I am getting below error when I start my Spring Boot application. Please help. Error creating bean with name 'webSecurityConfig': Requested bean is currently in creation: Is there an unresolvable circular reference?
hi ,when I execute I 'm getting org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig': Requested bean is currently in creation: Is there an unresolvable circular reference? error.Can you help me please??
Awesome way of explanations. almost covered all important concept , thanks for such a wonderful informative session. thanks for your hard efforts to learner like me by such videos. Thanks
Required request body is missing: public org.springframework.http.ResponseEntity com.javainuse.controller.JwtAuthenticationController.createAuthenticationToken(com.javainuse.model.JwtRequest) throws java.lang.Exception",
Just finished watching this tutorial. Besides what I learned theoretically at the beginning, the pratical part of the video was more likely a big "how to copy and paste classes" without very little explaining of what (and how) everything does/work. If i'm using this in a project I would only copy and paste all without know exactly what everything does.
@@skaffen Yes, I too hate not to know what different parts of my project do. That's why I always dive until i get it. Sometimes it takes much to much time, but I can't otherwise xd
Request you to pls go little bit slow, the focus should be more on explaining the concept not quickly finishing the example. Appreciate the time and effort you are putting here. Thanks!
I'm getting error in WebSecurityConfig class while extending WebSecurityConfigurerAdapter. There is no class as WebSecurityConfigurerAdapter in the path org.springframework.security.config.annotation.web.configuration. Any solution?
Hii, thank you so much for the explanation! I have one question, how do I pass the header as query parameter instead of as header? Because yes, its doable to pass it by just inserting the header in postman, but how do I pass it is API endpoint? Hope you can answer my question. Thank you
Can you check this example with Spring Boot 2.3.3 and give us a solution to the problem? Code doesnt seem to be working with the Boot version that you have mentioned. Getting an Unauthorized 401 even for HelloWorldController
@@IbrahimMahmoud not yet and the owner of this video too has not worked on the latest version of Spring Boot to test the same. I guess his videos are outdated and were working with the older version.
@@rexsam3134 If you switch the version back does it work with you? I am not sure if this is version related problem. I also get unauthorized 401 error. Stuck for several days now.
Required request body is missing: public org.springframework.http.ResponseEntity com.javainuse.controller.JwtAuthenticationController.createAuthenticationToken(com.javainuse.model.JwtRequest) throws java.lang.Exception",
Regarding the code in the official website of JavaInUse, I find that it actually isn't quite right how the system verifies the token when the system receives a request. The JwtRequestFilter class has such line: jwtUserDetailsService.loadUserByUsername that seems to go against the design of JWT in which the resource server (in this tutorial, this is also the same system that provides the tokens) only has to verify the signature of the JWT token and check if it has expired but nothing more. In the sample code, it further checks if the username exists in the database. If the purpose of the check is to reject the request if the user record has been deleted, I think after authentication took place in JwtRequestFilter, when the resource API is called, it can handle that (username does not exist in the database). If it acts as an additional protection for security purpose, then you are not actually trusting the mechanism of JSON Web Token. However, after reading more about JWTs and how to complete the back-end architectural design so that revocation can become possible, it seems hard to not hit the database when doing JWT authentication (without implementing a sophisticated architecture).
Sir, can you tell me why author have added "class WebSecurityConfig extends WebSecurityConfigurerAdapter". I see this class's methods are not invoked anywhere in this example. What is the purpose of adding this class ?
if u r using jwt then ur probbly building a single page app and as a result u cant be vulnerable to that kind of attack due to the architecture u r using
I am checking in the filter, which authorization header the request has. Depending on that I authenticate the user in the filter class and return a JWT token, or I check for the validity of the provided token in the header.
If the token is present then it will be validated in filter class and user granted access. If token is not present, then the filter class does nothing and allows the jwtauthenticationcontroller to be called for generating and returning the token
8:20: tried copying the dependencies there. it never downloads it, tried cleaning, packaging... can't even find them on spring initializr web site too. how to proceeed? Edit: searching on stackoverflow I found a solution: simply doing a ctrl+shift+O (Intellij IDE) worked like magic.
