hi , i need help, my error is oauth2.core.oidc.user.DefaultOidcUser cannot be cast to com.co.rastros.oauth.CustomOAuth2User, i follow the video but in the step CustomOAuth2User oAuth2User = (CustomOAuth2User) authentication.getPrincipal() in the class OAuth2LoginSuccessHandler it's not possible, Help.
Hi, I am getting an error saying " org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser cannot be cast to com.bookstore.oauth.CustomOAuth2User" it is occuring on this line ---> "CustomOAuth2User oAuth2User= (CustomOAuth2User) authentication.getPrincipal(); " it cannot able to cast to CustomOAuth2User.
@@CodeJava Hi, I really appreciate for your response. when I ran the code in debug mode , I see that CustomOAuth2UserService is not invoking, debug is directly going to OAuth2AuthenticationSuccessHandler. Please advice me, I have pasted the code below. Thanks in advance controller: @Controller public class UserController { @RequestMapping("/login") public String home() { return "login"; } @RequestMapping("/welcome") public String welcome(Model model, Principal principal) { model.addAttribute("userDetails", principal); return "welcome"; } security Config: ------------------------- public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private CustomOAuth2UserService oauth2UserService; @Autowired private OAuth2AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/oauth2/**").permitAll().antMatchers("/welcome/**").authenticated() .anyRequest().permitAll().and().formLogin().loginPage("/login").and().oauth2Login().loginPage("/login") .userInfoEndpoint().userService(oauth2UserService).and() .successHandler(oauth2AuthenticationSuccessHandler).and().logout().permitAll().and().rememberMe(); } } Service: ------------ @Service public class CustomOAuth2UserService extends DefaultOAuth2UserService { @Override public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException { OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest); return new CustomOAuth2User(oAuth2User); } } OAuth2AuthenticationSuccessHandler -------------------------------------------------- @Component public class OAuth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { // TODO Auto-generated method stub
@@rahilbaig3873 your code seems to be fine. Check if you use @EnableWebSecurity for the config class, and is the dependency spring-boot-starter-oauth2-client present?
@@CodeJava Hello Ty for the tutorial, I have the same problem and have been stuck for hours ... I have @EnableWebSecurity for the config class, and the dependency spring-boot-starter-oauth2-client is present. Any help please ? :(
Trong trường hợp, login with GG thì password trong db là null. Vậy chức năng change password dành cho tài khoản làm cách nào để có thể sử dụng vậy anh. em cảm ơn anh
Hello, thank you for great tutorial. I've question about security implementation in micro service project. In cloud gateway can not add spring-boot-starter-web dependency. So cannot extend WebSecurityConfigurerAdapter. How i do my filter this kind of architechture.
Oh, that's not the purpose of social login, which allows users to login using their own google accounts - unanticipated. If you want to deny access in such case, just redirect the user to the login page with an appropriate message: httpResponse.sendRedirect("/login");
This tutorial's great sir, but how can i implement this into a fullstack application, let say Spring boot & Angular, since it involves Rest api, can you give me some advice? Thank you in advance!
it was nice that u have provided some information but it seems like u are starting from the middle as you have files in the application before even starting to explain, you are not saying anything about the application (i think you have other microservices as well), you should walk through the application so that the purpose should be clear. For example - you have said to add a property to the entity table, I think you are not clearly describing it. please describe it properly so that it will help others.
Thanks for your feedback. I understand what you meant. However, the main purpose of video is to show you guys how to integrate social login functionality for an existing Spring Boot application, you it supposes that you already have one.
Hi Nam. I followed almost similar to you what you did in this tutorial. But I'm get and error "principalName cannot be empty"... Do you have any idea why i'm getting this error?
Kindly refer to this Stackoverflow's thread: stackoverflow.com/questions/63352692/spring-security-5-with-oauth2-causing-principalname-cannot-be-empty-error
Thanks for the great tutorial! I was able to log in using g-mail with my original project!! And I am able to put g-mail user data in SQL Server DB. But after I log in with Google, the registered account seem do not recognized with my original roles set thus I get a 403 forbidden when I'm using google accounts to login. Can you suggest any leads to combine my original roles set with google accounts?? Thanks a lot!
