Code - github.com/ali-bouali/spring-boot-3-jwt-security 👉🏿 Subscribe to @BoualiAli channel - www.youtube.com/@BoualiAli

@faridaragab_

Жыл бұрын

Thanksssss Amigocode for this wonderful tutorial about JWT .. I have watched the two tutorials before this ... And every time I'm learning something new ... I need some help .. how to store the secret key in an efficient way? And if i wanted to deployment my app, who should i deal with the secret key?

@shaigrustamov5115

Жыл бұрын

Thanks for the video. Can you call here JWT-Security what you did as Oauth2?

@izzatullatoshpulatov2251

Жыл бұрын

Keys.hmacShaKeyFor(keyBytes) method is throwing exception: 'int io.jsonwebtoken.SignatureAlgorithm.getMinKeyLength()' Can anyone help me?

@MehranHosseini-po9eg

Жыл бұрын

great course. Only one question in my head, i read the spring in action 6 book and after not being able to understand spring security, i watched your video to understand what is what. Now i'm just left with this question, what is main difference between Auth server/client and resource server and your architecture, which you explained in your tutorial. I think it would be great if you can also cover that topic and explain what are the differences or maybe make an tutorial for that one also. I found it really complicated to understand spring security with Auth server

@CheeseStickzZ

Жыл бұрын

I like how his name is ali bou ali, lmao

Table of content 00:00 Intro 01:55 How JWT security works 07:26Create a new spring boot 3.0 project 09:28 Add Data source 12:28 Connect to the database 17:12 Create user class 20:05 Transform the User to an entity 25:22 Extend the user to UserDeatils object 33:32 Create the user repository 35:50 Create the JWT authentication filter 40:58 Checking the JWT token 44:32 Create the JWT service 47:56 Add the JJWT dependencies 49:59 What is a JWT token 53:06 Extract claims from JWT 55:23 Implement the getSignInKey method 01:00:07 Extract a single claim from JWT 01:01:51 Extract the username from the token 01:02:52 Generate the JWT token 01:08:15 Check if the token is valid 01:11:22 Check the user existence in the database (JwtAuthFilter) 01:15:13 Implement the UserDetailsService 01:19:38 Update the SecurityContextHolder and finalise the filter 01:23:53 Add the security configuration 01:32:51 Create the authentication provider bean 01:36:41 Create the authentication manager bean 01:38:14 Create the authentication controller 01:40:55 Create the authentication response class 01:41:47 Create the register request object 01:42:50 Create the authentication request class 01:43:22 Create the authentication service 01:45:37 Implement the register method 01:49:28 Implement the authenticate method 01:52:17 Update the security configuration whitelist 01:53:35 Create a demo controller 01:54:55 Test the changes

@rodrig0miranda

Жыл бұрын

thank's for this ;)

@arwahsapi

Жыл бұрын

Mashaallah brother

@lmrl021

Жыл бұрын

Thank you bro for the bookmark.

@congdatt

Жыл бұрын

Hey everyone, I followed the video and went to the autheticate (after signing up). Although I enter the correct email & password, but always get 403 error I don't know how to debug. Everyone please help me

@carsandtracks8567

Жыл бұрын

@@congdatt Same problem here. Did you find out the solution?

I watch alot of your videos but the long ones I have never stuck to this one I stuck though the whole video and followed along every step of the way and understood everything I am so glad you done it as I followed ur example now going to be able to implement it in my own project!

I just started watching you, but I'm already glad I'm doing it with your style of lessons, it's awesome! Thank you so much! Hello from Ukraine!

This course is awesome, thank you. More detailed and clearer than the previous one.

Great tutorial. To the point and everything is explained. Easy to follow. Great job!!

Assalomy aleykum. I'm from Kyrgyzstan and I'm sixteen. Currently I'm learning Java backend, this is the 6th month. I started watching your videos 4th months ago. And at the time we were learning Spring Boot + Security+JWT your videos are really useful and at the latest version so I appreciate you and your videos. Keep going. Good luck.

