This is not just Spring Security + JWT tutorial rather it is the entire backend project including the new feature of Java 8. Just an Amazing tutorial. I can not thank you enough!!
Such a crisp, to-the-point video with explanation of every Spring security syntax: Thanks a ton, mate. You're making our lives a little easy at work :)
you are awesome brother! in this fancy world many youtubers are using fancy words and vocabulary to explain even for (a+b)2 but they provide less content and more show off. But you will explain a very complex topic in a simple way which can be understandable by anyone.
I'm absolutely loving this channel!! No nonsense, straight to the point. here is your theory, here is the working example... and here is the code.. done...
@@Javatechie We all should be thankful for your efforts!! b.t.w I just watched your Springboot+Key Cloak example. Did you get a chance to extend this example to Angular App. I'm looking for Angular+API GATEWAY+ Spring Registry+REST APIs with Key Cloak. you covered everything except Key Cloak + Angular.
I have gone through a lots of tutorial link, but your explanation on any topic is excellent. you start with basic and go through some what internal part what you are picking with help of coding. It's really helpful to anyone who want to learn or do some POC part of any application. Thanks a lot Java Techie.
I have no words to thank you enough, I am struggling with this topic since long time and now it is clear. Many thanks to you buddy and god bless with everything that you dreamt of. #gratitude
you are the best, I have followed many tutorials and read various documentation but on the technical side I could not understand how to do it and there was always a problem, but thanks to you I finally managed to understand both microservices and jwt. thank you
Excellent Basant... Your effort and your knowledge is really appreciable. Earlier I was following Java Brains all tutorial, but watching your videos, am really say thanks to you. You are equal or in some area more than equal to Java brains.
Everything is well explained, just 2 points I would like to mention 1. There is no need to validate the token in the filter class as jwtTokenUtil.extractUsername(jwtToken) will return an exception if token is tampered 2. For Get request no need to set the Content-type as the body is empty.
Its great and clear Explanation JavaTechie!! Good Work and its really helpful for those who are striving to understand concepts. I suggest, you can just create a kind of Document like PDF - what you have Explained in the video, and put that all in that document. it will be very great to get the concepts refreshed when people wants to refresh the concepts again!!
Whenever start new topic so first need to understand the basic and your explanation is very basic bro and its really helpful for me and that's why I liked your video....keep it up. Thanks
Thanks for this live JWT example. It is really helpful to understand the JWT working flow and the usage of all required method and classes. Deep dive and concept wise very understandable. Thank you so much
Sir, how to do saml and ldap configuration using 2 websecurityconfig class in single application? Already i implemented saml with jwt, now i need to do for ldap but when i call ldap controller for login it expecging jwt token before itself. When i tried to use web.ingore then also i couldnt exculde that login api. How to do sir
Hi @Java Techie - Can you please help with one full-lengh video of "Request-Response Flow" in Spring Boot with Microservices Tools and Cloud? We use many tools in different layers. So, above flow should help understand the tools used and data flow through them.
Thank you so much sir , nice explanation. I have some doubts could be please clarify. Let say my api's are consuming third party api's will they need to call everytime authenticate api to generate the token to pass in the header or how they will do. and may I know which one is better approach to maintain this security mechanisam in api gateway level or our applcation.
Hi Basant, The jsonwebtoken dependency which you have used has some vulnerability so like today if we want to use then which jar do we neee to include. Like i have seen in maven repo that dependency has no more release after 2018.
Great video sir , but u hve few questions : 1. In the last step why we are adding the filter before ?(http.addFilterBefore(..) 2. In the authenticationManagerBuilder we r setting userdetails obj(our custom) , then why in our custom filter SecurityContextHolder.getContext().getauthentucation() is null ?? It should have the userdetails obj already right . Thanks in advance
What happens if token is not valid? How the filter chain breaks?What we did is authentication.Those claims are i think for roles which can be used for authorisation also?
