What a man you are ? It's not only tutorial for security .It's the night mare for me to achieve security in spring application.Hats off keep the learning spell always on.Thanks a lot!🌟
haven't found anything simpler on JWT Authentication & Authorization than this video! Kudos. You're so so important for the community! Keep making such videos please.
🎯 Key Takeaways for quick navigation: 00:00 📹 This video tutorial covers implementing a refresh token mechanism in a Spring Boot application with JSON Web Tokens (JWT). 03:18 🛡️ Refresh tokens enhance the security of JWT authentication by allowing users to obtain new access tokens without re-entering credentials. 05:45 💼 The tutorial demonstrates how to configure and use Spring Security 6 for managing JWT-based authentication and authorization in a Spring Boot project. 08:20 🤖 You'll learn about the importance of token expiration times, token stores, and token revocation for effective JWT authentication. 12:10 🔐 Implementing a refresh token mechanism is crucial for maintaining secure and seamless user sessions in Spring Boot applications. Made with HARPA AI
I have been binge watching many videos on JWT authentication and luckily found this video, you are simply amazing with the way of delivering things sir, thanks a lot and more power to you to roll out such amazing videos in the future
Hats off to you sir You literally made Spring Security Easy. I've gone through many lengthy videos but nothing worked your spring security videos made me learn within 2hrs including jwt and basic auth.
Thanks for the video. I did learn a lot from it. A few points: 1. the authentication manager is not recommended although it works, you should come up with your own authentication manager. 2. there is a new nimbus package in the latest Spring security which should be used for encoder and decoder. 3. that filter is not necessary as I understand. You simply provide the encoder and decoder, spring security will automatically take care of the security check for all the configured paths.
Sir, thank a lot for your contribution. I have searched so many methods to implement JWT on my project running on Spring 3.1.5 but couldn't find a proper solution. We need more videos on new releases like this. Thanks a lot!!!🤩
Sir, plz provide flow diagrams of each classes before you code. And also include entire flow with all classes as summary at the end and if possible at very begining. You know the flow, so you find it super easy naming classes, but its tough for any beginners as classes names are big and similar. My hostel juniors gave me this feedback when I shared them ur lecture.
Sir G- i believe you are saving the life of more than 95% programmer who is getting through your sessions. Because i am damm sure, eventually the search for a good content could have end up to one and only your session.. Thanks Man..
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running. Today an interviewer asked this question to me and I was clueless about it. Pls help.
In that scenario you need to configure your scheduler related properties in only one instance For example let's say you have instance 1 ,2 and 3 You want to run your scheduler only in instance 1 in that case create all properties of scheduler like cron expression, time zone etc only in instance 1 configuration When i say instance 1 configuration i mean just find a place where you can load required properties
Oh wow , thank you so much sir .. i was thinking to request you for this spring security jwt and just found it now . Great ,will cover this in this weekend,thank you 😊
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running. Today an interviewer asked this question to me and I was clueless about it. Pls help.
Amazing video with covering all the aspect of JWT in latest version of spring boot. Thank you for the in detailed walkthrough. Please make one video on internals of spring boot security internals with new classes in involved latest version
Wanted to add one point: if we are generating token only when user register or login then in validation process, we can skip fetching user details from db because if the token is modified then it will be invalid token when we match it using our secret. So, If the token is valid then we can save it to our security context always.This is my understanding. Please add to it if something is incorrect or I am missing something.
Perfect Example for Spring Securrity ! Sir can you please guide how @PostMapping("/authenticate") end point is working internally? How it reading user from DataBase! although we are not using any repository in this end point. How AuthenticationMangar finds the correct user name from database?
It will be dead easy to understand if you can debug then nothing complex buddy. I would strongly suggest you to refer to the video below to understand the internal flow ruclips.net/video/1ERV-6cz2xk/видео.html
as per my understanding we should not hit db again for jwt token validation and we should recreate token with given header and payload and compare it with resent token, however i understand we can not verify roles with that, so there is some gap in this and i am not sure yet how that will be done.
