When you are sending a request without a token or with the invalid token you will get a 403 status code. But this should be 401. So I make a video demonstrating how to fix it. you can check it from here: th-cam.com/video/ucx6wo6dp98/w-d-xo.html
Thank you so much! This is very helpful. I've been struggling a lot with implementing JWT-based security on my api during the last quarter of 2023. Almost all tutorials and guides were already outdated and contained a lot of deprecated methods, and reading the documentations were a pain in the ass too. I got stuck with my personal project cz of it. Until now! You saved a lot of beginners, Iftekhar. Thank you!!!
hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you
Literally I watched lots of videos, didn't understand that much because JWT implementation java a little bit complex and finally got your video sir, this is really amazing for those(like me) who want to understand the architecture behind the implementation and the procedure of implementation. Really appreciate your valuable time and this amazing explanation. Thank a lot sir.
I'm glad my video could help you understand the complex topic of JWT implementation in Java! It's always great to hear that my explanations are helpful to viewers like you. Thank you for watching and taking the time to leave such a positive comment!
This tutorial is awesome, i didn't code for 2 years, now i'am back at it, it was very difficult, but this video was everything i needed, thank you so much.
My man, you're a life saver, I was building a auth-server microservice for my college class and spring security wouldn't work. Threw that all way and followed your tips and guides, now it's running and the authentication is the sweetest thing. Thank you so much for your help!!!!
I really want to appreciate your efforts I have watched multiple videos but this is the one which i can recommend to everyone Thank you so much for your efforts
I'm impressed🎉, Just for a suggestion when you write something can you please explain it's purpose so we can also understand it more clearly and it will be helpful for future audiences. ❤
This is a Great video, thank you so much. also i have a doubt what if there are two tables like admins seperate tables and user seperate tables, in that case how do we do that ?
Great video! I learned a lot about JWT authentication and authorization with Spring Security. Would you be able to create a follow-up video on implementing refresh tokens for JWT? This would be very helpful for building long-lived and secure applications
I'm glad you found the video helpful! I have published videos on refresh tokens. here is the links: th-cam.com/video/nvwKwsJg89E/w-d-xo.htmlsi=Fb9mot9tVTLMUROx th-cam.com/video/-DB7zXu8kFU/w-d-xo.htmlsi=eupet-HEIXP0XmUx
I really thank you for this tutorial. After searching for a long time this is the first one I found that is no using deprecated mothods for JWT version 12.
This video is helpful, but I'm working on a Hospital Management System I have entities like Doctor, Patient and Admin, how can I integrate JWT to that existing project and allow patients and doctors to view their appointments , and allow patients to book their appointments. How can I implement this? Could you please me on this!
Shouldn't we access the endpoints(/demo, /admin_only) with the token generated by the login operation instead of register ? We suppose that we want the token to be different at every new login. Thank you.
I'm so confused about the Spring security as every next person is talking about the up to date tutorial. That means after every six months the security changes? If that's so, how a given application in spring works if things are going deprecated so fast.
Tutorial was good sir. Everything worked. But I would be happier if those configurations and other security implementations explained a bit better. I have to find them separately.
Im having issues with cors not allowing my requests that are coming from my react front end, Im trying to send the POST login request we allowed and cors is blocking me saying "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." do you know what could be causing this issue?
hello, i am able to log in and register but when i use the token to login i receive this error ".HttpMessageNotReadableException: Required request body is missing" and i am unable to log in. any ideas?
hello sir , I implemented jwt using your way for my USER entity class but ! there is one more class i.e VISITOR to that entity I also want to generate and validate token , how can i do so . let me remind you both these classes are two different entity classes and have different tables. hope you understand what i mean and I dont use roles and permission
Hello , thank you for the explanation when i register the token is generated , but when i try to login it's forbidden and in the database , the password is not hashed it's written as it is do you know why this might be happenning ?
best explanation and its new methods uimplemented in this video .can you make any end to end project with all validations for learning purpose can you please make it. It will help to lots of students .
