConfigurerAdapter and overriding configure(AuthenticationManagerBuilder auth), the application is starting eith default password.
If you not able to use NoOpPasswordEncoder.getInstance(), then use the special construction nearby password : .password("{noop}bar"). {noop} delegate to NoOpPasswordEncoder
Sir , i have been following you since your first video on youtube and javabrains. I have gone through all your videos and learnt a lot. I work for a MNC company, and trust me it is because of only YOU. Thank you .Indeed.
Good to know! In that case, according to the rules, you now owe me 25% of your salary! 😜
Seriously though, thanks for following me over the years! Really appreciate it!
@@Java.Brains 😀😃😄
Hi Javabrains, I love all your videos very relatable and smooth but for the security video, web security adapter has been deprecated, I would love it if we could get the updated version of this lesson. Thank you sir.
thanks for this comment man , I was very frustrated to finding it
@@someone-pv9fo create bean of SecurityFilterChain. Maybe this comment is not for you but for the people still getting frustrated.
When I'll get job, I'll buy all of your courses cause u a amazing man
👍Can not wait to watch next video!
Thank you! It would be great if you added a guide on upgrading WebSecurityConfigurerAdapter - it's deprecated now. But once again - thank you very much for the guides! They're awesome!
True
@@LalitKumar-cw9rf aur bhai lalit kya haal chal ? Samaj gyi spring security ?
@@LalitKumar-cw9rf lalit ji ke maje he bhai tuje kya pata wo aajkal kya kya mje lete he 😃
If anyone runs the code with no errors, but can't access your routes even with a successful login, do the next tutorial part.
I had a problem where, even though the login form doesn't return "bad credentials" feedback, it didn't reroute me and I couldn't manually change to those routes. Finish part 5 and you'll be good.
Thank you for your great courses @Koushik!!!
it is mandatory that to say that u r very genious
Note for my ref:
How to configure authentication
configure () method provided by the authenicationmanager class
Two steps for this
1. Get hold of authenicationmanager builder class
2.set the configuration
@enablewebsecuirty
Extend websecuityconfigureadapter class and override configure() method
.setauthorizationtype()
. user ()
.password()
Can you please make a playlist on integrating angular with spring boot and spring boot security??
yes please!!
Yes Yes Please!!
Please do, If possible..
yes!! much needed...
also, If anyone is aware of and good playlist/resources on this, please do share!!
Hey, try looking up REST interfaces. It is basically the same, but your Spring Boot controllers listen to those RESTful HTTP requests. Once you get the hang of it, it is really easy to see that it really doesn't matter what context you are in because all communication is done via RESTful requests. :D
As you know, in Spring-Security websecurityconfigureradapter is deprecated, now how to configure AuthenticationManagerBuilder and HttpSecurity using In-Memory, JPA and JWT. Please explain.
Thank You So much Sir for changing my life.😇🙏🙌💐 You are brilliant ❤🥰
I will be very very thankful to you Sir 🙏
It would be great to include spring security with ldap. As always great video
Hi Christian, you could leverage knowledge acquired through these awesome videos to do the following tutorial - spring.io/guides/gs/authenticating-ldap/
I was expecting the video will contain how to configure security like how it's done in production
Dheivamae! Neenga dhaan en thala!
Hi Koushik, I have learned so much from your video tutorials. Thank You!!
Sir you have the idea whats going behind each and every method you explain. How you are getting that knowledge , through spring documentation or any other reading material. Knowing that will be really helpful when a new concept/version comes in or any changes happen, then we can follow those steps and learn ourself.
have you found the answer to this question? please tell us also.
that is a really good question to ask. Hope you found your way of learning, I am struggling with the documentations, they are so vague.
Thanks for making this tutorial.. I was waiting for this egarly..
Excellent explanation
Superb! great explanation! Thank you.
At 5:50, The method configure will have @Autowired also. Otherwise, It is not reading the configuration. Request you to please update the video a bit. Many Thanks for the videos.
simple clear explanation, thanks for this
Wow man you teach amazing
Superb explanation sir
dude, you are like a demigod or something. Thanks for the great stuff!
Hi Sir,
The video is great. However wanted to point out that from SpringBoot 2, WebSecurityConfiguerAdapter is deprecated. As SpringBoot 2 supports only Java 8 and above, they took the advantage of default methods in interfaces and introduced WebSecurityConfiguer interface. You can implement the interface and there is no change in any of the methods though. Request you to mention it in further videos.
Many thanks for the great job done by you.
Thanks for the comment. I’ll make sure to cover the Spring Boot 2 change in a subsequent video
This was much needed... thank you.