Required request body is missing: public org.springframework.http.ResponseEntity com.javainuse.controller.JwtAuthenticationController.createAuthenticationToken(com.javainuse.model.JwtRequest) throws java.lang.Exception", please help with this error
I followed all the steps, once it comes to running the project i have this error: Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'jwtRequestFilter': Unsatisfied dependency expressed through field 'jwtTokenUtil'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtTokenUtil': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder 'jwt.secret' in value "${jwt.secret}" any Idea about it @JavaInUse
Hi Hari. To secure all microservices we usually have an application gateway. It is at this gateway that we analyze all incoming requests and allow it forward only if the token is valid. This token validation is done by a common/generic token validation service. I will try to implement such an example soon. You can also have a look at www.javainuse.com/spring/cloud-gateway
Not sure but I notice that the part where he wrote Jwts.parser().setSigningKey(secret) is WRONG. He didn't pass a Base64 secret but a plain text secret.
Im getting an error : The injection point has the following annotations: - @org.springframework.beans.factory.annotation.Autowired(required=true) Action: Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration. Can someone please help me!
@@riyasinha5336 Hi created all the files under one package, then it worked for me. Try creating classes under single package and see if it works :) Let me know if you face any issues, will try to work it out
Can you show us how we can integrate this with oauth2 resource server meaning the token will be generated by an authentication service and then each individual services will have their own resource server to determine the protected resource using @ Enable resourceserver.I am facing an issue as invalid token: cannot convert access token from JSON.Can someone help
In the tutorial - Spring Boot + OAuth 2 Password Grant - Hello World Example - www.javainuse.com/spring/springboot-oauth2-password-grant have created a separate project for Authorization Server and Resource Server. May be you can have a look
Hi,I am passing same {"username":"javainuse","password":"password"} but getting error, { "timestamp": "2021-08-31T10:40:40.927+00:00", "status": 401, "error": "Unauthorized", "message": "Unauthorized", "path": "/autenticate" } could u pls advise? I am using postman.
"status": 500, "error": "Internal Server Error", "message": "javax/xml/bind/DatatypeConverter", "path": "/authenticate" error after passing correct username and password in body Please help
had the same problem. The controller class has to be in the same package or subpackage of the main class. stackoverflow.com/questions/31318107/spring-boot-cannot-access-rest-controller-on-localhost-404
@@JavaInUse When trying validate the user against DB. password not is not encoded as base64 format.. it's coming as same as User Input. so failing to compare BCrypt
I checked the code on the official website of JavaInUse. I think you don't need to have the JwtTokenUtil.isTokenExpired method. The jjwt library does check if the token is expired by default in the parse() method and it can throw an ExpiredJwtException. So you actually don't need the JwtTokenUtil.validateToken method because if the token is invalid or expired, jwtTokenUtil.getUsernameFromToken(jwtToken), which requires the token string to be parsed, will have thrown any JWT exception you may get before you call the validateToken method.
I checked the code on the official website of JavaInUse. The part where you wrote Jwts.parser().setSigningKey(secret) is WRONG. The parameter should be in base64 instead of a plain text secret. You can use Base64.getEncoder().encodeToString(secretKey.getBytes()).
@@michaelchung8102 I am getting error at below line in JwtTokenUtil.java: return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis())) .setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY * 1000)) .signWith(SignatureAlgorithm.HS512, secret).compact(); Error is "java.lang.ClassNotFoundException: javax.xml.bind.DatatypeConverter" Any idea, how to fix it ?
I really appreciate your top quality work. One doubt i am having is httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); what is the use of UsernamePasswordAuthenticationFilter?? i put a debug point it it, and found that is never being executed
im facing this issue can anyone help : Required request body is missing: public org.springframework.http.ResponseEntity com.javainuse.controller.JwtAuthenticationController.createAuthenticationToken(com.javainuse.model.JwtRequest) throws java.lang.Exception",
I checked the code on the official website of JavaInUse. I see that the JwtTokenUtil.validateToken method requires both the token and a UserDetails object as it checks both the token validaity and whether the username inside the UserDetails matches the one that comes with the token. It actually doesn't make sense to check the username inside the token because all you have is a JWT token and you can't tell if it's a stoken token or not. All you can tell is whether the username exists in the user table in the database. And from the code itself, you can tell that the username check is unnecessary. Before calling the validateToken method in the JwtRequestFilter class, actually you have already called jwtTokenUtil.getUsernameFromToken(jwtToken) for getting the username and then the UserDetails from the database. Since the username comes from the token itself, validating the username in the validateToken method always returns true. Anyway, I appreciate your time for the tutorial.
hi ,when I execute I 'm getting org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig': Requested bean is currently in creation: Is there an unresolvable circular reference? error.Can you help me please??
I am getting below error when I start my Spring Boot application. Please help.
Error creating bean with name 'webSecurityConfig': Requested bean is currently in creation: Is there an unresolvable circular reference?
I'm getting the same issue. Did you ever find a fix?