Your video has been incredibly beneficial to me, and I want to express my sincere gratitude. At around 58:30, wouldn't it be better to use the HTTP status code 201 Created for the /register endpoint?
hey buddy its like a harry potter stick just wow .... because i have been doing this on today from early morning and stucked at debugging the code why some request permited but still not working and after seeing this tutorial with a source code i just have to change appplication.properties file nothing else and code runs fine. Many thanks for sharing video with us along with latest spring security filter chain implementation without any deprecated warning code. 🙂
brother, thank you for the video. i did everything as you did from what i understand. using postman, login/registration works. but when i log in and generate a jwt token and use that token to login in i get 401 error. i also get 401 error on every page other than the login/register pages. ive been looking at the source code trying to find a difference but i cant.
Thank you for your comment! I'm glad you appreciate the simplicity and cleanliness of the video. It's always great to hear positive feedback from viewers like you.
hey, ur video has helped me a lot, but i got an eror 'ERROR: column "role" is of type roleenum but expression is of type character varying Hint: You will need to rewrite or cast the expression.' when i tried to insert user into database, pls help, i already altered the column role in database to enum. Tks a lot
It depends on the requirement. In this video, I have shown the fundamental thing. In the real world companies may require an extra level of security. If you can understand the fundamental level, then you will be able to do the advanced levels of work. But you need to study a lot.
You need to some tweak. First inside jwt service class you need to create a method to generate other property. below is an example of the method: Map getMyClaimsMap() { Map extraClaims = new HashMap(); extraClaims.put("hello", "world"); return extraClaims; } then you need to update generateToken method as follows: public String generateToken(User user) { Map claims = getMyClaimsMap(); //get extra properties String token = Jwts .builder() .subject(user.getUsername()) .issuedAt(new Date(System.currentTimeMillis())) .expiration(new Date(System.currentTimeMillis() + 24*60*60*1000 )) .claims(claims) // set extra properties in token payload .signWith(getSigninKey()) .compact(); return token; } Hopefully It will help.
In the security filter chain you made the session policy as stateless and it means you're not saving the session then in the JwtAuthenticationFilter class why are you having this SecurityContextHolder.getContext().getAuthentication() == null validation ? And moreover why are you trying to save the session using SecurityContextHolder.getContext().setAuthentication(authToken) as you're going to have a Stateless policy for session?
Thank you for your insightful question regarding the implementation of JWT authentication in Spring Security, particularly concerning the use of SecurityContextHolder in a stateless session policy. In a stateless security configuration, the server does not maintain any session information between requests. This means that each request must contain all the necessary information for authentication and authorization, typically provided through a JWT (JSON Web Token). The purpose of the JwtAuthenticationFilter is to validate the incoming JWT and establish the user's authentication context for the duration of that request. Why check if SecurityContextHolder.getContext().getAuthentication() == null? This check is crucial because it ensures that the authentication process is only performed if the user is not already authenticated. If the SecurityContextHolder already contains an authentication object, it indicates that the user has been authenticated in the current request context, and there is no need to re-validate the token. This helps to avoid unnecessary processing and potential performance issues. Why use SecurityContextHolder.getContext().setAuthentication(authToken)? Even in a stateless configuration, it is necessary to set the authentication in the SecurityContextHolder for the duration of the request. This allows Spring Security to recognize the authenticated user and apply any security constraints (like method-level security) during that request. The SecurityContextHolder is designed to hold the security context for the current thread, which is why we set the authentication object after validating the JWT. Once the request is completed, the context is cleared, and no session information is retained for future requests. In summary, while the application is stateless and does not persist session information, the SecurityContextHolder is still used to manage the authentication state for the lifecycle of the current request. This approach allows you to leverage Spring Security's features while adhering to a stateless architecture. If you have further questions or need clarification on any specific part, feel free to ask!
Thanks for the great video! I completely copied your project, a new user registers, a token is issued, but when I try to authorize the user on /demo or amine I get 403, by the way, the same in your previous example, the /login page opens, and on /user and /admin I get 403. Tell me what could be the problem? I’m creating a new project, the dependencies are the same, I copy your code completely, I don’t add anything, but I get 403. Thank you in advance!!!!
Please check if you are sending request with proper request body. Request is case sensitive. You can check the code in my GitHub. Link is in the description.
Thank you for the latest JWT video. I've a doubt, when I try to access the "/demo" page with the bearer token. it's giving 404 error. I've done exactly the same steps you've done in the video. Do you have any idea what could be wrong.
