Spring boot 3.0 - Secure your API with JWT Token [2023]
#spring #learning #springboot #springtutorial #springsecurity #developpement #java #arraylist #linkedlist #springdatajpa #querybuilder #aliboucoding #alibou #validation
Are you looking to secure your Spring Boot applications and keep them safe from unauthorized access? Look no further! this tutorial is the perfect solution for you.
In this course, you'll learn everything you need to know about using Spring Security and JSON Web Tokens (JWT) to secure your applications. We'll start by teaching you the basics of Spring Security and how it can be used to authenticate and authorize users in your application. From there, you'll learn how to implement JWT to provide a secure, stateless method of authentication.
👉🏻 Source code: github.com/ali-bouali/spring-...
Don't Forget to
===========================================
💯 Free courses here: aliboucoding.com
💯 Subscribe to the youtube channel
💯 Join our Discord Community - / discord
💯 Join our Facebook Group - / 589612651142975
💯 Join our Instagram: / alibou_coding
Table of content
00:00 Intro
01:55 How JWT security works
07:26Create a new spring boot 3.0 project
09:28 Add Data source
12:28 Connect to the database
17:12 Create user class
20:05 Transform the User to an entity
25:22 Extend the user to UserDeatils object
33:32 Create the user repository
35:50 Create the JWT authentication filter
40:58 Checking the JWT token
44:32 Create the JWT service
47:56 Add the JJWT dependencies
49:59 What is a JWT token
53:06 Extract claims from JWT
55:23 Implement the getSignInKey method
01:00:07 Extract a single claim from JWT
01:01:51 Extract the username from the token
01:02:52 Generate the JWT token
01:08:15 Check if the token is valid
01:11:22 Check the user existence in the database (JwtAuthFilter)
01:15:13 Implement the UserDetailsService
01:19:38 Update the SecurityContextHolder and finalise the filter
01:23:53 Add the security configuration
01:32:51 Create the authentication provider bean
01:36:41 Create the authentication manager bean
01:38:14 Create the authentication controller
01:40:55 Create the authentication response class
01:41:47 Create the register request object
01:42:50 Create the authentication request class
01:43:22 Create the authentication service
01:45:37 Implement the register method
01:49:28 Implement the authenticate method
01:52:17 Update the security configuration whitelist
01:53:35 Create a demo controller
01:54:55 Test the changes
Пікірлер: 760
Join the Micro Services course waiting list and get and get an exclusive *EARLY-BIRD discount* aliboucoding.ck.page/d0f9317e13
You have no idea how much you have helped me. Due to other tutorials being backdated, I just couldn't find a proper step by step procedure on how to implement jwt in spring boot. You saved my university major project. I wish you lifetime of happiness and health.
@BoualiAli
Жыл бұрын
Really happy you liked it
@aeroabrar_31
8 ай бұрын
@@BoualiAli A small error check : the token will get expired in only 24 minutes not 24 hours. Apart from that everything is crystal clear.
Thank you so much, very well explained! Very useful!!
I want to give you a huge thank you. I've been struggling with this for days due to other tutorials being outdated. You really saved the day.
@BoualiAli
Жыл бұрын
Glad I could help!
Many thanks! Your tutorials are absolutely fantastic. Pure gold! The content, your delivery and the speed - everything is just perfect. Sending loads of love your way!
@BoualiAli
6 ай бұрын
Glad you like them!
Loving this. Great start as I migrate to Spring Boot 3. Thanks man 🔥.
@BoualiAli
Жыл бұрын
Happy to know 🔥
Thank you so much for this fantastic Spring Security video!
@BoualiAli
9 ай бұрын
Glad you enjoyed it!
جزاك الله خير It's amazing content
Wonderful ! thanks for the effort and clear tutorial!
@BoualiAli
Жыл бұрын
My pleasure
Perfect! This is the most well explained tutorial I have seen and I have seen many regarding the discussed subject.
@BoualiAli
Жыл бұрын
Happy you liked it
Very awesome tutorial, great explanations on the concepts, easy to follow along. I have really learned alot Ali. Looking forward to learn more courses on Springboot and Java.
@BoualiAli
Жыл бұрын
Thank you so much for your feedback 🙏
Thank you so much for this fantastic Spring Security video! It was incredibly helpful and provided me with valuable insights. I really appreciate the clear explanations and the practical examples demonstrated throughout the tutorial. Your expertise and teaching style made it easy for me to grasp the concepts.