Add @Autowired instead of
public PasswordEncoder passwordEncoder() {
Add in application.properties ---> spring.main.allow-circular-references = true :)
hi ,when I execute I 'm getting org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig': Requested bean is currently in creation: Is there an unresolvable circular reference? error.Can you help me please??
I have searched a whole day for a solution, thank you! :)
Welcome :)
very good explanation and implementation....thanks for uploading it!!
Awesome way of explanations. almost covered all important concept , thanks for such a wonderful informative session. thanks for your hard efforts to learner like me by such videos. Thanks
Kudos for same timing
You are most welcome
Thanks for the video and the article. Everything is very well explained and helped a lot.
Much helpful video, very lucid explanation. Thank you Sir
Thank you very much. Very good content. You are genius.
Finally someone with excellent explanation.
Required request body is missing: public org.springframework.http.ResponseEntity com.javainuse.controller.JwtAuthenticationController.createAuthenticationToken(com.javainuse.model.JwtRequest) throws java.lang.Exception",
Just finished watching this tutorial. Besides what I learned theoretically at the beginning, the pratical part of the video was more likely a big "how to copy and paste classes" without very little explaining of what (and how) everything does/work. If i'm using this in a project I would only copy and paste all without know exactly what everything does.
ok marcus
Exactly. Spring security is hard and deserve a lot more explanations. I'm starting to get it but it's frustrating to have a "black box" in your code.
@@skaffen Yes, I too hate not to know what different parts of my project do. That's why I always dive until i get it. Sometimes it takes much to much time, but I can't otherwise xd
Request you to pls go little bit slow, the focus should be more on explaining the concept not quickly finishing the example.
Appreciate the time and effort you are putting here. Thanks!
Thank you for this helpful tutorial.
Thank you for this awesome tutorial. Your explanations helped me a lot.
Glad could help you :)
Great job! Very practical!
I'm getting error in WebSecurityConfig class while extending WebSecurityConfigurerAdapter. There is no class as WebSecurityConfigurerAdapter in the path org.springframework.security.config.annotation.web.configuration.
Any solution?
Thank you!! Really helpful video
Good Job , very well done thanks a lot for uploading.
Welcome :)
great explanation and great sample code. thank you..
Welcome :)
Please increase the font size of letters when showing description. feeling difficult to read. Thank you in advance.
this is pure gold, thank you!
its not...
Thanks! This helped me progress a little!
Welcome :)
Hii, thank you so much for the explanation! I have one question, how do I pass the header as query parameter instead of as header? Because yes, its doable to pass it by just inserting the header in postman, but how do I pass it is API endpoint? Hope you can answer my question. Thank you
Very nice videos ....
Glad could help :)
Thank you so much, it was really helpful
Thanks for the video. It helped me so much
This helped a lot, Thank you.
Can you check this example with Spring Boot 2.3.3 and give us a solution to the problem? Code doesnt seem to be working with the Boot version that you have mentioned. Getting an Unauthorized 401 even for HelloWorldController
I think I am facing the same issue, any solution?
@@IbrahimMahmoud not yet and the owner of this video too has not worked on the latest version of Spring Boot to test the same. I guess his videos are outdated and were working with the older version.
@@rexsam3134 If you switch the version back does it work with you? I am not sure if this is version related problem. I also get unauthorized 401 error. Stuck for several days now.
@@IbrahimMahmoud I tried that but gave a huge number of dependency errors so yet to find a solution
Required request body is missing: public org.springframework.http.ResponseEntity com.javainuse.controller.JwtAuthenticationController.createAuthenticationToken(com.javainuse.model.JwtRequest) throws java.lang.Exception",
Regarding the code in the official website of JavaInUse, I find that it actually isn't quite right how the system verifies the token when the system receives a request. The JwtRequestFilter class has such line: jwtUserDetailsService.loadUserByUsername that seems to go against the design of JWT in which the resource server (in this tutorial, this is also the same system that provides the tokens) only has to verify the signature of the JWT token and check if it has expired but nothing more. In the sample code, it further checks if the username exists in the database.
If the purpose of the check is to reject the request if the user record has been deleted, I think after authentication took place in JwtRequestFilter, when the resource API is called, it can handle that (username does not exist in the database). If it acts as an additional protection for security purpose, then you are not actually trusting the mechanism of JSON Web Token.
However, after reading more about JWTs and how to complete the back-end architectural design so that revocation can become possible, it seems hard to not hit the database when doing JWT authentication (without implementing a sophisticated architecture).
