Spring Security JWT: How to secure your Spring Boot REST APIs with JSON Web Tokens

Spring Security JWT: How to secure your Spring Boot REST APIs with JSON Web Tokens

Dan Vega

1 год назад

111,057 Просмотров

Ссылки и html тэги не поддерживаются


Комментарии:

Pablo C
Pablo C - 08.11.2023 23:34

THANK YOU THANK YOU!!!!

Ответить
1ndianSp1ces
1ndianSp1ces - 26.10.2023 20:25

Hey Dan, quick question. I notice your .pem files are not pushed on the GitHub repository but you also did not gitignore them. How did you prevent pushing them to GitHub? And how do you deploy an app that relies on these files but does not have them on the repo.

Ответить
sakthi nivas
sakthi nivas - 24.10.2023 21:51

Hi Dan, really a good video. One functionality which could be added is adding refresh token feature, thanks

Ответить
Toan1 Nguyen
Toan1 Nguyen - 19.10.2023 09:19

Thanks for asymmetric rsakeys knowledge you've shared.

Ответить
mdzia khan
mdzia khan - 17.10.2023 06:59

Great Explanation

Ответить
geeekfa
geeekfa - 30.09.2023 05:58

awesome

Ответить
Mena Bebawy
Mena Bebawy - 27.09.2023 07:57

I super like your video, I have learned a lot form it

Ответить
Subhajit Khasnobish
Subhajit Khasnobish - 15.09.2023 15:28

Hey Dan, great work, I have just one question that this oAuth2ResourceServer() takes one Customizer but the jwt() referened by method reference is not having void return type as of thr customize() of Customizer..and we are not getting compile time error...how it is possible?

Ответить
Marek J
Marek J - 11.09.2023 17:01

Very good video, if anybody haven't mentioned yet, it would be good to replace inMemory user with UserDetailsService on data base. Additionally securing rest api with roles. Video would be a bit longer than 1hours, but woud cover topic from A to Z

Ответить
Ali Tariq
Ali Tariq - 04.09.2023 21:44

Thanks a lot Dan!

Ответить
William Ek
William Ek - 03.09.2023 02:53

First, thank you for such a comprehensive explanation of the new spring security. I'm going to take minor issue with it because, as with just about every tutorial I've seen for spring boot security, the user logon and Jwt generation is in the same sever as the Jwt consumer for endpoint security. This would never happen in the wild and creates confusion as to which SecurityConfig configurations are needed for each.

Ответить
Filip Rafael
Filip Rafael - 28.08.2023 16:23

Is anyone else getting a "There is no PasswordEncoder mapped for the id 'null'" Exception early in the video? Right after creating the SecurityConfig class and its first two methods.

Ответить
sayantan chatterjee
sayantan chatterjee - 13.08.2023 13:48

Hi Sir, I'm novice in spring security, can you please tell me where is the logic behind to refresh token if it's expired?

Ответить
Svalyava Svalyava
Svalyava Svalyava - 13.08.2023 13:17

wonderful tutorial, thank toy very much 😊

Ответить
Ankan Ghosh
Ankan Ghosh - 12.08.2023 23:07

Hii Dan,

I love ur tutorials.. my question is how can i create a seperate authentication servuce using jwt. And then use that is a seperate client service to secure endpoint? Thanks..

Ответить
arlekino65
arlekino65 - 07.08.2023 00:59

Thank you Dan. I meant A LOT!
Would you consider to create a video for those like me with a title "How to read Spring documentation and connect things together"? Lol. Thanks again!

Ответить
Edward M
Edward M - 01.08.2023 23:31

Great video! You make it so easy to grasp the concept.
A quick question. How would you secure the APIs using JWT if the application is using (username & password)
in some cases and also biometrics authentication in other cases.

Ответить
Karl Anthony Arnejo
Karl Anthony Arnejo - 31.07.2023 14:13

Issue with JUnit when testing for the repository directly (without going through the controller)

No converter found capable of converting from type [java.lang.String] to type [java.security.interfaces.RSAPublicKey]

Ответить
rahani M'hand
rahani M'hand - 26.07.2023 19:14

Amazing !!!! Great video, Thanks 👌

Ответить
Ayush Singh
Ayush Singh - 08.07.2023 21:19

Sir, I was working on a project and while surfing the web for JWT, I came to know that JWTs are not safe when used on frontend applications on browser. They are open to XSS attacks. Also, disabling csrf() is not recommended when used with browsers (like ReactJS+Spring Boot). I don't fully understand what's wrong and what we should do. Please help!

Ответить
Alexander Kazeev
Alexander Kazeev - 18.06.2023 11:52

Thanks for a great tutorial. The article is very useful and helpful.

