Spring Security using Spring Data JPA + MySQL + Spring Boot | Java Techie
Vložit
- čas přidán 9. 05. 2018
- This video explain you how to implement spring security for Authentication and authorization from Database and how to encrypt and decrypt password
#JavaTechie #SpringBoot #SpringSecurity
GitHub:
github.com/Java-Techie-jt/spr...
Blogs:
javagyanmantra.wixsite.com/we...
Facebook page:
/ 919464521471923
Like and subscribe - Věda a technologie
Very good work, I have watched a lot of spring channels but yours is one of the bests. :3 this rain sounds at the end is satysfying and chilling omg
finally, I clearly understood all those stuff.
I tried to watch and read many videos and blogs but they are just defining all the methods and attributes without saying its workflow.
but u just cleared my doubt.
Thanks once again
Glad to hear this Nihar
Really appreciable work Basanta :) Thanks for this one.
This video is awesome! Thank you so much for explaining this topic so well, it finally made it all so much clearer to me. :)
This is best tape, I ever seen before about Spring boot application.
Great work , Thank you soo much for posting such a valuable video.
Very nice video on spring security.....Thanks!
very nice one......and thanks Basant
This is the only video which shows how to do it with the database entities in an industry format. nice work man, I'm currently learning Spring this is a helpful video
man you awesome , i watch alot of videos and you very understood, thank you!!
Thanks for quick tutorial and to the point.
Good one Thanks for the post
OMG ! you solved my problem.Thank you so much
Hi Guys , as i can see few of comments that it is not working as expected so let me know if you want me to repeat this tutorial once again ?
no worries feel free to raise your doubts any time .
Hello java techie
Iam getting unexpected < error in postman while hitting post request method. After setting basic authentication of admin. Can you help me how to resolve?
Do you have TeamViewer installed in your system ? So that I can check this out remotely
i am facing this issue
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure antMatchers after anyRequest
yes sir do repeat it
@@vikaspooner9846 ok I will do that
KEEP IT UP ..LOVE IT
Very informative tutorial 👍👍👍👍
Thank you sir very nice explanation and demonstration
Many thanks for this video.
Thanks man for this great tutorial
awesome tutorial dear man
Thank you for sharing so much knowledge with us
thanks bro. you really help mankind
Hi.
Many thanks for this tutorial ; very well explained :-)
Cheers :-)
Glad to hear from you sir
Good work
thanks a lot, very good tutorial, , for me the best with entities cooperated with database
Great I really love the way you explain concepts with deep coding. I need your explanation with diagrams.. actually it is difficult to remembers every ponit you mention. With diagrams I can map earily or recollect easity
You are a exceptional person..
Thanks buddy
man you are the best! thanks for this vid :)
Hi Dorsey , this is video is more clear please have a look remake version
czcams.com/video/SpBHdWvRKZ8/video.html
@@Javatechie Thanks.
i have followed the steps, but i can not add a new user using '/secure/rest/admin/add/'. Although i have 2 Admin stored in the DB. I have create a new endpoint that do not need Authentication and then use them to add new admin in the DB.
Cool , you are not able to add because you need to exclude that perticular URL from antMatchers
I would strongly suggest you to checkout my second video which link I mentioned above that will really help you
thanks alot bro....
Thanks ...could you more elaborate the userdetails and userdetailService....
Good video , just one suggestion , I have seen you write many things without explaining about them as If you are talking to yourself , ex - EnableGlobalMethodSecurity etc .
Please don't take it negative way , just a small suggestion to make your future videos more elaborate .
nice love it
Thank u so much sir
this is the best ..please make videos in hindi
Good :)
Greate work basant,pls make a video on angular auth guards and rout guards to authenticate this service
Okay Basit I will try
Awesome Explanation Basant. .
Please Make Video on Oauth2.
Thanks In Advance.
Sure will do it soon.
@@Javatechie Any date tentatively when we can see OAUTH 2
Am not sure about date , few more concept is pending for upload once I will done this then will try to upload Oauth2
thanks
great video.... Learnt a lot from this one.
A quick question regarding the last segment, when U were trying to Post new User with basant credentials , Postman threw error, but response code was 200. Were we expecting 200 or 403?
To achieve proper status code we need to specify that in controller
@@Javatechie Thanks for your suggestion.
I tried to work as per your tutorial but it seems UserDetailsServices are never being called and hence always throwing Forbidden error irrespective of Admin or User.
Can you please suggest, what can be the root cause?
github.com/arkajnag/JPA-MySQL
Great video! I have a question though why did you create a table solely for roles couldn't you have just added a role attribute to each user ?
Yes but it is a good practice to keep a separate entity
Hi @Java Techie While testing with Postman to add a user to the database, There is no "user added successfully" message at the end also there is no user added. And there is no error showing in the console as well sir can u plz help me its not working while i am trying to hit the end point on postman and on web browser as well.
