When you are sending a request without a token or with the invalid token you will get a 403 status code. But this should be 401. So I make a video demonstrating how to fix it. you can check it from here: kzread.info/dash/bejne/p5esmNmoZsfWaZs.html

@meryemOuyouss2002

Ай бұрын

OK sir thank you so much 👍👍

My man, you're a life saver, I was building a auth-server microservice for my college class and spring security wouldn't work. Threw that all way and followed your tips and guides, now it's running and the authentication is the sweetest thing. Thank you so much for your help!!!!

Thank you so much! This is very helpful. I've been struggling a lot with implementing JWT-based security on my api during the last quarter of 2023. Almost all tutorials and guides were already outdated and contained a lot of deprecated methods, and reading the documentations were a pain in the ass too. I got stuck with my personal project cz of it. Until now! You saved a lot of beginners, Iftekhar. Thank you!!!

@LearnWithIfte

2 ай бұрын

Thank you for watching. I am glad to know that it was helpful for you.

This tutorial is awesome, i didn't code for 2 years, now i'am back at it, it was very difficult, but this video was everything i needed, thank you so much.

@LearnWithIfte

2 ай бұрын

Thank you for watching. I am glad to know that it was helpful for you.

THANK YOU! Best video because you used up-to-date methods and not many deprecated ones like other videos

@LearnWithIfte

3 ай бұрын

I'm glad you found the video helpful!

@user13443fg

2 ай бұрын

true

Sir, I understood the concepts well because of your teachings.

Thank you for the updated and detailed tutorial on this subject

Best video so far on Spring Boot security.Respect!

@LearnWithIfte

3 ай бұрын

Thank you for the kind words, glad you enjoyed the video!

Love the way you teach simple and perfect keep doing it

@LearnWithIfte

4 ай бұрын

Thank you so much for your kind words! I'm glad you find my teaching style helpful.

Great video!! It really helped me, I found difficulties since a long time in security but thanks for help

@LearnWithIfte

4 ай бұрын

Thank you so much! I'm glad the video was helpful for you in overcoming your security difficulties. Keep up the good work!

❤You are making complex to very easy with your professional explanations. 🙌 ❤

Literally I watched lots of videos, didn't understand that much because JWT implementation java a little bit complex and finally got your video sir, this is really amazing for those(like me) who want to understand the architecture behind the implementation and the procedure of implementation. Really appreciate your valuable time and this amazing explanation. Thank a lot sir.

@LearnWithIfte

4 ай бұрын

I'm glad my video could help you understand the complex topic of JWT implementation in Java! It's always great to hear that my explanations are helpful to viewers like you. Thank you for watching and taking the time to leave such a positive comment!

@Dulan_M_Herath

3 ай бұрын

same here, watched tons of videos but this one is the best of the best. everything is explained. short and sweet

Thankyou, it really worked for me! learned something new 👍

@LearnWithIfte

2 ай бұрын

Thank you for watching.

Thanks! It was perfect, ! It really helped me!

This really helped me a lot. Thanks for such a tutorial

@LearnWithIfte

2 ай бұрын

Thank you for watching. I am glad to know that it was helpful for you.

I really thank you for this tutorial. After searching for a long time this is the first one I found that is no using deprecated mothods for JWT version 12.

@LearnWithIfte

2 ай бұрын

Thank you for watching. I am glad to know that it was helpful for you.

That was very useful. Thank you.

bro great job, thank you so much

Such a good video and very clear explanation!

Perfect video sir, this very help full for me. Thank you for make this video!

@LearnWithIfte

2 ай бұрын

Thank you for watching. I am glad to know that it was helpful for you.

Thank u sir for amazing explanation all concept is Crystal clear 🙌 so Thank you❤❤

@LearnWithIfte

3 ай бұрын

I'm glad the explanation was helpful! Thank you for your kind words.

Great job! You have helped me a lot!