Hello friend, I need help with the code, it allows me to register and login but when I access the endpoint it gives me a 200, however it does not return anything, but when the token is correct, it may be that it doesn't matter at all.
Thanks for your comment! I'm glad you found the explanation helpful. To use @PreAuthorize in the latest versions of Spring, you can simply annotate your method or class with @PreAuthorize and provide the necessary permissions or roles as arguments. Make sure you have the necessary dependencies added to your project as well. Let me know if you have any specific questions!
@@LearnWithIfte yeah but that's the problem i was facing while using @PreAuthorize I got 403 but while setting up role authorization in config file it works fine.
Thank you for your work! I have a question. When you are accessing "/demo" without a token, you get a 403 error. But shouldn't it be a 401 in this case? A 403 means that you are authorized but do not have access, while a 401 means that your token is invalid/empty. How can this issue be solved?
Thank you so much for your support and for bringing up this question! It's great to see that you're paying attention to the details. You're right, there seems to be a mismatch in the error codes. I'll look into it and work on finding a solution. Your feedback is truly appreciated!
Hi, I have figured out the solution. We need to add a CustomAccessDeniedHandler to provide 403 error for appropriate cases and also need to add an exception handler in the SecurityFilterChaing method to handle both 401 and 403 status. I have pushed the update to the git. you can check it from github.com/hello-iftekhar/springJwt
@@LearnWithIfte let's say just a simple project, a user could buy a book from a store which sales only books, I think we don't need to add the payment system and etc, just a user should authorize and buy a book
![Spring boot 3.0 - Secure your API with JWT Token [2023]](/img/n.gif)
When you are sending a request without a token or with the invalid token you will get a 403 status code. But this should be 401. So I make a video demonstrating how to fix it. you can check it from here:
th-cam.com/video/ucx6wo6dp98/w-d-xo.html
OK sir thank you so much 👍👍
I tried that but it didn't help
Thank you so much! This is very helpful. I've been struggling a lot with implementing JWT-based security on my api during the last quarter of 2023. Almost all tutorials and guides were already outdated and contained a lot of deprecated methods, and reading the documentations were a pain in the ass too. I got stuck with my personal project cz of it. Until now! You saved a lot of beginners, Iftekhar. Thank you!!!
Thank you for watching. I am glad to know that it was helpful for you.
hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you
Literally I watched lots of videos, didn't understand that much because JWT implementation java a little bit complex and finally got your video sir, this is really amazing for those(like me) who want to understand the architecture behind the implementation and the procedure of implementation. Really appreciate your valuable time and this amazing explanation. Thank a lot sir.
I'm glad my video could help you understand the complex topic of JWT implementation in Java! It's always great to hear that my explanations are helpful to viewers like you. Thank you for watching and taking the time to leave such a positive comment!
same here, watched tons of videos but this one is the best of the best. everything is explained. short and sweet
My only response is wow😲❤❤
I have watched so many videos related to spring security but not like this. Finally found one. ❤❤❤❤ Huge respect.
Can you please share or list the videos you've watched already? As, I've also watching a bunch of videos to gather concepts and solidify things.
This tutorial is awesome, i didn't code for 2 years, now i'am back at it, it was very difficult, but this video was everything i needed, thank you so much.
Thank you for watching. I am glad to know that it was helpful for you.
THANK YOU! Best video because you used up-to-date methods and not many deprecated ones like other videos
I'm glad you found the video helpful!
true
My man, you're a life saver, I was building a auth-server microservice for my college class and spring security wouldn't work. Threw that all way and followed your tips and guides, now it's running
and the authentication is the sweetest thing. Thank you so much for your help!!!!
I really want to appreciate your efforts
I have watched multiple videos but this is the one which i can recommend to everyone
Thank you so much for your efforts
You don't have a clue how much this video has helped me!
Best video so far on Spring Boot security.Respect!
Thank you for the kind words, glad you enjoyed the video!
Very informative. I traversed so many spring boot auth videos and this one is the best
I saw this same comment of yours on another video as well. Why you doing so?
Sir, I understood the concepts well because of your teachings.
I'm impressed🎉, Just for a suggestion when you write something can you please explain it's purpose so we can also understand it more clearly and it will be helpful for future audiences. ❤
Thank you. I'll definitely consider explaining the code and its purpose in my future videos.