HI , im facing issue with
"Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure antMatchers after anyRequest"
unable to solve this,plz can you help on this error....
Hi Karthik, Could u try with the below one and check once,
http.authorizeRequests()
.antMatchers("/rest/**").permitAll().and().authorizeRequests().antMatchers("/secure/**").hasAnyRole("ADMIN").anyRequest().authenticated().and().formLogin().permitAll();
This combination can be used only one -->.anyRequest().authenticated() we are using multiple times. Kindly change
Any specific reason to disable csrf token? Is it just we will be browser dependent to generate the csrf token and since we are not hitting the APIs via browser we are disabling it?
thanks basant
can u make an example on the same base with adding OAuth2
Kallam sure will do it soon
thanks
can you add the video for securing rest api using token generation in spring boot
i am getting login form for every request except for "/" in postman ?? Help me.
Please provide only real world examples who can actually solve the problem
35:58 what is the use of .formLogin() method ?
plz make the full playlist on thymeleaf
Thymeleaf just a template engine so it's easy to design your template same like HTML ,
Please do mention your requirement so that I can try it .
@@Javatechie all the nessary thing i am having trouble with the documentation and i didnt find the nessary tutorail on thymeleaf..... plz help me
Hi thanks for sharing the video. but I have a question- that at the end (video timing 43:04) the status is not showing forbidden even the role of "Basant" is "user". there might be some code issue I guess
Yes please checkout my latest spring security video
Hi,
Authentication works fine but role based authentication doesn't work even for basic methods. It is redirecting me back to the login page as html file in postman, I have cloned your code only.
When i test post operation (localhost:8080/secure/rest/admin/add) in postman, i am getting the below error even though i have provided admin username and password . I am not understanding why I am getting the 200 http status code like you but not the user successfully added
Error response:
Please sign in
Please checkout my latest spring security video . I explained things from scratch again
That helps you
thks. But How to make a cal for my rest services from my client using the users credentials ?
Ahmed you need to pass user credential as part of request header
Hi, I have below query. please assist. Thanks
"I Have checked your code an unable to figure out, how you have set userDetails object to user object in "CustomUserDetailsService" class . Since there is no such "setUser"method defined in "CustomUserDetails" class."
Please checkout this
czcams.com/video/SpBHdWvRKZ8/video.html
this is just saving my ass so much in our grp project we have to do in school, ty so much sir! :D
just one question, what is the programm or probably plugin, called that u use for your REST API request such as post, delete etc etc?
I added postman plugin extension in chrome browser , even you can install it in your desktop
@@Javatechie ty very much, for your quick anwser!
for some reason when i try to do a request, i get as response basically the login page instead of "user added sucessfully" like in ur example :/ even tho i pass in the admin in the "basic auth" part in the postman.. weird
@@AskirAskanon I would suggest you to import my code then run it .
If it works then compare
@@Javatechie i used ur github project, and it doesnt work either, so the problem is on my side , guess im using postman wrong probably, but nevertheless ty very much sir for your help!!
14:00 what is the use of disabling csrf ?
Hello, I am getting a HTTP 403 when trying to add new user after adding url authorization rules. I have configured it the same as you mentioned in the video
Please let me know if you are through with it "Adding new user" share the code in git hub
If you follow steps initially without implement security I added new user . please do the same
I can Add users with out security. but with security and roles enabled not working for me. Only link Authentication works
when try to add the user it shows login page html only do not says added successfully
Hi java techie this tutorial is good but it seems the way you write your filter chain is outdated or maybe I am missing something but I get an error of type "Can't configure antMatchers after anyRequest" when I use you filterchain. I've been reading up and this kind of syntax doesn't seem right.
Yeah, Faced the same issue
Bro how can we change this login through rest?now we called userdetsils from security class that changed to rest.its possible?
Didn't get you , this is what we are doing in rest api only
could you please explain the hi-level flow for the above same application with diagram.
Great I really love the way you explain concepts with deep coding. I need your explanation with diagrams.. actually it is difficult to remembers every ponit you mention. With diagrams I can map earily or recollect easity
Vinod can you check my spring security internal flow video
why do we use service layer in spring boot? is it necessary for every spring boot project?
Yes it's necessary
Thank you for course, but it is not able to autowire the userDetailsService in the SecurityConfig file. I took it directly from GitHub. I says that there is more than one bean.
Did you check out my code ?
@@Javatechie yes, i downloaded it from github - same problem
Are you having the same problem that I am having?
@@Javatechie yes, i downloaded it from github - same problem. Are you having the same problem as me?
Hey can anyone tell me how to provide white space for multiple lines ?
What is the shortcut ?
Use regular expression and replaceAll
do we need DaoAuthenticationProvider ?