@@CodeJava Thanks again ! I manage to get in to the page, but then I found that my Authentication was empty. I use SecurityContextHolder.getContext().getAuthentication() to get user information but it returned null, could it be possible that I have to do something to the JWT that Google sent to me ?
I have a question, OAuth2 works with a token for authorization, here I can't see any function for the token. It is managed automatically or we dont use tokens?
Could you guild to how to force user choose account google to login(when click login with google redirect a page allow choose account google) at video browser get account google we have logined
anh ơi, tại sao trong fle pom ở cái source code bên dưới phần miêu tả a đính kèm, trong file pom a có để như này 1.8 e đang dùng java 17 thì e thay 17 vào thì có lỗi bắn ra còn để nguyên thì chạy được lí do là gì anh nhỉ? mong được anh reply ạ
a ơi lúc em download source code vè chạy thì nó cứ báo lỗi là Connection refused: no further information em kiểm tra lại thông tin trong file properties kĩ lắm rồi mà cứ báo v
@@CodeJava Can you please make a video on how to properly authenticate and authorize requests when I have multiple microservices and we want a single authentication server
then you have to check provider type in the CustomOAuth2User object (or something else - I don't remember), and update the provider type in database accordingly.
Thank you for replying and this video helped me in understanding oauth2 better and heres how I got that wether the user logged in with fb or gmail OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication; OAuth2AuthorizedClient client = clientService.loadAuthorizedClient( oauthToken.getAuthorizedClientRegistrationId());
NAM im doing project can you please help me with this, When User enters into my website User should register first and then he needs to be verified by Email so that he can login using those crediantials.
@@CodeJava Full error/exception here: java.lang.ClassCastException: org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser cannot be cast to com.example.oauth2Google.entity.CustomOauth2User. Please seen help me!
@@masnaswamy4067why github? are you configuring for google for github? for google, the configuration should be like this: security: oauth2: client: registration: google: clientId: clientSecret: scope: - email - profile
Make sure it is from org.springframework.security.oauth2.core.user.OAuth2User. Reference: docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/oauth2/core/user/OAuth2User.html
Anh ơi cái login google em ok r nhưng có vấn đề là nếu em edit user theo kiểu gọi MyUserDetail ra để lấy người dùng đang đăng nhập hiện tại thì nó sẽ ra null nếu em login bằng pass vs mk bth thì ok ko sao hết vấn đề ở chỗ đó thôi ạ. Thì phần anh làm là a để oauth2detail riêng ra nên em nghĩ là 2 thg nó ko phân biệt đc nhau ạ em để user role là admin mà login bằng nó ko hiện phần của admin luôn khá ảo
How can i get the profile photo from facebook or google?(oauth2User.getAttribute("name")? can i get a photo from keyword "name"??) Thank you so much for all your springboot tutorial, it help me finish my project , so i can start to find a job !
![[LIVE] : ONE ลุมพินี 84 วันนี้!! คู่เอก "ก้องศึก vs เมืองไทย"](http://i.ytimg.com/vi/3kuzsAIDf1c/mqdefault.jpg)
Download the sample project in this tutorial: www.codejava.net/frameworks/spring-boot/oauth2-login-with-google-example
this is the most accurate tutorial which did things properly
Thanks for the tutorial. Hi from Belarus)
Welcome! Greetings from Vietnam :)
Thank you for saving me. That's exact what I want.
Glad I could help!
Where can we get code for front end and other files not included in git
in my course on Udemy: www.udemy.com/course/spring-boot-e-commerce-ultimate
Superb 👌 explanation ✌️
Will you please make video on role based logins.
including registration (sign up)?
hi , i need help, my error is oauth2.core.oidc.user.DefaultOidcUser cannot be cast to com.co.rastros.oauth.CustomOAuth2User, i follow the video but in the step CustomOAuth2User oAuth2User = (CustomOAuth2User) authentication.getPrincipal() in the class OAuth2LoginSuccessHandler
it's not possible, Help.
Thanks for this tutorial. Hello from Russia)
Welcome! Greetings from Vietnam :)
@@CodeJava em cũng Người Việt ạ
That's what I need. Many thanks.
You're welcome! Happy learning!
Thank You. This was very informative session.
Glad it was helpful!
Thanks, please keep going
Thank you, I will.
