00:03 Implementing signup and login functionality with JWT authentication in Spring Boot. 01:59 Setting up the project with required dependencies and configurations 06:30 Generate app passwords in Google for Spring Boot application to access Gmail account 08:58 Defining user fields and implementing user details methods in Spring Security 15:29 Exposing methods and using libraries to validate JSON web token 18:18 Extracting username from JWT token 23:59 Implementing helper functions for JWT token validation 27:00 Setting up JWT token claims and signing key 32:12 Setting up Dao authentication provider for user authentication 34:42 Creating a JWT authentication filter for Spring Security 40:40 Setting up criteria for incoming requests 43:11 Add security configuration file with authentication provider and JWT authentication filter. 48:45 Configuring CORS and allowed methods and headers for Spring Security. 51:32 Setting up email configuration 57:20 Creating an email service to send verification emails 59:53 Creating the Authentication Service 1:05:29 User verification process details 1:08:13 Handling user email verification and enabling user status 1:13:27 Sending email verification with HTML message 1:16:09 Creating login response and signup/login routes for user authentication. 1:21:35 Creating endpoints for user verification and email resend 1:24:20 Creating a user service for retrieving all user objects 1:29:53 Set up user sign up, login, and email verification in Spring Boot 1:31:51 Join the community for coding resources and mentorship thank me later
For anyone that might have the same problem I did: I was getting a 403 Unauthorized error in Postman when trying any request. I've noticed that what was being extracted from the jwt token was the username, but the way I was trying to find the user was by email. I had to create a 'find by username' method in the userRepository and then use that method in the ApplicationConfiguration's 'userDetailsService' method. I don't have my PC with me at the moment, sorry for the lack of details! EDIT: Forgot to give props to the OP, thank you SWErikCodes for this great video! It helped me lots!
@@SalifFaustino yes, I had to create a 'find by username' method in the userRepository and then use that method in the ApplicationConfiguration's 'userDetailsService' method. Did this help?
I will put you on my daily pray, for start using vs code, where a Ctrl + P can start a project and copilot do its brilliant job 🙏🏽 Hahah nice video, surely deserves more likes and subscribers on your channel 😉
@@SWErikCodes yes, Samsung Pass didnt have the function to receive the 6 letters, so i just cursing because i tried 50 times with the scanner when samsung pass didnt even have the function implemented luckily chatgpt had me covered. i also had to turn the allowance off which was a big pain
I was learning from this video and things were ok. And when you started coding JwtService class, I totally lost and can't make any sense of the things. May be this is because I don't know how things work and which classes to call and which functions to override in order to establish security for our application. My concern and wish is that I want to learn that thing which you know to write this whole JwtService class. Because, it is only usable for a person who already have similar level of knowledge as you already have. Please share that from where should I start and what should I learn in order to understand this whole thing and that can make me capable of writing the security classes for my applications. Note: I know the basics and understand the workings of the Spring boot so that's not a problem. But I have no idea how to plan the whole security of the application and how to implement it. I've no idea of the provided classes and how to use them together to come up with JwtService type of classes. Please help, I'd be really appreciate and grateful to you.
in the video when you tested the login , the api was different , the path was /auth could you tell me why ? what did you change in the actual functionality ?
It's the old way of introducing JWT and isn't the best tbh. Spring Security features built in Oauth2 support. You can achieve same result with a few lines of code in configuration file. It also includes bunch of other features like different types of tokens, use of PKCE, refresh tokens and so on. I would suggest to start with understanding of OAuth 2.1. Because JWT by itself doesn't bring security to your application. JWT is just a type of token which is used for authorization.
