Spring Boot 3 Security Tutorial | Authentication and Authorization | [2024]
Become a Spring Boot Security expert with this in-depth tutorial! Dive into essential concepts like authentication, authorization, in-memory user management, database user management, custom error and login screens, dynamic user registration and login, and more.
This tutorial will guide you to secure your applications with the latest Spring Boot 3.2 (2024 release)!
📚 Chapters:
(00:00) Introduction
(02:05) 1. Configure spring security dependency
(05:29) 2. Role-based authorization
(09:51) 3. In-memory user authentication
(18:13) 4. Database-backed user authentication
(19:36) 4.1. Create user database table with Spring JPA
(22:29) 4.2. Connect user table to Spring security
(29:57) 4.3. Register new users
(34:22) 4.4. CSRF blocking for post requests
(38:44) 5. Customize error pages
(42:43) 6. Customize login screen
(46:04) 7. Redirect to a specific page after successful login
(50:38) 8. Comparison of password encoders (BCrypt vs Scrypt vs Argon2 vs PBKDF2)
(54:22) Conclusion
Find the project on GitHub: github.com/afsalashyana/Sprin...
Пікірлер: 83
Part 2 - JWT Authentication with Spring Security: kzread.info/dash/bejne/eo12tKSkidfWldI.html More in-depth Spring Boot courses on the playlist: kzread.info/head/PLhs1urmduZ2-W9wfEktEnSYJWrdoLUdOk
@RK22082
18 күн бұрын
40:30 To Rename any file from the Intellij Idea, Right Click -> Refactor -> Rename 😊😊😊 @GenuineCoder ❤❤❤
Thank you for this amazing content!
perfect video i am searching for , i really enjoyed it keep uploading like....
perfect tutorial, I enjoyed watching.
I have been watching spring security videos for many days, they delivered lecture over 1-2 hours, but your lecture is so clear and easy to understand over this difficult topic, thank you so much sir, for your contribution.
Extremely interesting tutorial. The comparison between hashing methods was also very helpful. Thank you for sharing this content.
You are truly a genuine coder, the video is so precise, i highly recommend this tutorial.
This is the best tutorial on Spring auth in KZread so far. Thank you very much. I mean its the best. I had to subscribe for more
Thank you. very clear I highly recommend this tutorial
amazing video. Thank you!
The best tutorial about Spring I've ever seen, thanks
best ive ever seen. thank you so much.
Great content explained with good pace, it gives time frame to understand new learner. Great Job!!
Thank you very much, it is really helpful
Thanks for very helpful article. I research and practice for many article then realize it’s security spring 2. Thanks for ur security spring 3 one more time. Now i can move on another section 🎉 u explain very detail, hope i can see u in another video
Excellent explanation
To all who are searching for building a login system using spring security, this is best one I have found. Perfect in all sense. THanks bro. Please do build more videos. You are doing a great job.
@_naushad_ahmad
9 күн бұрын
Hey Bro. Have you implemented the code . When i login the page i got bad credentials.
@indiancitizen6609
8 күн бұрын
Either your username or password might be wrong
Woa, this tutorial is very good. I really recommend this
Great content Sir plz dont stop making such videos Too good thank you !!
Good explanation. Thanks
Sir please bring more Spring Boot tutorials and its important topics
Thank you very much sir👏
NICE VIDEO PERFECT, THANKS FROM COLOMBIA
Great stuff!
i was try lot of attempt to learn this concept but i con not learned.thanky to your video.🙂
Thank you for great video and very good explanation! Can I may one questions? Why we have two instances/beans (lines 32, 69) of one classes MyUserDetailService ?
the great tutorial !
you are a genuine coder fr)
Thank you!
Nice work
very good content...
Thanku sir..!!
Malayali bro :) . I love your slang .❤. from TN
this is good way of teaching with such relaxed explanation . A billion thanks to the tutor i have been using old version of spring security i got confused to align with these new changes. kindly do more videos on spingboot and microservices. as continuation for this can you make a video on jwt and oauth2
@GenuineCoder
Ай бұрын
Thanks. A new tutorial for microservices with real-world video streaming project is now available kzread.info/dash/bejne/f6aHp6Wdg6zHf8o.html
perfect👌🏽
it’s perfect 😅
this is called Best
This was a great help, i was trying to make a register page and it worked; tho i'm having some difficulty trying to give MyUser more attributes, everytime i give them a birth date or an email i can't register them anymore on the DB. I think it has something to do with the UserDetails but don't know how to proceed.
@GenuineCoder
6 күн бұрын
What's the error you are getting? Any error messages?
Hi Sir, I am getting "please sign in" error when i do user registration using postman and as csrf is also disabled. Please suggest any other changes i need to do with spring security 6
Great tutorial! Clear, chill and great overall tutorial! But I just had a question, how would I go about retrieving the user id?