@BoualiAli
11 ай бұрын
Glad it was helpful!
this is the video perfectly understand the spring security for me. Thank you so much @Bouali Ali
@BoualiAli
Жыл бұрын
Happy you liked it
Great work and content! Thank you very much for this.
@BoualiAli
Жыл бұрын
Happy you like it
Amazing content. Thank you for your good work to enable us acquire skills.
@BoualiAli
Жыл бұрын
really happy I helped you learn
Thank you very much for this. this was great. you have gained a subscriber forever!
@BoualiAli
Жыл бұрын
So happy and proud to have you here
Great Video, you saved my life on a bug that I've been searching for so long since I migrated to spring 3.0, Keep it up! from Tunisia
@BoualiAli
Жыл бұрын
My pleasure bro I like Tunisian people 🇹🇳
Amazing course, i get all workflow about jwt spring security, how to extractAllClaims, single claims, how to use JWTAuthenticationFilter and more. Thanks for this update spring security jwt and hope you take care of you!! Great time!!
@BoualiAli
Жыл бұрын
Fantastic!
Very awesome tutorial, great explanations on the concepts, easy to follow along
@BoualiAli
9 ай бұрын
Glad you liked it!
Great video man, I have recently started learning Springboot and there wasn't many content for 3.0 out there, was exactly looking for this, the way you explained everything was very well done and understable, Thanks and Keep it up!
@BoualiAli
Жыл бұрын
Thank you for the great feedback.
@user-wh3lx1hz8d
Жыл бұрын
I had the same issue and it turns out I had left User's isEnabled() to false, when it should be true.
This is just what I needed, great explanation and the most important, it works!!! , Thanks and greetings from Colombia.
@BoualiAli
11 ай бұрын
Great to hear! Greetings from 🇹🇳
I just finished this tutorial and trust me, if you want to learn about Spring Security using JWT, this is the way. Thanks @Bouli Ali for such awesome content
@BoualiAli
Жыл бұрын
I really appreciate your great and honest feedback. This keeps me motivated to provide more and better content
great content, I'll be finishing the one on amigos code cause I'm still using spring 2.7, I'll book this video once I upgrade!
@BoualiAli
Жыл бұрын
That’s good
Thanks a lot man, your explanations are the best! Subscribed! I will see the refresh token vid now :)
@BoualiAli
Жыл бұрын
Thank you 🙏. Check the spring security playlist for more videos
This video made all my doubts clear. Thank you so much.
@BoualiAli
Жыл бұрын
Really happy you liked it
Thank you so much bro ! Best tutorial I've ever seen.
@BoualiAli
Ай бұрын
Glad you think so!
Great Video Bouali ! I have learned many things. Subscribed your channel also . Thanks a lot !
@BoualiAli
Жыл бұрын
Great to have you
this tutorial is very helpful. thanks a million
@BoualiAli
Жыл бұрын
My pleasure
Good job ,and i realy appreciate you so much .
@BoualiAli
Жыл бұрын
Thank youuuu
Thank you Ali!
thank you for this video!
@BoualiAli
Жыл бұрын
My pleasure
Gold. 👍 Thank you.
@BoualiAli
11 ай бұрын
Happy you liked it! Thank you too!
Absolutely great tutorial!
@BoualiAli
Жыл бұрын
Happy you liked it
Thank you very much. you save me and my university project. Subscribed
@BoualiAli
8 ай бұрын
Glad I could help!
Great Job Ali, thans is the best Tutorial I ever see. I like and Subscribe right now.
@BoualiAli
Жыл бұрын
More thank happy to have here
What a great video! you have gained a subscriber forever!
@BoualiAli
Жыл бұрын
You’re welcome forever
Amazing course, I learned so much! It is even more amazing the code you gave on github, however I wish I could have some explanations on all the additional stuff there is in the repo
@BoualiAli
8 ай бұрын
Happy you liked it! Just follow the playlist order and you will get each line of the code
Thank you from South Korea!
@guratete
Ай бұрын
how is the job Market in Seoul for Java Devs, I am in China and looking for new opportunities in other countries
Great explanation !! Thank you very much, u're awesome
@BoualiAli
Жыл бұрын
Glad you liked it!
OMG this is the most awesome tutorial I've ever watched
@BoualiAli
Жыл бұрын
Thank youuuuuu. Happy to know that
love the way u teach (:
baraka al Allahu fik. Keep up the good work!