Keep Going, You are going a long way. All the best
Thank you for the encouragement!
Thankyou, it really worked for me! learned something new 👍
Thank you for watching.
This is a Great video, thank you so much. also i have a doubt what if there are two tables like admins seperate tables and user seperate tables, in that case how do we do that ?
❤You are making complex to very easy with your professional explanations. 🙌 ❤
Great video! I learned a lot about JWT authentication and authorization with Spring Security. Would you be able to create a follow-up video on implementing refresh tokens for JWT? This would be very helpful for building long-lived and secure applications
I'm glad you found the video helpful! I have published videos on refresh tokens. here is the links:
th-cam.com/video/nvwKwsJg89E/w-d-xo.htmlsi=Fb9mot9tVTLMUROx
th-cam.com/video/-DB7zXu8kFU/w-d-xo.htmlsi=eupet-HEIXP0XmUx
I had a hard time finding a tutorial that uses version 12.x.x
This one solved my problems
Thanks so much
Thank you for watching. I am glad to know that it was helpful for you.
Love your content. Sir please post a video in a week🧡🧡
Thank you for yout support. I will try my best to do this.
This really helped me a lot. Thanks for such a tutorial
Thank you for watching. I am glad to know that it was helpful for you.
Love the way you teach simple and perfect keep doing it
Thank you so much for your kind words! I'm glad you find my teaching style helpful.
Thank you for the updated and detailed tutorial on this subject
I really thank you for this tutorial. After searching for a long time this is the first one I found that is no using deprecated mothods for JWT version 12.
Thank you for watching. I am glad to know that it was helpful for you.
Please consider a tutorial spring boot with keycloak. Your explanation is really great ❤
Thank you for the suggestion! I'll definitely consider making a tutorial on Spring Boot with Keycloak.
This video is helpful, but I'm working on a Hospital Management System I have entities like Doctor, Patient and Admin, how can I integrate JWT to that existing project and allow patients and doctors to view their appointments , and allow patients to book their appointments. How can I implement this? Could you please me on this!
Such a good video and very clear explanation!
Love this! Keep going brother!
Thank you so much for the support! Glad you enjoyed the video!
That was very useful. Thank you.
47:03 | 'Reactive' not use "new WebAuthticationDetailsSource", because ServerHttpRequest. pls!
Please check the source code from github. You will find it in the description.
it's a good one. clean explanation. It would be great if you could include refresh token as well.
Thank you for your comment! I'm glad you found the explanation helpful. I'll definitely keep your suggestion in mind for future videos.
Thanks from Brazil 🎉
very easy to understand. thank you!!
Thank you for watching.
Sir could you please add the refresh token as well to this lecture?? That would be really helpful.. thank you.
Great video!! It really helped me, I found difficulties since a long time in security but thanks for help
Thank you so much! I'm glad the video was helpful for you in overcoming your security difficulties. Keep up the good work!
Great job! You have helped me a lot!
Thank you for watching. I am glad to know that it was helpful for you.
Its really an amazing detailed video. Will you please enhance it by securing multiple microservices with this JWT authentication ?
vaiya,spring boot micro services with real time projects er ekta complete playlist er jonno onurodh roilo in english please...love u....
Thank you @LearnWithIfte!!!! Really helpful for my studies.
Thank you.
Can you please tell me the color theme you used for this video? Also thank you for this lesson sir, helped me a lot.
This is Material UI theme
@@LearnWithIfte thank you very much!
Perfect video sir, this very help full for me. Thank you for make this video!
Thank you for watching. I am glad to know that it was helpful for you.
Shouldn't we access the endpoints(/demo, /admin_only) with the token generated by the login operation instead of register ? We suppose that we want the token to be different at every new login. Thank you.
Thank u sir for amazing explanation all concept is Crystal clear 🙌 so Thank you❤❤
I'm glad the explanation was helpful! Thank you for your kind words.
sir can you please do the same in spring mvc project(Using thymeleaf) for frontend
I am getting a 401 error. I appreciate the video defining 403 vs 401, but could you do a video that fixes the 401 errors?
Thank you sir ,but I have a question when I do register I found thé 401 code but i dont know why???
