MASTER JWT Authentication with Java Spring Boot 3
ฝัง
- เผยแพร่เมื่อ 4 ส.ค. 2024
- Learn JWT Authentication with an example project for Spring Boot 3. JWT Authentication is the most popular way to implement authentication in your application, and probably one of the more popular questions from beginner to intermediate Spring Boot developers.
We'll go through some flow diagrams to demonstrate where JWT authentication fits into things, then we'll implement with some code - by the end of this, you'll be able to add most of the same objects into your own project with some confidence!
It's gonna be fun! ☕☕
👉👉Grab the source (on github): t.ly/VSDSN
🔗Grab My Other Products Available:
- Build Your First Web Service API Using Java Spring Boot wazoowebbytes.gumroad.com/l/x...
👋🏻Connect with me:
Twitter: / eyuzwa
🔗Links & References:
- Docker Desktop Client: www.docker.com/
- Start Spring IO: start.spring.io/
- JWT.io: jwt.io/
===---=== Chapters ===---===
0:00:00 - Introduction
0:01:03 - Video Outline
0:01:58 - What is JWT?
0:04:02 - JWT Sign Up Flow
0:04:54 - JWT Sign In Flow
0:06:06 - JWT Request Resource Flow
0:08:19 - Start.spring.io Generate Project
0:09:28 - Opening the Project in IntelliJ
0:09:40 - Configuring Docker in compose.yaml
0:12:01 - Start up the Server
0:12:26 - Updating some Application.Properties
0:14:07 - The User Model
0:16:54 - The Role Model
0:18:02 - The User Repository
0:18:45 - PasswordConfig Bean
0:19:39 - Setting up the SecurityConfig
0:26:00 - The UserService
0:28:45 - The JwtAuthenticationFilter
0:35:11 - Updating the Pom.xml
0:36:14 - The JwtService
0:40:50 - Creating a new JWT secret key with Node
0:42:09 - AuthenticationService
0:45:07 - Setting up the DTO's
0:46:15 - Creating some Seed Data
0:47:31 - Looking at the AuthenticationController
0:48:48 - Creating a TestController
0:50:30 - Checking the Database for the Admin User
0:51:14 - Testing Endpoints and JWT with Postman
0:56:53 - Final look at the Database
0:57:08 - Wrapping Up
#springboot #docker #jwt - วิทยาศาสตร์และเทคโนโลยี
![[TH] G2 vs PRX | EDG vs FUT - VALORANT Champions 2024 DAY 4](http://i.ytimg.com/vi/Bkr_qM7dIaM/mqdefault.jpg)
Thank you very much, the tutorial is amazing! And the most important - it works!
hhehe thanks! I appreciate it, and I'm glad it worked out for you!!
Thank you for releasing this!!
Thank you for stopping by and leaving a comment! Glad it helped!
Awesome Content Please Keep making more videos.
Thumbs Way Way Way Up!
wow thanks so much for the feedback! I'm definitely making more! :)
love this video!
thank you!
I am already at the beginning but i feel i will love this video. Would you please give more content for Spring + React projects.
thank you for the kind words - hope the videos help you out! For sure, I'm hearing for a lot more requests for Spring + React!
Great tutorial ty
thank you so much - appreciate it
One of the most asked questions for those new to Spring Boot, is "How do I setup JWT Authentication??" Hope this helps you out! Also leave a comment with a frontend framework to use for consuming this JWT token!
This is great tutorial, I would love to see consuming this JWT with ReactJs. Thanks!
thank you! Working on that as I type this out!
@@wazoowebbytes That's great, thanks for replying. I would be waiting for the update:)
and....
I have a question rather a requirement where I want to each user have their specific set of APIs to be accessible.
And also the same goes for swagger documentation. The API should be based on the security config for that particular user.
Have you ever came across such requirement? Or have any approach in the mind?
Do you have any video that just configuring Docker for any Java project, i appreciate that if you have one.
Thanks for this vidéo, i have a question, for example, I have a post table which contains createdby, when creating a new post how can I set createdby by the logged in user as default? thank you for your help
thank you
Thanks! You're so welcome - hope it helped.
Hey great tutorial!
One tip: Please close the project windows in the left side or zoom out a bit, because it's hard to code along especially when you jump around and the code goes off the screen.
