@@BoualiAli Hi bouali, I have a question. I am currently working on a project that requires to store the roles and permissions in a database. In this case, how can we apply and use the stored permissions in the database to authorize the actions? 🤔
i'm wondering if this video belongs to a playlist 'cause i see that when he start de videeo already has some code there, so please share the link to start from the begining with this wonderful example, thanks for the greate knowledge
Great video and explanation. Personally i prefer the PreAuthorize annotation on methods - to have a grainer control for the endpoints. But as Ali mentioned - it depends on what you want to achieve and how it works for you.
Great video, great content.Kindly next time we can make the roles and permissions configurable so that different actions can be assigned to different roles via an endpoint for scalability.
Maasha Allah, Wollah I'm just so so happy that I don't even know what to say. Thank you so much Alibou, this is exactly one of the things I wa thinking to add to my app and Boom 💥 here is it. Waiting for the Swagger docs 😁 Thank you so so much, JazaakAllahu khairan ❤
Great video! Could you also make a small video on the intellij shortcuts to cut down our development time like the one you used to replace the word on multiple lines at a single time?
Awesome video I really appreciate you , can make video how to create dynamic role and permission which admin user can change it anytime for any endpoint dynamically
Great Job Brother, Tried watching different videos to get better understanding, but yours was too good. Also, Your debugging part was impressive, consider making a video on it too.
Thank you, one of the best tutorial on Permissions and Roles I have ever seen. Please create a new tutorial about how to implement granularity and hierarchy of each role. Let's say I have list of 1000 companies from 100 countries, I would like an user responsible for updating ONLY companies from Germany, while other ONLY from USA, and UK . How would you do it? Would you create 100 Permissions? for each country?
Hi @BoualiAli, I am a bit confused for permission, Why on getAuthorities() method on Role enum, we define SimpleGrantedAuthority with Permission.getPermission(), but on SecurityConfig we define hasAnyAuthorities() with Permission.name()? How it work? I don't really understand, thank you
Great video, thanks for that and for the rest of your Spring tutorial. Would be great if you can combine this Roles and Permissions Based Authorization together with Oauth2 and show how the provider (i.e. google) goes together with user, roles and permissions entities.
Thanks for your videos, you provide AWESOME content in great depth. IF you can also do project based videos like e-commerce,learning management system, content management system so that we get a full scope to how to do projects,Thanks again
Hey, first and foremost, I want to express my gratitude for your time and the incredible effort you put into creating quality content for us. Your tutorials have been immensely helpful in my learning journey. I am currently working on a project where I would like to incorporate JWT (JSON Web Tokens) into my Spring Boot/Angular application. After conducting extensive research on the subject, I couldn't find anything that clarifies the concept and its implementation better than your videos. If possible, I kindly request if you could expedite the creation of a tutorial that demonstrates the integration of JWT in both the backend (Spring Boot) and the frontend (Angular). I truly value your expertise, and having your guidance in this particular area would be invaluable to me. I understand if this request might be challenging or time-consuming, so please let me know if it is feasible within a reasonable timeframe. Lastly, I would like to mention how much I appreciate your channel and the valuable insights you consistently provide. Your tutorials have been instrumental in deepening my understanding of various concepts, and I truly admire your teaching style. Thank you once again for your dedication and contribution to the learning community.
I really appreciate your comment and how motivating it is. I'm already working on an angular course that should be released soon. I will cover almost everything in it
@Boulaali Ali ---- Can we handle roles or add new roles to system/app from db or file etc.. dynamically may be from UI etc. with our restarting application in Spring Boot. And also needs to apply these ne roles and permissions on ui pages as well with easy. Please consider PhpRad application where we Can define roles to existing pages from UI
I hope this message finds you in good health. I would like to express my deep appreciation for discovering your channel, and I am truly grateful for the valuable content you provide. Your work has been immensely helpful to me. I do have a question that I would like to pose. As a novice in the field of Spring Security, I am wondering if it would be beneficial for me to watch your previous video titled "Spring Boot 3.0 - Secure your API with JWT Token [2023]" as a starting point. Is this video considered a foundational resource that would aid in better comprehension before proceeding further? Thank you for your continuous efforts, and I eagerly anticipate your response.