@BoualiAli
Ай бұрын
my pleasure Check the new one, it is more updated with no deprecations
@mahmoudotri6103
Ай бұрын
@@BoualiAli Awesome! may you share the link for it?
@BoualiAli
Ай бұрын
@@mahmoudotri6103 check the videos and you will notice it. It is a recent upload
thank you khouya, merci beaucoup pour ton effort.
@BoualiAli
Жыл бұрын
My pleasure
thank you so much for the course, it is very helpful. I hope you could make a continuation video implementing the APIs in Angular. I 'm really stuck right now
@BoualiAli
Жыл бұрын
Happy you liked it I'm already preparing a video for that
Hello, it was a great step-by-step tutorial. The things that weren't clear to me became clear after I watched this video for the second time. The only moment (just statistical) - the token expiry date wasn't 24h from the moment of creation. 1000 ms -> 1s; 60 * 1000 -> 1m; 60 * 60 * 1000 -> 1h. So adjustment should be settled to 24 * 60 * 60 * 1000. Your token expiry date is 24 m.
@BoualiAli
Жыл бұрын
True, but just for the sake of the tutorial I removed the *24 to have short living token. Sorry for the confusion
I was struggling to learn this, thank you so much for this video. It helped a lot
@BoualiAli
Жыл бұрын
I’m happy to help
@muniapriyansu8805
Жыл бұрын
@@BoualiAli what changes to make in order to specifically allow USERS to one endpoint? .hasRole("USER") doesnt work SecurityConfiguration
@BoualiAli
Жыл бұрын
@@muniapriyansu8805 you need to add the annotation @enableglobalsecuritymethod on the security config class and the @preuathorize will work like a charm I have another spring security in the same playlist that explains authorization and how it works
Thank you for your efforts, your brother from morocco.. Keep it up 🙂
@BoualiAli
Жыл бұрын
My pleasure
thank you very much for the information and excellent explanation
@BoualiAli
2 ай бұрын
Glad it was helpful!
I just discovered your channel, what a great content, Allah y3tik lkhir
@BoualiAli
Ай бұрын
Thank you so much 😊
Great Video, thanks a lot
@BoualiAli
5 ай бұрын
Glad you liked it!
Too good. Awesome.
@BoualiAli
Жыл бұрын
🙏 thank you
muchas gracias por la explicación y por compartir el repositorio 🤓
@BoualiAli
8 ай бұрын
My pleasure!
thanks for your efforts
@BoualiAli
Жыл бұрын
Welcome 🙏
Intéressant ! mister bouali ...
@BoualiAli
Жыл бұрын
Thank you
It is astonishing with what fast pace spring boot is moving forwards. Alot of the methods shown here are already deprecated and marked for removal.
awesome tutorial!
@BoualiAli
2 ай бұрын
Glad you liked it!
Excellent tutorial
@BoualiAli
Жыл бұрын
Thank you
Thank you 🎉
@BoualiAli
8 ай бұрын
You’re welcome 😊
Great video Bro keep going 😀😀😍
@BoualiAli
Жыл бұрын
Thank you, I will
that's perfect, please keep on keeping on!! could you please tell how you learned it and how you would recommend people learn it?? imho documentation usually gives the "What" about everything in it, not "Why"
really great video!!!! thanks!!! I would adapt the title just put (registration & login) because KZread does not show your video, when searching for spring boot registration & login
@BoualiAli
7 ай бұрын
Thanks for the tip!
great!
@BoualiAli
Жыл бұрын
Thanks
Thank you so much, I followed this guide and everything works great. I have a question though. In the isTokenValid method of JwtService we check if the username(email) from the parameter userDetails is equal to the username found in the token. However the parameter userDetails is always aquired from the username found in the token (e.g. in AuthenticationService or in JwtAuthenticationFilter). So the way I see it we extract the username from the token and then check if the extracted username is equal to the username found in the token. Wont that always be true?
Great content, thank you. can you please provide a tutorial in Oauth2 implementation in spring boot 3 (Authorisation server + Resource server) using JWT?
@BoualiAli
Жыл бұрын
Working on it
Hi! Great Tutorial! One of the best I ever seen. I have only one problem, I can still add more users with the same email. You don't check this in tutorial too.
@BoualiAli
Жыл бұрын
Thanks for the comment. Yes duplicated users are not prevented. Add @Column(unique=true) on the email field and it will fix it
Good job aloulou ;)
@BoualiAli
11 ай бұрын
thank you 3chiri
Thank you very much for explaining to us how jwt works under the springboot 3 to do whole authentication part , would you give a follow-up with the role based version in the next comming up videos?😁
@BoualiAli
Жыл бұрын
Sure thing!