This tutorial is the one I have been looking for. I spent hours looking for a way to implement spring security, however, most of the spring security tutorials that I found are outdated. Luckily, I stumble on this amazing work, my man here explained everything in depth and comprehensible. Thanks for the tutorial and keep up the good work!!

Absolutely what I've been looking for. Just the right amount of high level explainations for someone who's just getting into Spring. Thank you for the amazing content.

You never disappoint. Of all spring security tutorials this is the one that make sense for me. Also, usage of lombok and an actual database (not in-memory one) is a plus.

Yesterday, I watched your previous video about Spring Security and realized that some functions are deprecated in the latest Spring Security. And I'm astonished that you uploaded an updated video today. I'm planning to build a blog website for my own and review Spring Security as well, so this video is excellent for many other developers who love Spring and for me. Keep up your great job, and wish you much luck. Happy new year🤩!

Quality content. Thank you very much! Your channel is one of the best on KZread for learning Java and Spring.

Such a helpful, important video. Just got new into creating websites with Spring and it's such the best video seen so far! Can really recommend it to everyone.

I was almost giving up on understanding Spring Security but now I feel like I have an eagle's eye view of what's what based on this and a number of other tutorials from other channels. Keep doing the good work.

Hey AmigosCode, I congratulate you for this tutorial, for those who see the negative side of the Internet, this is a sign of generosity, and we must be grateful for that, thanks and regards!!!

I'm so happy for this notification 😍 I was waiting for this.

Really clear tutorial! Showing the architecture and explaining how the JWT validation mechanism works helped understanding the implementation!

Absolutely perfect lecture for Spring boot 3.0+ and Spring Security 5 with JWT. I am non-native english speaker, but My teacher who called Amigoscode teach me SOOOOO kindly. P.E.R.F.E.C.T Thanks to your lec, I will lean more about Spring Echo system.

I watched this video when it was released 10 months ago, and I didn't quite understand the concept, but watching it again 10 months later and understanding a lot more than last time makes me think I'm doing great progress! Thank you for the amazing content, keep up the good work!

I could tell this channel would be a good one to add after watching just one of your videos last year. You make your videos around more niche but interesting (advanced) topics but do so in a way that feels more like you’re hearing it explained by a friend rather than finding yourself lost in abstractions or just bored by the nitty gritty details. Look forward to all the interesting topics that I’m sure will be coming up. Cheers man!

@congdatt

Жыл бұрын

Hey everyone, I followed the video and went to the autheticate (after signing up). Although I enter the correct email & password, but always get 403 error I don't know how to debug. Everyone please help me

@shockin95

Жыл бұрын

​@@congdatt I've got a similar issue: I am actually being able to authenticate, but when I copy/paste the token to test the GET requisition from another secured endpoint which is not in the matcher/filter, even with the correct input I'm still getting a 403 Forbidden response. Would any of you guys know what this could be?

@waishingheung9898

9 ай бұрын

@@shockin95 Did you find the solution? Thanks I got the same problem :(

@abdellahguennioui1568

7 ай бұрын

@@congdatt hello everyone, have you solving this problem or not yet?

@congdatt

7 ай бұрын

OMG I solved this. But I forgot to take note @@abdellahguennioui1568

An amazing tutorial! A definite must see for those who need to learn how authentication/authorization works in spring boot!

Прекрасное и внятное объяснение данной темы! Огромная благодарность автору👍👍👍

You're amazing dude! You saved my diploma project with your work. Everything worked on the first try and taking the time to update this guide is just... great of you. If you are ever in Sofia let me buy you a beer. :D

@mycode0

5 ай бұрын

Поздрави, братле сигурно си завършил и забравил, аз тепърва почвам със Springboot 😀

I can not tell how much I appreciate your content! Keep up the good work!

The length of the different steps through it and the calm, exactly explanation was very helpful and make a lot of fun...thanks a lot...

This is an amazing course. It helped me to crack the interview. Thank you so much!