I really appreciate your comment and feedback and I'm always happy to help. the answer is yes, start with that video, the the logout video, after that the refresh token video and finally this one. I will post a video combining all the security tutorials I created so you can have a full one
Hello, and thank you for the excellent course and quality content on your channel. I've been following the series for a while, making some adjustments to fit my directory structure and architecture, but nothing significant. However, I'm encountering a problem where, regardless of the role I use, I get a 403 error when accessing the DemoController. The roles and permissions code is identical (I made sure to copy and paste your code from the repository), yet the issue persists. The console output correctly identifies the user role and details, but the 403 forbidden error persists. Did I overlook something? Perhaps I missed a detail or misunderstood a part of the instructions. What steps can I take to debug this issue? Many thanks in advance. P.S.: I apologize if my English isn't perfect; it's not my native language.Hello,
Hello~ thank you for sharing your tutorial! I appreciate it!. I just followed your code in spring security. I just have a problem which are not allowed different kind of users for login. I have no idea why.
Thank you for uploading such important educational video.. sir please upload Oauth 2.0 complete course, how can manage resource URL to Authorised for different particular user(role-base Authorization using OAuth2). And your all videos are deserving to get five star feedback.
It was a very helpful video. One thing I wanna ask is that if we have two different entities lets say buyer and seller which have there own controllers and repositories then how will we be managing their repositories in ApplicationConfig. Thanks and waiting for a reply
Many thanks for this! Just one thing puzzles me, why do you include ADMIN_* permissions in hasAnyAuthority of requestMatchers(*, "/management"), wouldn't it work already if you just included MANAGER_*? I think you defined the admin role as containing all the manager permissions, wouldn't that be sufficient already?
Great video as it explains Authorisation in more details. I am having an issue when I am trying to add a new role after the data has been loaded to MySQL DB. So if I create a new role "READ_ONLY" , and add that role during service call, I get 403 Error with message that "Data truncated for column 'role' at row 1". Now if I use "ddl-auto=create-drop", then it will work because this will always pre-populate the Role values from scratch but if I am using "ddl-auto=update", and add new Role like mentioned above, I will get the above error. Not sure if this is happening with MySQL only.
If you face this error -> Access denied and loop error issue, after creating get user request/update user. Watch Bouali's video titled 'How To Fix Infinite Recursion Loop in Spring Boot'. Thanks, Bouali.
Very nice and clear video. I also wanted to ask is it common in java that the permissions are hard coded and not stored in db for an example. I see many people doing this approach, but didn't come across any that used db to store user permissions.
Yes if you have already all the scopes predefined. Otherwise it can be stored into a database to make more dynamic and scalable. I will try to make a video explaining that
Question In your video 42:10min above of AdminController class you used @PreAuthorize("hasRole('ADMIN')") Now you deploy your code it works fine but In database I added another role called "SUPER_ADMIN" And want to apply in the AdminController then is it possible to achieve without deploying the app with the value like This @PreAuthorize("hasRoles('ADMIN, SUPER_ADMIN')") hardcoded with controller 1. I don't want to deploy I will assign any ROLE to ANY USER using UI click it will save database 2. I don't what to use @PreAuthorize as hard coded without using @PreAuthorize I will check api URL and check user has permission to access that in each request. How I may achieve that any IDEA Moreover I found ROLE in spring security is simple STRING it don't allow any custom object as my own defined It's a huge obstacle to build custom security
@@BoualiAli Thanks for the reply brother ... it's not always true that (If you add a new role to your application ==> this means that you have new requirements / logic) but for now I agree to with you but I don't to hard code like this { @PreAuthorize("hasRole('ADMIN')") } it will apply on fly I mean run time when request enters in the method. on the other hand spring security role only takes string and all it's implementation it's another barrier to customise it smoothly. By the way Thanks you and Take Care bro
they are almost the same. Permission and more granular comparing to roles. Roles are global, meanwhile permissions are specific to user actions (who can do what) You can use only roles to meet the auth requirements
Hi Ali, Great tutorial. I was wondering, if I wanted to implement a situation where the manager can grant or revoke permissions to admins i.e have a table of permissions mapped to a user(admin) and the manager can add and remove permission to different resources from the admins permission list. How do I go about this instead of hardcoding the resources that all admins should be able to access. Thanks again for this lesson.
