Really good tutorial and thanks for the code. When it comes to the user role, if we save it in the "sessionStorage". Can the user can modify it from "USER" to "ADMIN" in their browser ? How can we solve this security issue?
Alternatively, You can encrypt the token or role before saving in the localstorage. It's best to use http secure cookies or web cryptography api to secure token from xss atacks. I'll be using those in my next tuts, local storage is more straightforwad and beginer friendly that's why i use them for tutorials. I think i should be doing some tech talks about these rather than tutorial per say
So, in 1:48:00 you start talking about a token. Is a token needed to register a user? If needed, how can anyone who wants to create an account create an account if he has no account to login to get a token?
Yeah. It's more like an enterprice where an admin manages staff. He can register a staff e.t.c. It's a tutorial to show spring security and jwt functionality. You can modify at your end e.g ecommerce system where everybody can register and manage their own account
Superb !!! I'm getting a simple error in extends GrantedAuthority, it says "Could not write JSON: A granted authority textual representation is required"
secreteString is just a dummy data. You can replace it with any dummy value of yours. it's going to use the algorithm to create an validate a JWT token
hello sir, you did good job. but this tutorial would be the best if: -create manualy role. assuming that -admin can easily create new user and affect one or multiple Roles, -admin can easily update user in order to reduce or assign new existing role -admin can access users endpoint.
@@PhegonDev okay sir. Do you mind create with all process as i try to elaborate? It will be so helpfull to me. And i am pretty sur many will like it of course with same stack(spring boot and Angular) thank in advance
hi, Create public enum Role { USER, ADMIN } and go SecurityConfig Class @Bean public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception{ httpSecurity.csrf(AbstractHttpConfigurer::disable) .cors(Customizer.withDefaults()) .authorizeHttpRequests(request-> request.requestMatchers("/auth/**", "/public/**").permitAll() .requestMatchers("/user/**").hasAnyAuthority((Role.USER).name()) .requestMatchers("/adminuser/**").hasAnyAuthority((Role.ADMIN).name(),(Role.USER).name())
If you follow the tutorial step by step, you shouldn’t have any issues. However, if you clone the project from GitHub and try to run it directly, you might encounter some errors. This is because the project is configured for my environment, and you'll need to adjust a few things to match yours. For example, you’ll need to replace the database credentials with your own and ensure the Java version matches what’s installed on your machine. Make sure to build the project properly before running it. The code is meant as a guide in case you run into issues during implementation on your side.
@@PhegonDev 31:44 there is one method which was deprecated - "parser()". I dont truly understand what I need to do with all results of this deprecation, how should i use all this code u write after?
![Spring boot 3.0 - Secure your API with JWT Token [2023]](http://i.ytimg.com/vi/BVdQ3iuovg0/mqdefault.jpg)
only guy with working code for this JWT, awesome man
Thanks 🙏🏽🙏🏽 I'm happy it was helpful
Really good tutorial and thanks for the code.
When it comes to the user role, if we save it in the "sessionStorage". Can the user can modify it from "USER" to "ADMIN" in their browser ? How can we solve this security issue?
Alternatively, You can encrypt the token or role before saving in the localstorage. It's best to use http secure cookies or web cryptography api to secure token from xss atacks. I'll be using those in my next tuts, local storage is more straightforwad and beginer friendly that's why i use them for tutorials. I think i should be doing some tech talks about these rather than tutorial per say
@@PhegonDev Great! I will keep watching! Thank you 👍🏼👍🏼
So, in 1:48:00 you start talking about a token. Is a token needed to register a user? If needed, how can anyone who wants to create an account create an account if he has no account to login to get a token?
Yeah. It's more like an enterprice where an admin manages staff. He can register a staff e.t.c. It's a tutorial to show spring security and jwt functionality. You can modify at your end e.g ecommerce system where everybody can register and manage their own account
Thank you very much!! It is just what I was looking for 😎
✌🏾✌🏾
In ouruser class that implementes userdetails in that class why you didn't override get password method
Superb !!! I'm getting a simple error in extends GrantedAuthority, it says "Could not write JSON: A granted authority textual representation is required"
You can share the full class code let me see your imports, code and what you are doing. That will give a hint on why the error is so
I got this error too. Could you help me,plz.
Hello thanks a lot for this tuto , i ve a qst plz am trying to do this project now so from where did u get that long string value "secreteString" ?
secreteString is just a dummy data. You can replace it with any dummy value of yours. it's going to use the algorithm to create an validate a JWT token
@@PhegonDev thanks a lot , looking for other tutos to learn from u as well :)
In entity there is something wrong happened idk its getting emali or password
hello sir, you did good job.
but this tutorial would be the best if:
-create manualy role. assuming that
-admin can easily create new user and affect one or multiple Roles,
-admin can easily update user in order to reduce or assign new existing role
-admin can access users endpoint.
Yeah, Thanks, that's true. Just wanted to show how the concept works in general.
@@PhegonDev okay sir. Do you mind create with all process as i try to elaborate?
It will be so helpfull to me. And i am pretty sur many will like it
of course with same stack(spring boot and Angular)
thank in advance
@@luctandoum8541 I will drop some more advance projects with those implementations. But To recreate this. it woun't be a good idea
Plz make a complete project like ecommerce project
Yeah, I have eccormerce project on my page. Thanks for the suggestion 🙏
Muy bueno el video
Thanks
sir i just finish spring security but i noticed:
user with role ADMIN can login well but what ever orther role don't work
having bad credentials
hi,
Create
public enum Role {
USER,
ADMIN
}
and go SecurityConfig Class
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception{
httpSecurity.csrf(AbstractHttpConfigurer::disable)
.cors(Customizer.withDefaults())
.authorizeHttpRequests(request-> request.requestMatchers("/auth/**", "/public/**").permitAll()
.requestMatchers("/user/**").hasAnyAuthority((Role.USER).name())
.requestMatchers("/adminuser/**").hasAnyAuthority((Role.ADMIN).name(),(Role.USER).name())
.requestMatchers("/admin/**").hasAnyAuthority((Role.ADMIN).name())
It would be safer this way
@@mucizelerden i finally did well. all are fine now
was so great.
Would you consider creating an e-commerce website?
🙏🙏🙏
It would be great with Angular spring boot and jjwt💯💯💯
Yeah
Thanks for the suggestion, it's a good idea. Will do that 🙏
@@PhegonDev perfect 🙏🙏🙏
❤
I have downloaded the code but its not working, i am not getting it
If you follow the tutorial step by step, you shouldn’t have any issues. However, if you clone the project from GitHub and try to run it directly, you might encounter some errors. This is because the project is configured for my environment, and you'll need to adjust a few things to match yours. For example, you’ll need to replace the database credentials with your own and ensure the Java version matches what’s installed on your machine. Make sure to build the project properly before running it. The code is meant as a guide in case you run into issues during implementation on your side.
@@PhegonDev 31:44 there is one method which was deprecated - "parser()". I dont truly understand what I need to do with all results of this deprecation, how should i use all this code u write after?
can you provide change password
Anyone can help me plzz
I am getting error that creat implement method for password also