Spring Boot 3.0 + Spring Security 6 | JWT Authentication & Authorization

Spring Boot 3.0 + Spring Security 6 | JWT Authentication & Authorization | JavaTechie

Рет қаралды 155,902

Жыл бұрын

In this video, you'll learn how to implement JWT authentication and authorization in a Spring Boot 3.0 application using Spring Security 6
You'll see how easy it is to secure your application and protect your endpoints using JSON Web Tokens Step by Step guides
#JWT #SpringBoot #SpringSecurity #JavaTechie
Spring boot microservice Live course Just started (Recordings available)
Hurry-up & Register today itself!
COURSE LINK : javatechie5246.ongraphy.com/
PROMO CODE : Java40
Spring boot 3.0 security :
• Spring Boot 3.0 Securi...
Encryption Key Generator :
www.allkeysgenerator.com/rand...
GitHub:
github.com/Java-Techie-jt/spr...
Blogs:
/ javatechie
Facebook:
/ javatechie
guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community ,
you are free to use source code from above mentioned GitHub account

Пікірлер: 368

@Thiru-zt5lw Жыл бұрын

Bro i don't know who are you.. you are God's gift. I am search for a job.. once I got it..I will give super thanks to you

@Javatechie Жыл бұрын

Thanks buddy 😊 . Keep learning

@dipakkale2723 5 ай бұрын

Did you got job ?

@Thiru-zt5lw 5 ай бұрын

@dipakkale2723 yes..already enrolled in his courses..

@IAmUsingAndroid Ай бұрын

Did you get the job.

@sandeepprabhakula7714 11 ай бұрын

Hats off to you sir You literally made Spring Security Easy. I've gone through many lengthy videos but nothing worked your spring security videos made me learn within 2hrs including jwt and basic auth.

@karthikshankar5618 Жыл бұрын

I have been binge watching many videos on JWT authentication and luckily found this video, you are simply amazing with the way of delivering things sir, thanks a lot and more power to you to roll out such amazing videos in the future

@Javatechie Жыл бұрын

Thank you so much Karthik for appreciating it . I am glad to hear that people are getting benefitted with my content

@GokulCodeFactory Жыл бұрын

What a man you are ? It's not only tutorial for security .It's the night mare for me to achieve security in spring application.Hats off keep the learning spell always on.Thanks a lot!🌟

@Javatechie Жыл бұрын

Thank you so much Gokul . Glad to hear that 😊 . Keep learning

@SupriyaMondal3 10 ай бұрын

".It's the night mare for me to achieve security in spring application." ,, ...... really ?

@Javatechie 8 ай бұрын

@Supriya are you facing any issue?

@pranaypaul6361 17 күн бұрын

haven't found anything simpler on JWT Authentication & Authorization than this video! Kudos. You're so so important for the community! Keep making such videos please.

@kethakaranasinghe941 7 ай бұрын

Sir, thank a lot for your contribution. I have searched so many methods to implement JWT on my project running on Spring 3.1.5 but couldn't find a proper solution. We need more videos on new releases like this. Thanks a lot!!!🤩

@marnasirisha6065 9 ай бұрын

One thing I can say..........the best channel I have ever seen....thank u so much sir

@rishisrivastava5461 Жыл бұрын

Watching your complete series because of the migration project, Thanks a lot again

@galizischebahn2648 7 ай бұрын

incredible! didn't expect to find usage ready solution here, but you nailed it. thanks!

@shubhitembhare7769 6 ай бұрын

Simply amazing Sir. I was struggling for authorization configuration in springboot 3.2.0. You have covered it well.

@henninb Жыл бұрын

I appreciate the detailed description of this video. Thanks for sharing.

@subhashreesahoo5760 Жыл бұрын

Oh wow , thank you so much sir .. i was thinking to request you for this spring security jwt and just found it now . Great ,will cover this in this weekend,thank you 😊

@kshitijbansal3672 Жыл бұрын

Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running. Today an interviewer asked this question to me and I was clueless about it. Pls help.

@adapamail Жыл бұрын

Great tutorial those who are moving spring security 6. Awesome! job.