the issue is that once a request matches a specific role(like ADMIN), it doesn’t proceed to check the authority(ADMIN_CREATE). This happens because Spring Security stops processing further matchers once it finds a match. so i think only the permissions should be there in the granted authorities and in request matchers. Also you have made mistake in Roles enum where in authorities you are returning {new SimpleGrantedAuthority(permission1.getPermission()) as list } but in Request matchers its Permission.name() .
Thanks so much, boss, I'm a bit skeptical about what and while we need to seperate authority i.e (admin:create, admin:delete etc.) , are you saying if i use (admin:create) on all the endpoint(methods), i will not be able to access the resources? Like. Thnaks
hello alibu and congratulations for the perfect job. I build a rest api and i have an entity called event. I use command objects for response and i am wondering how i can implement the authorities because for example in a Get ~/event/ request if user is admin I need to return adminEventCommandObject if use is HR i need to return hREventCommandObject etc.
very nice tutorial, but I have a doubt that how to give permissions dynamically like if a new user added to the system then how to give roles and permissions to that user? if any one know please let me know ):
great , i want access all users from user controller it is not working code is correct , for custom controller working please check if we want access all users is it working or no ?
Hello! I attempted to follow your instructions and had some success. However, when I tried to use the @PreAuthorize annotation in either the admin or management controller, I consistently received a 403 error (the previous requestMatchers worked fine)
Join the Micro Services course waiting list and get and get an exclusive *EARLY-BIRD discount*
aliboucoding.ck.page/d0f9317e13
After watching a lot of videos, I can say you are the best one who explains it very smoothly and clearly 🤩 Thank you Alibou for your hard efforts 🙏
thank you so much for the nice comment. really appreciate that
@@BoualiAli Hi bouali, I have a question. I am currently working on a project that requires to store the roles and permissions in a database. In this case, how can we apply and use the stored permissions in the database to authorize the actions? 🤔
I also have the similar requirement. Guide me on how this was implemented if already done.
what if the role needs to be dynamic meaning not only tied to ADMIN, MANAGER ? is there a good way to handle it?
Thank you for the video
I think the main concept here is that a role is a container for permissions
exact
Thank you so much, you are making the life easier.
T'es vraiment trop trop fort, c'est incroyable
Really happy you liked it
Jus occupied with some school work but once done I will follow. I love your content bro. God bless you
Really to have you with us. I will keep posting more and more content.
A lot is coming in different areas not only spring
One of the best tutorials out there!!
Happy you liked it!
i'm wondering if this video belongs to a playlist 'cause i see that when he start de videeo already has some code there, so please share the link to start from the begining with this wonderful example, thanks for the greate knowledge
I have been waiting for this video for a long time. Thank you ❤
Happy to help
You have the outstanding tutorials, çok teşekkür ederim kardeşim
Great tutorial, thanks very much. I was just searched role and permission based security
Glad it helped
Thanks, would like a course on debugging with IntelliJ
better clearance and better understanding, thx
Glad it helped
Great video and explanation. Personally i prefer the PreAuthorize annotation on methods - to have a grainer control for the endpoints. But as Ali mentioned - it depends on what you want to achieve and how it works for you.
Great point!
Thank you very much sir Ali ♥️, could you make us a video on the front-end using angular🙏.
Really happy you liked it
Already working on it
Great video, great content.Kindly next time we can make the roles and permissions configurable so that different actions can be assigned to different roles via an endpoint for scalability.