JWT (JSON Web Tokens) are designed to be self-contained, containing all the necessary information within the token itself. Once a user is authenticated and a JWT is issued, the server can verify the token's integrity and extract relevant information without needing to contact the user database for every request. I see in our example we fetched data from user details db again which may not be right way to use jwt as the purpose of using jwt is to avoid hitting db/cache for every login request, please clarify@@Javatechie
@@JavatechieYes, I too didn't understood couple of things- 1. Y u r generating token through a rest end point via @requestBody param? I think It sud b generated via filter u created. If(extractedToken= null) then create json token and should be set in context..or? 2. In ur filter, u r using userDetailService.loadUserByUserName(username) ..this username is same u extracted from ur token? Then, obviously both will be validated? Instead u should match user from token with the logged on user?
Thats a great stuff as always :) . .. One request to you ..can you create one video on Spring Security OAuth Authorization Server using spring boot 3.0 .. Thanks again.. keep up good work :)
I think it's worth explaining what you did via an IDE shortcut at the 24:58 mark. The IDE created a local variable: 'authentication' of type 'Authentication'. In order to access the 'Authentication' type you must also add the 'spring-security-core' dependency in your pom.xml file and import 'org.springframework.security.core.Authentication' in your controller class. I know I was confused by this because I wasn't offered the option to do all of this automatically by my IDE and I couldn't see how he managed to use Authentication. Plus there are several Authentication types that can be imported from several different packages.
@@Javatechie I want to first say: thank you for your videos. They've been extremely helpful and I appreciate that you're allowing free access to learning tools for everyone. I didn't mean to criticize you, but I assumed that you may desire the one piece of what I believed to be constructive criticism after watching two spring boot login service and jwt tutorials by you. This is a tutorial. I've never done this before. It's not that simple to know what dependency and import is necessary when I don't even know that they exist in the first place because I've never used them before. Apparently my intellisense for Java had crashed earlier, too, so that made things even more confusing because I was receiving zero recommendations for dependency requirements or imports from VS Code. Remember, almost no experienced spring boot user is going to be watching this tutorial. We'll mostly be people learning spring boot. If you're experienced with it, then you don't need a tutorial on how to create a login service and add web tokens.
Hi Jeremy i would like to interrupt......he hovered on the statement and then clicked on the yellow bulb and then selected the option "introduce"...that is something provided by IntelliJ Idea(IDE being used) as a part of its intellisense
I implemented this JWT Authentication and Authorization, and when I call the endpoints via Postman everything works perfectly. The problem is that I'm trying to write unit tests for my controllers using JUnit 5, but all endpoints always throw 403 Forbidden. Even when I use the @WithMockUser annotation, the same problem continues. Does anyone know what the problem could be? Did someone who implemented this JWT Authentication and Authorization manage to do the unit tests for the controllers?
such great tutorial, explained in simple way, help be crash course through it and build a new micro service implementing spring JWT authentication, thank you so much
One thing I realized, in your extractAllClaims method, the jtw parser throws exceptions that are not caught. For example, if the token is expired it throws a ExpiredJWTException! So you checks for istokenexpired is moot.
in JWT validation, we are not validating the password right ? First time user put their credentials, the System validates and if user is authenticated,JWT is issued to him, then the subsequent request user sends in the JWT in the request and the server just validates the username in the JWT is matching with the username in the userdetails corresponding to that user in the system and also the expiry date in the JWT is validated and if both the scenarios passes, the user is provided with the resource that he has requested.
At 17:45, how did you define the key string with the class label SECRET? I cannot find documentation on this and I have no idea how you did it. It happened very fast.
Assuming backend just accept request that contain token. How can handle returned token from backend to use in all request of frontend(javaFX) that send to backend? My problem is handling token in frontend.