@SuperYkf Жыл бұрын

This is so well explained! Thank you!

@ahmadazeem7785 4 күн бұрын

Just amazing as always. May God bless you.

@kishordige9721 Жыл бұрын

Present when needed. Thank you!

@Mahmudulhasan-ts5hm Жыл бұрын

thanks, great video. I have followed lots of youtube videos only this code working properly. thanks again.

@parmarkamlesh6493 9 ай бұрын

Nicely covered both authentication and authorization.

@kiryls1207 Жыл бұрын

this happens the first time for me, i just needed a walkthrough in spring3 + jwt and spring security. and well, you provided it 22 minutes ago. +sub

@kshitijbansal3672 Жыл бұрын

@kiryls1207 Жыл бұрын

@@kshitijbansal3672 holy ffffu. it's more like: - how many hours did you mess with spring framework, tinkering here and there? - yes

@kshitijbansal3672 Жыл бұрын

@@kiryls1207 if you know the solution, you can, don't ask unnecessary questions

@kiryls1207 Жыл бұрын

@@kshitijbansal3672 i saw guides and tutorials about spring concurrency and threading. i don't know the solution, i just started with spring

@Javatechie Жыл бұрын

In that scenario you need to configure your scheduler related properties in only one instance For example let's say you have instance 1 ,2 and 3 You want to run your scheduler only in instance 1 in that case create all properties of scheduler like cron expression, time zone etc only in instance 1 configuration When i say instance 1 configuration i mean just find a place where you can load required properties

@harllemalves1590 Жыл бұрын

Great video, thanks for all the explanation!

@johnvick8861 Жыл бұрын

Really helped me for my internship

@rangasudeep1198 Жыл бұрын

Thanks basant for the detailed video about jwt

@Adeel-Verse.. Жыл бұрын

Thankyou so much for this I have got a task to build jwt auth This will be very helpful for me

@ApurvTripathi-mc3iy 9 ай бұрын

Amazing video, you made so easy, understood every part

@user-zp5jc7lj5i 5 ай бұрын

I have learned everything I needed to learn, thanks a lot man

@shigangzhang5662 Жыл бұрын

Thanks for the video. I did learn a lot from it. A few points: 1. the authentication manager is not recommended although it works, you should come up with your own authentication manager. 2. there is a new nimbus package in the latest Spring security which should be used for encoder and decoder. 3. that filter is not necessary as I understand. You simply provide the encoder and decoder, spring security will automatically take care of the security check for all the configured paths.

@Javatechie Жыл бұрын

Thank you for your suggestion buddy. I will definitely take a look into these changes

@RN-jo8zt Жыл бұрын

you mean bcryptpasswordencoder?

@user-si1dm8gg6j 9 ай бұрын

Excellent! Love it

@naidu12341 Жыл бұрын

No words Mind Blowing session

@kamleshpatil1959 Жыл бұрын

Your explanation is really good, thanks for making tutorial

@stevefox2318 Жыл бұрын

Hell yeah thanks man 🔥

@aribasiebel Ай бұрын

Love the popping sounds

@aneksingh4496 Жыл бұрын

Nice ...keep posting some complex spring boot projects...

@justAnotherJavaGuy 11 ай бұрын

Amazing video with covering all the aspect of JWT in latest version of spring boot. Thank you for the in detailed walkthrough. Please make one video on internals of spring boot security internals with new classes in involved latest version

@Javatechie 11 ай бұрын

Glad it was helpful! Yes it's in my queue soon i will do that

@user-gj2bx2gn2o 6 ай бұрын

Спасибо!

@mohamedsubaird Жыл бұрын

Thanks for choosing this topic. And make a Oauth 2 verification video in spring boot 3

@gunarajesh1 10 ай бұрын

Worth watching your videos

@supriya.mallick 2 ай бұрын

Awesome ❤

@kalaiselvankesavel2971 Жыл бұрын

❤Great demo

@supratimdatta7848 Ай бұрын

Very good content. Thank you very much!