@@Javatechie let's say I have a admin users with some roles.. And seller with other roles.. And buyer with different roles.. So based on roles I want to protect different apis... Is it possible using jwt.. If yes.. Please make a video on that
Yes it's possible using jwt Currently we are only storing username and password to claim so here we need to add role so that while generating token it will add roles to token Now wherever you will pass token from tokanen we can get the role and can validate it's action
Excellent Video, as always. I however noticed that you are calling: UserDetails userDetails = service.loadUserByUsername(userName); in the filter, for every request. Is this not expensive DB operation done for every AJAX interaction. Can we not use the claims embedded in the JWT token and populate usernamePasswordAuthenticationToken in SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken); This way a DB call for every UI interaction, for a token holder user, can be saved. Also, by looking up the DB are we not looking at the state being maintained? Again thanks for the clarification.
Hi Basant, Thanks for neat and so easy to understand explaination. I had one query how JWT validates if token is expired or not. Does it store the token anywhere along with expiry time. Thanks.
Amazing tutorial. Please add the user roles management (ADMIN, USER, etc) to this workflow. And add some examples of the use of @Secured and @PreAuthorize
Your video is detailed and completely helpful thanks for creating such a knowledge sharing videos with us. We hope you will keep on doing such a great job and help us with informative videos. Great!👍
When first time use login he need to pass username and password and with that user already role specified in DB . So while sending token return back to client just include role along with username and password . Now when second time user send request he need to pass the token which contains all the info like username and password and role . Simply extract it and validate
even though using lombok @Data for User.java class, getting error as user.getUserName() and user.getPassword() are not exists and recommend to create those in User.java class
Hello Sir , I am learning all this concept Recently , So pardon me if I am asking a very stupid question . My first doubt , Is not it a one kind of Oauth flow implementation .? Although As per my understanding it is not the OAuth flow implementation which we follow in Microservice , but this implementation is kind of OAuth flow implementation ? IS that a correct understanding ? like for example user --> go to Authorization server (here in this case /Authenticate service which is giving a access token -->and then this token is getting used for the actual resource(in this case the / restcall )). Please let me know I am understanding is correctly or not ?
Hi Thanks fir this great tuturial. I have one doubt. Even if we use JWT we have to make db call to every request to verify the user right? (Since we have called the loadByUsername in the filter).
You have not configure the H2 database credentials like url, username, password etc in you application.properties file, how is application saving data in H2 database and retrieving it back while authenticating the user details ?
Hi , Really helpful and great video. Just have one question though . You had set token time for 10 hrs. So for 10 hrs , where sill be that token will be stored? Is it in session storage of browser?
This is not just Spring Security + JWT tutorial rather it is the entire backend project including the new feature of Java 8. Just an Amazing tutorial. I can not thank you enough!!
I watched a lot of tutorials about JWT, but this tutorial is the easiest to understand! Thanks a lot !
His way of teaching is really cool.
Such a crisp, to-the-point video with explanation of every Spring security syntax: Thanks a ton, mate. You're making our lives a little easy at work :)
you are awesome brother! in this fancy world many youtubers are using fancy words and vocabulary to explain even for (a+b)2 but they provide less content and more show off. But you will explain a very complex topic in a simple way which can be understandable by anyone.
Waoo thanks for your word buddy and I am so glad that people are getting benefited with my content
I'm absolutely loving this channel!! No nonsense, straight to the point. here is your theory, here is the working example... and here is the code.. done...
Thank you buddy 😊
@@Javatechie We all should be thankful for your efforts!! b.t.w I just watched your Springboot+Key Cloak example. Did you get a chance to extend this example to Angular App. I'm looking for Angular+API GATEWAY+ Spring Registry+REST APIs with Key Cloak. you covered everything except Key Cloak + Angular.
