Spring Boot 3.0 + Spring Security 6 | JWT Authentication & Authorization | JavaTechie
ฝัง
- เผยแพร่เมื่อ 6 ก.พ. 2025
- In this video, you'll learn how to implement JWT authentication and authorization in a Spring Boot 3.0 application using Spring Security 6
You'll see how easy it is to secure your application and protect your endpoints using JSON Web Tokens Step by Step guides
#JWT #SpringBoot #SpringSecurity #JavaTechie
Spring boot microservice Live course Just started (Recordings available)
Hurry-up & Register today itself!
COURSE LINK : javatechie5246...
PROMO CODE : Java40
Spring boot 3.0 security :
• Spring Boot 3.0 Securi...
Encryption Key Generator :
www.allkeysgen...
GitHub:
github.com/Jav...
Blogs:
/ javatechie
Facebook:
/ javatechie
guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community ,
you are free to use source code from above mentioned GitHub account
![Spring Boot 3.0 Security | Authentication and Authorization | [New Changes] | javaTechie](http://i.ytimg.com/vi/R76S0tfv36w/mqdefault.jpg)
Спасибо!
Bro i don't know who are you.. you are God's gift. I am search for a job.. once I got it..I will give super thanks to you
Thanks buddy 😊 . Keep learning
Did you got job ?
@dipakkale2723 yes..already enrolled in his courses..
Did you get the job.
He is Basant Hota
haven't found anything simpler on JWT Authentication & Authorization than this video! Kudos. You're so so important for the community! Keep making such videos please.
What a man you are ? It's not only tutorial for security .It's the night mare for me to achieve security in spring application.Hats off keep the learning spell always on.Thanks a lot!🌟
Thank you so much Gokul . Glad to hear that 😊 . Keep learning
".It's the night mare for me to achieve security in spring application." ,, ...... really ?
@Supriya are you facing any issue?
One thing I can say..........the best channel I have ever seen....thank u so much sir
🎯 Key Takeaways for quick navigation:
00:00 📹 This video tutorial covers implementing a refresh token mechanism in a Spring Boot application with JSON Web Tokens (JWT).
03:18 🛡️ Refresh tokens enhance the security of JWT authentication by allowing users to obtain new access tokens without re-entering credentials.
05:45 💼 The tutorial demonstrates how to configure and use Spring Security 6 for managing JWT-based authentication and authorization in a Spring Boot project.
08:20 🤖 You'll learn about the importance of token expiration times, token stores, and token revocation for effective JWT authentication.
12:10 🔐 Implementing a refresh token mechanism is crucial for maintaining secure and seamless user sessions in Spring Boot applications.
Made with HARPA AI
Hats off to you sir You literally made Spring Security Easy. I've gone through many lengthy videos but nothing worked your spring security videos made me learn within 2hrs including jwt and basic auth.
Basanth,
All your courses are simple, straight forward, easy to understand for all levels. Kudos to your efforts.💯
I never thought i would be able to understand JWT until i found this video. you really Blessing to us
I have been binge watching many videos on JWT authentication and luckily found this video, you are simply amazing with the way of delivering things sir, thanks a lot and more power to you to roll out such amazing videos in the future
Thank you so much Karthik for appreciating it . I am glad to hear that people are getting benefitted with my content
Crystal clear explanation and implementation. No need to watch any other video after this.
Thank you.
Thanks buddy keep learning 👍
Thanks for the video. I did learn a lot from it.
A few points: 1. the authentication manager is not recommended although it works, you should come up with your own authentication manager. 2. there is a new nimbus package in the latest Spring security which should be used for encoder and decoder. 3. that filter is not necessary as I understand. You simply provide the encoder and decoder, spring security will automatically take care of the security check for all the configured paths.
Thank you for your suggestion buddy. I will definitely take a look into these changes
you mean bcryptpasswordencoder?
Your communication is OK kind. But your content, efforts, presentation are really awesome. Keep up your good work sir
Sir, thank a lot for your contribution. I have searched so many methods to implement JWT on my project running on Spring 3.1.5 but couldn't find a proper solution. We need more videos on new releases like this. Thanks a lot!!!🤩
Simply amazing Sir. I was struggling for authorization configuration in springboot 3.2.0. You have covered it well.
Sir G- i believe you are saving the life of more than 95% programmer who is getting through your sessions. Because i am damm sure, eventually the search for a good content could have end up to one and only your session.. Thanks Man..
Thank you so much sonu for your word. Keep learning that's what my gift 🎁 buddy
Great tutorial those who are moving spring security 6. Awesome! job.
Starting to learn Spring Boot security now, Thanks for your effort as always.
incredible! didn't expect to find usage ready solution here, but you nailed it. thanks!