@medAmineRg 7 ай бұрын

thank you man, that was very helpful

@supratimnayek2776 Жыл бұрын

Amazing. Thank you so much

@natureloverJ Жыл бұрын

Highly appreciated

@lxdzii Ай бұрын

amazing tutorial!

@roshanpatro5777 10 ай бұрын

Again an amazing tutorial. I can't thank you enough. ❤

@ashishyadav4510 Жыл бұрын

Greate explanation sir! as always 🙏🙏.

@SUMITPal-bl2jm 10 ай бұрын

Yr explanation is just amazing👍👍

@navaugustt 9 ай бұрын

Another nice explanation video ❤

@sujatharam Жыл бұрын

A really nice explanation . Very helpful

@dharmveersharma207 Жыл бұрын

Hats Off sir!

@ThrottleJourneys 5 ай бұрын

Love you bro ! Thanks alottttt

@benjiealcontin7867 Жыл бұрын

Thank you sir, more videos , I'm beginner :)

@unemployedcse3514 Жыл бұрын

Awesome 😍

@SandeepPrajapati-xu9ru Жыл бұрын

such great tutorial, explained in simple way, help be crash course through it and build a new micro service implementing spring JWT authentication, thank you so much

@Javatechie Жыл бұрын

Thanks buddy, What are you looking for here it is kzfaq.info/get/bejne/g72modCqsbi5mZ8.html

@all-in-Recipes 3 ай бұрын

Well explained 🙂

@user-lm6cg9oe6n 3 ай бұрын

thanks for excellent video

@aadiraj6126 Жыл бұрын

Sir, plz provide flow diagrams of each classes before you code. And also include entire flow with all classes as summary at the end and if possible at very begining. You know the flow, so you find it super easy naming classes, but its tough for any beginners as classes names are big and similar. My hostel juniors gave me this feedback when I shared them ur lecture.

@Javatechie Жыл бұрын

Thanks Raj for your suggestion. Noted this and will work on it

@samsonmayeem8409 Жыл бұрын

Nevertheless, it's a big-time first-class tutorial regardless.

@deeplife9654 6 ай бұрын

Yes. This is the only thing this tutorial is missing.

@saikrishna4661 Ай бұрын

Thank you very much sir.

@Briefseverus 9 ай бұрын

hats off man

@josephtan9532 Жыл бұрын

Thank you!!!

@karthickn956 Жыл бұрын

Great explanation sir thanks lot

@abdulsattarshaikh9758 Жыл бұрын

Nice tutorial sir

@javarider7760 Жыл бұрын

This is very right way explain.

@user-zk7fv8qb6z Жыл бұрын

Thank you so much master, te amo

@nanduchopade2910 9 ай бұрын

Best Tutorial ever bro thank you somuch

@punamroy6639 4 күн бұрын

Thank you sir for this video. It is really very helpful.

@java_tech_guru 8 ай бұрын

good explanation

@Harendra_84 Жыл бұрын

Thank you 💖

@rohinikulkarni8097 9 ай бұрын

very nice explanation

@v4vang394 8 ай бұрын

i from vietnam, thanks your video

@brahmanandas1909 Жыл бұрын

Thank you sir

@inhtruongvu7618 8 ай бұрын

🎯 Key Takeaways for quick navigation: 00:00 📹 This video tutorial covers implementing a refresh token mechanism in a Spring Boot application with JSON Web Tokens (JWT). 03:18 🛡️ Refresh tokens enhance the security of JWT authentication by allowing users to obtain new access tokens without re-entering credentials. 05:45 💼 The tutorial demonstrates how to configure and use Spring Security 6 for managing JWT-based authentication and authorization in a Spring Boot project. 08:20 🤖 You'll learn about the importance of token expiration times, token stores, and token revocation for effective JWT authentication. 12:10 🔐 Implementing a refresh token mechanism is crucial for maintaining secure and seamless user sessions in Spring Boot applications. Made with HARPA AI

@yogeshpatil-vx2pi 11 ай бұрын

Thats a great stuff as always :) . .. One request to you ..can you create one video on Spring Security OAuth Authorization Server using spring boot 3.0 .. Thanks again.. keep up good work :)

@Javatechie 11 ай бұрын

Okay sure noted

@deibischavez Жыл бұрын

thanks

@MegaGustavosc Жыл бұрын

I implemented this JWT Authentication and Authorization, and when I call the endpoints via Postman everything works perfectly. The problem is that I'm trying to write unit tests for my controllers using JUnit 5, but all endpoints always throw 403 Forbidden. Even when I use the @WithMockUser annotation, the same problem continues. Does anyone know what the problem could be? Did someone who implemented this JWT Authentication and Authorization manage to do the unit tests for the controllers?

