Sorry about rushing through the topics, there was lot to cover. Spring Security is a dense subject. I recommend pausing at every feature and trying to implement it. Let me know if you want me to cover any topic in-depth. I am also creating a hands-on coding video with same slides. Will try to publish it soon.
Timeline 0:00 Create a new Spring Boot project (via Initializr) 0:20 Create a sample controller 0:41 Spring Security's default log-in feature 2:17 Customize user and password (via property file) 2:40 Get authenticated user (2 ways) 3:43 In-Memory users 5:39 JDBC users 6:56 Customize Login Page 8:36 OAuth 2.0 Google Client (via property file) 9:43 REST API Authentication (Postman + Basic Auth) 12:23 URL based security 13:24 Authorization 14:24 Lot more
2:50 can get the Principal object (the authenticated user) with the request 4:00 in memory authentication using WebSecurityConfigurerAdapter and implementing the configure method that takes an AuthenticationManagerBuilder. There are other configure methods in the WebSecirityConfigurerAdapter that don’t take an AuthenticationManagerBuilder, but take HttpSecurity for example. WebSecurityConfigurerAdapter is usually an inner class inside a WebMvcConfigurer class, but can also be its own class WebMvcConfigurer has methods you can override, such as customizing the ViewControllerRegister and adding a custom login page to it By default, you need to have a password encoder or else spring throws an exception. You can turn it off by putting a 5:04 prefix {noop} to the pass to tell spring don’t use password encoder (use the noop password encoder). This is for in-memory authentication only. 5:45 jdbcauthentication, needs a DataSource object, can also disable password encoding by doing .passwordEncoder(NoOpPasswordEncoder.getInstance()) AuthenticationManagerBuilder.jdbcAuthentication...needs to have two tables in your db schema: users table and authorities table Having a schema.sql file makes spring run the sql statements against the db on startup to create the tables 7:20 WebSecurityConfigurerAdapter configure method that takes HttpSecurity object. Can use the HttpSecurity to set the custom login page (along with addViewController function from WebMvcConfigurer) 9:00 oauth 9:50 rest api authentication Depending on the Accept header from the client, sprint can either send a 401 unauthorized or redirect the client to a login page with 302
This was the one I was waiting for !! Finally! Thank you! And given how dense and difficult spring security is, you did a marvelous job in making things so clear! Those who will complain that the video is rushed, haven't tried learning spring security by themselves! 😄 Compared to that headache, this is an absolute pleasure to go through!
Thanks, please have more videos open ID connect + OAuth 2 where the final response of OAuth 2 would have Id token additionally so that in that case first request goes to openid for authentication and then jwt token would be generated along with user info and then same OAuth 2 will interpret it and return token then
Also, a suggestion, it would be great if you could collaborate with someone for angular/react (if not yourself) and show the full frontend to backend security/authorization flow. Especially role based auth, parts of which you touched at the very end of the video
By the way, while watching the video I thought that declaring protected paths with allowed roles using just strings in security configuration class is very error prone. What if the path of your admin functions controller changes and you forget to change it in the configuration? It would be much better if there were some annotations on the controllers or endpoint themselves which would tell what the security model should be for that endpoint. Wondering if Spring Security has this functionality hidden somewhere deeply?
There is method based security feature, where you can use annotation on the method which you want to protect. www.baeldung.com/spring-security-method-security
I agree. Sorry about that. There was a lot to cover and I wanted the video to be short. I recommend pausing at every feature and trying to implement it to help understand better. I am also creating a hands-on video, will publish it soon.
@@DefogTech please make video as very short also 4 to 5 mints around.if need pause. Ur video explain me lot to understand about concurrency. I expecting same. Thanks for your support.
![Spring Boot 3.0 Security | Authentication and Authorization | [New Changes] | javaTechie](/img/1.gif)
Sorry about rushing through the topics, there was lot to cover. Spring Security is a dense subject. I recommend pausing at every feature and trying to implement it. Let me know if you want me to cover any topic in-depth.
I am also creating a hands-on coding video with same slides. Will try to publish it soon.
Thank You so much for such a great video.. Though the hands-on coding videos are way more pleasant, this also did it's job..
Please explain slown and clear
How about Core java videos especially on abstraction with real life scenario
Could you have a video on SAML authentication and a diagram of how the control flows goes
could you create videos on micro services, like how to choose resources, benefits compared to SOA like that?
OMG, In 14 mins u have covered every topic of spring security in a simple manner. Hats off to u
Timeline
0:00 Create a new Spring Boot project (via Initializr)
0:20 Create a sample controller
0:41 Spring Security's default log-in feature
2:17 Customize user and password (via property file)
2:40 Get authenticated user (2 ways)
3:43 In-Memory users
5:39 JDBC users
6:56 Customize Login Page
8:36 OAuth 2.0 Google Client (via property file)
9:43 REST API Authentication (Postman + Basic Auth)
12:23 URL based security
13:24 Authorization
14:24 Lot more
Hi Buddy...you just nailed the java. I have gone through many of ur videos . All are awesome. Please make video on JMS with Spring. Also on AWS.