I appreciate the detailed description of this video. Thanks for sharing.
Wanted to add one point: if we are generating token only when user register or login then in validation process, we can skip fetching user details from db because if the token is modified then it will be invalid token when we match it using our secret. So, If the token is valid then we can save it to our security context always.This is my understanding. Please add to it if something is incorrect or I am missing something.
this happens the first time for me, i just needed a walkthrough in spring3 + jwt and spring security. and well, you provided it 22 minutes ago. +sub
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running.
Today an interviewer asked this question to me and I was clueless about it. Pls help.
@@kshitijbansal3672 holy ffffu. it's more like:
- how many hours did you mess with spring framework, tinkering here and there?
- yes
@@kiryls1207 if you know the solution, you can, don't ask unnecessary questions
@@kshitijbansal3672 i saw guides and tutorials about spring concurrency and threading. i don't know the solution, i just started with spring
In that scenario you need to configure your scheduler related properties in only one instance
For example let's say you have instance 1 ,2 and 3
You want to run your scheduler only in instance 1 in that case create all properties of scheduler like cron expression, time zone etc only in instance 1 configuration
When i say instance 1 configuration i mean just find a place where you can load required properties
Really Your Tech Gem .. Hands of your clear explanation .. LOVE IT :)
Yr explanation is just amazing👍👍
thanks, great video. I have followed lots of youtube videos only this code working properly. thanks again.
No words Mind Blowing session
Sir, plz provide flow diagrams of each classes before you code. And also include entire flow with all classes as summary at the end and if possible at very begining. You know the flow, so you find it super easy naming classes, but its tough for any beginners as classes names are big and similar. My hostel juniors gave me this feedback when I shared them ur lecture.
Thanks Raj for your suggestion. Noted this and will work on it
Nevertheless, it's a big-time first-class tutorial regardless.
Yes. This is the only thing this tutorial is missing.
Watching your complete series because of the migration project, Thanks a lot again
Really helped me for my internship
Thankyou so much for this
I have got a task to build jwt auth
This will be very helpful for me
Nice explanation.......❤
Another nice explanation video ❤
Just amazing as always. May God bless you.
I have learned everything I needed to learn, thanks a lot man
Thanks basant for the detailed video about jwt
Oh wow , thank you so much sir .. i was thinking to request you for this spring security jwt and just found it now . Great ,will cover this in this weekend,thank you 😊
Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running.
Today an interviewer asked this question to me and I was clueless about it. Pls help.
as per my understanding we should not hit db again for jwt token validation and we should recreate token with given header and payload and compare it with resent token, however i understand we can not verify roles with that, so there is some gap in this and i am not sure yet how that will be done.
We do validate roles with annotation @PreAuthorize
JWT (JSON Web Tokens) are designed to be self-contained, containing all the necessary information within the token itself. Once a user is authenticated and a JWT is issued, the server can verify the token's integrity and extract relevant information without needing to contact the user database for every request. I see in our example we fetched data from user details db again which may not be right way to use jwt as the purpose of using jwt is to avoid hitting db/cache for every login request, please clarify@@Javatechie
@@JavatechieYes, I too didn't understood couple of things-
1. Y u r generating token through a rest end point via @requestBody param? I think It sud b generated via filter u created. If(extractedToken= null) then create json token and should be set in context..or?
2. In ur filter, u r using userDetailService.loadUserByUserName(username) ..this username is same u extracted from ur token? Then, obviously both will be validated? Instead u should match user from token with the logged on user?
bro just nailed it
Amazing video with covering all the aspect of JWT in latest version of spring boot.
Thank you for the in detailed walkthrough.
Please make one video on internals of spring boot security internals with new classes in involved latest version
Glad it was helpful! Yes it's in my queue soon i will do that
This is very right way explain.
Thanks for choosing this topic. And make a Oauth 2 verification video in spring boot 3
Amazing video, you made so easy, understood every part
Thanks , your tutorial clips are the best.
Thank you buddy 😊
Great explanation sir thanks lot
Excellent! Love it
Thank you very much ❤
Really helpful thanks.
Worth watching your videos
amazing tutorial!
Nicely covered both authentication and authorization.
Nice tutorial sir
Your explanation is really good, thanks for making tutorial
Well explained 🙂
Love the popping sounds
Thank you sir for this video. It is really very helpful.
Present when needed. Thank you!
Nice ...keep posting some complex spring boot projects...
thank you man, that was very helpful
Perfect Example for Spring Securrity !
Sir can you please guide how @PostMapping("/authenticate") end point is working internally? How it reading user from DataBase! although we are not using any repository in this end point. How AuthenticationMangar finds the correct user name from database?