@LearnWithIfte

3 ай бұрын

Thank you for watching. I am glad to know that it was helpful for you.

I had a hard time finding a tutorial that uses version 12.x.x This one solved my problems Thanks so much

@LearnWithIfte

2 ай бұрын

Thank you for watching. I am glad to know that it was helpful for you.

very easy to understand. thank you!!

@LearnWithIfte

2 ай бұрын

Thank you for watching.

Love this! Keep going brother!

@LearnWithIfte

4 ай бұрын

Thank you so much for the support! Glad you enjoyed the video!

Thanks from Brazil 🎉

Keep Going, You are going a long way. All the best

@LearnWithIfte

4 ай бұрын

Thank you for the encouragement!

thanks a lot. Jajakallah khairan

Love your content. Sir please post a video in a week🧡🧡

@LearnWithIfte

3 ай бұрын

Thank you for yout support. I will try my best to do this.

Great explanation. Thanks

@LearnWithIfte

4 ай бұрын

Thank you so much for your kind words! I'm glad I could provide a clear explanation for you.

Simple and clean... 👍👍👍

@LearnWithIfte

4 ай бұрын

Thank you for your comment! I'm glad you appreciate the simplicity and cleanliness of the video. It's always great to hear positive feedback from viewers like you.

I'm impressed🎉, Just for a suggestion when you write something can you please explain it's purpose so we can also understand it more clearly and it will be helpful for future audiences. ❤

@LearnWithIfte

3 ай бұрын

Thank you. I'll definitely consider explaining the code and its purpose in my future videos.

Please consider a tutorial spring boot with keycloak. Your explanation is really great ❤

@LearnWithIfte

4 ай бұрын

Thank you for the suggestion! I'll definitely consider making a tutorial on Spring Boot with Keycloak.

Amazing video!!!🤙

@LearnWithIfte

4 ай бұрын

Thanks!!

it's a good one. clean explanation. It would be great if you could include refresh token as well.

@LearnWithIfte

4 ай бұрын

Thank you for your comment! I'm glad you found the explanation helpful. I'll definitely keep your suggestion in mind for future videos.

Its really an amazing detailed video. Will you please enhance it by securing multiple microservices with this JWT authentication ?

thanks for your video its very helpful

@LearnWithIfte

Ай бұрын

You are welcome

Beautifuly explained

@LearnWithIfte

4 ай бұрын

Thank you so much! I'm glad you found the explanation helpful.

Thalaiva your great 💥💥

best explanation and its new methods uimplemented in this video .can you make any end to end project with all validations for learning purpose can you please make it. It will help to lots of students .

@LearnWithIfte

2 ай бұрын

Thank you for watching. I am glad to know that it was helpful for you.

thank you so much!!!!!

@LearnWithIfte

Ай бұрын

You're welcome!

clean explanation

@LearnWithIfte

4 ай бұрын

Thank you for watching! I'm glad you found the explanation helpful.

damn brooo thanks 😁

Great video, great job

@LearnWithIfte

2 ай бұрын

Thank you!

Your video has been incredibly beneficial to me, and I want to express my sincere gratitude. At around 58:30, wouldn't it be better to use the HTTP status code 201 Created for the /register endpoint?

Sir could you please add the refresh token as well to this lecture?? That would be really helpful.. thank you.

Amazing, good english, good explain

@LearnWithIfte

3 ай бұрын

Thank you so much for the kind words, I really appreciate it!

Very helpfull video! Could you please tell me what Theme you use for IntelliJ? I really like the colors of your editor :)

@LearnWithIfte

4 ай бұрын

I'm glad you found the video helpful! The theme I use for IntelliJ is called Material Theme UI, it's one of my favorites too!

👍 Thank you

@LearnWithIfte

4 ай бұрын

Thank you so much for your kind words! I really appreciate your support.

celan explanation. It would be great if you could include refresh token as well.