Very thanks, much wow :D Would recomend to go more into postman as you progress and show what does what. Like create first controler and service where you can see like all users and mby change password, then after security implemented show that you can now change only your own password. mby even more inner steps. When i did my project, thats kinda how i progresed. created rest api app, and then decided to implement jwt. This video is kinda long session and BOOM now it works. If you decide to go for it, please also implement email reset password. But still I appreciate this a lot, thank you
And for more views I also recomend to put spring boot and spring security version in da title, like many other said, this guide is one of a few i found for new spring. Use that to your advantage, it aint clear from the title and i bet many people also search by version to avoid all same deprecated tutorials
in the final part when you make a get request with /me its returning nothing in the response body, thats ok? Because i have tried the other tow enponts /me and /, both are returninig nothing only the 200ok status
I also noticed, what if somebody uses an email that is not atually theirs so he cannot finish the process. Then we stuck with redundant data in our db. Im kinda beginner, how do we solve this issue? And if its a real email, and that user decides to register, he wouldn't know why he cannot register, would he? i mean - yea, he can ask for resend of a verification code, but why would he do that if he never tried to register before. And ye, he would get an email at the moment he registers, but me personaly would never notice because for all the registrations i use fake email, and im glad i use this approach cause its like 20+spams a day there and im talking about the ones spam filter wouldn't catch. so many pages sells your data and once its out, its out. My regular email i give only to real people, not websites and services/companies.
@@SWErikCodes thanks but no, I figured it's because of the http csrf filtering where I didn't permit the correct path ( should change /auth/** to / ** / auth / ** )
So is your jwt token encrypted so nobody random can decode it and get access to the information information in the token? They would need to use the secret key to decode it in order to get all the information?
@@ghassenbeddouihech2657 yea, I had a couple of problems so I don't remember very well what did resolve this. But if I remember correctly what was being extracted from the jwt token was the username, and the way I was trying to find the user was by email. I had to create a 'find by username' method in the userRepository and then use that method in the ApplicationConfiguration's 'userDetailsService' method. I don't have my PC with me so sorry for the lack of details!
I recommend "Java Programming and Software Engineering Fundamentals" on Coursera (audit the course for free) or anything from freecodecamp on YT for Java. For SpringBoot watch Amigoscode he is the absolute goat.
It's all sounds great, but when you sent request to /users/me you got 200 OK, but with no body, it should return 200 OK and body with info about current user
00:03 Implementing signup and login functionality with JWT authentication in Spring Boot.
01:59 Setting up the project with required dependencies and configurations
06:30 Generate app passwords in Google for Spring Boot application to access Gmail account
08:58 Defining user fields and implementing user details methods in Spring Security
15:29 Exposing methods and using libraries to validate JSON web token
18:18 Extracting username from JWT token
23:59 Implementing helper functions for JWT token validation
27:00 Setting up JWT token claims and signing key
32:12 Setting up Dao authentication provider for user authentication
34:42 Creating a JWT authentication filter for Spring Security
40:40 Setting up criteria for incoming requests
43:11 Add security configuration file with authentication provider and JWT authentication filter.
48:45 Configuring CORS and allowed methods and headers for Spring Security.
51:32 Setting up email configuration
57:20 Creating an email service to send verification emails
59:53 Creating the Authentication Service
1:05:29 User verification process details
1:08:13 Handling user email verification and enabling user status
1:13:27 Sending email verification with HTML message
1:16:09 Creating login response and signup/login routes for user authentication.
1:21:35 Creating endpoints for user verification and email resend
1:24:20 Creating a user service for retrieving all user objects
1:29:53 Set up user sign up, login, and email verification in Spring Boot
1:31:51 Join the community for coding resources and mentorship
thank me later
Legend
Thank you, straightfoward to the point!! Greetings from Brazil.
For anyone that might have the same problem I did:
I was getting a 403 Unauthorized error in Postman when trying any request.
I've noticed that what was being extracted from the jwt token was the username, but the way I was trying to find the user was by email.
I had to create a 'find by username' method in the userRepository and then use that method in the ApplicationConfiguration's 'userDetailsService' method.
I don't have my PC with me at the moment, sorry for the lack of details!
EDIT: Forgot to give props to the OP, thank you SWErikCodes for this great video! It helped me lots!
did you solve ?