Sir, can you tell me why author have added "class WebSecurityConfig extends WebSecurityConfigurerAdapter". I see this class's methods are not invoked anywhere in this example. What is the purpose of adding this class ?
I always get warning: "JWT Token does not begin with Bearer String" when submitting via postman
Did You got solution for this
@@vikaspj5995 No. I followed another guide.
@@gianrhose can you share with me
@@gianrhose can u tell me about this guide too
@@ShlokaReddy Hey. This is a long time ago. May be I can guide you if I did not recall the link?
hello sir, that's good.. thanks for your time
Welcome :)
Good tutorials how do u handle an error of token expiration to the user
Thanks for your great tutorials! Does JWT also protect spring boot from CSRF attacks?
it based on where you store your jwt or how you implement it on client side
if u r using jwt then ur probbly building a single page app and as a result u cant be vulnerable to that kind of attack due to the architecture u r using
Do you still check comments on this video? If so I have a question!
I use gradle,do you know the depenencies for jwt for gradle?
Even if I don't already do the intent to login, I receive the response "JWT Token does not begin with Bearer" from the console.
Help
Even I am getting the same problem.
String requestTokenHeader = request.getHeader("Authorization"); is returning null
I am checking in the filter, which authorization header the request has. Depending on that I authenticate the user in the filter class and return a JWT token, or I check for the validity of the provided token in the header.
If the token is present then it will be validated in filter class and user granted access. If token is not present, then the filter class does nothing and allows the jwtauthenticationcontroller to be called for generating and returning the token
Can you give example of unit test for jwt
Thank Brother That helps alot need to verify token with expiry date time and refresh jwt token ?
thank u so much!
8:20: tried copying the dependencies there. it never downloads it, tried cleaning, packaging... can't even find them on spring initializr web site too. how to proceeed?
Edit: searching on stackoverflow I found a solution: simply doing a ctrl+shift+O (Intellij IDE) worked like magic.
Required request body is missing: public org.springframework.http.ResponseEntity com.javainuse.controller.JwtAuthenticationController.createAuthenticationToken(com.javainuse.model.JwtRequest) throws java.lang.Exception", please help with this error
Could you please help me to devlop jwt authentication using microservices
I followed all the steps, once it comes to running the project i have this error:
Error starting Tomcat context.
Exception: org.springframework.beans.factory.UnsatisfiedDependencyException.
Message: Error creating bean with name 'jwtRequestFilter': Unsatisfied dependency expressed through field 'jwtTokenUtil';
nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name
'jwtTokenUtil': Injection of autowired dependencies failed;
nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder 'jwt.secret' in value "${jwt.secret}"
any Idea about it @JavaInUse
did you add jwt.secret=javainuse in application.properties ?
I still dont understand. Why username has to be 'javainuse' and password has to be "password". Where did you set those values? Can you help me plss
where can i download the entire code of this tutorial
Hi rameez thanks for this video it helps me a lot but one small issue how to secure all micro services
Hi Hari. To secure all microservices we usually have an application gateway. It is at this gateway that we analyze all incoming requests and allow it forward only if the token is valid. This token validation is done by a common/generic token validation service. I will try to implement such an example soon. You can also have a look at www.javainuse.com/spring/cloud-gateway
JavaInUse thanks rameez your videos helping me a lot
After changing just one letter in token generated I am still getting the "Hello World" as output, can't seem to understand why?
Not sure but I notice that the part where he wrote Jwts.parser().setSigningKey(secret) is WRONG. He didn't pass a Base64 secret but a plain text secret.
Thanks for the video I understood.How to give the session time out here could you please help on this.
any example behind a proxy ?
thanks for the video..
Great video.tks
How would you go about unit testing this?
Thank you very much...
Im getting an error : The injection point has the following annotations:
- @org.springframework.beans.factory.annotation.Autowired(required=true)
Action:
Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.
Can someone please help me!
I am facing the same issue..did you get any solution for this?
@@riyasinha5336 Hi created all the files under one package, then it worked for me. Try creating classes under single package and see if it works :) Let me know if you face any issues, will try to work it out
i am not getting the output in postman
Can you show us how we can integrate this with oauth2 resource server meaning the token will be generated by an authentication service and then each individual services will have their own resource server to determine the protected resource using @ Enable resourceserver.I am facing an issue as invalid token: cannot convert access token from JSON.Can someone help
In the tutorial - Spring Boot + OAuth 2 Password Grant - Hello World Example - www.javainuse.com/spring/springboot-oauth2-password-grant have created a separate project for Authorization Server and Resource Server. May be you can have a look
Hi,I am passing same
{"username":"javainuse","password":"password"}
but getting error,
{
"timestamp": "2021-08-31T10:40:40.927+00:00",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/autenticate"
}
could u pls advise?