@Eikenv1

2 ай бұрын

What position did you apply for and how did it go? I want to do backend/fullstack also

Thanks Nelson, I was waiting for this course

Free top class content! Thanks Nelson and Bouali!

First of all, thank you so much for the hard work and commitment in doing this video. I would like to know if you have another video using angular to consume this backend api with roles and permissions especially

"But there is one extra step we need to do. Easy peeezzy" ..😅 I just finished watching and implementing this. Feels like i just got back from the gym. Learn from the experts . Awesome tutorial. Keep up the good work.

Thanks for this awesome video. Just in time, as i was trying to figure out Spring Security for my app and was kind of lost between different tutorials. Cannot wait for video on how to get frontend right for this app. Cheers 🤗

Thanks for the Video and Ali Bouali for the repo!

Hi Ali, I found your tutorial very useful and using this I was able to add JWT to my project. I would like to know how can I write test cases for this code, could you make a tutorial regarding the same. Thanks again !

This is unique, definitely what I was looking for, I appreciate the time you spend doing this course

Thank a lot Ali and Nelson. Impation to see the next one about refresh token Good job guys ☝

Hi alibou, can you make the frontend part of your JWT code, with react or angular, preferably react, your tutorial was very helpful to me, but i would like a frontend to understand it better

Hi, this is a great course and I just need a small help. The url for the encryption key generator which you've specificied in this video isn't accessible. Can you please provide any other link? Thanks in advance :)

Great explanation, had to go through it twice but at the end understood it completely... Thank you

man your understanding of java is just awesome I love your content!!!

Thank you very much for sharing your knowledge with all of us. I wanted to ask you if you have any video in which you link everything you shared here, but including Swagger? I ask you why I was testing your code but if I try to add swagger to it, it always returns 403 because JwtAuthenticationFilter is executed and automatically if you don't have the required headers, it doesn't let you continue, so in the case of swagger is it really necessary to do that filter?

In the JwtAuthenticationFilter class, changing "Authentication" to "Authorization" in the line "final String authHeader = request.getHeader("Authentication")" is necessary for proper functioning of the DemoController class. Original code: final String authHeader = request.getHeader("Authentication"); Corrected code: final String authHeader = request.getHeader("Authorization");

@usamaqamar2353

8 ай бұрын

man u saved the day, awesome

The best tutorial of Spring Security. Thank's my friend!!

Hi there. I really appreciate your effort in doing this valuable course on Spring Security. Even though I consider you have not considered validating if the user already exists to avoid registering the same user more than once. Thanks so much Ali!!

Great video! It was very helpful. Works like a charm. Is there also a updated version of creating refresh tokens?

@gorkaurzelai5072

Жыл бұрын

hello have you found something? I also want the refresh token

@stefanwimmer1902

Жыл бұрын

@@gorkaurzelai5072 I used the older tutorial to get the knowledge of using refresh tokens. Spring Boot and Spring Security with JWT including Access and Refresh Tokens kzread.info/dash/bejne/iIqim7GAadHMeJM.html&ab_channel=Amigoscode

Thanks, this video is really cool and usefult! But one moment is a littble bit unclear: what will we need to do when token expires?

Thank you ! I`m try to realize this 2 weeks before i find you ! Love!

Thanks for the video. It would be appreciated if various authentication-related functions such as reset password, find password, and authentication activation using e-mail were also performed.

@amigoscode

Жыл бұрын

Coming soon

@congdatt

Жыл бұрын

Hey everyone, I followed the video and went to the autheticate (after signing up). Although I enter the correct email & password, but always get 403 error I don't know how to debug. Everyone please help me

@__meilleur

Жыл бұрын

@@congdatt me too bro

@lukagolubovic3641

11 ай бұрын

@@amigoscode What you mean by "soon", it's been 5 months, that dude (any many others) are waiting, I don't wanna see another "Chat GPT" video, it is pointless, just provide high quality Java / Spring Boot content and people will be extremely happy

Mashaalloh brother, my long-awaited lesson 👍

I would like to take the time to thank you and say that I appreciate you for your content. It's wholesome and helps me a lot!