@shaklenahmad Жыл бұрын

that some great content .. thanks basant ... i have 2 doubts 1. SInce we created a filter for every end points in this application how /authenticate is working without token ? i know i am missing something here please point me to right direction . 2 . can u please create a new video which explains spring security 3.0 all classes and flow from the basic . Thanks

@parmarkamlesh6493 9 ай бұрын

Hi Java Techie, could you please change password field type to character array as recommended for security reason and also cover why to use char array for password over string type. if I am not wrong here. Thank you for for uploading such concepts.

@manjosh1990 5 ай бұрын

Excellent video. I also wanted to know how to implement logout. Can you show a sample with the same example?

@aditimohan7892 Жыл бұрын

thank you for your helpful videos. please do a video on Oauth2 for springboot 3

@Javatechie Жыл бұрын

Okay sure we will do that

@Sid-ci1cd Жыл бұрын

Hi In your spring boot crud operations video I am having trouble during the execution the table is not getting created I have even put the getters and setters but still table is not getting created. Can you please tell me fast what should I DO?

@SADDAMHUSSAIN-wy5kf 8 ай бұрын

Perfect Example for Spring Securrity ! Sir can you please guide how @PostMapping("/authenticate") end point is working internally? How it reading user from DataBase! although we are not using any repository in this end point. How AuthenticationMangar finds the correct user name from database?

@Javatechie 8 ай бұрын

It will be dead easy to understand if you can debug then nothing complex buddy. I would strongly suggest you to refer to the video below to understand the internal flow kzfaq.info/get/bejne/Z6uCiZBnyOCWqJ8.html

@SADDAMHUSSAIN-wy5kf 8 ай бұрын

@@Javatechiewow luckely I was already wathcing it ! Thank you so much for your respone ! Thank you again for making things very simpliers

@alfahidi7018 Жыл бұрын

One thing I realized, in your extractAllClaims method, the jtw parser throws exceptions that are not caught. For example, if the token is expired it throws a ExpiredJWTException! So you checks for istokenexpired is moot.

@ayushgupta-pj5sq 11 ай бұрын

you passed claims map empty (During token generation), what is the use of that i did n't get that point? can you please elaborate that little more.

@hackstreet781 5 ай бұрын

Wanted to add one point: if we are generating token only when user register or login then in validation process, we can skip fetching user details from db because if the token is modified then it will be invalid token when we match it using our secret. So, If the token is valid then we can save it to our security context always.This is my understanding. Please add to it if something is incorrect or I am missing something.

@janyajoshi Жыл бұрын

👌✌

@ismailforeveryone6889 Жыл бұрын

very informative , please we need a demo for spring boot 3 & spring cloud keycloak

@Javatechie Жыл бұрын

Okay i will plan for it

@ismailforeveryone6889 Жыл бұрын

@@Javatechie thank you so much

@hariprasad2697 Жыл бұрын

Awesome kindly do junit and mockito 2023 for both three layers testing tutorial video (controller service and repository) if possible 🙂 because one method will have multiple methods inside it... How to write in that scenario... please make video on this use cases

@Javatechie Жыл бұрын

Okay i will

@kshitijbansal3672 Жыл бұрын

@@Javatechie Suppose I have a spring boot application which is having multiple instances running (lets say 3 instances are running), and I have a scheduler which is suppose generating a report after every 1 hour, so now my scheduler will start generating the same report for every instance of my application (so it will generate 3 report in total) and which is a wrong thing, so how can we handle such scenario. How to make our scheduler generate only 1 report even if 3 instances are running. Today an interviewer asked this question to me and I was clueless about it. Pls help.

