Part 2 - JWT Authentication with Spring Security: th-cam.com/video/HYBRBkYtpeo/w-d-xo.html More in-depth Spring Boot courses on the playlist: th-cam.com/play/PLhs1urmduZ2-W9wfEktEnSYJWrdoLUdOk.html
I struggled for 2 weeks on how to use db users for authentication using spring security until I found your video. Kudos to you. The world needs a lot of people like you.
To all who are searching for building a login system using spring security, this is best one I have found. Perfect in all sense. THanks bro. Please do build more videos. You are doing a great job.
I have been watching spring security videos for many days, they delivered lecture over 1-2 hours, but your lecture is so clear and easy to understand over this difficult topic, thank you so much sir, for your contribution.
Thank you for the video, it is really good as Spring Security in action:) I would appreciate the same video for other relativaly difficult topics for beginners. Subscribed.
this is good way of teaching with such relaxed explanation . A billion thanks to the tutor i have been using old version of spring security i got confused to align with these new changes. kindly do more videos on spingboot and microservices. as continuation for this can you make a video on jwt and oauth2
Thank you very much. But in my case I faced the problem of incorrect redirection after click 'Log in ' button'(nothing happened). I solved it by replacing th:action in custom_login.html to . I use 3.2.5 version of springboot.
Thank you for great video and very good explanation! Can I may one questions? Why we have two instances/beans (lines 32, 69) of one classes MyUserDetailService ?
Great video , so simple to understand, thank you! Greetings from Argentina! PD: There is an extension to see colored console messages? Mine it's plain white, thanks!
This was a great help, i was trying to make a register page and it worked; tho i'm having some difficulty trying to give MyUser more attributes, everytime i give them a birth date or an email i can't register them anymore on the DB. I think it has something to do with the UserDetails but don't know how to proceed.
Hi Guru, can you please give me an instruction on what to add to the codes you created to pass username to the pages that would be accessed by the login user, this would be needed to record created by and modified by . thank you so much again.
Hi, It's a great video. I am facing a slight problem. My Authentication Success Handler part is not working properly. I have checked the codes but there isn't problem. Is there anything I can do solve this ?
Thank you so much for the tutorial, I was able to verify credentials from Db, This is the very first time I was able to do it. But one thing, error pages are being shown--- like 403 or 404.htmls, what could be the reason? I am seeing only the default pages provided by Spring.
Thanks! I believe you want to get all the users and their IDs. This can be done by creating a new GET endpoint. For example, at 31:38, you can - Create a new GetMapping("/register/get-registered-users") function. - Use myUserRepository.findAll() to get all the registered users. - Take the username and their ID and return it as the endpoint response.
@@GenuineCoder Ahh that's what I thought matching the username in the db. Is there no other way of doing this in a controller? Using Principal or something along those lines?
@@lorenzo. I understand your question better now. You want to find the current already logged-in user while accessing an endpoint, right? There are multiple ways to do this. For example, on every endpoint function, you can inject a Principal object and get the username from it. @GetMapping(value = "/user/get-logged-in-user") public String getUsername(Principal principal) { return principal.getName(); } Here's a tutorial for this www.baeldung.com/get-user-in-spring-security
Thank you for this video. Quick question though.. When I follow your tutorial for "Redirect to a specific page after successful login" I notice that I have to enter the credentials twice before i get directed to the target page. The first time goes back to the login page itself after a successful authentication
This is an excellent video, and it was a very good revision for me as I have not used this for a while. I have two questions if I may please: 1) when using Spring Boot as a Rest API, when I am only returning JSON, and i have a seperate front-end, I was having issues with filters, and I had to implement my own authentication end point in a controller, is this normal ? How to use filters with REST API? 2) Is it possible to use HandlerInterceptor instead of filters ? OMG, at 47:38, look at the names of those classes, no wonder so many people are turned off by Java code, I love Java, but these names are awful
1. Using filters to do manual authentication (using credentials as request parameters OR request headers) is possible. But, it is not recommended. Because, login session management (allowing subsequent requests after login) becomes hard. Also, this is not safe as per industry standards. Better will be to do it via username-password authentication using Spring security or use OAuth and JWT tokens. 2). You can use HandlerInterceptor for this requirement. The difference is, filters work at the servlet level and HandlerInterceptor work at the Spring MVC level. So, HandleInterceptor can handle spring context as well. Here is a good comparison stackoverflow.com/a/71227949/4889711
Hi Sir, I am getting "please sign in" error when i do user registration using postman and as csrf is also disabled. Please suggest any other changes i need to do with spring security 6
I believe they come with the IntelliJ Ultimate edition. You can try IntelliJ Ultimate trial for free to checkout the latest spring and spring boot features.