Hi Basant, It’s a nice content but my question is in our project how do we generate secret key and where do we store and how to access it.Plz let me know.Thanks
Usually your application must be integrated with the UI right? So from the UI when the user login for the first time the backend will generate the token and send it back to the ui then going forward ui will attach that token to the session or cookies
@@Javatechie yeah that’s ohk but query is how do we generate secret key not token and where do we store and how to access it.I am not asking about the jwt token .Plz let me know.Thanks
Hi , I have a small request. Might be funny for some. Can you please create a small video on roadmap. Like roadmap for spring security, roadmap for spring boot or core. So that everyone can have a idea what to start first and what not. Thank you
No it's not at all funny Budd y don't worry. spring boot road map i will prepare one video where i will cover all modules. Most probably this weekend or next okay
Thank You Basant. this is awesome. this is working like a charm with POSTman. however I am getting CORS related error while I am trying to access from React Application. Error is only for those APIs which are behind authentication. /authentication works as I am bypassing it. Kindly help!! I am frustated
You need to enable cross origin from backend buddy Please define below bean in backend @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*") .allowedHeaders("*"); } }; }
@Javatechie : I like your videos, you are doing a great job. I just have one doubt here, we are extracting username from JWT token, then from that username we are fetching UserDetails, then we are matching username from JWT token with user name from UserDetails, but they both will always be same, isn't it?
![Spring Boot 3.0 Security | Authentication and Authorization | [New Changes] | javaTechie](http://i.ytimg.com/vi/R76S0tfv36w/mqdefault.jpg)
Bro i don't know who are you.. you are God's gift. I am search for a job.. once I got it..I will give super thanks to you
Thanks buddy 😊 . Keep learning
Did you got job ?
@dipakkale2723 yes..already enrolled in his courses..
Did you get the job.
He is Basant Hota
What a man you are ? It's not only tutorial for security .It's the night mare for me to achieve security in spring application.Hats off keep the learning spell always on.Thanks a lot!🌟
Thank you so much Gokul . Glad to hear that 😊 . Keep learning
".It's the night mare for me to achieve security in spring application." ,, ...... really ?
@Supriya are you facing any issue?
haven't found anything simpler on JWT Authentication & Authorization than this video! Kudos. You're so so important for the community! Keep making such videos please.
One thing I can say..........the best channel I have ever seen....thank u so much sir
🎯 Key Takeaways for quick navigation:
00:00 📹 This video tutorial covers implementing a refresh token mechanism in a Spring Boot application with JSON Web Tokens (JWT).
03:18 🛡️ Refresh tokens enhance the security of JWT authentication by allowing users to obtain new access tokens without re-entering credentials.
05:45 💼 The tutorial demonstrates how to configure and use Spring Security 6 for managing JWT-based authentication and authorization in a Spring Boot project.
08:20 🤖 You'll learn about the importance of token expiration times, token stores, and token revocation for effective JWT authentication.
12:10 🔐 Implementing a refresh token mechanism is crucial for maintaining secure and seamless user sessions in Spring Boot applications.
Made with HARPA AI
I have been binge watching many videos on JWT authentication and luckily found this video, you are simply amazing with the way of delivering things sir, thanks a lot and more power to you to roll out such amazing videos in the future
Thank you so much Karthik for appreciating it . I am glad to hear that people are getting benefitted with my content
Hats off to you sir You literally made Spring Security Easy. I've gone through many lengthy videos but nothing worked your spring security videos made me learn within 2hrs including jwt and basic auth.
Спасибо!
Crystal clear explanation and implementation. No need to watch any other video after this.
Thank you.
Thanks buddy keep learning 👍
I never thought i would be able to understand JWT until i found this video. you really Blessing to us
Basanth,
All your courses are simple, straight forward, easy to understand for all levels. Kudos to your efforts.💯
Thanks for the video. I did learn a lot from it.
A few points: 1. the authentication manager is not recommended although it works, you should come up with your own authentication manager. 2. there is a new nimbus package in the latest Spring security which should be used for encoder and decoder. 3. that filter is not necessary as I understand. You simply provide the encoder and decoder, spring security will automatically take care of the security check for all the configured paths.
Thank you for your suggestion buddy. I will definitely take a look into these changes
you mean bcryptpasswordencoder?
Your communication is OK kind. But your content, efforts, presentation are really awesome. Keep up your good work sir
Simply amazing Sir. I was struggling for authorization configuration in springboot 3.2.0. You have covered it well.
Sir, thank a lot for your contribution. I have searched so many methods to implement JWT on my project running on Spring 3.1.5 but couldn't find a proper solution. We need more videos on new releases like this. Thanks a lot!!!🤩
incredible! didn't expect to find usage ready solution here, but you nailed it. thanks!
Great tutorial those who are moving spring security 6. Awesome! job.
