Hello @Dan, it's amazing! Great video. Please keep producing videos regarding Spring Security, I think it's a black hole in the Spring modules. A lot of specific concepts and it deserves good videos with good explanations like yours. Congratulation and thanks for sharing the content.

Amazing, how simple it is when explained by experts. Thanks for the great content. Well explained, with the right level of details to understand without getting overwhelmed. I still have to review the blog post if I am not missing any details. Looking forward for the next video :)

Great video. This is like the only one guide about this topic that is quite easy to follow and does not break your spirit (I have tried to follow like 2 different videos just to realize half way into 3 hour videos that implementation was changed/got deprecated and I wasted my time).

Hi Dan, This is the tutorial that was missing in 2022. Thanks a lot. I was struggling with those outdated tutorials and dependencies to make a working solution. this saved me lots of time. Looking forward to your next videos.

Thank you for making this tutorial. As you mentioned in the beginning there are so many more complicated ways of doing out there because the are not using what is built in to Spring Security. I unfortunately had used one of those more complicated ways so now I'm going to use what I learned in your tutorial to simplify my project code!

Thank you so much..I was just working on a project and had a lot of difficulties understanding JWT, I opened youtube and I found your video. How lucky I am!

Thanks for sharing this. I used your example to solve a problem I was working on and it worked. You are a lifesaver

Great video my start to spring security wouldn't have been great without this. A big salute.

These videos are so concise and easy to follow, appreciate you.

Thanks a lot for this tutorial. I have been stuck in other tutorials for hours.

Straight to the point, no fluff. Looks looks like a bare-minimum implementation.

Thanks Dan, really educative content that's very well and clearly presented. Exactly what I was looking for!

thank you Dan, this video help me a lot to understand how to generate JWT in Spring. the only one site where I found the explanation with the new version of spring security and works. regards from Colombia

I really appreciated this video. Wishes your channel get bigger n bigger.

Amazing. I used to secure my smalls projects implementing jwt encoder/decoder with the help of libraries like jjwt directly, as well as overriding filter methods from classes/interfaces such as UsernamePasswordAuthenticationFilter, OncePerRequestFilter. But this way you showed us has simplified it a lot. One more subscriber!

I really enjoyed this video. Thank you for providing such great content.

Wow. Learned a lot of very relevant security implementation in a very smooth and clean fashion and in such a short time.

Many thanks, Dan. Your content is quite valuable for someone like me harnessing input to get better at building Enterprise grade applications. Merci beaucoup!!!

finally up to date spring security tutorial :) very good explanation

Thanks for a great tutorial. The article is very useful and helpful.

Thank you Dan! Great work!

Awesome Dan! Thanks for the rich tutorial

Nice tutorial Dan! Thanks a lot.

Nice video you just earn a subscriber I actually love the fact you don't define another class just to write another method like other youtubers do

Thank you for this, Dan. I would love to see a follow up video for implementing "Refresh Token" on top of this :) I know people will love it.

I am a nodejs and Golang API. I found this tutorial very help for my current work using Spring-boot. One thing about Spring-boot is that, when you use Spring-Boot with higher version some errors like this shows up: This error occurs in the NimbusJwtDecoder.validateJwt method of the org.springframework.security.oauth2.jwt.NimbusJwtDecoder class. The NimbusJwtDecoder class is used to decode JSON Web Tokens (JWTs) and is part of the Spring Security OAuth 2.0 framework.

Thanks Dan. it was crystal clear

Great video! Really helpful to get people started with latest Spring Security stuff and JWT! Few questions/comments though: 1. It would be good if you can extend the github repo and add a branch which shows the symmetric key approach - i guess it would be easy for the Decoder as u mentioned, but would like to see how to change the Encoder 2. Maybe to make it more realistic instead of HttpBasic - it would be good to have a UserNamePassword Authentication where the user calls an endpoint with username/password as body and the token generation happens based on that 3. Building on top of 2), it would be great if this gets connected to a database where hashing + salting is used as this can be used as a starter for real projects 4. Having roles in the example/video would be great Looking forward to your next video Dan!

wonderful tutorial, thank toy very much 😊

U have a nice way to explain, great work!!!