Can you tell me where the OAuth2User 22:47 you wrote is, why can't I see it. Can you help me explain.
it is from Spring Security OAuth2 dependency: spring-boot-starter-oauth2-client
@@CodeJava Thank you.
Can we please have the full source code, the article doesn't have all the code needed @CodeJava
You can get the full code if enroll in my course here: www.udemy.com/course/spring-boot-e-commerce-ultimate/?couponCode=SPRING08
@@CodeJava can you help me have the customerService class where i can see the logic there
Can you make a video with Reactjs as the front end?
Yes, I will.
Hi, I am getting an error saying " org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser cannot be cast to com.bookstore.oauth.CustomOAuth2User" it is occuring on this line ---> "CustomOAuth2User oAuth2User= (CustomOAuth2User) authentication.getPrincipal();
" it cannot able to cast to CustomOAuth2User.
Do you return a CustomOAuth2User object from the method loadUser in the CustomOAuth2UserService class?
@@CodeJava Hi, I really appreciate for your response.
when I ran the code in debug mode , I see that CustomOAuth2UserService is not invoking, debug is directly going to OAuth2AuthenticationSuccessHandler. Please advice me, I have pasted the code below. Thanks in advance
controller:
@Controller
public class UserController {
@RequestMapping("/login")
public String home() {
return "login";
}
@RequestMapping("/welcome")
public String welcome(Model model, Principal principal) {
model.addAttribute("userDetails", principal);
return "welcome";
}
security Config:
-------------------------
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomOAuth2UserService oauth2UserService;
@Autowired
private OAuth2AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/oauth2/**").permitAll().antMatchers("/welcome/**").authenticated()
.anyRequest().permitAll().and().formLogin().loginPage("/login").and().oauth2Login().loginPage("/login")
.userInfoEndpoint().userService(oauth2UserService).and()
.successHandler(oauth2AuthenticationSuccessHandler).and().logout().permitAll().and().rememberMe();
}
}
Service:
------------
@Service
public class CustomOAuth2UserService extends DefaultOAuth2UserService {
@Override
public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest);
return new CustomOAuth2User(oAuth2User);
}
}
OAuth2AuthenticationSuccessHandler
--------------------------------------------------
@Component
public class OAuth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub
CustomOAuth2User oAuth2User=(CustomOAuth2User)authentication.getPrincipal();
String email=oAuth2User.getEmail();
System.out.println("Customer's Email"+ email);
super.onAuthenticationSuccess(request, response, authentication);
}
}
@@rahilbaig3873 your code seems to be fine. Check if you use @EnableWebSecurity for the config class, and is the dependency spring-boot-starter-oauth2-client present?
@@CodeJava Hello Ty for the tutorial,
I have the same problem and have been stuck for hours ... I have @EnableWebSecurity for the config class, and the dependency spring-boot-starter-oauth2-client is present.
Any help please ? :(
CustomOAuth2User : codepad.org/mg8M3n2D
OAuth2LoginSuccessHandler : codepad.org/hRgg6swS
CustomOAuth2UserService : codepad.org/IyyV6sat
Configure Class : codepad.org/su23grlu
CustomOAuth2User : codepad.org/mg8M3n2D
Thank you sir
Can you please post database table creation scripts?
Trong trường hợp, login with GG thì password trong db là null. Vậy chức năng change password dành cho tài khoản làm cách nào để có thể sử dụng vậy anh. em cảm ơn anh
khi đó thì em nên kiểm tra authentication type của user là database thì mới tiến hành đổi mật khẩu.
Hello, thank you for great tutorial. I've question about security implementation in micro service project. In cloud gateway can not add spring-boot-starter-web dependency. So cannot extend WebSecurityConfigurerAdapter. How i do my filter this kind of architechture.
isn't it spring-boot-starter-security?
Thank you for the tutorial. How do I deny access if the user doesn't already exist instead of creating a new user?
Oh, that's not the purpose of social login, which allows users to login using their own google accounts - unanticipated. If you want to deny access in such case, just redirect the user to the login page with an appropriate message: httpResponse.sendRedirect("/login");
@@CodeJavaThank you so much for your reply. I'll try that out.
This tutorial's great sir, but how can i implement this into a fullstack application, let say Spring boot & Angular, since it involves Rest api, can you give me some advice? Thank you in advance!
