Spring Boot + Spring Security + JWT from scratch - Java Brains

Important note: In the video, I provide the JWT secret as a constant variable in the Java class. As you might imagine, please don't do that in a real application!

It's not a good idea to check in passwords / secret keys in your code. You should get that from a setting / property file that's in a more secure location and not in your source code repository.
(Thanks to Olivier for pointing this out in the comments)

Full deprecated course , Not Recommended

Hi Kaushik Sir, I've few query regarding the WebSecurityCongigurerAdapter. I'm not able to get the import for this class. I'm using Spring Boot version 3.1.3. What changes I need to make so that I can use the Database authentication . Please do reply. Others are also open to help me here.

Excellent !! Crystal Clear

Hey, do you have any videos with the modern way of doing things (without WebSecurityConfigurerAdapter)? This video is pure gold and it would be tremendously useful if there was a video for whatever the new way is.

WebSecurityConfigurerAdapter is now deprecated. It would be great if you could update the playlists accordingly. Great playlist to learn WebSecurity but this thing will help a lot.

It would be more better if you provide the GIT hub link for same code.

Too bad WebSecurityConfigurerAdapter is deprecated...

One doubt, in JwtRequestFilter, in 42nd line we are checking if(username!=null && SecurityContextHolder.getContext().getAuthentication() == null) only then we are validating the token. But for the first time when the user will log in, SecurityContextHolder.getContext().setAuthentication() will be invoked and the user details will be put in SecurityContextHolder. So upon every subsequent request, the if condition will fail as SecurityContextHolder.getContext().getAuthentication() != null. Then how is the token validated?

Hi, i am a fan of your teaching. However, i see couple of things you are using are right now depracated and cannot be used like WebSecurityConfigurerAdapter. Such class dont exist in spring boot 3. Can you please create a new playlist with new implementations

can I get the source code for this

Fantastic...

JwtFilter can cause the authentication fails such as when token is expired or when the user is not found. How can i send back response based on the failure cause?

can I have a diagram flow for this understanding more easy.

Thank you so much for this awesome tutorial.🙂

Whaooo. This is very helpful. Thank you Sir !! Very well explained !

Can you expand upon this example and implement refresh tokens?

Thank you, Its Awesome.

Can you please help us with Bearer? What significant of Bearer in JWT token.

Can you please update the tutorial with with new version of spring boot security. AuthenticationManager bean has been updated.

please can we get a git repo for this project