I prefer Gradle over Maven due to its more readable syntax, whereas Maven's XML configuration can be overwhelming. What specific challenge or problem are you experiencing with Jakarta EE, and is it related to upgrading from Spring Boot 2.X to 3.X?
I see that you almost used @Autowired everywhere. Is it according to the best practices or it really doesn't matter and Spring can handle it easily whatever way we inject the dependency?
Yes, it is totally fine to use decency injection as much as you need. I have worked on production applications that had thousands of such dependencies (beans) injected across the code. Spring is pretty good at handling it.
By default, all beans have a singleton scope and are shared across the whole app. So no matter how many times you inject/use it, only one object will be created in the memory. There is a prototype scope to have multiple instances injected as well. Regardless of which bean scope you use, the decency injection will be efficiently managed by the spring framework. www.geeksforgeeks.org/singleton-and-prototype-bean-scopes-in-java-spring/
@@GenuineCoder I hope you were understand what I meant from the @Autowired. That is basically to refer the field injection instead of the constructor injection. So as a beginner I saw debates on it and many experienced devs suggest to use the constructor injection over the field injection.
@@la-dev I understand the question clearly now. What you have read is correct. The @Autowired field injection is not recommended. Constructor injection is indeed the right way to do it. The Intellij IDE gives a warning (if you have the ultimate edition) when field injection is used. I have explained this on the chapter 4.3 in the spring boot dedicated tutorial th-cam.com/video/fm4RtXFiP7Y/w-d-xo.html&si=2CDzp4GnPRRlDM0Y. I haven't explained it explicitly in other tutorials like this since it's not fully relevant here.
This is a special feature. Without any java side configuration, you can customize the error pages for specific error codes directly from resources. "You can also customize the error pages by adding files with names like error.html, 404.html, etc., in the src/main/resources/public/error directory. The file name should match the HTTP status code you want to handle."
Where is the logic? You showed how to register a user in the database via the rest api, but did not show how to then log in to the server via the rest api by entering the username and password Postman. Because of this, a fairly good tutorial became a waste of time.
Thanks for very helpful article. I research and practice for many article then realize it’s security spring 2. Thanks for ur security spring 3 one more time. Now i can move on another section 🎉 u explain very detail, hope i can see u in another video
You can use an "AuthenticationFailureHandler" to handle the invalid credentials. Using this, it is possible to provide customized error messages or even redirect the user to specific error pages. Reference: www.codejava.net/frameworks/spring-boot/spring-security-authentication-failure-handler-examples
Part 2 - JWT Authentication with Spring Security: th-cam.com/video/HYBRBkYtpeo/w-d-xo.html
More in-depth Spring Boot courses on the playlist: th-cam.com/play/PLhs1urmduZ2-W9wfEktEnSYJWrdoLUdOk.html
40:30 To Rename any file from the Intellij Idea, Right Click -> Refactor -> Rename 😊😊😊
@GenuineCoder ❤❤❤
I struggled for 2 weeks on how to use db users for authentication using spring security until I found your video. Kudos to you. The world needs a lot of people like you.
To all who are searching for building a login system using spring security, this is best one I have found. Perfect in all sense. THanks bro. Please do build more videos. You are doing a great job.
