Комментарии:
Great video. I think the root endpoint won‘t work anymore. I cloned the project and get a 404. Can you explain what happened?
ОтветитьSimply great video..........
Hey, how can we add time for expiration of token validation, and how can we create refresh tokens for the same.
Hi Dan. It has been a video series filled with very clear and understandable explanations. Thank you so much for your service
ОтветитьWell done Dan 👍
ОтветитьI love this have been looking a simple way for password authentication but you got me coverted. keep up the great tutorials. Much love for your content.
ОтветитьWe can't use ECDH keys with NimbusJwtDecoder. I want to use ECDH type of public-private keys.
ОтветитьCan you show how to set up the configuration whilst authenticate against a user in your db instead of creating an inmemory userdetailsservice. I know you have to implement the userdetail, but it is unclear how to set it up. You're video's regarding this do not implement the use of oauthtoresourceserver.
ОтветитьHey Dan, do you have any videos explaining how to call an api with jwt auth, from another api in a different spring project?
ОтветитьI think you should add org.springframework.security.oauth dependency. Without this isn't able to use JwtDecoder Class.
ОтветитьThanks for the explanation, good tutorial!!
Ответитьawesome, thanks. I couldn't find anywhere info how to make AuthenticationManager in new Spring Security versions
ОтветитьI like very much your tutorials and here your explanation about how to retrieve an AuthenticationManager. However, I wouldn't authenticate the user in a Controller. This should happen beforehand, via a Filter and a Provider.
ОтветитьThank you for the great videos, you are amazing, but with the code from the github repo doesn't work it gives an error that RSAKey bean is required. Please check into it if you can, thanks in advance!
Ответитьplease do one but with jpa request body authentication!
ОтветитьHi @Dan thank you very much for the tutorial. Could you please improve it to add refresh token?
Ответитьrequest login with database. tq
ОтветитьIs it possible to have an example with the symmetric key? I'm trying but I always get "Failed to select a JWK signing key" error while generating the jwt token
ОтветитьBonjour,
Merci pour ce tutoriel exceptionnel.
Could you help me to fix this :
Reason: failed to convert java.lang.String to java.security.interfaces.RSAPublicKey (caused by java.io.FileNotFoundException: class path resource [certs/public.pem] cannot be opened because it does not exist)
Merci
Thanks Dan, these two JWT videos are really helpful!
If you can further talk about how to implement both *form login* and **jwt token**, that will be great.
I am struggling with this now, I tried
1) two filter chains (not working, always the one with lower order actually executes)
2) two authenticationManager (not working, when i pass the jwt token, it still redirects me to the login page)
if you have time to help, thanks in advance😀
That AuthenticationManager part was very helpful, thanks Dan!
ОтветитьHi Dan, you mentioned about separate end points for login and for Token. If you could explain that further, it will be helpful. The reason being, when you use OAuth2 with PKCE, you first need to authenticate and get the 'code' in response which needs to be further passed along with 'code verification' to the separate Token endpoint to get the JWT Token.
ОтветитьYou are the best tutor on the new Spring Security configurations, keep up the good work! I had one isssue though getting the RSAKey to generate, i said i need to configure RSAKey as type bean or something, even though i copied your code from github
Ответитьlets say we dont want to manage passwords and registration/authentication happens using otp to the persons email id. how do we generate the token then ?
thanks in advance
Just came back to this video after a lot of reading and watching videos on JWT, Oauth2 etc. This is by far the best video out there for people looking to implement JWT to secure their endpoints. I guess it shouldn't be too hard to implement the refresh token on top of this right?
ОтветитьHey, Dan. The only way to use a JwtEncoder bean with a symetric key(shared key) is implementing the JwtEncoder? I can't find ways to make it work with NimbusJwtEncoder :/
ОтветитьHow do we check body against database users and not only one user?
ОтветитьHey Dan,
I am asking this question to a lot of people and frustratingly I'm not really getting any responses, so I wanted to see if it's something you can help me with.
The question: Is Spring Security & JWT enough to securely authenticate my users so that I can build and grow a SaaS product, or would you do something extra to guarantee the security of your API? If so, what?
Thanks
Dan, so once this is implemented and i want to get a username of a user that's making requests, do I just inject Principal into controller methods?
ОтветитьThis video was an absolute GOLD, Dan! Thank you
ОтветитьI've updated this test as below and worked.
@Test
void rootWhenAuthenticatedThenSaysHelloUser() throws Exception {
LoginRequest loginRequest = new LoginRequest("Lucas", "pass");
MvcResult result = this.mvc.perform(post("/token")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(loginRequest)))
.andExpect(status().isOk())
.andReturn();
String token = result.getResponse().getContentAsString();
this.mvc.perform(get("/")
.header("Authorization", "Bearer " + token))
.andExpect(content().string("Hello, Lucas"));
}
I have been searching for an easy to digest content on Spring Security, you gave exactly what I was looking for Dan Vega. Already subscrided and looking forward to seeing more amazing content from you.
Thank you.
Thank you so much sir!
ОтветитьDan Vega, I just want to say that Im thankful for this and other tutorials you upload, and I mean that from the bottom of my heart. Im learning a lot from this kind of videos, you are capable of explaining complicated things in a short and clear manner.
ОтветитьHi, nice video Dan!
I have a question, I am trying create new user for my MySQL database, (User user = new User()... repository.save(user) )but when I call token endpoint it returns 401:( Any idea how to fix it? Or do I have to create special User and store it?
good afternoon could you help me what is the password to get the token?
ОтветитьThank you very much for this wonderful tutorial!
ОтветитьI got a question for a situation where we are using /token api, why do we get a 401 when a user who isn’t registered (exist in the database or in memory database) but when the user exist but the password doesn’t match we get the correct error code of 500?
ОтветитьIt's very helpful video, great! But I have one question. How to make a logout?
ОтветитьIt's the video I was looking for. Thank you for making it!
ОтветитьI would appreciate having a tutorial for role based authentication. Also can you make a discord server? Feels like having a community would help us to learn from experienced devs about spring and programming in general.
ОтветитьNice tutorial, most jwt tutorial out there uses external library to generate keys for your project. Authentication is hard to learn and you're rocking it.
ОтветитьNext videos please about how to pass jwt into headers
ОтветитьMore videos
ОтветитьAnother great video, thanks Dan! Just a quick addition: if you are using a custom password encoder (i.e. the BCryptPasswordEncoder) you then have to pass that to the DaoAuthenticationProvider as well.
Ответить91st...Thanks Dan
ОтветитьHi, what "{noop}" literal do inside password of a user created in userDetailsService() bean? I know that it is omitted but why?
It must be related to Password Encoder. Without literal inside user password the following exception is thrown:
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id \"null\"
Nice one
ОтветитьThank you for amazing tutorial . I have been following this channel for a while you share really good knowledge to us . Please can you make video on spring security with jwt which is ready for production .And please if you could explain about refresh token and session creation policy.
Ответить