Clear cut explanation. Please change the comment statement colour as it is not visible to see
Thanks! Yup, I too realized that after recording. I’ll try to change the color from next time
Thank you sir..Well explained
I'm ur big fan.you really have motivated me and taught me a lot of courses. I hope my comments do motivate u too and continue ur work
Thanks! While I may not respond to all comments, I do read them all. It's a constant source of motivation, for sure!
Thanks for the tutorial Koushik, however, the WebSecurityConfigurerAdapter is now deprecated
Thanks for this tutorial. I learned a lot
Hi Koushik,
Could you please take examples of securing apps you created in microservices series it will cover two topics security in general and with spring cloud....
Thanks 😊
Thank you for sharing this video!!
In order to extend WebSecutiryConfigurerAdapter I had to use @Configuration annotation before the class declaration and use these dependencies -
org.springframework.boot
spring-boot-starter-security
org.springframework.security
spring-security-test
test
For postman you have to disable csrf and use basic authentication
Hi Kaushik ,
Please make one video on the JWT access token as well
Thanks for the great tutorial!
hi I found this videos useful and i like the way you teach but while using your concepts while practicing i cannot use WebSecurityConfigurerAdapter class for instatiating the AuthenticationManagerBuilder later i came to knew that WebSecurityConfigurerAdapter has been deprecated and cannot be used so how can i proceed with the hands on experience kindly guide me thanks in advance for your time and consideration
are you still looking for answer?
@@MuskanGupta-o7w I am looking
what u found guyes help@@sandeep7043
i found comment down that helps :
Very nice thanks.
at 8:50 the hashing password card is not appearing
Incase someone is facing issues with the code not running properly use this code:
@Configuration
public class SecurityConfiguration {
@Bean
public InMemoryUserDetailsManager userDetailService() {
UserDetails user = User.builder()
.username("blah")
.password("{noop}blah")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
Hi sir thank you for the video. Which theme you are using for IntelliJ?
mail me please if you find
Did you figure out?
This way is removed from latest Spring Boot. Maybe update the content? Thanks a lot. I love this tutorial.
new way of getting in memory authentication (SpringBoot 3.2.0):
@Configuration
public class SecurityConfiguration {
@Bean
public InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User
.withUsername("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
@Bean
public PasswordEncoder getPasswordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
}
Hi,
Can you make IDE colors more visible? I cant see anything you write.
Tnx for you great tutorials.
Why isn't the AuthenticationManager builder also exposed as a Bean that Spring just finds and uses?
Content is awesome,but since it is a dark theme ,cant see the program clearly,i request to change the editor theme to normal
Are you planning to do a series on Java Messaging Servicr?
WebSecurityConfigurerAdapter() is deprecated please update
Awesomeee!!!!
Will you please update this tutorial because WebSecurityConfigurerAdapter does not exist in Latest Spring-Security Version 6.2.2. As all spring boot version above 3.0.0 using security versions above 6.
Great explanation! But could you put greater emphasis on design patterns, it would be easer to understand .
Thanks! Can you please elaborate on your suggestion? Do you mean separate design pattern tutorials or explaining patterns as they occur? (I’m assuming you’re referring to the builder pattern that we encounter in this video)
@@Java.Brains I am just learning design patterns. And I find them helpful for understanding when I manage to recognize them. So I wish you would mention them. For example, the role of WebSecurityConfigurerAdapter as an adapter, when AuthenticationManager builds. Maybe it is excessive it is up to you. Nevertheless you gave more than enough information. Thank you!
Which bean should I use for hashing the password? Also, if I have multiple users stored in db, then how can I provide them authentication mechanism?
sir can u pls add tutorials for JWT token and OAuth2 also.
Big fan
Wonder why WebSecurityConfigurerAdapter class is there inside org.springframework.security.config.annotation(?).web.configuration package !!
Hi Koushik,
Help me understand a bit, do I need to configure EVERY user in SecurityConfiguration ?
What if I have 3600 users ? Do i need to configure everyone ?
What if one changes a password ? Do I need to remake the configuration every time ?
Thanks
good question? I have the same question, did you figure it out? thanks
I think you would most likely save the user's data in a external DB by letting them save their data through the registration process. Then, when they try to change their pw, the request would change the corresponding value in the DB. You would have to implement the methods and endpoints, but i do not think that you have to configure everything in the Configurer, unless you want to hardcode something for test purposes
Sir, could you please make videos on Design Patterns
Hello Java Brains and other users, Pls help me to understand:
When we bootstrap spring security overriding configure(AuthenticationManagerBuilder auth), why authenticationManager gets initialised with User data and AuthenticationProvder. What is the use of it?