@@durganagothi6703 buddy i didn't tried that but let me check that in coming weekend 😊
I have gone through a lots of tutorial link, but your explanation on any topic is excellent. you start with basic and go through some what internal part what you are picking with help of coding. It's really helpful to anyone who want to learn or do some POC part of any application. Thanks a lot Java Techie.
Thank you Shiv for your word ☺️
Amazing . By watching this video one can learn Spring security , H2 db implementation , JWT authentication. Great Work
Whatever new thing i want to learn, there is a video from Java Techie. Thanks alot
I have no words to thank you enough, I am struggling with this topic since long time and now it is clear. Many thanks to you buddy and god bless with everything that you dreamt of. #gratitude
I am always look upto you for any simplified tutorial yet effective to elaborate end to end implementation. Thumps up and Thank you.
Why does this make so much sense? Bravo!
Wow the code and explation both are running perfect thanks a lot for such an informative video
you are the best, I have followed many tutorials and read various documentation but on the technical side I could not understand how to do it and there was always a problem, but thanks to you I finally managed to understand both microservices and jwt. thank you
Thanks buddy 😊. Glad to hear that keep learning ☺️
Excellent Basant... Your effort and your knowledge is really appreciable. Earlier I was following Java Brains all tutorial, but watching your videos, am really say thanks to you. You are equal or in some area more than equal to Java brains.
Hi Gufran , thanks a lot for your word . This kind of appriciation always boost me
Clear explanation and worth watching entire 39 minutes video
This is one of the best JWT video I have seen. Thanks a lot brother for making this video.💯
Everything is well explained, just 2 points I would like to mention
1. There is no need to validate the token in the filter class as jwtTokenUtil.extractUsername(jwtToken) will return an exception if token is tampered
2. For Get request no need to set the Content-type as the body is empty.
Thanks Abinash
Its great and clear Explanation JavaTechie!! Good Work and its really helpful for those who are striving to understand concepts. I suggest, you can just create a kind of Document like PDF - what you have Explained in the video, and put that all in that document. it will be very great to get the concepts refreshed when people wants to refresh the concepts again!!
Thank you for your suggestion. I have a medium Blog i will upload there ☺️
I have been watching your videos recently and I definitely am a fan of yours. : )
Whenever start new topic so first need to understand the basic and your explanation is very basic bro and its really helpful for me and that's why I liked your video....keep it up. Thanks
Thanks buddy 😊
Thank You for making such video ,they are really very helpful in learning concepts with practical approach
what an amazing tutorial! It's clear, short, and to the point. thank you
Thanks for this live JWT example. It is really helpful to understand the JWT working flow and the usage of all required method and classes. Deep dive and concept wise very understandable. Thank you so much
Thanks buddy
Great Tutorial to learn Spring Security with JWT
Best tutorial related to the JWT authentication...!! 👌🏻
Thank you Javatechie... 👏👏👏👏Appreciate ur effort and knowledge
no words once again java techie help me to understand this security concept in a simple way thanks a lot javatechie keep up the good work
Keep doing the good work bro 👍..
Thanks for helping others.
thanks you for your explanation , i wish you the best
Much complex concept in a easy for the java community.
Very good tutorial, helped me a lot!
good youtube tutorial for spring boot JWT. Great keep going....
Depois de 2 dias pesquisando um que funciona de verdade. Parabéns e sucesso!!! Você me salvou. Obrigado.
After 2 days of researching one that actually works. Congratulations and success!!! You saved me. Thanks.
Did you understand above comment . I don't know which language is that 😂
@@Javatechie its Portuguese Lang Sir.
Thanks Basit 😊
Great tutorial. Clear, short and to the point. Thank you for your class !
Thanks Anton 😊
Amazing tutorial, clear and concise
I appreciate your effort i am soo happy about this.. weldone sir
Fantastic, You explained a very tough subject in very easy way. Thanks a lot Basant
Hi Billi , glad to hear this from you 👍
sir your explanation are always awesome 🤩😍 I just enjoy learning from you and never forget.
