Spring Security 6 | How to Create a Login System with Spring Data JPA and JWTs [NEW 2023]
Рет қаралды 75,215
Күн бұрынSpring Security can be a massive rabbit hole when you get started. This is exactly what happened to me when I started researching how to add encryption to the backend of my Twitter clone here on KZfaq. I poured hours and hours of watching tutorials and trying to figure out how to tweak one tutorial to do this, or another tutorial that was outdated to do that. Finally, I stumbled upon some non-outdated tutorials, but they still lacked exactly what I needed and I still had to link multiple different tutorial videos together to get to where I am now. If you have been in my place before, or if you are at where I was right now this is the video for you.
In this video we are going to sit down from the start of an application and build out an entire authenticated backend server with login and register features connected to a database. We are also going to implement the generation of JWT's so you can have a stateless backend, and we will use OAuth2Resource server to verify that the JWT's sent back are valid, and then authorize requests to specific routes based on the users roles. We will do all of this from scratch so you can understand where we started and how we got to the finish line.
I highly recommend that you watch through the entire video for context, however, here is the link to the project code:
github.com/unknownkoder/sprin...
~~~ Feeling Generous? Donate to the channel for the all the hard work that made this video ~~~
streamlabs.com/unknownkoder/tip
~~~ Stay Up To Date With My Social Media ~~~
Twitter: / unknownkoder
Twitch: / unknownkoderyt
Be sure to subscribe and turn on the bell notifications on youtube to not miss another episode of Lets Build Twitter: shorturl.at/gnxZ8
~~~ Background Music Used In My Video ~~~
Astroblk - Nothing Really matters that much to me anymore
Aviscerall - Sanctuary
Cøzybøy - Please Don't Drown
Astroblk - explorer
Knwln Ryan - Can't Replace You
NetNavi - How Can You Tell
Astroblk - Vancouver
Aviscerall - Lullabyes
Cøzybøy - Deep In Snow
Astroblk - Courage
Aviscerall - Coffee Shop
Cøzybøy - I'll Do Anything
Astroblk - Pay Up _____
Aviscerall - Chillin'
Cøzybøy - I Feel Okay Today
Astroblk - fleids
Aviscerall - Progress
Cøzybøy - What Do You know About Love
Astroblk - Geneva
Knwln Ryan - Jupiter
Astroblk - Ginger Spice
Aviscerall - Clockin' Out
Knwln Ryan - Waterfalls
Aviscerall - Feelings
Astroblk - Soul in Seoul
NetNavi - To A Song
Astroblk - Sunrise
Aviscerall - Onett
~~~ Video Content ~~~
0:00:00 - Introduction
0:03:05 - Prerequisites
0:04:34 - Project Diagram
0:06:05 - Project Creation
0:12:01 - application.properties setup
0:17:04 - Creating the UserController
0:19:56 - Creating the AdminController
0:21:32 - Testing User and Admin Endpoints
0:22:37 - Installing Spring Security
0:24:43 - Utilizing the default Spring Security password
0:25:57 - Unlocking the API
0:28:45 - Creating the Role model
0:32:26 - Creating the ApplicationUser model
0:38:32 - Creating the UserService
0:42:20 - Configuring basic authentication
0:47:38 - Creating the Repository layer
0:51:20 - Loading Roles and Admin User
0:55:13 - Using the UserRepository in the UserService
0:58:05 - Creating the AuthenticationService and registerUser method
1:04:12 - Creating the AuthenticationController and registerUser method
1:09:22 - Configuring all traffic to AuthenticationController
1:11:53 - Creating the KeyGenerator utility class
1:14:37 - Creating the RSAKeyProperties class
1:16:21 - Installing OAuthResourceServer
1:17:29 - Configuring Spring Security to use OAuthResourceServer
1:22:05 - Creating the TokenService
1:26:54 - Creating the LoginResponseDTO class
1:28:37 - Creating the loginUser method in AuthenticationService
1:32:52 - Creating the loginUser method in the AuthenticationController
1:34:11 - Testing user login
1:36:23 - Configuring role based authorization
1:42:44 - Testing role based authorization
1:43:52 - Outro
#unknownkoder #javaprogramming #springsecurity
@kelvinwarui2982 Жыл бұрын
You had me in the first 20 seconds , tutorial hell has brought me here i was almost loosing my mind on spring security
@adarshpandey8526 6 ай бұрын
You just revived my passion for spring boot based backend development. Thank you so much. This is the best spring security crash course I've found on KZfaq even better than the inspirations you mentioned in this video. The reason is, that you used less jargon and fancy Java. You showed basic Java skills to explain an already complex spring security concept which feels smooth. Most of the creators from the Java community tend to use a lot of fancy Java design patterns and advanced Java features which causes great difficulty for freshers to understand such complex concepts. Constructive Criticism: I have one small suggestion for you, the cutting of your voice is really not good. There are no pauses between your speech, leading to you sounding monotonous even when you're not. Also, it made me rewind many times since I never understood where one sentence ended and the other began. Love your content. keep going ♥
@cydoentis Жыл бұрын
This video hit the nail on the head, I watched countless other videos from other people before I found this one, and the content was either outdated or poorly explained. I appreciate that you did everything from scratch and explained each step. Wish I found this video about 8 videos earlier, but I finally understand the whole implementation process for Jwt's. 11/10 will watch again.