I am using postman.
Did you get solution for this
add dependency it will work:
javax.xml.bind
jaxb-api
2.3.1
"status": 500,
"error": "Internal Server Error",
"message": "javax/xml/bind/DatatypeConverter",
"path": "/authenticate"
error after passing correct username and password in body
Please help
Solved: Add this below dependency in pom.xml
javax.xml.bind
jaxb-api
2.3.0
@@samika1983 I love you man! This is the solution! Txs!
do u have a lecture on logout ?
actually in JWT we have token expiration. I will add a lecture on it later
Thank you for the tutorial ! After sending Get request /hello , I have 404 status , why is that? :/
had the same problem. The controller class has to be in the same package or subpackage of the main class. stackoverflow.com/questions/31318107/spring-boot-cannot-access-rest-controller-on-localhost-404
@@dominic8494
Thank's for the solution
encoded password does not look like bcrypt spring boot .. i am facing this issue
need some more inform about problem you are facing
@@JavaInUse When trying validate the user against DB. password not is not encoded as base64 format.. it's coming as same as User Input. so failing to compare BCrypt
@@JavaInUse it was failing in this line if (!this.BCRYPT_PATTERN.matcher(encodedPassword).matches()) { } in BCryptPasswordEncoder class
i can successfully debug until loadbyUserName after that it's Delegating default methods written in Spring security .. Can you please help me on this
rawPassword="pasword" , encodedPassword="password"
can you give the project zip?
❤❤❤❤
I can't download the project
Just confirmed..the download link at www.javainuse.com/spring/boot-jwt is working
@@JavaInUse Download is empty
@@kredleymagalhaes7457 I confirmed. it is not empty
Good diagrams that was very helpful. Just one criticism, You speak too fast!
You can anyway change the playback speed from settings, 0.75 will suit your need!
I checked the code on the official website of JavaInUse. I think you don't need to have the JwtTokenUtil.isTokenExpired method. The jjwt library does check if the token is expired by default in the parse() method and it can throw an ExpiredJwtException.
So you actually don't need the JwtTokenUtil.validateToken method because if the token is invalid or expired, jwtTokenUtil.getUsernameFromToken(jwtToken), which requires the token string to be parsed, will have thrown any JWT exception you may get before you call the validateToken method.
hi ,when I execute I 'm getting org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig':
I checked the code on the official website of JavaInUse. The part where you wrote Jwts.parser().setSigningKey(secret) is WRONG. The parameter should be in base64 instead of a plain text secret. You can use Base64.getEncoder().encodeToString(secretKey.getBytes()).
Could you fix this in your tutorial website ASAP?
@@michaelchung8102 I am getting error at below line in JwtTokenUtil.java:
return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY * 1000))
.signWith(SignatureAlgorithm.HS512, secret).compact();
Error is "java.lang.ClassNotFoundException: javax.xml.bind.DatatypeConverter"
Any idea, how to fix it ?
@@vaibhavbhardwaj1333 Either use JDK 8 or add jaxb-impl if you are using JDK 11 or above.
I really appreciate your top quality work. One doubt i am having is
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); what is the use of UsernamePasswordAuthenticationFilter?? i put a debug point it it, and found that is never being executed
im facing this issue can anyone help :
Required request body is missing: public org.springframework.http.ResponseEntity com.javainuse.controller.JwtAuthenticationController.createAuthenticationToken(com.javainuse.model.JwtRequest) throws java.lang.Exception",
I checked the code on the official website of JavaInUse. I see that the JwtTokenUtil.validateToken method requires both the token and a UserDetails object as it checks both the token validaity and whether the username inside the UserDetails matches the one that comes with the token. It actually doesn't make sense to check the username inside the token because all you have is a JWT token and you can't tell if it's a stoken token or not. All you can tell is whether the username exists in the user table in the database.
And from the code itself, you can tell that the username check is unnecessary. Before calling the validateToken method in the JwtRequestFilter class, actually you have already called jwtTokenUtil.getUsernameFromToken(jwtToken) for getting the username and then the UserDetails from the database. Since the username comes from the token itself, validating the username in the validateToken method always returns true.
Anyway, I appreciate your time for the tutorial.
hi ,when I execute I 'm getting org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig': Requested bean is currently in creation: Is there an unresolvable circular reference? error.Can you help me please??