Ответить
Tips With NNa
Tips With NNa - 18.06.2023 11:26

Thanks for sharing about JWT

Ответить
Vladimir Mishin
Vladimir Mishin - 07.06.2023 03:42

Excellent video! Need to test spring security with Ping Federate.

Ответить
m_jdm35
m_jdm35 - 31.05.2023 19:27

Everything works great!

Ответить
Francis kinyuru
Francis kinyuru - 24.05.2023 12:13

Great video my start to spring security wouldn't have been great without this. A big salute.

Ответить
HerrKaleu777
HerrKaleu777 - 04.05.2023 14:03

Great video! Thanks a lot! I just have one question though: In Postman, you use bearer token as authorization type. The dropdown also offers "JWT token". Why did you not choose this option and took "bearer token" instead?

Ответить
davy paterne
davy paterne - 04.05.2023 06:39

great video very useful

Ответить
Friedec
Friedec - 28.04.2023 05:16

That is for access token.
How about refresh token?

Ответить
JustAddWater
JustAddWater - 25.04.2023 18:02

Dan, thanks for great video!
Can anyone help? How to send response back if request was with invalid credentials? I've added custom entry point, so if the user provided no auth token he gets custom json with error message, but how to handle such exceptions as UsernameNotFoundException and BadCredentialsExceptions?

Ответить
Mehluli Nokwara
Mehluli Nokwara - 20.04.2023 03:15

Very good take there.

Ответить
theMaster ofDesaster
theMaster ofDesaster - 09.04.2023 01:37

Sir, how did you automatically generate the tests? Was it the Copilot?

Ответить
rajib ahmed
rajib ahmed - 06.04.2023 08:44

First off awesome video Dan. I have seen no code/logic on the resource server side to validate token. Is this optional on resource server end or its a must.

Ответить
DrBullTrader
DrBullTrader - 05.04.2023 15:55

I really appreciated this video. Wishes your channel get bigger n bigger.

Ответить
Behzad Fazelasl
Behzad Fazelasl - 29.03.2023 13:07

Thanks Dan. it was crystal clear

Ответить
Facundo Casamayor
Facundo Casamayor - 15.03.2023 17:27

Hi dan, thank you so much for the video, it really helped me.
Just one thing, i'm getting an error with the second unit test "rootWhenAuthenticatedReturnAllUsers". I've done the same thing that you have but i'm getting a 403. Can you or anybody help me?

Ответить
Keyur Patel
Keyur Patel - 13.03.2023 17:19

Add Role & Permissions with RoleHeirarchy with spring security 6, Spring Boot 3

Ответить
Techy Stuffs
Techy Stuffs - 11.03.2023 18:35

Awesome tutorial as always. I have quick one... When using assymetric encryption do we use the private key to encrypt the data or the public key? With the little knowledge I have on encryption, I'm pretty sure we use the public key for encryption and the private key for decryption.

Ответить
Taban Cosmos
Taban Cosmos - 03.03.2023 22:10

I am a nodejs and Golang API. I found this tutorial very help for my current work using Spring-boot.
One thing about Spring-boot is that, when you use Spring-Boot with higher version some errors like this shows up:
This error occurs in the NimbusJwtDecoder.validateJwt method of the org.springframework.security.oauth2.jwt.NimbusJwtDecoder class. The NimbusJwtDecoder class is used to decode JSON Web Tokens (JWTs) and is part of the Spring Security OAuth 2.0 framework.

Ответить
dodge challenger
dodge challenger - 02.03.2023 18:15

Perfect video. Thank you, Dan! Like+Sub

Ответить
Valentyn Hruzytskyi
Valentyn Hruzytskyi - 25.02.2023 19:02

Great video! Thanks!
Could you explain: you have showed the project creation with the spring starter io source. But, after project was created, you show 2 pom files - problem in that the spring.starter actually created only one single pom. How to I have to understand and follow your solution? And the main issue - I have implemented all steps and this solution doesn't work: yes, I received token, but this token doesn't work for other requests - I have receiving 401 error for all following requests. Now I try to understand the difference - and the difference only in the pom files between your and my code. But you are not explained them

Ответить
Valentyn Hruzytskyi
Valentyn Hruzytskyi - 25.02.2023 18:59

Why my comments were deleted?

Ответить
Tea Advice
Tea Advice - 23.02.2023 21:54

can u explain how to do this but with session cookies instead?

Ответить
mohamed ibrahim
mohamed ibrahim - 20.02.2023 11:45

Also to use the authorization as a micro service and export it, import it in multiple application across the company portfolio for a aligned one platform!

Ответить
Code Scalar
Code Scalar - 19.02.2023 07:53

Thank you Dan! Great work!

Ответить