Thank you Subham 😊
WebSecirityConfigureAdapted class is deprecated. Do we have any alternate to it?
Thank you so much sir. This tutorial help me lot very neat and clear explanation.
Just speechless as usual ❤️
Great tutorial, the explanation was very clear and useful : ) Great work !
amazing tutorial
Thank you Basant!
Nice explanation thank you for your valuable efforts
This one was so well explained. Keep them coming. Thank you so much!
Sir, how to do saml and ldap configuration using 2 websecurityconfig class in single application?
Already i implemented saml with jwt, now i need to do for ldap but when i call ldap controller for login it expecging jwt token before itself. When i tried to use web.ingore then also i couldnt exculde that login api. How to do sir
Thank you buddy, you got a new subscriber 8)
Thank you so so much for this video😘😘😘!
Hi @Java Techie - Can you please help with one full-lengh video of "Request-Response Flow" in Spring Boot with Microservices Tools and Cloud? We use many tools in different layers. So, above flow should help understand the tools used and data flow through them.
Thanks a lot. Clearly understood the concept.
Very nicely explained. Thank you very much for great tutorial.
Can I get this sample code?
Source code link mentioned in video description
Thank you! You made it very clear and it worked very well.
Awesome video. concept clear sir..
Nice video! Amazing explanation!!
Great Job ,You explained very easy way. Thanks a lot Basant
Amazing tutorial bro, thanks
Thanks for your time ❤️❤️ awesome lecture
Learnt a lot from your tutorials 😎😎
It's very clear and easy to understand.
i from VietNamese. I hope you have lots of health and success in your life.
Thank you buddy 😊 keep learning
Awesome tutorial. Thanks
Thank you so much sir , nice explanation. I have some doubts could be please clarify. Let say my api's are consuming third party api's will they need to call everytime authenticate api to generate the token to pass in the header or how they will do. and may I know which one is better approach to maintain this security mechanisam in api gateway level or our applcation.
Yes every time they need to pass but that value you no need to manage from backend UI will take care of it
Great video, learned alot!
Thank you - very useful.
Thanks for such a Nice explanation . Did you published any video on Jwt token authorization using public key ?
Please checkout the latest spring security jwt video
Hi Basant,
The jsonwebtoken dependency which you have used has some vulnerability so like today if we want to use then which jar do we neee to include. Like i have seen in maven repo that dependency has no more release after 2018.
Didn't check the updated one . please check official documentation
good content as always. keep up the good work. blessing from Sri Lanka.
Hi Nadeeshan, glad to hear this dude . please keep in touch with javatechie 👏
Great video sir , but u hve few questions : 1. In the last step why we are adding the filter before ?(http.addFilterBefore(..)
2. In the authenticationManagerBuilder we r setting userdetails obj(our custom) , then why in our custom filter SecurityContextHolder.getContext().getauthentucation() is null ?? It should have the userdetails obj already right .
Thanks in advance
Please debug and check
What happens if token is not valid? How the filter chain breaks?What we did is authentication.Those claims are i think for roles which can be used for authorisation also?
Manish didn't get your second question
@@Javatechie let's say I have a admin users with some roles.. And seller with other roles.. And buyer with different roles.. So based on roles I want to protect different apis... Is it possible using jwt.. If yes.. Please make a video on that
Yes it's possible using jwt
Currently we are only storing username and password to claim so here we need to add role so that while generating token it will add roles to token
Now wherever you will pass token from tokanen we can get the role and can validate it's action
It's amazing thanks for this.
thank you so much , keep going you are awesome
Thanks a lot very well explained!!.
thank you sir ,for provide this video,❤
Excellent Video, as always. I however noticed that you are calling: UserDetails userDetails = service.loadUserByUsername(userName); in the filter, for every request. Is this not expensive DB operation done for every AJAX interaction. Can we not use the claims embedded in the JWT token and populate usernamePasswordAuthenticationToken in SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken); This way a DB call for every UI interaction, for a token holder user, can be saved. Also, by looking up the DB are we not looking at the state being maintained? Again thanks for the clarification.
