Комментарии:
THANK YOU THANK YOU!!!!
ОтветитьHey Dan, quick question. I notice your .pem files are not pushed on the GitHub repository but you also did not gitignore them. How did you prevent pushing them to GitHub? And how do you deploy an app that relies on these files but does not have them on the repo.
ОтветитьHi Dan, really a good video. One functionality which could be added is adding refresh token feature, thanks
ОтветитьThanks for asymmetric rsakeys knowledge you've shared.
ОтветитьGreat Explanation
Ответитьawesome
ОтветитьI super like your video, I have learned a lot form it
ОтветитьHey Dan, great work, I have just one question that this oAuth2ResourceServer() takes one Customizer but the jwt() referened by method reference is not having void return type as of thr customize() of Customizer..and we are not getting compile time error...how it is possible?
ОтветитьVery good video, if anybody haven't mentioned yet, it would be good to replace inMemory user with UserDetailsService on data base. Additionally securing rest api with roles. Video would be a bit longer than 1hours, but woud cover topic from A to Z
ОтветитьThanks a lot Dan!
ОтветитьFirst, thank you for such a comprehensive explanation of the new spring security. I'm going to take minor issue with it because, as with just about every tutorial I've seen for spring boot security, the user logon and Jwt generation is in the same sever as the Jwt consumer for endpoint security. This would never happen in the wild and creates confusion as to which SecurityConfig configurations are needed for each.
ОтветитьIs anyone else getting a "There is no PasswordEncoder mapped for the id 'null'" Exception early in the video? Right after creating the SecurityConfig class and its first two methods.
ОтветитьHi Sir, I'm novice in spring security, can you please tell me where is the logic behind to refresh token if it's expired?
Ответитьwonderful tutorial, thank toy very much 😊
ОтветитьHii Dan,
I love ur tutorials.. my question is how can i create a seperate authentication servuce using jwt. And then use that is a seperate client service to secure endpoint? Thanks..
Thank you Dan. I meant A LOT!
Would you consider to create a video for those like me with a title "How to read Spring documentation and connect things together"? Lol. Thanks again!
Great video! You make it so easy to grasp the concept.
A quick question. How would you secure the APIs using JWT if the application is using (username & password)
in some cases and also biometrics authentication in other cases.
Issue with JUnit when testing for the repository directly (without going through the controller)
No converter found capable of converting from type [java.lang.String] to type [java.security.interfaces.RSAPublicKey]
Amazing !!!! Great video, Thanks 👌
ОтветитьSir, I was working on a project and while surfing the web for JWT, I came to know that JWTs are not safe when used on frontend applications on browser. They are open to XSS attacks. Also, disabling csrf() is not recommended when used with browsers (like ReactJS+Spring Boot). I don't fully understand what's wrong and what we should do. Please help!
ОтветитьThanks for a great tutorial. The article is very useful and helpful.
ОтветитьThanks for sharing about JWT
ОтветитьExcellent video! Need to test spring security with Ping Federate.
ОтветитьEverything works great!
ОтветитьGreat video my start to spring security wouldn't have been great without this. A big salute.
ОтветитьGreat video! Thanks a lot! I just have one question though: In Postman, you use bearer token as authorization type. The dropdown also offers "JWT token". Why did you not choose this option and took "bearer token" instead?
Ответитьgreat video very useful
ОтветитьThat is for access token.
How about refresh token?
Dan, thanks for great video!
Can anyone help? How to send response back if request was with invalid credentials? I've added custom entry point, so if the user provided no auth token he gets custom json with error message, but how to handle such exceptions as UsernameNotFoundException and BadCredentialsExceptions?
Very good take there.
ОтветитьSir, how did you automatically generate the tests? Was it the Copilot?
ОтветитьFirst off awesome video Dan. I have seen no code/logic on the resource server side to validate token. Is this optional on resource server end or its a must.
ОтветитьI really appreciated this video. Wishes your channel get bigger n bigger.
ОтветитьThanks Dan. it was crystal clear
ОтветитьHi dan, thank you so much for the video, it really helped me.
Just one thing, i'm getting an error with the second unit test "rootWhenAuthenticatedReturnAllUsers". I've done the same thing that you have but i'm getting a 403. Can you or anybody help me?
Add Role & Permissions with RoleHeirarchy with spring security 6, Spring Boot 3
ОтветитьAwesome tutorial as always. I have quick one... When using assymetric encryption do we use the private key to encrypt the data or the public key? With the little knowledge I have on encryption, I'm pretty sure we use the public key for encryption and the private key for decryption.
ОтветитьI am a nodejs and Golang API. I found this tutorial very help for my current work using Spring-boot.
One thing about Spring-boot is that, when you use Spring-Boot with higher version some errors like this shows up:
This error occurs in the NimbusJwtDecoder.validateJwt method of the org.springframework.security.oauth2.jwt.NimbusJwtDecoder class. The NimbusJwtDecoder class is used to decode JSON Web Tokens (JWTs) and is part of the Spring Security OAuth 2.0 framework.
Perfect video. Thank you, Dan! Like+Sub
ОтветитьGreat video! Thanks!
Could you explain: you have showed the project creation with the spring starter io source. But, after project was created, you show 2 pom files - problem in that the spring.starter actually created only one single pom. How to I have to understand and follow your solution? And the main issue - I have implemented all steps and this solution doesn't work: yes, I received token, but this token doesn't work for other requests - I have receiving 401 error for all following requests. Now I try to understand the difference - and the difference only in the pom files between your and my code. But you are not explained them
Why my comments were deleted?
Ответитьcan u explain how to do this but with session cookies instead?
ОтветитьAlso to use the authorization as a micro service and export it, import it in multiple application across the company portfolio for a aligned one platform!
ОтветитьThank you Dan! Great work!
Ответить