Thank you for the tutorial. All this stuff with spring security is looking much more complicated than in express framework for node js

Great course.. But I would love it more if you have implemented the refresh token and blacklisting the previous one

@gorkaurzelai5072

Жыл бұрын

hello have you found something? I also want the refresh token

I really like the tutorial in general! I do have one point of constructive criticism on it: JWT was created with the intent that you can check the validity of your token without persisting it. It should be along the lines of: - You create the token, which contains a small amount of information about the user it belongs to - Token gets send with future requests - When authenticating the token, you decrypt the payload and check if the information in the token is valid, by checking it against the original user in your db it was created for You might have confused the standard token with the refresh token from JWT, which should be persisted in the DB. If you are just going to persist the tokens in the DB, you might as wel create some general token system without JWT. But aside from that, I do think the tutorial is great!

@johndickerson2937

Жыл бұрын

What about if you have multiple nodes behind a load balancer and no session replication across the nodes - then is it not good to use the DB? - am not an expert - just thinking about why the token could be saved to the DB instead of being saved in memory.

@jynxxnerd

11 ай бұрын

@@johndickerson2937 Mister Princess is is slightly wrong as well. When authenticating the token you dont check it against the original user in the db. You check the payload of the token against the signature in the token. So you take the payload, encrypt it with your secret key, and if the result matches the signature in the token, then the data in the payload is valid. This way you dont need to hit the database or set any session vars.

@user-gr6ct8ij2o

10 ай бұрын

​@@jynxxnerd Hi, would you happen to know how to deal with unauthenticated customers and their carts using JWT? Or in this case I should use the session-based approach only?

@yuyuanruan8005

9 ай бұрын

@@jynxxnerd Sorry, Who is Mister Princess?

@tugrulkarakaya

8 ай бұрын

you dont need any record to verify token. just signature would be enough. @@johndickerson2937

I was so thankful for this video literally I was struggling with jwt you made everything crisp and clear💯

thanks for your effort in this course. well explained and structured.

32:00 Well.. What if I want users to have multiple roles? I save my roles in a database (as part of making them dynamic, so I can make more roles if I need to, after deploying the app), and the connection between User and Role is ManyToMany. I think by default that is the desired implementation of roles. How can I make my example work with this getAuthorities method? (Also notice, getAuthorities is plural, meaning it's expected to have multiple authorities)

@AlexDuSixO

Жыл бұрын

same here, i can't make it work with multiple authorities

Hi @amigoscode & @boualiali I love your content on Spring security 6. Also please can you update some code or provide some resources for logout functionality. As you guys are implanting only authenticate and sign in

@kaitlynethylia

Жыл бұрын

The API is stateless, there is no logout function because you are never "signed in", All that "Logging in" does is tell you the token you need to send to the API to know its you, its usually down to the frontend to keep this token in some kind of session

Awesome content. So glad you did the explanation at the end with postman.

Perfect lesson! Thank you very much

even for register endpoint status is showing forbidden please help!

Thank you for the lesson! How to make the same theme idea?

@1mamedov679

Жыл бұрын

Settings -> Appearance and Behavior -> New UI (Beta) -> Enable new UI Requires IntelliJ Idea 2022.3.1

BoualiAli is explaining so good. It is really easy to follow him. Very good work. Thanks for this Video :)

First comment of ever on youtube, but that course is just excellent. I have never had such a clear course in my training center.

Great tutorial video, thank you. However, in the securityFilterChain(HttpSecurity http) method of the SecurityConfiguration class, some methods of the HttpSecurity object have been @Deprecated(since = "6.1", forRemoval = true). I would be very happy if you could do a refactor work on this.