@aboubakrghout8180 7 ай бұрын
if u get it can u help me ?
@sajithkumarganesan9823 10 ай бұрын
Fantastic Video, Thank you for putting all this together in one place and having it explained very clearly and at a steady pace. Great work!!!
@romanlobko1293 7 ай бұрын
Amazing video! Such a complex topic was explained in a relatively simple way, thank you!
@kheydbeats 10 ай бұрын
It was indeed an absolute Behemoth of a video! Great tutorial, loved the pacing and the explanations. My subscribe and like is your good sir.
@pranavthakkar2720 6 ай бұрын
The Best explanation I have even seen for spring security and jwt authentication. Thanks alot.
@aman_deep21 Жыл бұрын
What a fantastic to the point video it is, Thank you so much Ethan for sharing valuable knowledge with all of us, my knowledge before and after watching this video has increased very much, looking forward to more of your videos. I had watched a bunch of videos on this topic, but your explanation made it much easy to follow and code along with you.
@maz1ogra 10 ай бұрын
This video is a compilation of everything useful that is said in the other videos, discarding all the other useless things that are said, updating it to the latest versions of spring. Liked the video, keep it up.
@superkobke 10 ай бұрын
Well done. Had some troubles with dependencies but overall your video is quite amazing! Thank you so much!
@professionalyoutubevideowa37 8 ай бұрын
Excellent tutorial. This is just what I needed to get started.
@pradeepk2864 11 ай бұрын
perfect video, everything will go smoothly without getting any blocker for me, thanks brother for such a nice video😍
@mohssinedardar410 10 ай бұрын
Thank you so much! I highly recommend this video to anyone who wants to learn about Spring Security. It is a comprehensive and informative resource :)
@vsaihruthikreddy7127 5 ай бұрын
All I could say this is an extraordinary tutorial. I tried all of the spring security tutorials but they did not cover the nitty gritty aspects of it like the jwt token creation and authorization but you just were superb. Thank you very much for uploading a gem ❤
@shauryatomer1058 2 ай бұрын
Thanks, for this great tutorial. Concise and blazingly fast.
@curiosabouttech 10 ай бұрын
Thank you so much after searching alot i found this video that covered my ground up spring security and jwt thank you man.
@kumar-mh6hy 10 ай бұрын
great content video with proper explanation keep doing contents like this 😍, i was looking for this type content for many days, i just wasted a lot of time but this saved my time and can explain how to save roles in DB annd retrieve it from DB and also about OAuth 2.0
@user-bm3ip7rg9i 5 ай бұрын
Absolutely amazing video, learned a lot from this, Thanks!!
@existence_zero1692 Жыл бұрын
This video is the best spring security video ❤
@maelina2222 23 күн бұрын
This is a really great tutorial. Thanks for this
@podcasts.clips.delivery 11 ай бұрын
Brother, you are a lifesaver!
@anurp4173 7 ай бұрын
Wow, you had me in the first 20 seconds. Got the problem absolutely spot on. thanks
@anurp4173 6 ай бұрын
I have done exactly as you have mentioned in the video upto configuring basic authentication, I keep getting 401 unauthorized exception despite supplying the username and password correctly
@CarlosSousa-cq3jc 2 ай бұрын
After thousands of videos on spring security, I finally found an excellent one
@randomforest_dev Жыл бұрын
thanks for this awesome tutorial! very helpful!
@olliDeg 9 ай бұрын
Great video, really helpful!
@malbunb 6 ай бұрын
This is a greate tutorial. Thanks for that!
@koffeetalk Жыл бұрын
Wow, first time I get it right. Thank you! This channel should have much more followers. I had some issues using Lombok, but when I did all the constructors, getters, setters manually it's finally worked! I guess I need more experience with constructors first, then use lombok.
@unknownkoder Жыл бұрын
I have also had issues with Lombok and I know others sometimes do as well. That is why I chose not to use it in this video.