@LearnWithIfte

4 ай бұрын

Thank you for your comment! I'm glad you found the explanation helpful. I'll definitely keep your suggestion in mind for future videos.

Excellent

@LearnWithIfte

4 ай бұрын

Thank you so much for your kind words! I'm glad you enjoyed the video.

Great work sir, if possible make videos on chat applaication suing web socket

@LearnWithIfte

4 ай бұрын

Thanks for the heads up! I'll definitely make a tutorial on this. Keep an eye on my channel for more updates!

Thank you @LearnWithIfte!!!! Really helpful for my studies.

@LearnWithIfte

Ай бұрын

Thank you.

hello sir , I implemented jwt using your way for my USER entity class but ! there is one more class i.e VISITOR to that entity I also want to generate and validate token , how can i do so . let me remind you both these classes are two different entity classes and have different tables. hope you understand what i mean and I dont use roles and permission

hey buddy its like a harry potter stick just wow .... because i have been doing this on today from early morning and stucked at debugging the code why some request permited but still not working and after seeing this tutorial with a source code i just have to change appplication.properties file nothing else and code runs fine. Many thanks for sharing video with us along with latest spring security filter chain implementation without any deprecated warning code. 🙂

@LearnWithIfte

Ай бұрын

Wow. Thank you for watching. I am glad to know that it was helpful for you.

47:03 | 'Reactive' not use "new WebAuthticationDetailsSource", because ServerHttpRequest. pls!

@LearnWithIfte

3 ай бұрын

Please check the source code from github. You will find it in the description.

Tutorial was good sir. Everything worked. But I would be happier if those configurations and other security implementations explained a bit better. I have to find them separately.

@LearnWithIfte

Ай бұрын

Thanks for watching. I will try to add explanation in my future tutorials.

Thanks for video, and what about cors? If we will call this api from frontend.

@LearnWithIfte

4 ай бұрын

Thanks a lot for watching my video. I will write a blog on this and will share with you here. Hopefully, it will be helpful for you.

I am getting a 401 error. I appreciate the video defining 403 vs 401, but could you do a video that fixes the 401 errors?

Great Explanation. I also got problem in using @PreAutorize like how can we use it in latest versions of spring

@LearnWithIfte

4 ай бұрын

Thanks for your comment! I'm glad you found the explanation helpful. To use @PreAuthorize in the latest versions of Spring, you can simply annotate your method or class with @PreAuthorize and provide the necessary permissions or roles as arguments. Make sure you have the necessary dependencies added to your project as well. Let me know if you have any specific questions!

@arunsara2183

4 ай бұрын

@@LearnWithIfte yeah but that's the problem i was facing while using @PreAuthorize I got 403 but while setting up role authorization in config file it works fine.

@LearnWithIfte

4 ай бұрын

@@arunsara2183 can you please share your code via github?

Hello , thank you for the explanation when i register the token is generated , but when i try to login it's forbidden and in the database , the password is not hashed it's written as it is do you know why this might be happenning ?

@LearnWithIfte

Ай бұрын

Hey, thanks for watching. Unfortunately I don't have any idea why this is happening. Please check my code on github.

hello, i am able to log in and register but when i use the token to login i receive this error ".HttpMessageNotReadableException: Required request body is missing" and i am unable to log in. any ideas?

Thank you sir ,but I have a question when I do register I found thé 401 code but i dont know why???

@meryemOuyouss2002

Ай бұрын

It's my fault, thank you so much for this video, now it's working very well

Thank you for the latest JWT video. I've a doubt, when I try to access the "/demo" page with the bearer token. it's giving 404 error. I've done exactly the same steps you've done in the video. Do you have any idea what could be wrong.

@LearnWithIfte

4 ай бұрын

Can you please share your code?

@screwyouguysimgoinghome9835

4 ай бұрын

I was facing the same issue. But I sorted it out.