@TheSandraamore

9 ай бұрын

hi, you got the solution?:)

@manu.esparza

9 ай бұрын

As someone said here, downgrade your spring version to 3.0.5

@samirbettahar7602

6 ай бұрын

public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); http.httpBasic(withDefaults()); return http.build(); }

@samirbettahar7602

6 ай бұрын

just lest the IDE override it, but that basic auth will not work. maybe they changed it

@ikramdagc1516

6 ай бұрын

I found the solution, but when I share it here, my comment gets deleted. I've tried multiple times, but I don't know the reason.

Crystal clear. Works like a charm!

thx for the new vid was having trouble finding updated one

how come I am getting a 403 error even after following the tut?

At 1:20:21, when I have the line " private final UserRepository repository;", I get this error: "The blank final field repository may not have been initialized" However, it is not showing up on your screen. Why is this?

@dharmawangsa9592

Жыл бұрын

me too, until now still have no idea why it happen, i just erase "final" keyword and the error solved.

@MrSaurus

Жыл бұрын

@@dharmawangsa9592 Were you able to complete the whole project? Also, do you know where I can learn how to create a working login screen?

@dharmawangsa9592

Жыл бұрын

Yes just finished today You mean the UI or frontend for login screen? My main focus for now, only for backend services. In future devs, I think I will try to combine it with vue.js.

@MrSaurus

Жыл бұрын

@@dharmawangsa9592 Hi I was referring to the front end for a login screen yes

@tatsuya370

Жыл бұрын

It is because you haven't updated your project settings. Have you installed Lombok using jar?(Check online how to install it in your ide). Then open your project again, this error will go. Because we are using RequiredArgsConstructor, we no need to initialize the final again.. If u install lombok correctly, RequiredArgsConstructor will take care of it

Thanks a lot for such wonderful content!! It is very helpful

I'm a new Java developer and I find the JWT implementation so confusing and complicated but, this video makes it much simpler to understand and implement. Thanks Amigo.

@IvanRandomDude

Жыл бұрын

Wait until you find out that Spring Security has built-in support for JWT and you don't need to create your own filters at all. But I guess they need to create the same tutorial over and over again for content. Or, more terrifying scenario, they don't know about it.

@A90Ross

Жыл бұрын

@@IvanRandomDude link to tutorial ?

I've watched this tutorial from start to end. Thank you for this video ❤

Thanks for the video. However, it is very sad that spring security does not provide us a built in feature to deal with jwt, and expect us to manually include 3 jwt-related external dependencies (with the version included). Hopefully in future, there is a spring boot starter that include these 3 dependencies, and appear in spring initializer website. Also hopefully spring security has built-in feature to automatically generate jwt for us and function to extract claim , without us having to write ourselves.

@jamilb8031

Жыл бұрын

Of cause the spring security autorisation server does provide a way to generate a jwt without adding these 3 dependencies. It's also possible to custom the token if you wish which is also straightforward but learning Spring Security is a process. You can't expect to see everthing you need to know about Spring security in a 2 hours video