@@SalifFaustino yes, I had to create a 'find by username' method in the userRepository and then use that method in the ApplicationConfiguration's 'userDetailsService' method.
Did this help?
I will put you on my daily pray, for start using vs code, where a Ctrl + P can start a project and copilot do its brilliant job 🙏🏽
Hahah nice video, surely deserves more likes and subscribers on your channel 😉
IntelliJ is industry standard for Java
Great video. You should create more such tutorials and course series on springboot and java development topics.
Is this the new Spring Security? Literally every tutorial on yt is depreciated 😭
Yep! Fully functional
@@SWErikCodes Bet 🫡. Thanks again!
Very well and comprehensively explained!
Thank you!
Could you create a tutorial or provide an explanation on how to deploy this API on a hosting service like Railway? Amazing video, really usefull!
I did! Check out my video “how to put a coding project online”
You deserve more views bro
Glad to hear you like the content!
yoooo bro you're absolutely goated
should I memorize all that ? all the built in methods from the libraries and whatnot ? Or how can I benefit from the video ?
tnx man i was looking for a good tutorial tnx
Glad I could help!
Waow Creating the google app password was a hustle for some fun reason xD
Haha and it took me so much time to figure out on my own, it’s not properly documented anywhere ffs
@@SWErikCodes yes, Samsung Pass didnt have the function to receive the 6 letters, so i just cursing because i tried 50 times with the scanner when samsung pass didnt even have the function implemented luckily chatgpt had me covered. i also had to turn the allowance off which was a big pain
I was learning from this video and things were ok. And when you started coding JwtService class, I totally lost and can't make any sense of the things. May be this is because I don't know how things work and which classes to call and which functions to override in order to establish security for our application. My concern and wish is that I want to learn that thing which you know to write this whole JwtService class. Because, it is only usable for a person who already have similar level of knowledge as you already have. Please share that from where should I start and what should I learn in order to understand this whole thing and that can make me capable of writing the security classes for my applications.
Note: I know the basics and understand the workings of the Spring boot so that's not a problem. But I have no idea how to plan the whole security of the application and how to implement it. I've no idea of the provided classes and how to use them together to come up with JwtService type of classes. Please help, I'd be really appreciate and grateful to you.
bro looking forward to more tutorial more
Great, thanks for the contribution
Of course, glad to help
Good Job bro!
Glad to hear you liked the video!
in the video when you tested the login , the api was different , the path was /auth
could you tell me why ? what did you change in the actual functionality ?
How is the workflow with .env file in prod, dev, stag, Specially cd/ci pip, git.ignor and where do you save the .env templat?
you have to duplicate the .env file, delete all the private information leaving only the field's name and rename it to .envtemplate
It's the old way of introducing JWT and isn't the best tbh. Spring Security features built in Oauth2 support. You can achieve same result with a few lines of code in configuration file. It also includes bunch of other features like different types of tokens, use of PKCE, refresh tokens and so on. I would suggest to start with understanding of OAuth 2.1. Because JWT by itself doesn't bring security to your application. JWT is just a type of token which is used for authorization.
Is there a better tutorial or blog out there?
@@andiuptown1711 Check out @laurspilca. He has many tutorials on Spring Security, especially on Oauth2 in Spring
@@avhhust ah the one that wrote Spring Start Here? Thank you!
is it oauth2 for third party access? for some simple code just use jwt token
Hey this guy can’t write his own auth! 😂😂😂😂😂😂
Very thanks, much wow :D
Would recomend to go more into postman as you progress and show what does what. Like create first controler and service where you can see like all users and mby change password, then after security implemented show that you can now change only your own password. mby even more inner steps. When i did my project, thats kinda how i progresed. created rest api app, and then decided to implement jwt. This video is kinda long session and BOOM now it works. If you decide to go for it, please also implement email reset password. But still I appreciate this a lot, thank you
And for more views I also recomend to put spring boot and spring security version in da title, like many other said, this guide is one of a few i found for new spring. Use that to your advantage, it aint clear from the title and i bet many people also search by version to avoid all same deprecated tutorials
Great Job Bro
Glad to hear you enjoyed!