It's my fault, thank you so much for this video, now it's working very well
What kind of font family do you use on your intellij ?
nice tutorial, but please what could be the course of error 403
Amazing video!!!🤙
Thanks!!
bro great job, thank you so much
I'm so confused about the Spring security as every next person is talking about the up to date tutorial. That means after every six months the security changes? If that's so, how a given application in spring works if things are going deprecated so fast.
Tutorial was good sir. Everything worked. But I would be happier if those configurations and other security implementations explained a bit better. I have to find them separately.
Thanks for watching. I will try to add explanation in my future tutorials.
Im having issues with cors not allowing my requests that are coming from my react front end, Im trying to send the POST login request we allowed and cors is blocking me saying "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." do you know what could be causing this issue?
Hi, you can check this www.baeldung.com/spring-cors
this is another excellent resource: spring.io/guides/gs/rest-service-cors
hello, i am able to log in and register but when i use the token to login i receive this error ".HttpMessageNotReadableException: Required request body is missing" and i am unable to log in. any ideas?
hello sir , I implemented jwt using your way for my USER entity class but ! there is one more class i.e VISITOR to that entity I also want to generate and validate token , how can i do so . let me remind you both these classes are two different entity classes and have different tables. hope you understand what i mean and I dont use roles and permission
Thanks! It was perfect, ! It really helped me!
Thalaiva your great 💥💥
Why we are not using @Autowired instead of constructor injection
You can check this video to understand it: th-cam.com/video/fUsKNjGO4Is/w-d-xo.htmlsi=eMrMs8vECrNY90eT
Hello , thank you for the explanation when i register the token is generated , but when i try to login it's forbidden
and in the database , the password is not hashed it's written as it is
do you know why this might be happenning ?
Hey, thanks for watching. Unfortunately I don't have any idea why this is happening. Please check my code on github.
best explanation and its new methods uimplemented in this video .can you make any end to end project with all validations for learning purpose can you please make it. It will help to lots of students .
Thank you for watching. I am glad to know that it was helpful for you.
Your video has been incredibly beneficial to me, and I want to express my sincere gratitude.
At around 58:30, wouldn't it be better to use the HTTP status code 201 Created for the /register endpoint?
hey buddy its like a harry potter stick just wow .... because i have been doing this on today from early morning and stucked at debugging the code why some request permited but still not working and after seeing this tutorial with a source code i just have to change appplication.properties file nothing else and code runs fine.
Many thanks for sharing video with us along with latest spring security filter chain implementation without any deprecated warning code. 🙂
Wow. Thank you for watching. I am glad to know that it was helpful for you.
brother, thank you for the video. i did everything as you did from what i understand. using postman, login/registration works. but when i log in and generate a jwt token and use that token to login in i get 401 error. i also get 401 error on every page other than the login/register pages. ive been looking at the source code trying to find a difference but i cant.
Please double-check the return value of *isValid* method in *JwtService class.* There is a _ "!"_ symbol, you have may missed.
@@LearnWithIfte i have the "!" symbol, its in "!isTokenExpired" im not sure what else it could be
Please share your code. learnwithiftekhar@gmail.com
@@LearnWithIfte i just sent the email, the subject is "github source code of jwt". thank you brother this means a lot
Do Dear Iftekhar have a developer community group that asks for things they don't understand in any sociel network tg, instagramm or any other?
Simple and clean... 👍👍👍
Thank you for your comment! I'm glad you appreciate the simplicity and cleanliness of the video. It's always great to hear positive feedback from viewers like you.
Sir, what theme are you using please?
Material UI theme
Great video, great job
Thank you!
hey, ur video has helped me a lot, but i got an eror 'ERROR: column "role" is of type roleenum but expression is of type character varying
Hint: You will need to rewrite or cast the expression.' when i tried to insert user into database, pls help, i already altered the column role in database to enum. Tks a lot
Can you please share your code? You can share your github link. learnwithiftekhar@gmail.com
Can we get new video for writing test cases for this project?
Sure.
In company also security services build like this or any difference is there?
It depends on the requirement. In this video, I have shown the fundamental thing. In the real world companies may require an extra level of security. If you can understand the fundamental level, then you will be able to do the advanced levels of work. But you need to study a lot.
Thanks for video, and what about cors? If we will call this api from frontend.