I will note that for the coming video
@@BoualiAli I appreciate.Good stuff man.
Learned lot of things. Thanks a lot
Glad to hear that!
Thank you Alibou for amazing contents! Please make a video about "Auditing entities in Spring boot".
Sure, great Idea
Great tutorial as usual!
glad you liked it!
This content is amazing Sr. Thanks.
Glad you enjoy it!
Maasha Allah, Wollah I'm just so so happy that I don't even know what to say.
Thank you so much Alibou, this is exactly one of the things I wa thinking to add to my app and Boom 💥 here is it.
Waiting for the Swagger docs 😁
Thank you so so much, JazaakAllahu khairan ❤
Swagger docs is published now 😁
Perfect timing
Great video! Could you also make a small video on the intellij shortcuts to cut down our development time like the one you used to replace the word on multiple lines at a single time?
I will create a short for that (reel)
congratulations, your videos are much more informative than many courses, a hug from brazil
Thank you 🙏
Really appreciate that
It would be great if you could make a video on how to debug. Your explanations and your code are the best. Thanks for making Spring understandable!!
I will create one ASAP
I really need that
@@codeduel the video is already published.
Enable the notifications so you won’t miss any new video
Would love to see user management and authentication with Keycloak
Already preparing the content
Awesome, but where is the full video link?
thank you so much Alibou I learned a lot you are the best
Happy to hear that!
Awesome video I really appreciate you ,
can make video how to create dynamic role and permission which admin user can change it anytime for any endpoint dynamically
Yes, soon
Awesome as always.... Debugging Video please
Already published.
Enable the notifications for next times
Great Job Brother, Tried watching different videos to get better understanding, but yours was too good. Also, Your debugging part was impressive, consider making a video on it too.
Already published a video on debugging.
Go check it in my channel
Thank you, one of the best tutorial on Permissions and Roles I have ever seen. Please create a new tutorial about how to implement granularity and hierarchy of each role. Let's say I have list of 1000 companies from 100 countries, I would like an user responsible for updating ONLY companies from Germany, while other ONLY from USA, and UK . How would you do it? Would you create 100 Permissions? for each country?
Glad you liked it!
What is the answer for the question ?
Сподобалося відео! Дякую
My pleasure. thank you so much for you feedback
(I use translations to understand it lol)
THANK YOU SO MUCH I VE SEEN YOU !! U R GREAT
You are so welcome!
COUPON Code: *EARLYBIRD20* => Spring Data J PA course: aliboucoding.com/p/the-full-guide-to-master-spring-boot-data-jpa
please make a video handle the security exceptions. cause the right resource pretty much missing on the internet
Sure
Allah bless you ❤@@BoualiAli
I am having a hard time to follow your video. Which order I should watch the video of Spring security series ?
Hi @BoualiAli, I am a bit confused for permission, Why on getAuthorities() method on Role enum, we define SimpleGrantedAuthority with Permission.getPermission(), but on SecurityConfig we define hasAnyAuthorities() with Permission.name()? How it work? I don't really understand, thank you
like, brb later. Who is the man? You are the man
Thank youu
Hey @BoualiAli, are you going to do a video with debugging in IntelliJ?
already done. search in the channel and you will find it
Great video. U help me alot
Great video, thanks for that and for the rest of your Spring tutorial.
Would be great if you can combine this Roles and Permissions Based Authorization together with Oauth2 and show how the provider (i.e. google) goes together with user, roles and permissions entities.
I’m already preparing a video about keycloack that will cover all that
@@BoualiAli thanks!
keycloack sounds great, you mean it will also allow Oauth2?
@@devozs yes
@@BoualiAli man, I was searching a video like this, and I just read this comment! With the quality of your content the wait will be worth it!
@@UnknownUser77839 you will absolutely like the content
thanks a lot Ali ! This was very helpful
Glad it helped!
Thanks for the video. I am interested in a video about debugging.
WIP
great video thank you so much
Happy you liked it!