@SailBuddha 7 ай бұрын
This was fantastic! I followed it, but changed JPA to jdbcTemplate, because the road to Hell is paved with too much abstraction. Doing it that way, everything made perfect sense. Thank you!
@DarkHid3 5 ай бұрын
Good video, I watched it to the end, kinda hard to understand the whole thing because I've just started learning this framework but with the time for sure I will comeback and watch it again!
@Justin_Jay 9 ай бұрын
Wow. Thank you for this. Brilliant
@alexbrun6863 9 ай бұрын
Absolute legend for making this
@andtif 7 ай бұрын
GOAT
@tylerljohnson 7 ай бұрын
excellent tutorial, and thank you for the timestamps!
@Justsomeguy492 11 ай бұрын
thanks for a clear video. its incredible how spring security team has no good documentation for spring security 6
@fetterollie54 11 ай бұрын
Great video and working around the deprecated methods wasn’t too bad and was a very good practice of working with documentation. Thanks for putting this all together. 👏🏼👏🏼👏🏼
@mathewfrancis4167 9 ай бұрын
how did you get the JwtAuthenticationConverter to work in the SecureityFilterChain ?
@fetterollie54 9 ай бұрын
@@mathewfrancis4167 I’ll check in a bit and get back to you
@mathewfrancis4167 9 ай бұрын
@@fetterollie54I'll be infinitely great-full when you will :)
@fetterollie54 9 ай бұрын
@@mathewfrancis4167 Not sure if you can put code blocks in here: @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{ http // disable cross site request forgery .csrf(csrf -> csrf.disable()) // any http requests are authorized .authorizeHttpRequests(auth -> { auth.requestMatchers("/auth/**").permitAll(); auth.requestMatchers("/admin/**").hasRole("ADMIN"); auth.requestMatchers("/user/**").hasAnyRole("ADMIN", "USER"); auth.anyRequest().authenticated(); }); http .oauth2ResourceServer((oauth2) -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))); http .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); // build into security chain return http.build(); };
@fetterollie54 9 ай бұрын
Also I stepped away from the project a month ago and haven’t looked at it since. Hope this is what you are looking for…
@duri467 2 ай бұрын
mega tutorial man, THANKS !
@sherlockholmes1605 11 ай бұрын
Liked the video! Here's an idea for future tutorials, can you create git branches for each chapter? this way we can go back and forth between different chapters to compare and contrast the changes.
@user-ds9yw9km9w 3 ай бұрын
Wonderful! Thanks!
@sasaprograma Жыл бұрын
Great content, thanks a lot!!
@user-uk7bd2nq8c 11 ай бұрын
Thank You! That was very helpful
@mr_bla_ Жыл бұрын
fantastic video thanks lot
@BeneTanStarcraft Жыл бұрын
Thanks for this video!
@RotorVideos01 5 ай бұрын
Thank you for the video!
@Mihai-mb4ew 7 ай бұрын
Man, this video is top notch. It is exactly what was missing from youtube. Could you, please, share with us, how did you figure all this out? What materials did you use for documentation or how was your thought process? Or maybe is it just experience? I watched Dan Vegas' video about JWT and I was really wondering how to achieve role authorization. I wouldn't have figured it out by myself.
@rashidcollins6337 8 ай бұрын
one of the best security tutorial, clear explanation, am now confidence about spring security. Thank you @Unknown Coder
@yogeshpatel2463 8 ай бұрын
my project is not running bro
@iuliszekely8397 7 ай бұрын
Can you help me with something? I got stuck at some point
@cod4basterd 9 ай бұрын
Holy crap. Thank you so much; this is amazing. Top tier content. I learned so much from this compared to hours of Amigoscode or Dan Vega. Nothing against those guys, they just have so much content to get through and a lot of it is outdated. Thank you so much for putting this together. I got what I needed out of it and then some.
@bojidaryordanov2035 8 ай бұрын
Insane video. Ty so much
@kvittitoe 9 ай бұрын
fantastic video
@michasasua8977 8 ай бұрын
thank you for you effort, great job!
@harshpratapsinghshekhawat3034 10 ай бұрын
Much needed video on the upgraded ways of Spring Security, I'm glad that i was able to find it I have a request though, could you also post a video on formLogin using spring security
@khacthinh23.06 8 ай бұрын
tôi mới học khá lúng túng với spring security nhưng xem hết video của bạn tôi đã hiểu hơn rất nhiều, cảm ơn video của bạn.
@vatana7 Жыл бұрын
Thank you for your tutorial
@fahrican9708 11 ай бұрын
great video!