When I run at 15:00 i got error like "A UserDetailsService must be Set" Wt should I do
Did you create your custom UserDetailsService
Thank you again, I'm learning a lot
Hi Basant,
Thanks for neat and so easy to understand explaination. I had one query how JWT validates if token is expired or not. Does it store the token anywhere along with expiry time. Thanks.
Yes it stores token in db with expire policy
Very nice tutorial. I would like to give you one suggestion. Please format your code so that each line of code might be visible on screen completely.
Amazing tutorial. Please add the user roles management (ADMIN, USER, etc) to this workflow. And add some examples of the use of @Secured and @PreAuthorize
Yes u will do that using keycloak
The hierarchy of the type JwtFilter is inconsistent - this exception i am getting
Your video is detailed and completely helpful thanks for creating such a knowledge sharing videos with us. We hope you will keep on doing such a great job and help us with informative videos.
Great!👍
Great tutorial .. pls keep going
Thank you. Very well explained !
How this will achieve when application uses admin and user roles? How JWT identifies whether request coming from admin role or user role?
When first time use login he need to pass username and password and with that user already role specified in DB . So while sending token return back to client just include role along with username and password .
Now when second time user send request he need to pass the token which contains all the info like username and password and role .
Simply extract it and validate
Jwts.parser(), signwith() and all deprecated so what is the replace for that functions. pleaes give suggestion
Need to check
Really nice tutorial. Thanks a lot.
It's gave lots of confidence for me. And How can I implement this security for all my microservices.
I will cover that in my microservice playlist
even though using lombok @Data for User.java class, getting error as user.getUserName() and user.getPassword() are not exists and recommend to create those in User.java class
Adding only Lombok dependency is not enough You need to add Lombok plugin and enable it if you are using Intellij.
well explained with clarity
at 28:58 from that we can get only username not password then how it can be used to authenticate the user.
Good Job keepit up
Thank you so much for this tutorial, you explained it clean and neat
Hello Sir ,
I am learning all this concept Recently , So pardon me if I am asking a very stupid question .
My first doubt , Is not it a one kind of Oauth flow implementation .? Although As per my understanding it is not the OAuth flow implementation which we follow in Microservice , but this implementation is kind of OAuth flow implementation ? IS that a correct understanding ?
like for example user --> go to Authorization server (here in this case /Authenticate service which is giving a access token -->and then this token is getting used for the actual resource(in this case the / restcall )). Please let me know I am understanding is correctly or not ?
Hi Thanks fir this great tuturial.
I have one doubt.
Even if we use JWT we have to make db call to every request to verify the user right? (Since we have called the loadByUsername in the filter).
Yes we have to validate that user
Ok Thanks 😊
Hi Basant, I am trying with this approach to perform role based authentication but facing challenges, please suggest what to do?
Error please ?
How we have to use jwt for more Microservices? Do do we need add this security in all Microservices?
No it needs to implement in API gateway
@@Javatechie Thanks bro.. Do we have any video for this?
Yes already i uploaded one please check in channel
I am new to spring security can you please explain what is the functionality security context holder class?
Please checkout my spring security internal video
You have not configure the H2 database credentials like url, username, password etc in you application.properties file, how is application saving data in H2 database and retrieving it back while authenticating the user details ?
If it found h2 dependency in your class path then automatically he will lookup default value to create h2 datasource obj
Very helpful.. explained all the things in details
Hi ,
Really helpful and great video. Just have one question though . You had set token time for 10 hrs. So for 10 hrs , where sill be that token will be stored? Is it in session storage of browser?
Actually I didn't implement UI here but usually it should store in Session storage .
@@Javatechie Thanks Mate