Starting to learn Spring Boot security now, Thanks for your effort as always.
Sir, plz provide flow diagrams of each classes before you code. And also include entire flow with all classes as summary at the end and if possible at very begining. You know the flow, so you find it super easy naming classes, but its tough for any beginners as classes names are big and similar. My hostel juniors gave me this feedback when I shared them ur lecture.
Thanks Raj for your suggestion. Noted this and will work on it
Nevertheless, it's a big-time first-class tutorial regardless.
Yes. This is the only thing this tutorial is missing.
Really Your Tech Gem .. Hands of your clear explanation .. LOVE IT :)
I appreciate the detailed description of this video. Thanks for sharing.
Watching your complete series because of the migration project, Thanks a lot again
Sir G- i believe you are saving the life of more than 95% programmer who is getting through your sessions. Because i am damm sure, eventually the search for a good content could have end up to one and only your session.. Thanks Man..
Thank you so much sonu for your word. Keep learning that's what my gift 🎁 buddy
this happens the first time for me, i just needed a walkthrough in spring3 + jwt and spring security. and well, you provided it 22 minutes ago. +sub
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running.
Today an interviewer asked this question to me and I was clueless about it. Pls help.
@@kshitijbansal3672 holy ffffu. it's more like:
- how many hours did you mess with spring framework, tinkering here and there?
- yes
@@kiryls1207 if you know the solution, you can, don't ask unnecessary questions
@@kshitijbansal3672 i saw guides and tutorials about spring concurrency and threading. i don't know the solution, i just started with spring
In that scenario you need to configure your scheduler related properties in only one instance
For example let's say you have instance 1 ,2 and 3
You want to run your scheduler only in instance 1 in that case create all properties of scheduler like cron expression, time zone etc only in instance 1 configuration
When i say instance 1 configuration i mean just find a place where you can load required properties
Oh wow , thank you so much sir .. i was thinking to request you for this spring security jwt and just found it now . Great ,will cover this in this weekend,thank you 😊
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running.
Today an interviewer asked this question to me and I was clueless about it. Pls help.
thanks, great video. I have followed lots of youtube videos only this code working properly. thanks again.
Thankyou so much for this
I have got a task to build jwt auth
This will be very helpful for me
Really helped me for my internship
I have learned everything I needed to learn, thanks a lot man
Just amazing as always. May God bless you.
Amazing video with covering all the aspect of JWT in latest version of spring boot.
Thank you for the in detailed walkthrough.
Please make one video on internals of spring boot security internals with new classes in involved latest version
Glad it was helpful! Yes it's in my queue soon i will do that
No words Mind Blowing session
Amazing video, you made so easy, understood every part
Thanks basant for the detailed video about jwt
Wanted to add one point: if we are generating token only when user register or login then in validation process, we can skip fetching user details from db because if the token is modified then it will be invalid token when we match it using our secret. So, If the token is valid then we can save it to our security context always.This is my understanding. Please add to it if something is incorrect or I am missing something.
Yr explanation is just amazing👍👍
Present when needed. Thank you!
Thanks for choosing this topic. And make a Oauth 2 verification video in spring boot 3
Your explanation is really good, thanks for making tutorial
This is so well explained! Thank you!
Great video, thanks for all the explanation!
Perfect Example for Spring Securrity !
Sir can you please guide how @PostMapping("/authenticate") end point is working internally? How it reading user from DataBase! although we are not using any repository in this end point. How AuthenticationMangar finds the correct user name from database?
It will be dead easy to understand if you can debug then nothing complex buddy.
I would strongly suggest you to refer to the video below to understand the internal flow
ruclips.net/video/1ERV-6cz2xk/видео.html
@@Javatechiewow luckely I was already wathcing it ! Thank you so much for your respone ! Thank you again for making things very simpliers
as per my understanding we should not hit db again for jwt token validation and we should recreate token with given header and payload and compare it with resent token, however i understand we can not verify roles with that, so there is some gap in this and i am not sure yet how that will be done.