@LS-tj3nc

Жыл бұрын

​@@jamilb8031 Where can I learn that? spring docs are so confusing

@MyBinaryLife

5 ай бұрын

you cant find it in ANY video is the problem@@jamilb8031

🎯 Key Takeaways for quick navigation: 00:00 🚀 *This video covers JWT authentication and authorization in Spring Boot 3.0 using Spring Security 6 and Postgres.* 00:54 🛡️ *Understanding Spring Security and JWT is crucial for securing APIs; the tutorial emphasizes their importance.* 01:29 🌐 *Source code for the implementation is available in the video description, enabling viewers to follow along and apply the concepts.* 03:37 🔒 *The JWT authentication mechanism involves an internal check, user details service call, and validation process based on the user's email extracted from the token.* 07:11 🛠️ *The tutorial guides through the implementation steps, including creating a Spring Boot project, configuring a Postgres database, and setting up the data source.* 28:33 🚀 *Spring Security 6 and Spring Boot 3.0 allow for customization of user details handling, including roles and authentication settings.* 29:02 🛡️ *Implementing user details involves overriding methods, and you can choose to extend the Spring Boot user class or create your own class.* 30:22 📝 *When dealing with roles, creating an enum and using `SimpleGrantedAuthority` simplifies the process, especially when users have a single role.* 37:24 🗝️ *Implementing JWT authentication involves creating a filter by extending `OncePerRequestFilter` and extracting the JWT token from the request header.* 47:03 🔑 *Understanding JWT structure: JWT tokens have three parts - header, payload, and signature; claims in the payload include registered, public, and private claims.* 56:44 🔐 *In JWT, a signing key is a secret used to digitally sign the token, ensuring the sender's authenticity and message integrity.* 57:36 🛠️ *The signing key, along with the algorithm specified in the JWT header, creates the signature. Key size and algorithm depend on security requirements.* 58:23 🧰 *To generate a signing key for JWT, online tools like keysgenerator.com can be used, with a minimum size of 256 bits for security.* 01:00:20 🤖 *Implementing `getSigningKey` method using the JJWT library involves decoding the secret key and creating an HmacSHA256 key for verification.* 01:04:32 🚀 *Implementing a method to generate JWT involves setting claims, subject, issue date, expiration date, and signing with a key and algorithm.* 01:26:41 🛠️ *Spring Security Configuration: Implementing security configuration in a Spring Boot 3.0 application involves creating a class annotated with `@Configuration` and `@EnableWebSecurity`, with a method that returns a `SecurityFilterChain` responsible for configuring HTTP security.* 01:29:17 🚦 *Whitelisting URLs: To implement whitelisting, where certain endpoints do not require authentication, configure security to permit specific requests and authenticate all others. This is achieved by specifying a list of patterns for permitted requests.* 01:31:34 🔐 *Stateless Session Management: Ensure stateless session management by configuring the session creation policy as `SessionCreationPolicy.STATELESS`. This ensures that the session remains stateless, and each request is authenticated independently.* 01:32:51 🔄 *Chaining Filters: Add a JWT authentication filter before the `UsernamePasswordAuthenticationFilter` to execute it before the default authentication filter. This ensures that JWT authentication is performed before checking username and password.* 01:41:10 ⚙️ *Controller and Endpoints: Implement authentication and registration endpoints in a controller class (`AuthenticationController`). Secure the endpoints by specifying them in the security configuration to ensure proper access control.* 01:58:47 🚧 *Secured Endpoint: Demonstrates accessing a secured endpoint (`/API/V1/democontroller`) without authorization results in a 403 Forbidden response.* 02:00:11 🔄 *Authentication Process: Shows the authentication process, indicating that attempting to authenticate a non-existing user results in a 403 Forbidden response.* 02:00:58 ✅ *Successful Registration: After registering a new user (`alibu` with email `alibu@atme.com` and password `1234`), successfully generates a JWT token as a response.* 02:01:49 📅 *JWT Token Payload: Examines the payload of the generated JWT token, including information such as the subject (user email), creation date, and expiration date.* 02:02:42 🔐 *Authentication with Correct Password: Illustrates successful authentication with the correct password, generating a JWT token as a response.* Made with HARPA AI

You rock, awesome masterclass, thank you very much!

You are the best man, Ive been writing frontend for a year, this accelerated my java skill 100%

For those of you who have issues with deprecated methods, downgrade your spring version to 3.0.5 for this example to work.

@akshayanatarajan2350

8 ай бұрын

thank you, this helped:)

@Heavenset

5 ай бұрын

but isnt downgrading security methods bad?

@maxi-g

2 ай бұрын

DO NOT DO THAT dont be lazy and just check the current documentation

@bluex217

2 ай бұрын

Deprecated securityfilter chain stuff here at least up until at least Spring Security V 3.2.3: ​ http.authorizeHttpRequests( auth -> auth.requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.POST, "/api/v1/auth/**")) .permitAll().anyRequest().authenticated()); http.sessionManagement((SessionManagementConfigurer httpSecSessManConf) -> httpSecSessManConf .sessionCreationPolicy(SessionCreationPolicy.STATELESS));

@evanilsonp.8183

Ай бұрын

You should delete this comment. The right thing to do is to search for a solution.