As per say, AuthenticationManager implementation is provided by ProviderManager during request flow via Filter chaining process. Pls help me with understanding.
sir , have you removed application.properties file data , as i havnt and this is driving me crazy
which ide do you use?
Big fan :D
If u want to use useremailId instead of username for authentication how to do
why did you shift from Eclipse to InteliJ?
Please demonstrate Spring Security Using Kerberos.😁
websecurityconfigureradapter is now depricated
Thanks bro
Hi thaks for your tutorial. I have followed your Microservice tutorials and was learning zuul and all. But stuck with an issue.
i don't know if my issue is relevant on this video. I have set up zuul and spring security with micro service. But with out authentication i can use all microservices via zuul. It works perfectly. But when i incorporated JWT authentication while accessing microservices after authentication throwing CORS issue from accessing Angular. Could you please comment what should i take care to avoid this issue.
Is your API server on a different host from whatever is serving your Angular page? If so, you'll need CORS enabled for your API server. If this is the issue, it should really have nothing to do with Spring Security or JWT.
@@Java.Brains yes both on different machines.
httpSecurity.authorizeRequests() .antMatchers("/**/cart/**").permitAll()
These statement allow me to enter into cart service. Even in different hosts. I belive zuul proxy do something here.
But when i add Authentication am getting the error. That's why i doubt security has something to do with zuul. Or i doubt i miss some configuration.
How can I call it using postman for basic auth.
Please make tutorial on Kafka and Kafka stream ..
I am getting java: cannot access javax.servlet.Filter
class file for javax.servlet.Filter not found in SecurityConfiguration which is extending WebSecurityConfigurerAdapter
same for me..got solution??
WebSecurityConfigurerAdapter is now deprecated what is the recommended class to use now?
you can use this one:
@Configuration
public class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authz) -> authz
.anyRequest().authenticated()
)
.httpBasic();
return http.build();
}
}
u explain very slowly if u can speed up a bit too we will not mind.rest u are great no doubt.love n respect.
A kind suggestion: You can view any video presented faster by setting your video playback speed to 1.25, 1.5, etc within the youtube app/page setting.
Can you please share a tutorial to integrate JWT
When an angular app is calling a spring boot api, how would it supply the username and password?
Dark mode in the intellij is not that viewer friendly. Else, the videos are amazing
can you create some complete application with angular 7, spring boot,spring security, hibernate and mysql....Please
thanks sir
Don't you need to add "@Configuration" to the class?
Question : what is the significance of role
In spite of extending WebSecurityConfigurerAdapter and overriding configure(AuthenticationManagerBuilder auth), the application is starting eith default password.
stackoverflow.com/questions/43868329/custom-security-is-not-working-when-extending-the-websecurityconfigureradapter-c
Thanks
Thala! Please tutorial on Spring microservices with Oauth2 and Okta authentication
Yup, keep following this series for Oauth2. I haven’t personally worked with Okta, but I’ll see what I can do
Thanks a lot ji
can anyone point me to good springboot learning resources for reading. I find very tough going through official documentation. thank you!
and udemy videos also gie limited knowledge..so not udemy recommendations please.
How to disable the spring security aunthetication
WebSecurityConfigurerAdapter is deprecated now
2:26 using AuthenticationManagerBuilder to configure AuthenticationMamager
Extending websecurityconfigureradapter
Is there any code/github link?
ua-cam.com/video/TNt3GHuayXs/v-deo.html
It is time you show us how production applications are made
Getting this error with all the changes done " This application has no explicit mapping for /error, so you are seeing this as a fallback. "
Check your controller class once, what mapping have you given for it.
If you not able to use NoOpPasswordEncoder.getInstance(), then use the special construction nearby password : .password("{noop}bar"). {noop} delegate to NoOpPasswordEncoder
The font colours are dark same as background which makes reading what's on screen very tough and almost invisible. Please take care of it... :-(
How to get user from database.
gives "Bad Credentials" after entering the configured in-memory username and password
stackoverflow.com/questions/43868329/custom-security-is-not-working-when-extending-the-websecurityconfigureradapter-c
🥰😍
Use default mode...hard to see in dark mode....
Thank you so much.
Çalıştıramayan arkadaşım olursa yardımcı olurum.
why memory man?
These videos have no real-world application whatsoever. I just wasted 13 minutes waiting for something that actually makes sense to happen.
Misleading title
vary bad
Explaination is not all good please improve Explaination
Thanks for your comment. Please elaborate on what you found not good so that it can help me improve.
This guy is not worth enough to comment on your explanation since he repeated the explanation word itself wrongly twice 😉😉
😜😜👍