I LOVE YOU! THX for the video
Happy you liked it
Thanks for this awesome tutorial, please when are you doing the tutorial on debugging as you said in the video using Intellij, thanks.
Already published sometime ago.
Enable the notifications, I'm always saying that so you don't miss any videos
@@BoualiAli Thanks much
You are the best man
Thank you my friend
Thanks for this video Ali. A master class as always ❤🔥❤🔥❤🔥
Happy to know that
another awesome helpful video 💪
My pleasure!
Thank Sir, Plz include with the jwt Exception too
Check the exception handling video. it wil help you
Thanks for your videos, you provide AWESOME content in great depth. IF you can also do project based videos like e-commerce,learning management system, content management system so that we get a full scope to how to do projects,Thanks again
I'm already working on a new course.
@@BoualiAli A simple User Management System will be perfect! :)
Really apreciate it! Super well explained.
Happy you liked it
Great video. Have developed a video on Debugging on Intelij IDEA?
yes
You're the best!
Thank you
Hey, first and foremost, I want to express my gratitude for your time and the incredible effort you put into creating quality content for us. Your tutorials have been immensely helpful in my learning journey. I am currently working on a project where I would like to incorporate JWT (JSON Web Tokens) into my Spring Boot/Angular application. After conducting extensive research on the subject, I couldn't find anything that clarifies the concept and its implementation better than your videos.
If possible, I kindly request if you could expedite the creation of a tutorial that demonstrates the integration of JWT in both the backend (Spring Boot) and the frontend (Angular). I truly value your expertise, and having your guidance in this particular area would be invaluable to me. I understand if this request might be challenging or time-consuming, so please let me know if it is feasible within a reasonable timeframe.
Lastly, I would like to mention how much I appreciate your channel and the valuable insights you consistently provide. Your tutorials have been instrumental in deepening my understanding of various concepts, and I truly admire your teaching style. Thank you once again for your dedication and contribution to the learning community.
I really appreciate your comment and how motivating it is.
I'm already working on an angular course that should be released soon. I will cover almost everything in it
@@BoualiAli thank u sir , we are impatiently waiting.
Thanks for ur time once again
Nice Video. In the video u mentioned about earlier video about User. Can u pls provide the link for the same
check the playlists
@Boulaali Ali ---- Can we handle roles or add new roles to system/app from db or file etc.. dynamically may be from UI etc. with our restarting application in Spring Boot. And also needs to apply these ne roles and permissions on ui pages as well with easy. Please consider PhpRad application where we Can define roles to existing pages from UI
Great tutorial, We need intellij debugging video with your secret tips ❤😍🔥
Already done.
Subscribe and enable the notification so you won't miss any new video
already done 🤩 thank you again ❤️
thank you mate
The best, Thanks
Thank you too!
What design pattern would you suggest to use to overlay this program?
Hey, could you do a video about this jwt and add angular please.
Working on it
Great content.
Please make a video on debug in intelliJ.
Thanks
Sure I will
@@BoualiAli looking forward to it..😊😊
Authorize using azure ad ... Manage permissions in local database
I will try
I hope this message finds you in good health. I would like to express my deep appreciation for discovering your channel, and I am truly grateful for the valuable content you provide. Your work has been immensely helpful to me. I do have a question that I would like to pose.
As a novice in the field of Spring Security, I am wondering if it would be beneficial for me to watch your previous video titled "Spring Boot 3.0 - Secure your API with JWT Token [2023]" as a starting point. Is this video considered a foundational resource that would aid in better comprehension before proceeding further?
Thank you for your continuous efforts, and I eagerly anticipate your response.
I really appreciate your comment and feedback and I'm always happy to help.
the answer is yes, start with that video, the the logout video, after that the refresh token video and finally this one.
I will post a video combining all the security tutorials I created so you can have a full one
@@BoualiAli thank you for your answer , this is what I'm currently doing.
thank you for your help again and for your time
.
Hello, and thank you for the excellent course and quality content on your channel.