@codex8797 6 ай бұрын
Thank you so much bro, you are a life saver
@mrowox 11 ай бұрын
What I usually want to see in security videos is handling security for different type of roles. E.g a backend service for sellers and buyers, drivers and riders, students and teachers and so on
@jhonandersonperaltaochoa9833 11 ай бұрын
lo que tu quieres es manejo de roles
@anywho3934 11 ай бұрын
hey have you figured it out ? any other resources you found ? cause I have to implement it in project
@MyBinaryLife 8 ай бұрын
this logic is implemented in the SecurityFilterChain bean in your security configuration class
@bryanantoine8911 11 ай бұрын
great video helped me a lot
@user-my9yc3bi8o 7 ай бұрын
This video is amazing
@abdelmoneimelshafei6570 10 ай бұрын
Big thanks, Sir 🥰🥰🥰
@MathiasDurrenberger 6 ай бұрын
Well done. A 1000 thanks
@togashi-azul 4 ай бұрын
Very good video
@manishareddy1 6 ай бұрын
Great Video..Thank you so much
@kwamekyeimonies 9 ай бұрын
Yeah, very true.about 80% of the videos sessions use deprecated modules
@oshannanayakkara6187 5 ай бұрын
Bro this is golden
@gaddp 11 ай бұрын
sick hoodie man
@amitgrover1992 Жыл бұрын
Thank for the detailed explanation, please suggest how to do authentication for an application using Thymeleaf and MVC controller.
@paypalmymoneydfs Жыл бұрын
It really was legit hell, YT algorithm was hiding you from me too 😂
@luciano5026 4 ай бұрын
Thank you !!!!
@theominarinidemelo756 11 ай бұрын
TU É FODA MAN, VC É INCRIVELLLLLLLL
@aashirsiddiqui177 11 ай бұрын
Thanks for the vid, the deprecated APIs were a pain in the ass!
@t0khyo 9 ай бұрын
Toturial hell got me here bro 🗿👍🏿
@abdelkadermiladi5647 5 ай бұрын
THANK YOU
@sabinsesumariyan3687 7 ай бұрын
very good content
@ajaythombare6235 7 ай бұрын
Spring Security is confusing but you did a great job. I found a lot of things in one place it helped me a lot. Thanks
@AhmetMurati 11 ай бұрын
in first minutes I subscribed
@apurvasaha8871 10 ай бұрын
Finally found a video for working around the older deprecated methods. Thank you very much. Edit: Unable to generate the jwt token during login, and getting a 401 Unauthorized error response back. Might be an issue with the deprecated jwt() method in oauth2ResourceServer(oauth2ResourceServerConfigurer::jwt()). But even with the new code oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults())) which provides a default implementation of the oauth2ResourceServerConfigurer class its not working. If anyone has faced the same issue and solved it, Please let me know. Thank you.
@TheMrBatica 10 ай бұрын
I had exact the same issue but I skipped the line 'daoProvider.setPasswordEncoder(passwordEncoder());' under SecurityConfiguration class -> AuthenticationManager ... i had only "daoProvider.setUserDetailsService(detailsService);" hope it helps.
@manmitapatnaik2513 9 ай бұрын
Yes please help in this. I am facing the same issue in intellij.
@manmitapatnaik2513 9 ай бұрын
@@TheMrBaticaBut here daoAuthenticationProvider.setUserDetailsService(detailsService) is used . So what did you exactly change
@TheMrBatica 9 ай бұрын
I wrote what was my problem. I didn't have -> 'daoProvider.setPasswordEncoder(passwordEncoder());
@bochunator1173 4 ай бұрын
@@TheMrBatica Thanks, I had the same problem. Maybe someone has the same issue, so here I put proper code: @Bean public AuthenticationManager authManager(UserDetailsService detailsService) { DaoAuthenticationProvider daoProvider = new DaoAuthenticationProvider(); daoProvider.setUserDetailsService(detailsService); daoProvider.setPasswordEncoder(passwordEncoder()); return new ProviderManager(daoProvider); }
@Ayman_youtube 5 ай бұрын
thank you
@KuldipGhotane Жыл бұрын
It was brilliant, please add oauth 2 support for the same repo
@sfgmbkmbksfg3722 5 ай бұрын
Mind blowing
@KieranMueller 11 ай бұрын
fyi if you are struggling with deprecated methods, or other things (example: I was unable to run project due to an error with the security filter chain method, request matchers specifically. You can always just downgrade the version of Spring Boot in your POM.xml to use what was used in the video and everything will work.