@qigongzhu2733
Жыл бұрын
@@BoualiAli thank u so much, after watching your old 2.0 role based version and your comment down below I assume using EnableMethodSecurity as well as preAuthorize can do this . But for controlling the role to limit on CRUD or refresh token I have no clue
thank you for your tutorial i hope you do tutoril for spring boot microsrvice securty JWT
@BoualiAli
Жыл бұрын
I’m preparing something already
Hi Ali, if possible, could you show the imports of the class briefly after you finish with a class, for comparison next time? Thank you!
@BoualiAli
Жыл бұрын
Check the code on Github
I am subscribed
@BoualiAli
Жыл бұрын
Really happy you liked it
Randomly found this channel. Wonderfully explained. Thanks a lot. Just a request, could you paste that key generator url in the description?
@BoualiAli
10 ай бұрын
You can check the code in my github account (link in the description)
thx
Thank you for your awesome tutorial! I learn a lot from your video. Let's say if we had multiple microservices and Spring Cloud Gateway routing to process requests to those (downstream) services. I was wondering if you could let me know how we can apply the jwt from your video (user microservice) to other microservices as a global one. Thank you once again for your time and consideration!
@BoualiAli
Жыл бұрын
It works the same way. Just implement it on the api gateway level
@BoualiAli
Жыл бұрын
Really happy to have you here
Thanks for the video, it's so useful! What setting you are using for your Intellij, looks good :)
@BoualiAli
Жыл бұрын
Thanks for the feedback It is the new ui from the latest version of intellij
For the Spring Security package to be complete on your channel, could you please make a video explaining how to configure CORS using Spring Security? For example, as routes from other origins that need authentication with the head "Authorization" in the request, I would be very grateful
@BoualiAli
10 ай бұрын
Coming soon 😁
Awesome, I love your explanation. Can you make video on Spring boot 3.0 - Webflux with JWT Token
@BoualiAli
Жыл бұрын
I will take note of that. I’m preparing a new video that you’re gonna love absolutely
@vijayank923
Жыл бұрын
@@BoualiAli I’m waiting
This is soooooo long ! Thank you for doing everything step by step but its my request please bring a Course on Spring Security where you can explain things on a slow pace. That would help us get more clarity.
@BoualiAli
6 ай бұрын
Sure
Hi Ali . I just wonder what site did you use for entire architecture picture ? Look so great!
@BoualiAli
9 ай бұрын
I use drawio for that
Thank you very much for the tutorial , could you provide us how implement login with social media and jwt
@BoualiAli
Жыл бұрын
I’m worrking on such tutorial
Thank you for your great explanation. I watched this video many times, it 's very clear. Can we have the sources of your project ?
@BoualiAli
10 ай бұрын
Hello, The repo is in the description of the video
Hey, @BoualiAli awesome tutorial and content on the channel at all :D You are doing a great job. :) I have one question. How can this code be improved, what can I do additionally to secure my app better?
@BoualiAli
7 ай бұрын
User OAuth2
Hello sir i saw video tutorial n these are awesome like each n every topic will convered in videos. One request from my side for desktop native application using electron js with angular in details project like books library project i possible please consider it in your upcoming playlist because no one is on you tube who is doing electron js tutorial.
@BoualiAli
Ай бұрын
I will try my best
Firstly thanks for this video. Could you explain how to set token expiration time and refresh token expiration time. Thanks again. Greetings from Turkey 🇹🇷
@BoualiAli
Жыл бұрын
I will create a new video about refresh token asap. Greetings
Great video, great work and great content! I would like to ask you how should I configure Spring Security to have persistent authentication. With Postman everything works, but what if I want to do fornt-end side authentication?
@BoualiAli
Жыл бұрын
I’m creating a special video for that. Coming soon
16:50 You don’t need to specify the driver-class-name since Spring Boot can deduce it for most databases from the url. See Spring Boot 3.0 Data docs.
@BoualiAli
Жыл бұрын
True, but if I don’t specify it people will ask about and I forgot to mention that in the video. Good comment 👍
Great! One question, you take the jwt of the authenticate(log-in) to send the Demo Controller request. If I use jwt I got from Register, it is the same ? In simple words, if I want log-in directly after the register (and not log in again), is there any extra step I need to do? (for example set SecurityContextHolder). I guess both in log-in and Register the SecurityContextHolder must be set ! Thanks !