Amazing !!!! Great video, Thanks 👌

Wonderful. Very helpful. Thanks for sharing!!

Great tutorial and topic. Really clears things out. Would be great to show next how to update JWT to include user's roles and permissions. And of course looking forward for Spring Authorization server!

Great content, really helpful thank you

Thank you very much! Greetings from Greece!!!

Thanks for this Dan.

Thanks for sharing dan !

Excellent! Thank you.

Thanks for the video ❤

Thank you Dan. nicely explained and Really helpful.

great tutorial thanks!

I super like your video, I have learned a lot form it

Amazing, thanks a lot!

Thank you for the tutorial

Everything works great!

Hi Dan, can you also please talk about how spring mvc works internally, like dispatcher servlet, how by default exceptions are handled in rest apis etc.

Thanks for asymmetric rsakeys knowledge you've shared.

Thanks for sharing about JWT

Great Explanation

amazing as usual !

Thanks, very nice explaind.

Excellent video! Need to test spring security with Ping Federate.

awesome video! subscribed!

Very good take there.

Thanks a lot Dan!

Good video It's really useful🥰🥰!

First, thank you for such a comprehensive explanation of the new spring security. I'm going to take minor issue with it because, as with just about every tutorial I've seen for spring boot security, the user logon and Jwt generation is in the same sever as the Jwt consumer for endpoint security. This would never happen in the wild and creates confusion as to which SecurityConfig configurations are needed for each.

Great Video, keep up the good work

Thank you Dan. I meant A LOT! Would you consider to create a video for those like me with a title "How to read Spring documentation and connect things together"? Lol. Thanks again!

finally, an informative tutorial that ACTUALLY uses BUILTIN jwt tools, and not some filters and JwtUtility classes to secure an app

Very good video, if anybody haven't mentioned yet, it would be good to replace inMemory user with UserDetailsService on data base. Additionally securing rest api with roles. Video would be a bit longer than 1hours, but woud cover topic from A to Z

Perfect video. Thank you, Dan! Like+Sub

thank you so much ❤

Great information. I think a simple video will also be helpful which explains how to protect API using Okta or Keycloak since in most situations you don’t write authorization server yourself.

Great video! You make it so easy to grasp the concept. A quick question. How would you secure the APIs using JWT if the application is using (username & password) in some cases and also biometrics authentication in other cases.

I'm guilty of rolling up my custom solution, pulling in a third party library. Thanks for this video, Dan! Gotta refactor a bit!

You are right.... Spring Security tutorials shows that people try to understand but cannot make it working... Spring Security Team also makes it very challenging to build something with it. Thank you, Dave, for your tutorial - it really helped to make it working.

THANK YOU THANK YOU!!!!

great video very useful

You are great man

your outro music is so good

Hi Dan, really a good video. One functionality which could be added is adding refresh token feature, thanks

Very good your video!!! I have a question for you: since you said that this is the beginning with jwt and not the goal, what other functions can I do with jwt?

Awesome tutorial as always. I have quick one... When using assymetric encryption do we use the private key to encrypt the data or the public key? With the little knowledge I have on encryption, I'm pretty sure we use the public key for encryption and the private key for decryption.

For me as a complete beginner it was so easy to follow. Thanks for this tutorial, it was really helpful.

hello dan, thanks for such a good content, this topic is complex but thanks to you I have been able to understand it better. I only have a small question, why is it necessary to disable csrf?

Hey, great video. I learned very valuable things from your videos. I was wondering how can I do the following: I have a 'tokenVersion' column in my users table. Every time User logs out or refreshes the token I'm going to increase it by 1. When the JWT is decoded and if it's valid I want to check if the tokenVersion in the JWT and in the DB matches. If it matches request can continue if not I want to throw 401.

Are you able to create another video using the other method you mentioned. Where we do not manually create the keys?