Thanks a lot for the tip. Yeah, finding a good editor to use for recording has been a challenge for me. I'm starting to think the editor I'll need to use for recording is the one I don't find that good to actually develop in. Appreciate it!
Thank you sir ffor the tuto
thanks so much! I just pray that it helped!
Some thoughts:
It was quite hard to understand the details of what you were doing . The overall picture was quite clear though. I realize this video is aimed at developers that have previous Spring Security knowledge, but even then I think a 2-3 minute summary of what you implemented would have been nice at the end.
Regarding the third party libraries for JWT you used, how come something like that isn't built in or available as a dependency by the Spring team? Also, are there alternatives you can use or are these the go-to for working with JWTs?
Not sure if this will be done in upcoming videos, but what are some next step(s) one could take to make this app more production ready?
I'd definitely prefer React over Angular!
Thanks for the video, good content! :)
REALLY appreciate the feedback - yeah, some of this stuff gets into the weeds in terms of generating a token value and working with the nuances of Spring Security (things like needing to implement UserDetails, Role authorization, etc). It was a tough subject to try and present. Looks like it still needs some work.
I really appreciate the input. There are a few alternatives for JWT libraries, but these are the more common ones that I came across during research and the community. Great points though. The Spring Security team have made efforts in 6 to reduce the amount of your own code needed, but last time I looked it also wasn't so easy to try and present *thinking*
Noted for "React" :)
Оставил комментарий. Спасибо!
Hi,
Thanks for that nice video. It really helps to me. I want to create my own exception handling class for invalid JWT. I just want to return something like that:
{
"status" : "error",
"message" : "Invalid JWT"
}
with 401 Unauthorized status code instead of that:
{
"timestamp": "2023-08-20T11:37:29.192+00:00",
"status": 401,
"error": "Unauthorized",
"message": "Full authentication is required to access this resource",
"path": "myPath"
}
How can I handle this exception? A video or comment showing implementation for that would be great! I am really stuckj in this problem and I didn't find the right way.
any idea on this error: spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
adding 'spring.jpa.open-in-view=false' in properties didnt solve this :(
weeeeeird - because it should! I'll try to reproduce that. What version of spring boot are you running? (just in case)
In my client side there is interceptor to the request so it checks of the token is expired I want to implement that in springboot that Ill response either unathorized or just expired token then if expired token Ill go /refresh-token and my problem is where do I input that if token is expired in springboot
Once you logged in the user, you generate the access token and the refresh token (it is just a token with exp time bigger than acces token time). If a client detects that the token is expired you will try to get another token based on current refreshtoken
You can have this endpoint
/refresh-token recieving the token in the Header Authorization, this endpoint is going to return another valid accessToken and optionally a new refreshToken.
Hi i am getting Authorization header null error at time of sign in . But we have to generate the token at a time of sign in.
interesting - I'll build a fresh version of this codebase and see if I can reproduce that.
so everything is fine but how can handle spring security exceptions in globally? for example JwtExpiredException, AuthenticationException and so on and how we can pass properly custom message to the client???
Yeah there's a way to throw and catch your own exceptions based on the JWT context that's being attempted. I just didn't show it in this video. Would be worth a follow up video to cover this at some point. Thanks for the feedback!
Great tutorial, much appreciated. Would u please put a complete video where there is the spring boot security jwt and refresh tokens and a React frontend with protected routes where if a user registers and logs in there will only see what they are authorized to e.g ADMIN users and ORDINARY users. It will be a bit long but it will be worth it.
thanks for the feedback - and yes, I think you're right - that would be an excellent video to put together. Would definitely feel "complete".
Thanks, can't wait for this. I have noticed that if you separate the UserDetails from the User Entity the model will appear cleaner, if you could do that the better it will be@@wazoowebbytes
great suggestion! that does sound like an improvement!