Nice 👍

@LearnWithIfte

2 ай бұрын

Thanks ✌

Thank you allah bless you

@LearnWithIfte

2 ай бұрын

Thank you for watching.

Thank you for your work! I have a question. When you are accessing "/demo" without a token, you get a 403 error. But shouldn't it be a 401 in this case? A 403 means that you are authorized but do not have access, while a 401 means that your token is invalid/empty. How can this issue be solved?

@LearnWithIfte

4 ай бұрын

Thank you so much for your support and for bringing up this question! It's great to see that you're paying attention to the details. You're right, there seems to be a mismatch in the error codes. I'll look into it and work on finding a solution. Your feedback is truly appreciated!

@LearnWithIfte

4 ай бұрын

Hi, I have figured out the solution. We need to add a CustomAccessDeniedHandler to provide 403 error for appropriate cases and also need to add an exception handler in the SecurityFilterChaing method to handle both 401 and 403 status. I have pushed the update to the git. you can check it from github.com/hello-iftekhar/springJwt

@LearnWithIfte

4 ай бұрын

I have made a video fixing this issue. You can check it from here: kzread.info/dash/bejne/p5esmNmoZsfWaZs.html

greate work ,could you do a curd of anything with role (admin and user )with spring angular and token i have some issues in that

@LearnWithIfte

4 ай бұрын

Sure. I will make a tutorial on that soon.

@Kamilek96

4 ай бұрын

@@LearnWithIfte Refresh tokens and external auth providers would be awesome too! :) Great tutorial

@LearnWithIfte

4 ай бұрын

Thank you for your feedback! I'm glad you found the tutorial helpful. I'll definitely consider covering refresh tokens and external auth providers in future videos.

In company also security services build like this or any difference is there?

@LearnWithIfte

4 ай бұрын

It depends on the requirement. In this video, I have shown the fundamental thing. In the real world companies may require an extra level of security. If you can understand the fundamental level, then you will be able to do the advanced levels of work. But you need to study a lot.

It would be interesting to see how to host a spring project)

@LearnWithIfte

2 ай бұрын

Thank you for your suggestion! I'll definitely consider making a video on hosting spring boot. Stay tuned for future content!

Im having issues with cors not allowing my requests that are coming from my react front end, Im trying to send the POST login request we allowed and cors is blocking me saying "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." do you know what could be causing this issue?

@LearnWithIfte

22 сағат бұрын

Hi, you can check this www.baeldung.com/spring-cors

@LearnWithIfte

22 сағат бұрын

this is another excellent resource: spring.io/guides/gs/rest-service-cors

Excellent explanation

@LearnWithIfte

4 ай бұрын

Thank you for your kind words! I'm thrilled that my explanation resonated with you.

@enescagrbayraktutan6329

4 ай бұрын

@@LearnWithIfte I would loved to see fullstack guide with react to fully cover spring security, like you did in Auth0. Keep up the good work man!

Sir my auth header is coming null how to debug it

Hello, could you make a video on how to connect this with Angular app on front?

@LearnWithIfte

2 ай бұрын

Thank you for your suggestion! I'll definitely consider making a on that. Stay tuned for future content!

hey, ur video has helped me a lot, but i got an eror 'ERROR: column "role" is of type roleenum but expression is of type character varying Hint: You will need to rewrite or cast the expression.' when i tried to insert user into database, pls help, i already altered the column role in database to enum. Tks a lot

@LearnWithIfte

2 ай бұрын

Can you please share your code? You can share your github link. learnwithiftekhar@gmail.com

Thanks for the great video! I completely copied your project, a new user registers, a token is issued, but when I try to authorize the user on /demo or amine I get 403, by the way, the same in your previous example, the /login page opens, and on /user and /admin I get 403. Tell me what could be the problem? I’m creating a new project, the dependencies are the same, I copy your code completely, I don’t add anything, but I get 403. Thank you in advance!!!!

@LearnWithIfte

4 ай бұрын

Can you please share your code?