I will publish such kind of tutorial in future. Thanks for coming and asking :)
@@CodeJava you're so enthusiastic, hope you do well in this new year!
I'm newbie with Spring Boot, having a question Can I use the OAuth2 authentications for mobile app?
I think it's possible though I haven't used it for mobile apps.
it was nice that u have provided some information but it seems like u are starting from the middle as you have files in the application before even starting to explain, you are not saying anything about the application (i think you have other microservices as well), you should walk through the application so that the purpose should be clear. For example - you have said to add a property to the entity table, I think you are not clearly describing it. please describe it properly so that it will help others.
Thanks for your feedback. I understand what you meant. However, the main purpose of video is to show you guys how to integrate social login functionality for an existing Spring Boot application, you it supposes that you already have one.
Hi Nam. I followed almost similar to you what you did in this tutorial. But I'm get and error "principalName cannot be empty"... Do you have any idea why i'm getting this error?
Kindly refer to this Stackoverflow's thread: stackoverflow.com/questions/63352692/spring-security-5-with-oauth2-causing-principalname-cannot-be-empty-error
Thanks for the great tutorial! I was able to log in using g-mail with my original project!!
And I am able to put g-mail user
data in SQL Server DB. But after I log in with Google, the registered account seem do not recognized with my original roles set thus I get a 403 forbidden when I'm using google accounts to login. Can you suggest any leads to combine my original roles set with google accounts?? Thanks a lot!
How do you check the role of a user? You need to update your custom OAuth2User class: update roles in the getAuthorities() method.
@@CodeJava Thanks again ! I manage to get in to the page, but then I found that my Authentication was empty. I use SecurityContextHolder.getContext().getAuthentication() to get user information but it returned null, could it be possible that I have to do something to the JWT that Google sent to
me ?
I have a question, OAuth2 works with a token for authorization, here I can't see any function for the token. It is managed automatically or we dont use tokens?
everything is done by Spring OAuth library so we just write some configs then focus on the business logics.
Could you guild to how to force user choose account google to login(when click login with google redirect a page allow choose account google) at video browser get account google we have logined
just customize the login page, display Login with Google button only.
anh ơi, tại sao trong fle pom ở cái source code bên dưới phần miêu tả a đính kèm, trong file pom a có để như này
1.8
e đang dùng java 17 thì e thay 17 vào thì có lỗi bắn ra còn để nguyên thì chạy được
lí do là gì anh nhỉ? mong được anh reply ạ
có thể là IDE của em chưa hỗ trợ Java 17 chăng?
Anh có dạy khoá tiếng Việt không ạ
ko em ạ. Anh chỉ có khóa tiếng Anh thôi.
a ơi lúc em download source code vè chạy thì nó cứ báo lỗi là
Connection refused: no further information
em kiểm tra lại thông tin trong file properties kĩ lắm rồi mà cứ báo v
a ơi ngoài ide a đang dùng thì a có dùng intellij idea ko ạ
Anh có dùng IJ. em có dùng database ko? Kiểm tra javascript error xem.
Amazing! Thanks alot
You're welcome!
@@CodeJava Can you please make a video on how to properly authenticate and authorize requests when I have multiple microservices and we want a single authentication server
@@mjpannu5210 Noted your suggestion. I will do it in future because I'm busy making my new course on Udemy this time.
I have two Authentication provider Google and Facebook. As you set authentication provider to google what if the user logs in with facebook?
then you have to check provider type in the CustomOAuth2User object (or something else - I don't remember), and update the provider type in database accordingly.
Thank you for replying and this video helped me in understanding oauth2 better and heres how I got that wether the user logged in with fb or gmail
OAuth2AuthenticationToken oauthToken =
(OAuth2AuthenticationToken) authentication;
OAuth2AuthorizedClient client = clientService.loadAuthorizedClient( oauthToken.getAuthorizedClientRegistrationId());
@@shawaalsaif2144 Look at the OAuth2UserRequest class as the parameter of the loadUser() method in a class that implements DefaultOAuth2UserService
Thanks for this!
No worries! Glad it helped.
NAM im doing project can you please help me with this,
When User enters into my website User should register first and then he needs to be verified by Email so that he can login using those crediantials.