@minhdo7132 Жыл бұрын

thank you good sir +sub

@tanmaybhadra3314 Жыл бұрын

Hi , I have a small request. Might be funny for some. Can you please create a small video on roadmap. Like roadmap for spring security, roadmap for spring boot or core. So that everyone can have a idea what to start first and what not. Thank you

@Javatechie Жыл бұрын

No it's not at all funny Budd y don't worry. spring boot road map i will prepare one video where i will cover all modules. Most probably this weekend or next okay

@sumantaghosh4239 7 ай бұрын

Thanks Buddy, can you make a video integrating jwt on api gateway

@Javatechie 7 ай бұрын

Please check this kzfaq.info/get/bejne/p7V0oqeimsXMcYE.html

@JeremyMoody-og3nf Жыл бұрын

I think it's worth explaining what you did via an IDE shortcut at the 24:58 mark. The IDE created a local variable: 'authentication' of type 'Authentication'. In order to access the 'Authentication' type you must also add the 'spring-security-core' dependency in your pom.xml file and import 'org.springframework.security.core.Authentication' in your controller class. I know I was confused by this because I wasn't offered the option to do all of this automatically by my IDE and I couldn't see how he managed to use Authentication. Plus there are several Authentication types that can be imported from several different packages.

@Javatechie Жыл бұрын

Brother to be very honest there is no magic happening by ide . Try to understand how spring boot dependency management works

@JeremyMoody-og3nf Жыл бұрын

@@Javatechie I want to first say: thank you for your videos. They've been extremely helpful and I appreciate that you're allowing free access to learning tools for everyone. I didn't mean to criticize you, but I assumed that you may desire the one piece of what I believed to be constructive criticism after watching two spring boot login service and jwt tutorials by you. This is a tutorial. I've never done this before. It's not that simple to know what dependency and import is necessary when I don't even know that they exist in the first place because I've never used them before. Apparently my intellisense for Java had crashed earlier, too, so that made things even more confusing because I was receiving zero recommendations for dependency requirements or imports from VS Code. Remember, almost no experienced spring boot user is going to be watching this tutorial. We'll mostly be people learning spring boot. If you're experienced with it, then you don't need a tutorial on how to create a login service and add web tokens.

@Javatechie Жыл бұрын

I understand your concern buddy. Tell me now how can I help you. Please feel free to ask any doubts eventuough it's simple

@akshaynilkanth9671 Жыл бұрын

Hi Jeremy i would like to interrupt......he hovered on the statement and then clicked on the yellow bulb and then selected the option "introduce"...that is something provided by IntelliJ Idea(IDE being used) as a part of its intellisense

@arunvijay2279 10 ай бұрын

No need to validate token again right, because parseJwt method in Jwt implementation validates the token expiration and secret key & loadUserByUsername fetch if user exist.

@pip3936 Жыл бұрын

Hello sir, thank you for your tutorial. I have a request. Can you do tutorial on how to handle AuthExceptions or JWTExceptions or any other exceptions inside filters, so they will be sent to user in json format.

@Javatechie Жыл бұрын

The approach is simple just add Controller advice class and map your exception

@marinemanga9875 8 ай бұрын

Can you do a tutorial on using JWT authentication and Angular for the front end? I don't know if it's possible for you to do it, but I'm at roadblocks in trying to figure this out

@kshitishsahu1472 Жыл бұрын

Sir I'm getting an expected csrf token is missing in my postman while trying to register an user from api gateway but it's working fine from it's own port number and I have also disabled the csrf in SecurityFilterChain. So where's this coming from?

@funcoding1797 Жыл бұрын

Thanks , your tutorial clips are the best.

@Javatechie Жыл бұрын

Thank you buddy 😊

@nikhiljangala2695 8 ай бұрын

Hi Javatechie, this is great tutorial. I have made my application by following your tutorial. It was working fine until I add JwtAuthFilter but after adding JwtAuthFilter and completed the whole process, The bearer token is not getting generated for authentication api from postman . Can you help me to resolve this issue?