@user-nj5to9yz6p

4 ай бұрын

Oh, I added the code from your repository and it worked! Thank you! Now I’m thinking about how to combine this with thymeleaf)))@@LearnWithIfte

@LearnWithIfte

4 ай бұрын

With thymeleaf you do not need this jwt token. You can check this video kzread.info/dash/bejne/nIShzcV_msW3c7A.htmlsi=u-KrMMBnNBmdu2KD

Sir, what theme are you using please?

@LearnWithIfte

2 ай бұрын

Material UI theme

brother, thank you for the video. i did everything as you did from what i understand. using postman, login/registration works. but when i log in and generate a jwt token and use that token to login in i get 401 error. i also get 401 error on every page other than the login/register pages. ive been looking at the source code trying to find a difference but i cant.

@LearnWithIfte

2 ай бұрын

Please double-check the return value of *isValid* method in *JwtService class.* There is a _ "!"_ symbol, you have may missed.

@uiyasser

2 ай бұрын

@@LearnWithIfte i have the "!" symbol, its in "!isTokenExpired" im not sure what else it could be

@LearnWithIfte

2 ай бұрын

Please share your code. learnwithiftekhar@gmail.com

@uiyasser

2 ай бұрын

@@LearnWithIfte i just sent the email, the subject is "github source code of jwt". thank you brother this means a lot

Hello, what if I want to add more than the username in the JWT payload ?

@LearnWithIfte

3 ай бұрын

You need to some tweak. First inside jwt service class you need to create a method to generate other property. below is an example of the method: Map getMyClaimsMap() { Map extraClaims = new HashMap(); extraClaims.put("hello", "world"); return extraClaims; } then you need to update generateToken method as follows: public String generateToken(User user) { Map claims = getMyClaimsMap(); //get extra properties String token = Jwts .builder() .subject(user.getUsername()) .issuedAt(new Date(System.currentTimeMillis())) .expiration(new Date(System.currentTimeMillis() + 24*60*60*1000 )) .claims(claims) // set extra properties in token payload .signWith(getSigninKey()) .compact(); return token; } Hopefully It will help.

Thanks a lot dada springSecurity by default puts UserDetails isAccountNonExpired, isAccNonLocked, isCredentialsNonExpired as true

Why we are not using @Autowired instead of constructor injection

@LearnWithIfte

5 күн бұрын

You can check this video to understand it: kzread.info/dash/bejne/mImnrbCjd7KaedY.htmlsi=eMrMs8vECrNY90eT

Hello friend, I need help with the code, it allows me to register and login but when I access the endpoint it gives me a 200, however it does not return anything, but when the token is correct, it may be that it doesn't matter at all.

@LearnWithIfte

3 ай бұрын

Please share your code. You can send me your GitHub link via email. You can find my email in my channel

Great tutorial however after ı wrtie the config class ı get 403 for my any POST request include login and register to (yes i disabled csrf)

@LearnWithIfte

2 ай бұрын

Please check if you are sending request with proper request body. Request is case sensitive. You can check the code in my GitHub. Link is in the description.

@berkegurel6836

2 ай бұрын

@@LearnWithIfte I found my issue(my 168 bits key does not enough for jwt. I found it when i debugging @EnableWebSecurity(debug = true)) thanks

why do we need to save JWT token into database?

@LearnWithIfte

Ай бұрын

Please check this video. Here I have explained the reason. kzread.info/dash/bejne/gaSHt5KPl8nRfJc.html

Can we get new video for writing test cases for this project?

@LearnWithIfte

6 күн бұрын

Sure.

Soooo cleaaaaaaan 🫡🔥

@LearnWithIfte

4 ай бұрын

Thank you for noticing! I put a lot of effort into keeping everything clean and organized for you all.

Can we Login without adding the Jwt filter?

@LearnWithIfte

3 ай бұрын

Without JWT filter the full application will become useless. This filter is responsible for filtering out unauthenticated user.

