Maa'm, just wanted to convey a small message, your teaching has made my concepts very crystal clear, thankyou so much for the efforts you put in for the students, just a small request that i have from you, can you please cover these two topics with the sample implementations and interview questions, these two topics are frequently being asked in the interviews 1) caching (with spring data redis) 2) job scheduler. Maa'm please try to cover these topics asap, will be a great help
Finally a good video that explains everything about spring security! Great Work. Can you also make a video on deploying springboot application over different platforms like heroku , GCP , AWS ?
Mam I have few questions... even after using jwt it can be broken..so 1) how to ensure that jwt can't be broken 2) in case jwt compromised what can be done to stop further damage by hacker 3)what are best practices to make application proper secure 4) does jwt really helps to make application secure. Eagerly waiting for your reply. Thanks
1) Proper token rotation policy and setting expiration time of the token as needed by the application and no longer expiration times. 2)Revoking all the issued token can be a way to avoid further damage of the jwt token. 3)Cant be explain easily. The best ways will be a) having proper firewalls b) Allowing limited access (or) only required access to the application c) Implementing proper security measures. 4)Ofcourse, if implemented properly.
Hi thanks for the video. Really liked it. The best JWT video I encountered on RUclips. This is very vast, so we need to learn/by heart these functions for JWT right? If you can say on this ma’am.
Glad you liked the video!! When you start implementing these functionalities in your applications, you can remember easily. Also, refer spring documentation for any functionality. Going through the documentation and implementing is the easiest way to learn.
maa'm can you make a follow-up video, in which you can show us how we can extend this code to have a refresh token functionality, and also we can implement logout functionality for it.
why didn't pass a parameter in the method in the Application config theirs no parameter aside from authenticationManager method how the username is being passed to the method userDetailsService and authenticationProvider
maa'm, my doubt is, when we can use jwt for authentication and authorization, then why do companies use iam tools like keycloak? because can you please provide a detailed response for it, like for what use cases we use jwt models, and then for what reasons we should migrate to iam softwares like keycloak
Scalability is the big difference - Keycloak is more robust and provides centralized authentication and authorization. Also, Keycloak provides, single sign-on, social integration and should be used for large scale applications where as JWT can be used for medium sized and small scale applications. Keycloak provides additional security features like two factor authentication, brute force protection. There are few other advantages of Keycloak over JWT. If you need information, I can make a video if you want. Thanks.
Maa'm can you please make a video on it, as the only reason for upgrading from jwt to keycloak, i can think of is when we want to give some third party access to other clients or services, this is the only use case i can think of, it will be very very helpful if you can make a video on it
Generating token during registration is to access the application further. During registration itself all your roles will be created. So if you need to access the application immediately, you can use the token. If your usecase is to login after registration then in that case, its not required.
hello mam Mam when i sending authentication request by postman it showing 403 forbiden and on iltellij Ide it showing 2024-05-06T12:15:44.100+05:30 WARN 11520 --- [SpringSecurityJWT] [nio-8080-exec-2] o.s.s.c.bcrypt.BCryptPasswordEncoder : Empty encoded password please help me with this
![Kodak Black - Catch Fire [Official Music Video]](http://i.ytimg.com/vi/A4ch-olIuZo/mqdefault.jpg)
Maa'm, just wanted to convey a small message, your teaching has made my concepts very crystal clear, thankyou so much for the efforts you put in for the students, just a small request that i have from you, can you please cover these two topics with the sample implementations and interview questions, these two topics are frequently being asked in the interviews
1) caching (with spring data redis)
2) job scheduler.
Maa'm please try to cover these topics asap, will be a great help
Sure will try to cover soon. Thanks
Spring redis cache video - ruclips.net/video/ZHocWNTZXns/видео.html
@@crackITTechieTalks thankyou so much maa'm for listenting to your audience. You are a gem!😃
What a perfect explanation! Heads of to you, thank you so much ❤
Glad you liked it. Thanks!!
The correct saying is, "Hats off to you", you never want to take someone's head off.
Finally a good video that explains everything about spring security!
Great Work. Can you also make a video on deploying springboot application over different platforms like heroku , GCP , AWS ?
Sure will cover. Thanks for the suggestion
@@crackITTechieTalks Please also show the integration application with postgresDb while deploying
@@siddharthagrawal4280 sure will do
Thank you so much! Perfect explanation
Glad you liked it!!
Informative video but I want to note you that @EnableWebSecurity is not mandatory at class as spring autoconfiguration is enabled
Mam I have few questions... even after using jwt it can be broken..so 1) how to ensure that jwt can't be broken 2) in case jwt compromised what can be done to stop further damage by hacker 3)what are best practices to make application proper secure 4) does jwt really helps to make application secure.