So you can follow the video "Spring Boot Email verification" here: th-cam.com/video/7mVTfnOIJO8/w-d-xo.html
Please helps me. I have problem in class Oauth2LoginSuccessHandler with error: can't convert CustomOauth2User to ....
kindly show me the full error/exception here.
@@CodeJava Full error/exception here:
java.lang.ClassCastException: org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser cannot be cast to com.example.oauth2Google.entity.CustomOauth2User. Please seen help me!
@@sangha1722 You use the wrong type for the CustomOAuth2User class. It should implements the OAuth2User class. Check the video again.
@@CodeJava My class CustomOAuth2User: "codepad.org/pPNFzKEr".
And Class Oauth2LoginSuccess: "codepad.org/fvK6mAxM"
Please seen help me! Thanks.
@@sangha1722 Did u fix this problem??? i have this error too
Hey I am getting error principalities cannot be empty
could you share the full, detailed exception stack trace?
Thankyou Nam ha min
Welcome 😊
where is git?
Coming soon. I will share the code when I publish a text-based article for the same topic. Thanks for watching :)
@@CodeJava a month has passed and there is no article or gita
Hi the video was really helpful, but can I find the source code somewhere? Thank you
source code will be published in a companion article.
Is any available repository to download the source code
I'll put the code into a separate article, which will be published in near future.
Anh có chanel bằng tiếng Việt ko ạ, em cảm ơn anh
anh chỉ có kênh tiếng Anh này thôi em ạ.
Anh cho em hỏi là làm sao để lấy được avatar về được ạ
look at the attributes in OAUth2User object: oauth2User.getAttribute("name");
Thanks nam
you're welcome. I always remember your request about Spring AOP.
Anh có thể làm 1 video với Okta mà SSO đc ko ạ :((
khi nào anh có thời gian em ạ.
Can you please do Linkedin login? thanks
Yes, I will. Thanks for watching :)
java.lang.IllegalArgumentException: principalName cannot be empty., HOW TO SOLVE THIS EXCEPTION BRO
tell me the properties you're using for Spring OAuth configuration.
security:
oauth2:
client:
registration:
github:
client-id: c23e2fe8ec9fdcaa0d21
client-secret: b81030d3df8c8f51f177427aa627cf21cf007c33
scope:
- user:email
- read:user
@@masnaswamy4067why github? are you configuring for google for github?
for google, the configuration should be like this:
security:
oauth2:
client:
registration:
google:
clientId:
clientSecret:
scope:
- email
- profile
@@CodeJava no bro i have configured for GitHub only using github oauth properties .,not google
so you need to follow this video: th-cam.com/video/rciM6j3soUs/w-d-xo.html
can you send all code or github link.
kindly find in the written article at www.codejava.net/frameworks/spring-boot/oauth2-login-with-google-example
Please make video on role based login from scratch
did you check this video? th-cam.com/video/i21h6ThUiWc/w-d-xo.html
@@CodeJava thank u
Lỗi uỷ quyền thì phải làm sao ạ
em gửi lỗi chi tiết (exception) được ko?
@@CodeJava em fix đc rồi anh ạ. thêm cái link uri là đc
Please share the source code
Kindly follow the video by now because I will publish the code in an article later.
a ơi giúp e với
HI, my oAuth2User does not have .getAtribute() method. Only .getAtributes() & .getName()
Make sure it is from org.springframework.security.oauth2.core.user.OAuth2User. Reference: docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/oauth2/core/user/OAuth2User.html
Anh ơi cái login google em ok r nhưng có vấn đề là nếu em edit user theo kiểu gọi MyUserDetail ra để lấy người dùng đang đăng nhập hiện tại thì nó sẽ ra null nếu em login bằng pass vs mk bth thì ok ko sao hết vấn đề ở chỗ đó thôi ạ. Thì phần anh làm là a để oauth2detail riêng ra nên em nghĩ là 2 thg nó ko phân biệt đc nhau ạ em để user role là admin mà login bằng nó ko hiện phần của admin luôn khá ảo
How can i get the profile photo from facebook or google?(oauth2User.getAttribute("name")? can i get a photo from keyword "name"??)
Thank you so much for all your springboot tutorial, it help me finish my project , so i can start to find a job !
I think you need to study OAuth2 attributes of Google and Facebook to know which attribute used for user photo image.
@@CodeJava ok , i will do it , thanks again!