Great video! I have one question. How do I secure certain endpoints to specific users? For instance i want @GetMapping api/orders/{customerId} to only be available to customer with customerId?
do you can combine springboot security jwt with reactjs, thanks sir
good feedback, thanks!
i have a problem in signin request 403
Forbidden i did user the code in github
sorry to hear it! Maybe triple check the security config to make sure the request path of the signin is being allowed?
hey great content, why are we are throwing up the jwt token after signup? if we are using the token provided by login, or what am i missing here?
you're not missing anything my friend. Yes, the signup process also returns a valid JWT token. I left it in there, but chose to go through the typical app path of signing up, then logging in to acquire that JWT token for use. Hope that made sense -- thanks for the feedback, I appreciate it!
please make a video on how to implement refresh token
already working on it - been waiting on the newly released spring boot 3.2.0. Thanks a lot for leaving feedback!!
the ONLY tutorial on youtube that actually f WORKS from start to end. the ONLY ONE. i ve waisted hours and hours on other tutorial on spring security and jwt tokens, none of them works.
thank you so much! I'm really happy to hear that this helped you out!! Hope it helps you with your killer project!
did you add git ? if you added please send me your git link?
hi - yes I did - it's in the description of the video!
i dont understand why i get `Variable 'jwtAuthenticationFilter' might not have been initialized` around my private final variables. is the same code you provided, why is it only happening to me?
I can only reproduce this if I remove the "@RequiredArgsConstructor" annotation for the class itself. Maybe try adding that (if it's not there)?
@@wazoowebbytes thanks for replyin', but i found the problem. i didnt have the lombok plugin installed in my intellJ. thanks again for the series!
check plugins
I followed your instructions very detailed. I'm happy but I'm getting the last error when checking the database for the admin user. This is my error log:
org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL "create table users (id bigint not null auto_increment, created_at datetime(6), email varchar(255), first_name varchar(255), last_name varchar(255), password varchar(255), role enum ('ROLE_ADMIN','ROLE_USER'), updated_at datetime(6), primary key (id)) engine=InnoDB" via JDBC [No database selected]
I am using a Macbook pro M1 laptop, I don't know if there is any difference if you use a windows computer? Can you help me explain why I followed it but I didn't get the same end result as you?
I intentionally downloaded your source code and then tried it but I still got that error.
that's very strange. I'll look into it! So help me...is this error happening when you're trying to look at the database with a GUI tool, or is this happening on startup of the spring boot server?
@@wazoowebbytes Thank you for responding to me. This happening is on startup of the spring boot server. I can't text you directly to ask because of this error. I'm new to learning Spring boot and I'm following your instructions to try to do fullstack ReactJs and Java Spring Boot. I tried to search how to fix the error on stackoverflow and asked for support from chatGPT but I still can't solve it. I'm also new to using Docker :(
Did you commit the whole code on github
I did! There's some bits missing that I should come back to, as well as looking at some of the new ways of handling JWT in Spring 6
All of these methods are deprecated :( any adivce?
Yeah - I'm working on an update to this video!
Amazing tutorial. Thank you very much.. I'm getting the errror "o.s.s.c.bcrypt.BCryptPasswordEncoder : Empty encoded password" and a 403 when i try to signin with postman.. It looks like a password has been generated when i check phpmyadmin so i can't wrap my head around it...
nvm, i'm retarded.
what was the issue? (Just in case I need to change how I explain this in the future)
@@wazoowebbytes When I added userdetails to my user class i auto implemented the methods, one of which was a getPassword that returned null ^^
@@vikelous ahh ok - good that you found it though! good debugging work!
Hey, very good guide! I have one problem tho: in my JwtService I cant read token.secret.key and token.expirationms from .properties. My IDE can't resolve these symbols, not sure what may cause this issue as I was following guide pretty closely. I know you won't be able to debug it without seeing my code but maybe there is something that you didn't mention in the guide or maybe I might have missed.
might be an IDE thing? I noticed in VS Code that if you hover over those keys in the application.properties, then it will want to generate some information that it will stick in a META-INF folder (which is fine). I'm not sure why those keys wouldn't be read in though. Forgive me for asking, but you've verified that the key name you're defining in the JwtService matches the key name in the app.properties? (Sorry, I have to ask)
maybe also try renaming them something shorter. like just "apple" and "banana" in application.properties and match that in the JwtService then verify it's being read in with a log message?
@@wazoowebbytes I figured it out. When I was importing @Value I used alt + enter and my IDE imported different Value import. Such a stupid mistake. When I spent too much time working on something, I tend to tunnel vision. Anyway, thank you for trying to help me, much appreciated!
oh awesome! happy you spotted it and fixed things up. Yeah I hit issues like that ALL the time!
@wazoowebbytes The content you are creating is pure gold!!! Please don't get discouraged by the amount of views you get, because you deserve a lot more! Remember me when you get famous because I'm sure you will
heh thanks a lot! I appreciate the feedback and the support!
thank you
thanks for leaving a comment - I appreciate it!