@GenuineCoder
Ай бұрын
Thanks! I believe you want to get all the users and their IDs. This can be done by creating a new GET endpoint. For example, at 31:38, you can - Create a new GetMapping("/register/get-registered-users") function. - Use myUserRepository.findAll() to get all the registered users. - Take the username and their ID and return it as the endpoint response.
@lorenzo.
Ай бұрын
@@GenuineCoder Ahh that's what I thought matching the username in the db. Is there no other way of doing this in a controller? Using Principal or something along those lines?
@GenuineCoder
Ай бұрын
@@lorenzo. I understand your question better now. You want to find the current already logged-in user while accessing an endpoint, right? There are multiple ways to do this. For example, on every endpoint function, you can inject a Principal object and get the username from it. @GetMapping(value = "/user/get-logged-in-user") public String getUsername(Principal principal) { return principal.getName(); } Here's a tutorial for this www.baeldung.com/get-user-in-spring-security
you have like, thanks
Thank you very much. But in my case I faced the problem of incorrect redirection after click 'Log in ' button'(nothing happened). I solved it by replacing th:action in custom_login.html to . I use 3.2.5 version of springboot.
great
This is an excellent video, and it was a very good revision for me as I have not used this for a while. I have two questions if I may please: 1) when using Spring Boot as a Rest API, when I am only returning JSON, and i have a seperate front-end, I was having issues with filters, and I had to implement my own authentication end point in a controller, is this normal ? How to use filters with REST API? 2) Is it possible to use HandlerInterceptor instead of filters ? OMG, at 47:38, look at the names of those classes, no wonder so many people are turned off by Java code, I love Java, but these names are awful
@GenuineCoder
2 ай бұрын
1. Using filters to do manual authentication (using credentials as request parameters OR request headers) is possible. But, it is not recommended. Because, login session management (allowing subsequent requests after login) becomes hard. Also, this is not safe as per industry standards. Better will be to do it via username-password authentication using Spring security or use OAuth and JWT tokens. 2). You can use HandlerInterceptor for this requirement. The difference is, filters work at the servlet level and HandlerInterceptor work at the Spring MVC level. So, HandleInterceptor can handle spring context as well. Here is a good comparison stackoverflow.com/a/71227949/4889711
@peshutanpavri1599
2 ай бұрын
Thank you very much@@GenuineCoder
Perfect people not exists ! Mr.GC : Are you sure ? thank you sir for this content !!
TimeStamp 12.19 Sir, UserdetailsService bean showing error asking to add return statement
timestamp 11.30. Sir, username, password, role all these details are available in the data table. How can we hardcode these details?
cool man
I LOVE YOU
@KarolKasperek
Ай бұрын
after checking all spring boot website and all of these tutorials with deprecated calsses this video just showed up
What about for the maven 😢 i have a hard time fixing the dependency since it uses javas and springboot 3 is using jakartae
@GenuineCoder
Ай бұрын
I prefer Gradle over Maven due to its more readable syntax, whereas Maven's XML configuration can be overwhelming. What specific challenge or problem are you experiencing with Jakarta EE, and is it related to upgrading from Spring Boot 2.X to 3.X?
i have a question how 403 and 404 error page appears without mapping it or without adding GlobalErrorHandler ?
@GenuineCoder
Ай бұрын
This is a special feature. Without any java side configuration, you can customize the error pages for specific error codes directly from resources. "You can also customize the error pages by adding files with names like error.html, 404.html, etc., in the src/main/resources/public/error directory. The file name should match the HTTP status code you want to handle."
is this doable with mongodb database or it necessites a rational database?
@GenuineCoder
3 ай бұрын
It is doable in any database, including MongoDB. For MongoDB, instead of using Spring Data JPA, Spring Data MongoDB should be used.
bro. Your accent looks very similar to mine.
Please put the actual code of the project into any repo as well
@GenuineCoder
3 ай бұрын
Thanks for the suggestion. Here is the repo link github.com/afsalashyana/Spring-Boot-Tutorials/tree/master/LearnSpringSecurity
How to handle the situation of invalid credentials?
@GenuineCoder
3 ай бұрын
You can use an "AuthenticationFailureHandler" to handle the invalid credentials. Using this, it is possible to provide customized error messages or even redirect the user to specific error pages. Reference: www.codejava.net/frameworks/spring-boot/spring-security-authentication-failure-handler-examples
@razek1998
3 ай бұрын
@@GenuineCoder thank you brother 🙏
bro from kerala
@GenuineCoder
7 күн бұрын
അതെ.
@Krishnadevaraya1
7 күн бұрын
@@GenuineCoder basically iam from A.P I find you from Kerala by your slang
Where is the logic? You showed how to register a user in the database via the rest api, but did not show how to then log in to the server via the rest api by entering the username and password Postman. Because of this, a fairly good tutorial became a waste of time.
he is malayali (from tamilanadu)
@GenuineCoder
Ай бұрын
Yes, Malayali from Kerala