Thank you teacher

Thanks you. Can please explain also keycloak with spring.

Hey Dan, New question, obviously us as viewers are following along and just basically copying the code that you write down - but you seem to know exactly what we need and why we need it. Are there any resources you can point me to that could potentially help me understand the architecture of spring security in more detail but also how you learned this to a point where you just know what you need to use? Bit of a loaded question, but i’m keen to learn as much as possible. Right now all it feels like is that i’m copying code from you without truly understanding why we’re doing certain things. Cheers

First off awesome video Dan. I have seen no code/logic on the resource server side to validate token. Is this optional on resource server end or its a must.

That was great! What about video about OAuth2 with Auth/Resource/Client?

Hi Dan. Since we're already on Spring Boot 3.2+ would you mind an update video on this matter? Keep up the good work!

Thank you Dan, it's a greate tutorial for beginners. Can you please make a guide about refreshing jwt please.

Hey! Great video! But how did you do to autogenerate code just by typing jwt? Thanks a lot!

Hey Dan, great work, I have just one question that this oAuth2ResourceServer() takes one Customizer but the jwt() referened by method reference is not having void return type as of thr customize() of Customizer..and we are not getting compile time error...how it is possible?

Hi! Great video, like all your videos! Especially now that Spring Security 6 is mixed in with older tutorials on the web this is very helpful. A suggestion: this is now already deprecated: ".oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)" and has to be replaced with ".oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults())". Also a question, how do you get this snippet-functionality at 30:00?

dan what is the alternative to csrf should be used as it is deprecated in later spring security version 6.+?

Great video! Thanks! Could you explain: you have showed the project creation with the spring starter io source. But, after project was created, you show 2 pom files - problem in that the spring.starter actually created only one single pom. How to I have to understand and follow your solution? And the main issue - I have implemented all steps and this solution doesn't work: yes, I received token, but this token doesn't work for other requests - I have receiving 401 error for all following requests. Now I try to understand the difference - and the difference only in the pom files between your and my code. But you are not explained them

I love your videos! I had a question on how you would approach deploying this application. I am trying to deploy to AWS beanstalk, but I'm having difficulties with the RSA .pem files. I have been trying to add the public and private keys as an environment property in elastic beanstalk, but am having difficulties because it is a string value and not a file. I also tried to add a key converter with @Component and @ConfigurationPropertiesBinding, but I still get a failed convert from string to RSAPublicKey. What do you think should be the approach/best practice to remedy this?

Hi Dan , glad i found your tutorial but my problem is the spring's documentation. It is awful . How do you go about in reading the documentation. I have a question , I want to implement this as a microservice , so what should be the logic behind it ? Everytime a user hits my request he/she will be entering username and password and I will be granting a token to the client. Once the client gets that token how will i forward that token from my microservice to this authentication microservice ?

Hii Dan, I love ur tutorials.. my question is how can i create a seperate authentication servuce using jwt. And then use that is a seperate client service to secure endpoint? Thanks..

is it ok to use the 6.0.0 dependency version of oauth2 resource server? It doesn't contain spring-security-oauth2-jose

Hey Dan, it's amazing, but is there any mechanism in order the user logged out of the system, how we can invalidate the user token?

Hi Dan, thanks for video. Once the token is expired, how would i able to get new access token without relogin.. is it possible to implement some refresh token..?

Dan, thanks for great video! Can anyone help? How to send response back if request was with invalid credentials? I've added custom entry point, so if the user provided no auth token he gets custom json with error message, but how to handle such exceptions as UsernameNotFoundException and BadCredentialsExceptions?

Hi Dan, I did the constructor injection of RSA properties still getting the getting error parameter 0 of construtor and bean not found

Dear Dan, I followed your tutorials to set up the new Spring security. Helas, the one thing I cannot get working is that the roles get authenticated. Is it possible to make a video in which you explain the spring security setup with jwt tokens and a hiberante database authentication with roles?

Also to use the authorization as a micro service and export it, import it in multiple application across the company portfolio for a aligned one platform!