Hey Bro.
Have you implemented the code . When i login the page i got bad credentials.
Either your username or password might be wrong
Best updated and clear to the point on TH-cam. I watched at 2x and finally was at normal speed.
Excellent course. Thank you so much sir!
I'm from Egypt, I want to say for you thanks for this video, actually I understand everything about spring security.
extremly good tutorial. Top 👍🏻
This is the best tutorial on Spring auth in TH-cam so far. Thank you very much. I mean its the best. I had to subscribe for more
I have been watching spring security videos for many days, they delivered lecture over 1-2 hours, but your lecture is so clear and easy to understand over this difficult topic, thank you so much sir, for your contribution.
I love it :)
The way how he explained about security is much much better than any other instructor.
Thank you
Excellent explanation
i was try lot of attempt to learn this concept but i con not learned.thanky to your video.🙂
perfect video i am searching for , i really enjoyed it keep uploading like....
Malayali bro :) . I love your slang .❤. from TN
The best tutorial about Spring I've ever seen, thanks
Thank you for the video, it is really good as Spring Security in action:)
I would appreciate the same video for other relativaly difficult topics for beginners. Subscribed.
Great content Sir plz dont stop making such videos Too good thank you !!
very comprehensive, easy to understand tutorial. Thank you very much
Extremely interesting tutorial. The comparison between hashing methods was also very helpful. Thank you for sharing this content.
You are truly a genuine coder, the video is so precise, i highly recommend this tutorial.
Great content explained with good pace, it gives time frame to understand new learner. Great Job!!
Perfect people not exists !
Mr.GC : Are you sure ?
thank you sir for this content !!
Fantastic video, thank you so much!
love u sir its very helpfull and explaination is very simple
Sir please bring more Spring Boot tutorials and its important topics
Great Content, thanks for your videos
Woa, this tutorial is very good. I really recommend this
Thanks very much 🙂🙂
Very nice tutorial, thank you for this.
NICE VIDEO PERFECT, THANKS FROM COLOMBIA
Bravo !!! full explantion
Thank you. very clear I highly recommend this tutorial
Nice explanation bro , Can you please teach us with OKTA ? as well
this is good way of teaching with such relaxed explanation . A billion thanks to the tutor i have been using old version of spring security i got confused to align with these new changes.
kindly do more videos on spingboot and microservices.
as continuation for this can you make a video on jwt and oauth2
Thanks.
A new tutorial for microservices with real-world video streaming project is now available
th-cam.com/video/MrSECdSIaOg/w-d-xo.html
good one , great video
perfect tutorial, I enjoyed watching.
best ive ever seen. thank you so much.
Good explanation. Thanks
you are a genuine coder fr)
Thank you very much, it is really helpful
Adipoli video❤
Thank you very much.
But in my case I faced the problem of incorrect redirection after click 'Log in ' button'(nothing happened). I solved it by replacing th:action in custom_login.html to . I use 3.2.5 version of springboot.
amazing video. Thank you!
Thank you very much sir👏
Thank you for the good video. Can you also make a video to enhance your project to add the csrf protection for the system?
Great stuff!
Thank you sir
Thank you for great video and very good explanation!
Can I may one questions? Why we have two instances/beans (lines 32, 69) of one classes MyUserDetailService ?
Best !
Thanks so muckh sir
Great video , so simple to understand, thank you! Greetings from Argentina!
PD: There is an extension to see colored console messages? Mine it's plain white, thanks!
this is called Best
thanks
Thanku sir..!!
Nice work
This was a great help, i was trying to make a register page and it worked; tho i'm having some difficulty trying to give MyUser more attributes, everytime i give them a birth date or an email i can't register them anymore on the DB. I think it has something to do with the UserDetails but don't know how to proceed.
What's the error you are getting? Any error messages?
Hi Guru, can you please give me an instruction on what to add to the codes you created to pass username to the pages that would be accessed by the login user, this would be needed to record created by and modified by . thank you so much again.