I've been following the series for a while, making some adjustments to fit my directory structure and architecture, but nothing significant. However, I'm encountering a problem where, regardless of the role I use, I get a 403 error when accessing the DemoController. The roles and permissions code is identical (I made sure to copy and paste your code from the repository), yet the issue persists. The console output correctly identifies the user role and details, but the 403 forbidden error persists.
Did I overlook something? Perhaps I missed a detail or misunderstood a part of the instructions. What steps can I take to debug this issue? Many thanks in advance.
P.S.: I apologize if my English isn't perfect; it's not my native language.Hello,
Hello~ thank you for sharing your tutorial! I appreciate it!. I just followed your code in spring security. I just have a problem which are not allowed different kind of users for login. I have no idea why.
Can you explain a bit more please?
can we implement authorisation at the Gateway level? this will reduce changing a lot of code in the application in the downstream of Gateway.
Can you explain to us how to make a many to many relationship (many users has many roles)?
Check the spring data jpa playlist
Thank you for uploading such important educational video.. sir please upload Oauth 2.0 complete course, how can manage resource URL to Authorised for different particular user(role-base Authorization using OAuth2). And your all videos are deserving to get five star feedback.
coming soon
Nice video, but How to use this service for multiple microservices. to provide authentication as per role.
Implement it on the gateway
@@BoualiAli if possible pls make video on that..
very good.
It was a very helpful video. One thing I wanna ask is that if we have two different entities lets say buyer and seller which have there own controllers and repositories then how will we be managing their repositories in ApplicationConfig. Thanks and waiting for a reply
Can you please explain a bit more, I didn't get the topic
Many thanks for this!
Just one thing puzzles me, why do you include ADMIN_* permissions in hasAnyAuthority of requestMatchers(*, "/management"), wouldn't it work already if you just included MANAGER_*?
I think you defined the admin role as containing all the manager permissions, wouldn't that be sufficient already?
thank you.
I need to double check the code. I forgot honestly
Great video as it explains Authorisation in more details. I am having an issue when I am trying to add a new role after the data has been loaded to MySQL DB. So if I create a new role "READ_ONLY" , and add that role during service call, I get 403 Error with message that "Data truncated for column 'role' at row 1". Now if I use "ddl-auto=create-drop", then it will work because this will always pre-populate the Role values from scratch but if I am using "ddl-auto=update", and add new Role like mentioned above, I will get the above error. Not sure if this is happening with MySQL only.
One walkthrough is to add a new value like "READ_ONLY" to the columns directly in the database. But that won't be good practice for Production DB.
Check the data compatibility: type, length,...
If you face this error -> Access denied and loop error issue,
after creating get user request/update user.
Watch Bouali's video titled 'How To Fix Infinite Recursion Loop in Spring Boot'.
Thanks, Bouali.
thanks for sharing
Very nice and clear video. I also wanted to ask is it common in java that the permissions are hard coded and not stored in db for an example. I see many people doing this approach, but didn't come across any that used db to store user permissions.
Yes if you have already all the scopes predefined. Otherwise it can be stored into a database to make more dynamic and scalable.
I will try to make a video explaining that
@@BoualiAli that would be amazing to see, hopefully we can see that video coming to light.
Question
In your video 42:10min above of AdminController class you used @PreAuthorize("hasRole('ADMIN')")
Now you deploy your code it works fine but In database I added another role called "SUPER_ADMIN"
And want to apply in the AdminController then is it possible to achieve without deploying the app with the value like
This @PreAuthorize("hasRoles('ADMIN, SUPER_ADMIN')") hardcoded with controller
1. I don't want to deploy I will assign any ROLE to ANY USER using UI click it will save database
2. I don't what to use @PreAuthorize as hard coded without using @PreAuthorize I will check api URL and check user
has permission to access that in each request.
How I may achieve that any IDEA
Moreover I found ROLE in spring security is simple STRING it don't allow any custom object as my own defined
It's a huge obstacle to build custom security
If you add a new role to your application ==> this means that you have new requirements / logic. So it makes sens change the code, write tests, ....