I’m watching almost all of your videos. I learn something from every video even if I think I know about it. Please keep creating more videos. Thanks.
2:50 can get the Principal object (the authenticated user) with the request
4:00 in memory authentication using WebSecurityConfigurerAdapter and implementing the configure method that takes an AuthenticationManagerBuilder. There are other configure methods in the WebSecirityConfigurerAdapter that don’t take an AuthenticationManagerBuilder, but take HttpSecurity for example.
WebSecurityConfigurerAdapter is usually an inner class inside a WebMvcConfigurer class, but can also be its own class
WebMvcConfigurer has methods you can override, such as customizing the ViewControllerRegister and adding a custom login page to it
By default, you need to have a password encoder or else spring throws an exception. You can turn it off by putting a
5:04 prefix {noop} to the pass to tell spring don’t use password encoder (use the noop password encoder). This is for in-memory authentication only.
5:45 jdbcauthentication, needs a DataSource object, can also disable password encoding by doing .passwordEncoder(NoOpPasswordEncoder.getInstance())
AuthenticationManagerBuilder.jdbcAuthentication...needs to have two tables in your db schema: users table and authorities table
Having a schema.sql file makes spring run the sql statements against the db on startup to create the tables
7:20 WebSecurityConfigurerAdapter configure method that takes HttpSecurity object. Can use the HttpSecurity to set the custom login page (along with addViewController function from WebMvcConfigurer)
9:00 oauth
9:50 rest api authentication
Depending on the Accept header from the client, sprint can either send a 401 unauthorized or redirect the client to a login page with 302
So far the best channel with full stuff and no fluff
My first comment on youtube. Have watched all your videos. Just a few to go. This video is by far the best video I have ever seen.
This was the one I was looking for. Thanks buddy, you made my day
In 14min video you just covered everything.. It's awesome man!! Thanks.. 😁😁😁
I never had such brilliant tutorials
Thank You. Nice introduction on security.
This was the one I was waiting for !! Finally! Thank you! And given how dense and difficult spring security is, you did a marvelous job in making things so clear! Those who will complain that the video is rushed, haven't tried learning spring security by themselves! 😄 Compared to that headache, this is an absolute pleasure to go through!
Really great video this is..Could you please make two separate videos with hands on coding 1)OAuth 2.0 and 2)JWT.
Yes please!
Thanks, please have more videos open ID connect + OAuth 2 where the final response of OAuth 2 would have Id token additionally so that in that case first request goes to openid for authentication and then jwt token would be generated along with user info and then same OAuth 2 will interpret it and return token then
Awesome dude. Very well explained. Voice and presentation are very clear.
Thank u so much
It was so nice to get a notification on every Sunday.... We r learning great 👍.
Kudos to u
Also, a suggestion, it would be great if you could collaborate with someone for angular/react (if not yourself) and show the full frontend to backend security/authorization flow. Especially role based auth, parts of which you touched at the very end of the video
Excellent job, thanks
It is short but very informative video, Thanks :)
Great!. Pls bring up the cors
Great video, thank you! Waiting for more Spring videos😎
A good brief info. Love Ur videos.😎
You are best
Thank u so much.... Please make another videos for Authorization through AWS signature.
Great, simple & clear
Strait forward and too the point.
at 1:58 you have login as user but how come it shows as Hello there defog
👍👍 thanks
Hi ..pls make more vedio on micro services .. communication between micro services
Hi. Could you pls make one video for Docker and swagger too. Thanks for all ur videos. very helpful.
Thank you so much..salute😁😁
Great 👏
This is good, can you also do one with JWT token Authentication and Authorization using roles, will be helpful. I like the your flow.........
Hi Deepak, waiting for CORS and CSRF videos
Hi Sanket, I dont have plans at this moment to create CORS and CSRF videos. I am currently studying only distributed systems. Sorry to disappoint.
Awesome ..!
Can you make Spring ACL for us, thanks
Boss where are you.. long time no see.. do some videos on microservices please
By the way, while watching the video I thought that declaring protected paths with allowed roles using just strings in security configuration class is very error prone. What if the path of your admin functions controller changes and you forget to change it in the configuration? It would be much better if there were some annotations on the controllers or endpoint themselves which would tell what the security model should be for that endpoint. Wondering if Spring Security has this functionality hidden somewhere deeply?
There is method based security feature, where you can use annotation on the method which you want to protect.
www.baeldung.com/spring-security-method-security
spring.security.user.name=admin in latest versions of springboot
make tutorial on spring boot JWT+MySQL
Please have a website or something so that I can donate whatever is possible for me to promote such content.
Thank you sir... There's an applaud option in youtube for support. Will soon start memberships too. Thanks much 😊
Checkout 0.70X speed
Too fast your explaining this time. Comparing previous tutorial is so fast not able to follow. Please follow the same as previous.its helps me more
I agree. Sorry about that. There was a lot to cover and I wanted the video to be short. I recommend pausing at every feature and trying to implement it to help understand better. I am also creating a hands-on video, will publish it soon.
@@DefogTech please make video as very short also 4 to 5 mints around.if need pause. Ur video explain me lot to understand about concurrency. I expecting same. Thanks for your support.