Thank you!
very good content...
perfect👌🏽
Hi, It's a great video. I am facing a slight problem. My Authentication Success Handler part is not working properly. I have checked the codes but there isn't problem. Is there anything I can do solve this ?
Thank you so much for the tutorial, I was able to verify credentials from Db, This is the very first time I was able to do it. But one thing, error pages are being shown--- like 403 or 404.htmls, what could be the reason? I am seeing only the default pages provided by Spring.
it’s perfect 😅
What's the difference with using OAuth2, and when do we have to use each of them?
why .csrf(AbstractHttpConfigurer::disable) still not work with me? :<
I have done all step on video
Great tutorial! Clear, chill and great overall tutorial! But I just had a question, how would I go about retrieving the user id?
Thanks!
I believe you want to get all the users and their IDs. This can be done by creating a new GET endpoint.
For example, at 31:38, you can
- Create a new GetMapping("/register/get-registered-users") function.
- Use myUserRepository.findAll() to get all the registered users.
- Take the username and their ID and return it as the endpoint response.
@@GenuineCoder Ahh that's what I thought matching the username in the db. Is there no other way of doing this in a controller? Using Principal or something along those lines?
@@lorenzo. I understand your question better now. You want to find the current already logged-in user while accessing an endpoint, right?
There are multiple ways to do this. For example, on every endpoint function, you can inject a Principal object and get the username from it.
@GetMapping(value = "/user/get-logged-in-user")
public String getUsername(Principal principal) {
return principal.getName();
}
Here's a tutorial for this www.baeldung.com/get-user-in-spring-security
Thank you for this video. Quick question though.. When I follow your tutorial for "Redirect to a specific page after successful login" I notice that I have to enter the credentials twice before i get directed to the target page. The first time goes back to the login page itself after a successful authentication
why does my setDefaultTargetUrl() not work well? i dont get redirected
Hi Sir, Thanks for the video, how can you get the username to the landing page after sucessful login? Thanks.
This is an excellent video, and it was a very good revision for me as I have not used this for a while.
I have two questions if I may please:
1) when using Spring Boot as a Rest API, when I am only returning JSON, and i have a seperate front-end, I was having issues with filters, and I had to implement my own authentication end point in a controller, is this normal ? How to use filters with REST API?
2) Is it possible to use HandlerInterceptor instead of filters ?
OMG, at 47:38, look at the names of those classes, no wonder so many people are turned off by Java code, I love Java, but these names are awful
1. Using filters to do manual authentication (using credentials as request parameters OR request headers) is possible. But, it is not recommended. Because, login session management (allowing subsequent requests after login) becomes hard. Also, this is not safe as per industry standards. Better will be to do it via username-password authentication using Spring security or use OAuth and JWT tokens.
2). You can use HandlerInterceptor for this requirement. The difference is, filters work at the servlet level and HandlerInterceptor work at the Spring MVC level. So, HandleInterceptor can handle spring context as well. Here is a good comparison stackoverflow.com/a/71227949/4889711
Thank you very much@@GenuineCoder
Good day sir, what dependencies did you use to?
you have like, thanks
TimeStamp 12.19 Sir, UserdetailsService bean showing error asking to add return statement
Hi Sir, I am getting "please sign in" error when i do user registration using postman and as csrf is also disabled. Please suggest any other changes i need to do with spring security 6
I LOVE YOU
after checking all spring boot website and all of these tutorials with deprecated calsses this video just showed up
timestamp 11.30. Sir, username, password, role all these details are available in the data table. How can we hardcode these details?
bro. Your accent looks very similar to mine.
great
Hi! Thank you very, very much. How to get such cool world web icons for @RestController methods? :)
I believe they come with the IntelliJ Ultimate edition. You can try IntelliJ Ultimate trial for free to checkout the latest spring and spring boot features.
Hi sir I am getting Access to local host was denied error
Do you know how can it be resolved!??