We do validate roles with annotation @PreAuthorize
JWT (JSON Web Tokens) are designed to be self-contained, containing all the necessary information within the token itself. Once a user is authenticated and a JWT is issued, the server can verify the token's integrity and extract relevant information without needing to contact the user database for every request. I see in our example we fetched data from user details db again which may not be right way to use jwt as the purpose of using jwt is to avoid hitting db/cache for every login request, please clarify@@Javatechie
@@JavatechieYes, I too didn't understood couple of things-
1. Y u r generating token through a rest end point via @requestBody param? I think It sud b generated via filter u created. If(extractedToken= null) then create json token and should be set in context..or?
2. In ur filter, u r using userDetailService.loadUserByUserName(username) ..this username is same u extracted from ur token? Then, obviously both will be validated? Instead u should match user from token with the logged on user?
Nicely covered both authentication and authorization.
Nice explanation.......❤
Another nice explanation video ❤
Nice ...keep posting some complex spring boot projects...
This is very right way explain.
Thats a great stuff as always :) . .. One request to you ..can you create one video on Spring Security OAuth Authorization Server using spring boot 3.0 .. Thanks again.. keep up good work :)
Okay sure noted
bro just nailed it
I think it's worth explaining what you did via an IDE shortcut at the 24:58 mark. The IDE created a local variable: 'authentication' of type 'Authentication'. In order to access the 'Authentication' type you must also add the 'spring-security-core' dependency in your pom.xml file and import 'org.springframework.security.core.Authentication' in your controller class.
I know I was confused by this because I wasn't offered the option to do all of this automatically by my IDE and I couldn't see how he managed to use Authentication. Plus there are several Authentication types that can be imported from several different packages.
Brother to be very honest there is no magic happening by ide . Try to understand how spring boot dependency management works
@@Javatechie I want to first say: thank you for your videos. They've been extremely helpful and I appreciate that you're allowing free access to learning tools for everyone. I didn't mean to criticize you, but I assumed that you may desire the one piece of what I believed to be constructive criticism after watching two spring boot login service and jwt tutorials by you.
This is a tutorial. I've never done this before. It's not that simple to know what dependency and import is necessary when I don't even know that they exist in the first place because I've never used them before.
Apparently my intellisense for Java had crashed earlier, too, so that made things even more confusing because I was receiving zero recommendations for dependency requirements or imports from VS Code.
Remember, almost no experienced spring boot user is going to be watching this tutorial. We'll mostly be people learning spring boot. If you're experienced with it, then you don't need a tutorial on how to create a login service and add web tokens.
I understand your concern buddy. Tell me now how can I help you. Please feel free to ask any doubts eventuough it's simple
Hi Jeremy i would like to interrupt......he hovered on the statement and then clicked on the yellow bulb and then selected the option "introduce"...that is something provided by IntelliJ Idea(IDE being used) as a part of its intellisense
thank you man, that was very helpful
amazing tutorial!
i from vietnam, thanks your video
Excellent! Love it
Great explanation sir thanks lot
Thank you sir, more videos , I'm beginner :)
Really helpful thanks.
I implemented this JWT Authentication and Authorization, and when I call the endpoints via Postman everything works perfectly. The problem is that I'm trying to write unit tests for my controllers using JUnit 5, but all endpoints always throw 403 Forbidden. Even when I use the @WithMockUser annotation, the same problem continues.
Does anyone know what the problem could be?
Did someone who implemented this JWT Authentication and Authorization manage to do the unit tests for the controllers?
Thanks , your tutorial clips are the best.
Thank you buddy 😊
Thank you very much ❤
Greate explanation sir! as always 🙏🙏.
Worth watching your videos
such great tutorial, explained in simple way, help be crash course through it and build a new micro service implementing spring JWT authentication, thank you so much
Thanks buddy, What are you looking for here it is ruclips.net/video/MWvnmyLRUik/видео.html
Thank you sir for this video. It is really very helpful.
Very good content. Thank you very much!
Thank you for this, is there a chance of you making a full stack tutorial with Java and React in future. It will be really helpful.
Yes I will
Love you bro ! Thanks alottttt
Again an amazing tutorial. I can't thank you enough. ❤
Best Tutorial ever bro thank you somuch
Thanks Buddy, can you make a video integrating jwt on api gateway
Please check this ruclips.net/video/qODoDq5_hAM/видео.html
Hi I have a question, at 34:13 while checking for null and bearer, why we are giving space after Bearer?