@@BoualiAli Thanks for the reply brother ... it's not always true that (If you add a new role to your application ==> this means that you have new requirements / logic) but for now I agree to with you but I don't to hard code like this { @PreAuthorize("hasRole('ADMIN')") } it will apply on fly I mean run time when request enters in the method. on the other hand spring security role only takes string and all it's implementation it's another barrier to customise it smoothly. By the way Thanks you and Take Care bro
in 9:28 what is the shortcut that did u use ?
All the shortcuts that I use are displayed in the green popup
What the differences between role and permission? and can I use role only to meet the authorization requirement ?
they are almost the same.
Permission and more granular comparing to roles.
Roles are global, meanwhile permissions are specific to user actions (who can do what)
You can use only roles to meet the auth requirements
Please add video on debugging
Coming next week
Love you 😘
Hi Ali, Great tutorial. I was wondering, if I wanted to implement a situation where the manager can grant or revoke permissions to admins i.e have a table of permissions mapped to a user(admin) and the manager can add and remove permission to different resources from the admins permission list. How do I go about this instead of hardcoding the resources that all admins should be able to access. Thanks again for this lesson.
You can store them in a database or use OAuth2 instead and it will handle everything for you
Can u complete this on the angular side
already available in Book Social Network playlist
the issue is that once a request matches a specific role(like ADMIN), it doesn’t proceed to check the authority(ADMIN_CREATE). This happens because Spring Security stops processing further matchers once it finds a match. so i think only the permissions should be there in the granted authorities and in request matchers.
Also you have made mistake in Roles enum where in authorities you are returning {new SimpleGrantedAuthority(permission1.getPermission()) as list } but in Request matchers its Permission.name() .
The order of the matchers really matters. So this is why you get this behavior
Finally!!
Yess hahah
I love your video
Happy you liked it
does anyone know where can I find the prior video before this vdo that he refers to? thx
in the spring security playlist
Right here I think there is a mistake that is you can get even refresh token with access token, I don't know maybe
Can you explain?
Is there a way to handle permissions in keycloak?
Yes, check the keycloack video
Thanks so much, boss, I'm a bit skeptical about what and while we need to seperate authority i.e (admin:create, admin:delete etc.) , are you saying if i use (admin:create) on all the endpoint(methods), i will not be able to access the resources? Like. Thnaks
it always depends on you needs and business rules
hello alibu and congratulations for the perfect job. I build a rest api and i have an entity called event. I use command objects for response and i am wondering how i can implement the authorities because for example in a Get ~/event/ request if user is admin I need to return adminEventCommandObject if use is HR i need to return hREventCommandObject etc.
Can you please post in the discord server?
very nice tutorial, but I have a doubt that how to give permissions dynamically like if a new user added to the system then how to give roles and permissions to that user?
if any one know please let me know ):
I will make a video for that too, soon
When user forgot password, How can they reset their password?. I hope you make this tutorial.
Already done, search in the channel
I just found GOLD..........Thank you for this @BoualiAli
great , i want access all users from user controller it is not working code is correct , for custom controller working please check if we want access all users is it working or no ?
In this particular use case when I am already using role do I need add permissions anymore? Is it not redundant?
check my github account
How can we utilize this microservice with Spring Cloud Gateway and share user details and user authorization among other microservices?
Nothing special, just implement it on the API Gateway level
Hello! I attempted to follow your instructions and had some success. However, when I tried to use the @PreAuthorize annotation in either the admin or management controller, I consistently received a 403 error (the previous requestMatchers worked fine)
Did you add the annotation to enable the @PreAuthorize?
@BoualiAli, my bad. I forgot to enable the method. Thank you very much!
sir make a video for jwt exception handling
Already done. check the playlist
@@BoualiAli bt how do we handle exception for all jwt services
@@pujanshrestha5900 i already explained how to handle exceptions. Jwt exceptions are not special exception they can be handled in the same way