It will be dead easy to understand if you can debug then nothing complex buddy.
I would strongly suggest you to refer to the video below to understand the internal flow
th-cam.com/video/1ERV-6cz2xk/w-d-xo.html
@@Javatechiewow luckely I was already wathcing it ! Thank you so much for your respone ! Thank you again for making things very simpliers
Thank you sir, more videos , I'm beginner :)
Excellent video. I also wanted to know how to implement logout. Can you show a sample with the same example?
Thanks Buddy, can you make a video integrating jwt on api gateway
Please check this th-cam.com/video/qODoDq5_hAM/w-d-xo.html
Thank you for this, is there a chance of you making a full stack tutorial with Java and React in future. It will be really helpful.
Yes I will
Thats a great stuff as always :) . .. One request to you ..can you create one video on Spring Security OAuth Authorization Server using spring boot 3.0 .. Thanks again.. keep up good work :)
Okay sure noted
i from vietnam, thanks your video
Thanks , love it
Hats Off sir!
Greate explanation sir! as always 🙏🙏.
❤Great demo
very nice explanation
Best Tutorial ever bro thank you somuch
such great tutorial, explained in simple way, help be crash course through it and build a new micro service implementing spring JWT authentication, thank you so much
Thanks buddy, What are you looking for here it is th-cam.com/video/MWvnmyLRUik/w-d-xo.html
Very good content. Thank you very much!
Great video, thanks for all the explanation!
Hi Basant,
It’s a nice content but my question is in our project how do we generate secret key and where do we store and how to access it.Plz let me know.Thanks
Usually your application must be integrated with the UI right? So from the UI when the user login for the first time the backend will generate the token and send it back to the ui then going forward ui will attach that token to the session or cookies
@@Javatechie yeah that’s ohk but query is how do we generate secret key not token and where do we store and how to access it.I am not asking about the jwt token .Plz let me know.Thanks
Can you please do this using Reactive approach, it will help us.
Love you bro ! Thanks alottttt
Hi, your videos are very helpful and I have a request that f possible will you please make a tutorial on FusionAuth with spring boot
I am not aware that FusionAuth will check and update shortly
Highly appreciated
Awesome 😍
great!!!
Amazing. Thank you so much
Hello Sir, Kudos to your effort of explaining the concepts so effortlessly !! I implemented the same using Spring Security 6.2.3, however, I am getting HTTP403 error for every request that I am trying to hit from postman (for both users). I am trying to identify what is getting messed up...Any thoughts (by any chance) on this weird behavior ?
you passed claims map empty (During token generation), what is the use of that i did n't get that point? can you please elaborate that little more.
Awesome ❤
Thank you so much master, te amo
Thank you
how can ADMIN and USER access same endpoint?
Thank you so much sir.
Hi , I have a small request. Might be funny for some. Can you please create a small video on roadmap. Like roadmap for spring security, roadmap for spring boot or core. So that everyone can have a idea what to start first and what not.
Thank you
No it's not at all funny Budd y don't worry. spring boot road map i will prepare one video where i will cover all modules. Most probably this weekend or next okay
@Javatechie : I like your videos, you are doing a great job.
I just have one doubt here, we are extracting username from JWT token, then from that username we are fetching UserDetails, then we are matching username from JWT token with user name from UserDetails, but they both will always be same, isn't it?
No we are fetching the username and then validating it in DB whether the user exists or not
@@Javatechie but we are fetching username from db, so no need to validate again right ?
Buddy you are asking while token generation or aurhenticate endpoint? Where is your confusion
thanks for excellent video
Can you do a tutorial on using JWT authentication and Angular for the front end? I don't know if it's possible for you to do it, but I'm at roadblocks in trying to figure this out
This is so well explained! Thank you!
in this flow can we add authentication using goolge etc.?
Yes absolutely we can
do we have playlist for UI? using springboot as backend?
Thymeleaf/any other ui tech
for simple UIs ?
Assuming backend just accept request that contain token. How can handle returned token from backend to use in all request of frontend(javaFX) that send to backend?
My problem is handling token in frontend.
hats off man
A really nice explanation . Very helpful
I implemented this JWT Authentication and Authorization, and when I call the endpoints via Postman everything works perfectly. The problem is that I'm trying to write unit tests for my controllers using JUnit 5, but all endpoints always throw 403 Forbidden. Even when I use the @WithMockUser annotation, the same problem continues.
Does anyone know what the problem could be?
Did someone who implemented this JWT Authentication and Authorization manage to do the unit tests for the controllers?
how authentication manager bean validation user credentials ,how it will know how is valid user as it was not connecting DB