Anyone else got the problem of constantly getting 403 when trying to access the demo-controller after generating the token. Token is looking good to me. Debugger shows he passes the JWT Filter and sets the authentication. Even failed using your cloned repo.

@muhohojeremy4861

Жыл бұрын

I landed on the same issue.

@muhohojeremy4861

Жыл бұрын

The Cloned repo works though

@tatsuya370

Жыл бұрын

You have to copy the token without the double quotes.. Now it will work

@vlloydb3876

Жыл бұрын

It still doesn't work

@vlloydb3876

Жыл бұрын

I also have the same issue

This course is awesome, I learn a lot!

This video was a great starting point to using the Spring Security package. Thank you 👍👍

bro why is this shit so complicated, I do auth in Nodejs in 20 minutes tops with two packages (jwt and bcrypt) . get email/username -> compare password to hashed password in DB -> give token. get token -> verify token against secret key -> get user id/email/username from payload. How hard is that??!!! why do I need a bunch of things in Spring boot.

@adiabajacob9189

4 ай бұрын

Java is just boilerplate code. I dont know why they say it fast

@Alexander-zt9kz

2 ай бұрын

Spring security is by far the worst and most difficult thing you will ever deal with in spring

@pitchwaiz

6 күн бұрын

Coming from php 8, symfony 7 i'm wondering the same (also 2 bundles used). It's just obnoxious. 2 hour tutorial for login. I mean, all I could use is simple login and when i need advanced stuff i'll jump right to it. This is just insane.

Original video: kzread.info/dash/bejne/dIqYs5WipdLcl5M.html

Awesome course... Thank you. Need more related to JWT .

Thank you bro, the only video that explains almost everything out of all the ones I found. You really helped me, thank a lot again

The explanation of how JWT auth works is not correct. If for every request the DB is going to be accessed, the point of JWT is lost.

@CwanyBob

Ай бұрын

Not exactly. You may want to implement blacklist table to invalidate tokens on user logout, password change etc. Also, you could verify token against blacklist in gateway and then pass the token between microservices without need to call authorisation service from every microservice as you would have to with session.

Thank you very much !! You work is really helpful, interesting and unique!! I learned a lot!

Many thanks, this awesome video helped me fix a problem I've been having with spring security for over a week. You guys are amazing!!!

Awesome video! I had to implement Spring Security in an application at my company without prior knowledge and I was able to do that in less than 2 days by using your video as a reference.

@TheSandraamore

9 ай бұрын

hii can u pass me the code please? i need the securityConfiguration class because in the video some methods are deprecated :(

@bluex217

2 ай бұрын

@@TheSandraamore http.authorizeHttpRequests( auth -> auth.requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.POST, "/api/v1/auth/**")) .permitAll().anyRequest().authenticated()); http.sessionManagement((SessionManagementConfigurer httpSecSessManConf) -> httpSecSessManConf .sessionCreationPolicy(SessionCreationPolicy.STATELESS));

What a tutorial 5/5!!! Bravo!

Amazing video, you explained it all very well. Thanks for making a Spring Security video with an updated version😁

This content is amazing..keep up the good work

wow, I'm waiting for this , thank you Amigoscode

Thank you, a lot, it`s the best, clear and awesome guide i have ever seen😍

A good approach to implement the entire concept of JWT in coding level. Thank a lot.

Thank you. You have do a great job. thanks for your time.

This is amazing job! Thank you!

Thank you for so kindly and useful lesson!

The best class EVER! Thanks for sharing!

This video is really good and helped me a lot! Thanks!

Good presentation! Well articulated

Wow! Thank you very much. May Allah repay you a hundredfold for the satisfaction I had after I finished listening to the video

Many thanks for this great tutorial!