@kennethisaac233 10 ай бұрын
Nice idea
@maingawesley8212 5 ай бұрын
Trust me I haven't started this tutorial, I just read the description and I know Spring Security is bagged already😆😅
@user-zs7nn9fl1e 9 ай бұрын
best ever
@Abdrabbo1 7 ай бұрын
thank you sooooooooooo much!
@mathewfrancis4167 9 ай бұрын
Lovely just what i needed ... i'm new to this level of spring security ... so I hope this question isn't a silly one ... i would like to know how and where you generated the public and private key in you code... thank you :)
@bajrangchapola6748 6 ай бұрын
Great Content!!! Can you make a video on how this authentication backend works with API gateway ? Any of the members if know
@I23430 Жыл бұрын
great
@kaydanderson4487 9 ай бұрын
Awesome video, I followed everything you said (mostly) and got postman working at the end, but Im a bit confused on how to implement a login page and move to a secured page?
@michaels2048 6 ай бұрын
Thank you for the video, do you know how i can be able to display this information in my next js project
@QmGhq2T7CzQ 10 ай бұрын
I am using DOMA, I can't declare the Set authorities as it says it is not supported as persistent type.
@user-qd5vb1hh9i 3 ай бұрын
Greate tutorial, Am asking for getting an end-point which returns an access token by accepting refresh token, Note Access token should also be returned on login attempt.
@Blazs120gl 8 ай бұрын
Hi, this was an exhaustive example I've been looking for. Thank you very much! I would like to extend this project with static HTML pages. How can I do that? I've added HTML pages (e.g. an index.html under resources/static) but I can't access any of the pages. they're all blank and I get 401 responses to them. I tried to add the static path to auth request matchers, but no joy so far. Any ideas what's missing? Thanks in advance!
@akshaybhoendie Жыл бұрын
Hi would you be kind to show the logout part?
@sanctusfides 3 ай бұрын
Is there any need for the JWT Auth Converter to set the roles to "ROLE_ROLENAME" if you just set the roles in the DB to be begin with "ROLE_"?
@hkkabir2024 Жыл бұрын
if i use jdbcuserdetailsmanager and create the two seperate table name users and authorities then it's easy but i have seen most of the coder used implements of userdetails
@sidof8065 11 ай бұрын
I how to do to allow user to access and resource when his already been logged. and don't have toprovide access token again on the frond end?
@billyburroughs2136 Жыл бұрын
Hi! When I run the Maven app and try and access an endpoint in browser I get: “Request Method ‘GET’ is not supported. Do you know what could be causing this? The only difference between yours is I am using Postgres driver. Thanks!
@luky7143 3 ай бұрын
Do I understand it correctly that in the client after login i need to save the token from server response and put it to every request made afterwards?
@Mihai-mb4ew 7 ай бұрын
Hey guys! Is it normal for role authorization to not work without a Converter even if we set the role in DB as ROLE_ADMIN for example? Because I just spent a lot of time with it and it did not work at all even if I would use roles such as "ROLE_USER", "ROLE_ADMIN". It began working only after setting the roles in DB as simply "ADMIN" and "USER" then adding the converter as in the video.
@jumaiddotuya2797 10 ай бұрын
There is a problem casting the Principal to UserDetails as per your implementation.. any ideas? Am trying to get the logged in user via SecurityContextHolder.. thanks
@domingosgilubisse9606 Жыл бұрын
Thanks a lot mate. Could you add Refresh Token?
@unknownkoder Жыл бұрын
Its definitely an idea I can jot down for a future video.
@TheQuancy 10 ай бұрын
I'm trying to do this with MongoDb as the database, and I lose myself when i end up trying to create the roles. Since MongoDb isnt a relational db, its a little confusing when im trying to make "join tables"
@jackedkarlmarx 27 күн бұрын
Hey @Unknown Koder, I fixed the bug you encountered at 1:41:35, apparently this stems from a deprecated use of the jwt() Method, this is the correct way of configuring it as of Spring Security 6.1.x: .oauth2ResourceServer((oauth2) -> oauth2 .jwt(jwtConfigurer -> jwtConfigurer.jwtAuthenticationConverter(jwtAuthenticationConverter())))
Sergey Tech
Рет қаралды 25 М.
Dan Vega
Рет қаралды 119 М.
Braincatchers
Рет қаралды 14 МЛН
Tech Soft
Рет қаралды 16 М.
Learn With Ifte
Рет қаралды 50 М.
The Dev World - by Sergio Lema
Рет қаралды 41 М.
Amol kumar
Рет қаралды 26 М.
Dan Vega
Рет қаралды 126 М.
Code Java
Рет қаралды 32 М.