Hi, Are you not able to access localhost on browser? If so, double check your spring boot server port.
cool man
What about for the maven 😢 i have a hard time fixing the dependency since it uses javas and springboot 3 is using jakartae
I prefer Gradle over Maven due to its more readable syntax, whereas Maven's XML configuration can be overwhelming.
What specific challenge or problem are you experiencing with Jakarta EE, and is it related to upgrading from Spring Boot 2.X to 3.X?
Please put the actual code of the project into any repo as well
Thanks for the suggestion. Here is the repo link github.com/afsalashyana/Spring-Boot-Tutorials/tree/master/LearnSpringSecurity
I see that you almost used @Autowired everywhere. Is it according to the best practices or it really doesn't matter and Spring can handle it easily whatever way we inject the dependency?
Yes, it is totally fine to use decency injection as much as you need. I have worked on production applications that had thousands of such dependencies (beans) injected across the code. Spring is pretty good at handling it.
By default, all beans have a singleton scope and are shared across the whole app. So no matter how many times you inject/use it, only one object will be created in the memory.
There is a prototype scope to have multiple instances injected as well.
Regardless of which bean scope you use, the decency injection will be efficiently managed by the spring framework.
www.geeksforgeeks.org/singleton-and-prototype-bean-scopes-in-java-spring/
@@GenuineCoder I hope you were understand what I meant from the @Autowired. That is basically to refer the field injection instead of the constructor injection. So as a beginner I saw debates on it and many experienced devs suggest to use the constructor injection over the field injection.
@@la-dev I understand the question clearly now. What you have read is correct. The @Autowired field injection is not recommended. Constructor injection is indeed the right way to do it. The Intellij IDE gives a warning (if you have the ultimate edition) when field injection is used.
I have explained this on the chapter 4.3 in the spring boot dedicated tutorial th-cam.com/video/fm4RtXFiP7Y/w-d-xo.html&si=2CDzp4GnPRRlDM0Y. I haven't explained it explicitly in other tutorials like this since it's not fully relevant here.
@@GenuineCoder Thank you so much for the reference and clarity.
i have a question how 403 and 404 error page appears without mapping it or without adding GlobalErrorHandler ?
This is a special feature. Without any java side configuration, you can customize the error pages for specific error codes directly from resources.
"You can also customize the error pages by adding files with names like error.html, 404.html, etc., in the src/main/resources/public/error directory. The file name should match the HTTP status code you want to handle."
God
can we use Roles as enum it look simple
ENUM is a great idea! Handling role as an enum is definitely possible, and I think is better.
is this doable with mongodb database or it necessites a rational database?
It is doable in any database, including MongoDB. For MongoDB, instead of using Spring Data JPA, Spring Data MongoDB should be used.
Where is the logic? You showed how to register a user in the database via the rest api, but did not show how to then log in to the server via the rest api by entering the username and password Postman. Because of this, a fairly good tutorial became a waste of time.
Thanks for very helpful article. I research and practice for many article then realize it’s security spring 2. Thanks for ur security spring 3 one more time. Now i can move on another section 🎉 u explain very detail, hope i can see u in another video
How to handle the situation of invalid credentials?
You can use an "AuthenticationFailureHandler" to handle the invalid credentials. Using this, it is possible to provide customized error messages or even redirect the user to specific error pages.
Reference: www.codejava.net/frameworks/spring-boot/spring-security-authentication-failure-handler-examples
@@GenuineCoder thank you brother 🙏
bro from kerala
അതെ.
@@GenuineCoder basically iam from A.P I find you from Kerala by your slang
May i know which laptop are you using
@@subhbirajdar I am using a desktop, not laptop.
Ryzen 3700X
32GB Ram
Gigabyte X570 motherboard
NVidia RTX 3060Ti
Samsung 990 PRO SSD
@@GenuineCoder please suggest me good laptop under 90k
I want to use for java full stack development
he is malayali (from tamilanadu)
Yes, Malayali from Kerala
Excellent explanation
Thank you for this amazing content!
the great tutorial !