@imadyasin238

3 ай бұрын

@@LearnWithIfte Thankyou . I know that. I just want to know is that possible?

I have seen a lot of videos on JWT and this one again is a different everyone directly jump to the execution of JWD. No one explains how JWT works along with Oauth or standalone how JWT works. No one explains that.

but how can i create multiple roles from database

@LearnWithIfte

3 ай бұрын

For that you need to do some curd operations. I wall try to make a video in future for this.

I think that i love you.

Awesome but the way you implemented is not correct, 1.First user registre then server will send a success response your registration is success now you can login. 2.Then user will login will crendetial now server will send a access token.

can't we continue this project ? I would like to add some stuff that user could do after authorization

@LearnWithIfte

4 ай бұрын

Sure. Just give some suggestions of what tasks you want to do. I will try to make a tutorial on that.

@ruzibayevich1693

3 ай бұрын

@@LearnWithIfte let's say just a simple project, a user could buy a book from a store which sales only books, I think we don't need to add the payment system and etc, just a user should authorize and buy a book

@ruzibayevich1693

3 ай бұрын

that would be great if you make a tutorial for that @learnwithiftekhar

Hi good video, but have error 401Unauthorized; i clone your project and same error, can help me pls

@LearnWithIfte

2 ай бұрын

Please, check the request body. Its case sensitive.

@pedropierolopezmego1363

2 ай бұрын

@@LearnWithIfte JSON parse error: Cannot construct instance of `com.helloIftekhar.springJwt.model.User` (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('firstName')] have that error

@LearnWithIfte

2 ай бұрын

Are you getting this error from my github code?

@pedropierolopezmego1363

2 ай бұрын

​ @LearnWithIftekhar Yes, I cloned it and got an error. i dont know how to fix it

@LearnWithIfte

2 ай бұрын

Use this request for register user and let me know the result. { "firstName": "john", "lastName": "doe", "username": "john@gmail.com", "password": "john", "role": "USER" }

I think you are wrong returning 403 instead of 401 while authenticating with bad credentials... because: authentication is the process of checking if the user exists with valid credentials and it should return 401 in case of wrong credentials instead of 403, authorization is the process of checking if the user has the permissions (given by roles) to access certain resources, and it should return 403 in case that the user has no permissions...

@LearnWithIfte

4 ай бұрын

Yes, you are right about the status code. I have already recorded a new video on It. I will release it soon. However I have already updated my github repo fixing this issue. You can check the fix there.

@LearnWithIfte

4 ай бұрын

Hey, I have made another video where I have shown how to fix this issue. You can check it from here: kzread.info/dash/bejne/p5esmNmoZsfWaZs.html

Unpopular question: Which theme sir ?

@LearnWithIfte

4 ай бұрын

Material Oceanic

My reaction as a python developer “🙂💔” Sir please make video on python please 🙏

Здесь не хватает русского комментария. Спасибо. Сейчас тяжело найти актуальную JWT.

@LearnWithIfte

2 ай бұрын

Thank you for watching.

1:05:21 Status: 403 Forbidden I did every thing right, why may this happen ?

@madhunt378

2 ай бұрын

same to me

@LearnWithIfte

2 ай бұрын

please share your code via github. you can send mail to learnwithiftekhar@gmail.com

@tanushachekkapalli5251

2 ай бұрын

Same to me

@LearnWithIfte

2 ай бұрын

@@tanushachekkapalli5251 please check the isValid method in the JwtService.java class. many people make mistakes while writing return statements of this method. You can follow the source code from the github

@enderutlu791

Ай бұрын

Guys i solved my problem. It was on JwtAuthenticationFilter. In the line "if(authHeader == null || !authHeader.startsWith("Bearer "))" i forgot the "!" before the "authHeader.startsWith" function. This causes you to be able to login and register but not use any other endpoint.

login returning forbbiden 403