Thanks a lot for watching my video. I will write a blog on this and will share with you here. Hopefully, it will be helpful for you.
thanks a lot.
Jajakallah khairan
Why don't you separate the responsibility from User Model and make a UserSecurity class and then implement UserDetails? 17:29
Its just one way to implement it. If you want to make a seperate UserSecurity class, go for it. Both techniques are right
thanks for your video its very helpful
You are welcome
Hello, what if I want to add more than the username in the JWT payload ?
You need to some tweak. First inside jwt service class you need to create a method to generate other property. below is an example of the method:
Map getMyClaimsMap() {
Map extraClaims = new HashMap();
extraClaims.put("hello", "world");
return extraClaims;
}
then you need to update generateToken method as follows:
public String generateToken(User user) {
Map claims = getMyClaimsMap(); //get extra properties
String token = Jwts
.builder()
.subject(user.getUsername())
.issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + 24*60*60*1000 ))
.claims(claims) // set extra properties in token payload
.signWith(getSigninKey())
.compact();
return token;
}
Hopefully It will help.
In the security filter chain you made the session policy as stateless and it means you're not saving the session then in the JwtAuthenticationFilter class why are you having this SecurityContextHolder.getContext().getAuthentication() == null validation ? And moreover why are you trying to save the session using SecurityContextHolder.getContext().setAuthentication(authToken) as you're going to have a Stateless policy for session?
Thank you for your insightful question regarding the implementation of JWT authentication in Spring Security, particularly concerning the use of SecurityContextHolder in a stateless session policy.
In a stateless security configuration, the server does not maintain any session information between requests. This means that each request must contain all the necessary information for authentication and authorization, typically provided through a JWT (JSON Web Token). The purpose of the JwtAuthenticationFilter is to validate the incoming JWT and establish the user's authentication context for the duration of that request.
Why check if SecurityContextHolder.getContext().getAuthentication() == null?
This check is crucial because it ensures that the authentication process is only performed if the user is not already authenticated. If the SecurityContextHolder already contains an authentication object, it indicates that the user has been authenticated in the current request context, and there is no need to re-validate the token. This helps to avoid unnecessary processing and potential performance issues.
Why use SecurityContextHolder.getContext().setAuthentication(authToken)?
Even in a stateless configuration, it is necessary to set the authentication in the SecurityContextHolder for the duration of the request. This allows Spring Security to recognize the authenticated user and apply any security constraints (like method-level security) during that request. The SecurityContextHolder is designed to hold the security context for the current thread, which is why we set the authentication object after validating the JWT. Once the request is completed, the context is cleared, and no session information is retained for future requests.
In summary, while the application is stateless and does not persist session information, the SecurityContextHolder is still used to manage the authentication state for the lifecycle of the current request. This approach allows you to leverage Spring Security's features while adhering to a stateless architecture. If you have further questions or need clarification on any specific part, feel free to ask!
Great explanation. Thanks
Thank you so much for your kind words! I'm glad I could provide a clear explanation for you.
Thanks for the great video! I completely copied your project, a new user registers, a token is issued, but when I try to authorize the user on /demo or amine I get 403, by the way, the same in your previous example, the /login page opens, and on /user and /admin I get 403. Tell me what could be the problem? I’m creating a new project, the dependencies are the same, I copy your code completely, I don’t add anything, but I get 403. Thank you in advance!!!!
Can you please share your code?
Oh, I added the code from your repository and it worked! Thank you! Now I’m thinking about how to combine this with thymeleaf)))@@LearnWithIfte
With thymeleaf you do not need this jwt token. You can check this video th-cam.com/video/jPmkcFjbQCM/w-d-xo.htmlsi=u-KrMMBnNBmdu2KD
Hello, could you make a video on how to connect this with Angular app on front?
Thank you for your suggestion! I'll definitely consider making a on that. Stay tuned for future content!
Amazing, good english, good explain
Thank you so much for the kind words, I really appreciate it!
Great tutorial however after ı wrtie the config class ı get 403 for my any POST request include login and register to (yes i disabled csrf)
Please check if you are sending request with proper request body. Request is case sensitive. You can check the code in my GitHub. Link is in the description.