Thank you very much for the quality content Ali. Just a small query, how can we make sure the /register endpoint isn't open to everyone. I mean there should be a mechanism to let only specific people register and access my api who know something (may be a secret key).
@BoualiAli
Жыл бұрын
Thanks for the feedback. In this case, you can restrict access to your app/api via the network (ingress) and you allow specific white list ip adresses (aws security groups with vpc / ec2 for example)
Can you please make a tutorial about authentication and authorization exception handling. Like where to throw exceptions if invalid credentials were prompted or JWT related exception 🙏
@BoualiAli
Жыл бұрын
Check the exception handling video. You have the answer there
Great content and i want to know how you customised side bar icons instead of text in your intellij
@BoualiAli
Жыл бұрын
It is the new UI from intellij. Download the latest version and you will get it
Nice content boss, it was really helpful. I've fallen in love with your IDE, is it an intelliJ theme or a newer version of intelliJ. I really do need it
@BoualiAli
Жыл бұрын
Thank you for the feedback. It’s the new Intellij design from the latest version
@HappyBibi93
Жыл бұрын
@@BoualiAli Yes, i use the new version. But which theme is it? 🙂
Great work and content! Can yo tell me the theme/setting you have? At 1:08:08 (the green extraClaims for example)? In default New UI of Intellij 2023.3.2 there is no green color for me but in your video it is there. I like it better as you configure it. Thanks!
@BoualiAli
Жыл бұрын
I have no extra config, it is the default theme. I’m using a mac 💻 maybe this is what’s making the difference
I can't really express how you are amazing Mr. Bouali. The explanation is clear and straight to the point. I wanted to ask you if there is a way to not to hit the database for each request as this will be overhead for it. can we make it in the register & authenticate part only?
@BoualiAli
5 ай бұрын
You can implement caching
@samymohsen505
5 ай бұрын
can you please recommend me a good way for In memory caching? or any other way that make me avoid using things like Redis aka other database with its own server?@@BoualiAli
Awesome video. Just spent the entire day yesterday coding it by hand and following the video. I do have one question. I've done JWT authentication in other languages, and we always validate the token by using its signature, instead of just comparing the claims to expected values. Is this something that is handled internally by Spring Boot?
@BoualiAli
Жыл бұрын
When you call the decode method, it is validating the token using the signature
MapStruct tutorial on of these day showing us how to use Entity & Dao for more consistency data modeling? thanks a lot
@BoualiAli
Жыл бұрын
Can you explain better please? I didn’t fully get it
Thank you very much for the content! Can you write for us the non depricated solution for setSigningKey() and parseClaimsJws()?
@BoualiAli
14 күн бұрын
Yes, check the playlist and the videos and order by publish date
that is the best vedio about jwt implementation so far, thank you for your simple explanation that even a new user of the spring framework could understand clearly. i have a question please if you don t mind, I'm using spring mvc with thymeleaf, i don t know how to send the jwt token in the header with thymeleaf like in your case with postman you sent it in the authorization type bearer token, and there is no one talking about it thank you
@adrianfee9131
Жыл бұрын
I am also trying to figure this out
@darkmagician2519
Жыл бұрын
@@adrianfee9131 i manage to do it using session like instead of retrunin the jwt token to the user and send it from the header you can just save it into the session than in the dofliter function you take the jwt token and validate it from the session i ll join the code below i hope this helps
@darkmagician2519
Жыл бұрын
i don t know if it s the right way to do it but it is working
❤️👏👏
Thank you so much I always use your method for secure but I have question Can I use this codes in big project
@BoualiAli
Ай бұрын
better use keyclaok. the video is coming next week
It was really a great and helpful video, thank you so much and please keep providing with such quality content like this. I have a question if you could answer me I will be grateful for you, just I wanna know how we can implement a logout method ?
@BoualiAli
Жыл бұрын
Hi For the logout, you should implement a logic for that. I will create a video for it in the coming days
@mouradeljayi584
Жыл бұрын
@@BoualiAli I managed to clear the storage on the client side and delete the token Is this enough ? Or I must add a method on the server side for more Security purposes ? Thank you again
@BoualiAli
Жыл бұрын
@@mouradeljayi584 this can be enough.
Hello, Thank you this helped a lot. But can you tell me why register api works in postman by returning a token but authenticate api gives cache miss for REQUEST dispatch to '/api/v1/auth/authenticate' (previous null).