in the final part when you make a get request with /me its returning nothing in the response body, thats ok? Because i have tried the other tow enponts /me and /, both are returninig nothing only the 200ok status
I also noticed, what if somebody uses an email that is not atually theirs so he cannot finish the process. Then we stuck with redundant data in our db. Im kinda beginner, how do we solve this issue? And if its a real email, and that user decides to register, he wouldn't know why he cannot register, would he? i mean - yea, he can ask for resend of a verification code, but why would he do that if he never tried to register before. And ye, he would get an email at the moment he registers, but me personaly would never notice because for all the registrations i use fake email, and im glad i use this approach cause its like 20+spams a day there and im talking about the ones spam filter wouldn't catch. so many pages sells your data and once its out, its out. My regular email i give only to real people, not websites and services/companies.
Why did you choose to build the project as Gradle - Groovy instead of Maven?
Gradle is designed with embedding in mind and it has great work avoidance functionality to improve the load on my server
Doesn’t really matter all that much though
So at the end the difference isn’t that much, right? Means that I can build the same project with maven?
Yes exactly, and as far as I know the only code that changes is the build file
are we able to implement other features such as making restful calls to store blog texts or is this setup only restricted to jwt security?
if you answer my question it means you are the best programmer ever :
why do I get 403 forbidden error whenever I test any endpoint functionality ?
You might be searching for users by username when the code is using email (there’s a comment in more detail about this)
@@SWErikCodes thanks but no, I figured it's because of the http csrf filtering where I didn't permit the correct path ( should change /auth/** to / ** / auth / ** )
So is your jwt token encrypted so nobody random can decode it and get access to the information information in the token? They would need to use the secret key to decode it in order to get all the information?
what if i wanna add roles what should i do
You got a sub. 👍
Welcome to the channel 💪
i get a 403 error whenever i try to login
So do I, were you able to fix it?
u fixed it ?
@@ghassenbeddouihech2657 yea, I had a couple of problems so I don't remember very well what did resolve this.
But if I remember correctly what was being extracted from the jwt token was the username, and the way I was trying to find the user was by email.
I had to create a 'find by username' method in the userRepository and then use that method in the ApplicationConfiguration's 'userDetailsService' method.
I don't have my PC with me so sorry for the lack of details!
fixed???
@@dyziob Yep, I left my solution on another comment to this video - hope it helps!
I am using spring version 2x so i cannot use claim in jwtService whenever u used them so do u have any repo so i can refer to
where to get secretkey
holy hell this is complicated. Just a login functionality takes so much.
Haha ikr
can you tell me how to integrate this with a front end?
Run the server locally (or host it) and make a request to your exposed login method!
Bro could you recommended good resources to learn Java then Spring boot the best one
I recommend "Java Programming and Software Engineering Fundamentals" on Coursera (audit the course for free) or anything from freecodecamp on YT for Java. For SpringBoot watch Amigoscode he is the absolute goat.
Hey Good Video bro !
But i have a question that why you dont use @Autowired for injecting the values
You can use constructor based injection or @autowired both should work!
perfect
Glad you enjoyed it!
It's all sounds great, but when you sent request to /users/me you got 200 OK, but with no body, it should return 200 OK and body with info about current user
You could customize it for sure
@learning885 @Override
public String getUsername() {
return email;
}
add this override in the user entity
Hello ..your github code i cant access most of file because its extenstion is .class can you make it .java so i can see
The code is all .java , head to demo src main Java com example demo and you’ll find the entire code
1:25:00
33:38
24:00
57:00
4:12
This is a lot of work :,c
Haha ikr
Thomas Elizabeth Lopez Scott Robinson Deborah
demn you look so cute, can't focus xD
at least give credits to Eric, stealing the documentation of others even the comments and all