@@LearnWithIfte I found my issue(my 168 bits key does not enough for jwt. I found it when i debugging @EnableWebSecurity(debug = true)) thanks
Beautifuly explained
Thank you so much! I'm glad you found the explanation helpful.
why do we need to save JWT token into database?
Please check this video. Here I have explained the reason. th-cam.com/video/OpSU0VgfkL4/w-d-xo.html
Very helpfull video! Could you please tell me what Theme you use for IntelliJ? I really like the colors of your editor :)
I'm glad you found the video helpful! The theme I use for IntelliJ is called Material Theme UI, it's one of my favorites too!
Здесь не хватает русского комментария.
Спасибо.
Сейчас тяжело найти актуальную JWT.
Thank you for watching.
It would be interesting to see how to host a spring project)
Thank you for your suggestion! I'll definitely consider making a video on hosting spring boot. Stay tuned for future content!
Excellent explanation
Thank you for your kind words! I'm thrilled that my explanation resonated with you.
@@LearnWithIfte I would loved to see fullstack guide with react to fully cover spring security, like you did in Auth0. Keep up the good work man!
Thank you for the latest JWT video. I've a doubt, when I try to access the "/demo" page with the bearer token. it's giving 404 error. I've done exactly the same steps you've done in the video. Do you have any idea what could be wrong.
Can you please share your code?
I was facing the same issue. But I sorted it out.
Hello friend, I need help with the code, it allows me to register and login but when I access the endpoint it gives me a 200, however it does not return anything, but when the token is correct, it may be that it doesn't matter at all.
Please share your code. You can send me your GitHub link via email. You can find my email in my channel
Thanks a lot dada
springSecurity by default puts UserDetails isAccountNonExpired, isAccNonLocked, isCredentialsNonExpired as true
Can we Login without adding the Jwt filter?
Without JWT filter the full application will become useless. This filter is responsible for filtering out unauthenticated user.
@@LearnWithIfte Thankyou .
I know that. I just want to know is that possible?
Please make a video on Oauth2 resource server with jwt
Great Explanation. I also got problem in using @PreAutorize like how can we use it in latest versions of spring
Thanks for your comment! I'm glad you found the explanation helpful. To use @PreAuthorize in the latest versions of Spring, you can simply annotate your method or class with @PreAuthorize and provide the necessary permissions or roles as arguments. Make sure you have the necessary dependencies added to your project as well. Let me know if you have any specific questions!
@@LearnWithIfte yeah but that's the problem i was facing while using @PreAuthorize I got 403 but while setting up role authorization in config file it works fine.
@@arunsara2183 can you please share your code via github?
but how can i create multiple roles from database
For that you need to do some curd operations. I wall try to make a video in future for this.
Thank you for your work! I have a question. When you are accessing "/demo" without a token, you get a 403 error. But shouldn't it be a 401 in this case? A 403 means that you are authorized but do not have access, while a 401 means that your token is invalid/empty. How can this issue be solved?
Thank you so much for your support and for bringing up this question! It's great to see that you're paying attention to the details. You're right, there seems to be a mismatch in the error codes. I'll look into it and work on finding a solution. Your feedback is truly appreciated!
Hi,
I have figured out the solution. We need to add a CustomAccessDeniedHandler to provide 403 error for appropriate cases and also need to add an exception handler in the SecurityFilterChaing method to handle both 401 and 403 status. I have pushed the update to the git. you can check it from github.com/hello-iftekhar/springJwt
I have made a video fixing this issue. You can check it from here:
th-cam.com/video/ucx6wo6dp98/w-d-xo.html
vaiya ,please make a video on bkash ,nagad payment gateway with spring boot please...
can't we continue this project ? I would like to add some stuff that user could do after authorization
Sure. Just give some suggestions of what tasks you want to do. I will try to make a tutorial on that.
@@LearnWithIfte let's say just a simple project, a user could buy a book from a store which sales only books, I think we don't need to add the payment system and etc, just a user should authorize and buy a book
that would be great if you make a tutorial for that @learnwithiftekhar
thank you so much!!!!!
You're welcome!
celan explanation. It would be great if you could include refresh token as well.
Thank you for your comment! I'm glad you found the explanation helpful. I'll definitely keep your suggestion in mind for future videos.
clean explanation
Thank you for watching! I'm glad you found the explanation helpful.