Eagerly waiting for your reply.
Thanks
1) Proper token rotation policy and setting expiration time of the token as needed by the application and no longer expiration times. 2)Revoking all the issued token can be a way to avoid further damage of the jwt token. 3)Cant be explain easily. The best ways will be a) having proper firewalls b) Allowing limited access (or) only required access to the application c) Implementing proper security measures. 4)Ofcourse, if implemented properly.
This video is *NOTHING* but best video.😂
Glad you liked it
Hi thanks for the video. Really liked it. The best JWT video I encountered on RUclips.
This is very vast, so we need to learn/by heart these functions for JWT right? If you can say on this ma’am.
Glad you liked the video!! When you start implementing these functionalities in your applications, you can remember easily. Also, refer spring documentation for any functionality. Going through the documentation and implementing is the easiest way to learn.
@@crackITTechieTalks okay!!
Nice video mam ...pls upload more videos....make a video centralized logging in microservices
Will definitely make a video. Thanks.
my admin controller which has method level security is not working showing 403 error rest all functionality working can you help me with it?
beautifully explained, please explain spring transaction in deep with example
Glad you liked it . Sure will cover in our future videos !!!
maa'm can you make a follow-up video, in which you can show us how we can extend this code to have a refresh token functionality, and also we can implement logout functionality for it.
Of course will do
@@crackITTechieTalks maa'm when can we expect the follow up video for it
Well explained.
Thanks for the explanation, really helpful video with clear understanding 🎉🎉🎉❤
Glad you liked it
Great video How to integrate these api with custom html and CSS ?
Will upload soon
Nice presentation. Could you please share the project
github.com/saranyakalaiselvan/SpringSecurityJWT
Can you make a Crash course Spring Boot With Docker. It will be much appreciated!
Ofcourse, will do. Glad you liked it.
Excellent explanation, thanks a lot
Glad you liked it !!
Please explain curcit breaker pattern
We already covered the circuit breaker pattern in our channel - ruclips.net/video/5Cb601qLrjA/видео.htmlsi=i5k4IBhskbiOUUAB
Mam thank you very much. Can you please teach swagger manual yml file integration in spring boot 3x
Sure. Thanks
if only i find this video little soon
Thanks
that's so good
very good content, thank you
Glad you liked it.
Mam how can we change login page to custom login page
Great Session from scratch, would be great if you include gradle , small request.
why didn't pass a parameter in the method in the Application config theirs no parameter aside from authenticationManager method how the username is being passed to the method userDetailsService and authenticationProvider
ma,am when i get or post secured end point i got 403 error please give me solution
Make sure In User entity the get method of email is returning email by default it is set to null
maa'm, my doubt is, when we can use jwt for authentication and authorization, then why do companies use iam tools like keycloak? because can you please provide a detailed response for it, like for what use cases we use jwt models, and then for what reasons we should migrate to iam softwares like keycloak
Scalability is the big difference - Keycloak is more robust and provides centralized authentication and authorization. Also, Keycloak provides, single sign-on, social integration and should be used for large scale applications where as JWT can be used for medium sized and small scale applications.
Keycloak provides additional security features like two factor authentication, brute force protection. There are few other advantages of Keycloak over JWT. If you need information, I can make a video if you want. Thanks.
Maa'm can you please make a video on it, as the only reason for upgrading from jwt to keycloak, i can think of is when we want to give some third party access to other clients or services, this is the only use case i can think of, it will be very very helpful if you can make a video on it
ma'am why we need to generate token at registration ??
Generating token during registration is to access the application further. During registration itself all your roles will be created. So if you need to access the application immediately, you can use the token. If your usecase is to login after registration then in that case, its not required.
If you post videos for java class loader methods and static class load and dynamic class load diff
Sure, will cover. Thanks.
01:12:09
whenever i'm trying to authenticate, i'm getting 403 forbidden error. plz help mam. so many here are stuck on this. plz kindly help
Make sure In User entity the get method of email is returning email by default it is set to null
great
Glad you liked it. Thanks
sister everything is fine but talk in normal speed here after
28:01
hello mam
Mam when i sending authentication request by postman it showing 403 forbiden
and on iltellij Ide it showing
2024-05-06T12:15:44.100+05:30 WARN 11520 --- [SpringSecurityJWT] [nio-8080-exec-2] o.s.s.c.bcrypt.BCryptPasswordEncoder : Empty encoded password
please help me with this
How did you solve this bro
I'm getting the same
@@surishtirajkaralia801 i didnt actually remeber. there was problem with getter and setter. it was returning null
@@surishtirajkaralia801 Make sure In User entity the get method of email is returning email by deafult it is set to null
are you on instagram
Sorry, no