In postman while selecting auth header by default it will add one additional space
@@Javatechie but if we give just the bearer.. without any space will it not work or there would be multiple result for tha string?
No it won't work . To do quick testing just add a break point in filter class and check the value
@@Javatechie ok thanx 😊, very informative video though 👍🏼
Amazing. Thank you so much
you passed claims map empty (During token generation), what is the use of that i did n't get that point? can you please elaborate that little more.
Love the popping sounds
A really nice explanation . Very helpful
27:20 How does AuthenticationManager knows it needs to lookup 'userinfo' table to verify username ?
Can you please do this using Reactive approach, it will help us.
One thing I realized, in your extractAllClaims method, the jtw parser throws exceptions that are not caught. For example, if the token is expired it throws a ExpiredJWTException! So you checks for istokenexpired is moot.
Thanks , love it
Excellent video. I also wanted to know how to implement logout. Can you show a sample with the same example?
Nice tutorial sir
Hi, your videos are very helpful and I have a request that f possible will you please make a tutorial on FusionAuth with spring boot
I am not aware that FusionAuth will check and update shortly
in JWT validation, we are not validating the password right ? First time user put their credentials, the System validates and if user is authenticated,JWT is issued to him, then the subsequent request user sends in the JWT in the request and the server just validates the username in the JWT is matching with the username in the userdetails corresponding to that user in the system and also the expiry date in the JWT is validated and if both the scenarios passes, the user is provided with the resource that he has requested.
Yes correct
❤Great demo
Thank you so much master, te amo
At 17:45, how did you define the key string with the class label SECRET? I cannot find documentation on this and I have no idea how you did it. It happened very fast.
Option+cmd+c
do we have playlist for UI? using springboot as backend?
Thymeleaf/any other ui tech
for simple UIs ?
Hell yeah thanks man 🔥
Baba, you're beautiful!
Hands down you're the best!
Thank you so much buddy for appreciating it
very informative , please we need a demo for spring boot 3 & spring cloud keycloak
Okay i will plan for it
@@Javatechie thank you so much
in this flow can we add authentication using goolge etc.?
Yes absolutely we can
Assuming backend just accept request that contain token. How can handle returned token from backend to use in all request of frontend(javaFX) that send to backend?
My problem is handling token in frontend.
Have a question about roles. I saw some video where they didn't user preauthorize annotation. But used enum role. What is the best approuch ?
Without @PreAuthorize not sure . Will check and update
Hi Basant,
It’s a nice content but my question is in our project how do we generate secret key and where do we store and how to access it.Plz let me know.Thanks
Usually your application must be integrated with the UI right? So from the UI when the user login for the first time the backend will generate the token and send it back to the ui then going forward ui will attach that token to the session or cookies
@@Javatechie yeah that’s ohk but query is how do we generate secret key not token and where do we store and how to access it.I am not asking about the jwt token .Plz let me know.Thanks
thank you for your helpful videos. please do a video on Oauth2 for springboot 3
Okay sure we will do that
Hi , I have a small request. Might be funny for some. Can you please create a small video on roadmap. Like roadmap for spring security, roadmap for spring boot or core. So that everyone can have a idea what to start first and what not.
Thank you
No it's not at all funny Budd y don't worry. spring boot road map i will prepare one video where i will cover all modules. Most probably this weekend or next okay
Thank You Basant. this is awesome. this is working like a charm with POSTman.
however I am getting CORS related error while I am trying to access from React Application.
Error is only for those APIs which are behind authentication. /authentication works as I am bypassing it.
Kindly help!! I am frustated
You need to enable cross origin from backend buddy
Please define below bean in backend
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*")
.allowedHeaders("*");
}
};
}
@Javatechie : I like your videos, you are doing a great job.
I just have one doubt here, we are extracting username from JWT token, then from that username we are fetching UserDetails, then we are matching username from JWT token with user name from UserDetails, but they both will always be same, isn't it?
No we are fetching the username and then validating it in DB whether the user exists or not
@@Javatechie but we are fetching username from db, so no need to validate again right ?
Buddy you are asking while token generation or aurhenticate endpoint? Where is your confusion
Thank you
how can ADMIN and USER access same endpoint?