How is it supposed to check d? When I debug it never hits CustomUserDetailsService
I am getting this error:
failed to lazily initialize a collection of role: com.fetch.entity.User.roles, could not initialize proxy - no Session
add to your application.properties file the following line: spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true
Hello Sir can you make Spring Security tutorial Using mongoDb
Sir, I am using STS but i am not able to write below two line in appication.properties page can you help me what is the problem
"Spring.jpa.properties.hibernate.dialect" and
"Hibernate.formate_sql"
Why what is the problem any error ?
Hi Basant I followed you spring security with JPA video, but I have a problem with Spring security,occasionally throwing Bad Credentials even i am providing the correct credentials
I did several project builds and deployments (on Tomcat 9), without changing anything in the code.
Furthermore, when the error is thrown in login page(bad credentials) I have no errors in the console.
is this a bug of some sort? How can I solve it?
Thank you!
Can you add a debugger and check whether request is going to your user details service or not
Relation b/w User and Role wil be OneToMany or ManyToMany I am confused ? or we can go with anyone.
One to many
@@Javatechie Can you explain why or give any resource on why this is? In my understanding there should be many to many as one user can have many roles and one role can be added to many users. Please reply.
I am unable to find setUser() method in customUserDetailService in method loadByUsername.
Can plz you explain me grantedAuthority functionality used in customUserDetails?
Can you plz help?
I have the same problem ! I tried some other tutorials and replace that method, but I am not sure if it's good. Did you solve that?
@Java Techie I am running this same program I am able to successfully add ADMIN and USER but thereafter security configuration enabled I am trying to add USER through ADMIN which is in DB again through this URL localhost:8080/secure/rest/admin/add but on postman it opens an HTML form which asks user and password but what I am expecting that it would add the user, please advise what is wrong
I am getting the same issue
Hi if it is asking again login page just check once are you able to see query log in console or not . If not something wrong configuration in user details service .
Try this else do let me know
I do have query log in console but still the same problem. Otherwise, thank you so much for all tutoriels . I am really enjoying it.
@@Javatechie am getting the same thing an html with login form .. any help please?
when I tried to insert data using security then m getting problem
@PreAuthorize("hasAnyRole('ADMIN')")
uncomment it
How the .set(user) method from MyUserDetails is working? I get it with red (error), it doesn't exist! The method is used in loadUserByUsername in CustomUserDetailsService. Please help !!
This is inbuilt method given by spring security to set user object in Userdetails
@@Javatechie I type the method but it doesn't work. There is another one with the same problem. Thanks for The response!
are you from odisha
Hello JavaTechie i want to say that the class you are extending in SecurityConfig is deprecated and no class import WebSecurityAdapter how can solve this is there any other way to to do kindly create a new video for that
can u share db schema used for this?
@Java Techie why you reply only to those , whose problem Is solved your explanation is good but some time it not worked for everyone so please try to help those who are stuck...
If I am learning from you or anyone learning with you is your student please don't treat your students like this....
Just a suggestion please don't mind
Please pardon me my words feel you bad....
Good luck
Hi Atharva , I never mind .
First of all I can help only if I know the answer of it .
If you observe my video am doing live coding it's not I coded before and sharing screen right ?
If same thing worked in my machine why not in your machine that you need to think and you need to find out the mistake you did.then only you can learn .
Moral : am happy to help if I have answer .🙏
@Java Techie my application is running fine but when I am passing url in chrome it ask me for username and password and then it gives me 404 forbidden error on browser but in IDE console it is some thingh like
Circular path view error
Please help if you can...
Becoz i am prepairing for job interviews...
Thanks in advance....
Did you enable security if yes obviously it will ask you username and password
Try with valid credential then if you are getting any error please copy past error stack here
Everything worked well for me except the last step where you added a user with the admin user.. I am not understanding why I am getting the 200 http status code like you but not the user successfully added message when I login as the ADMIN
I am able to login with incorrect username/password combination. Controller is checking only for username not the password. Can you please let me know he problem?
Based on email id it will fetch complete used object to validate on UserDetailsService that's the implementation I did in this tutorial,and just varify once whether are you able to see query in console or not ? It will be more easy if you can share your code with database schema in Github so that I can check this issue
can this API be used in android for login applications?????
How to implement auto login after sign up process?
Thoese who still getting authorization related issue,
modify following files:
SecurityConfig.java --> change
http.authorizeRequests().antMatchers("/rest/**").....
to
http.httpBasic().and().authorizeRequests().antMatchers("/rest/**").....
CustomUserDetails.java -->
SimpleGrantedAuthority("ROLE_" + role).antMatchers("/rest/**")
to
SimpleGrantedAuthority("ROLE_" + role.getRole())
Why @ getter @ setter you can use @ data directly
Yes we can.
even i do the same code in postman i cant add user even as authorize with my ADMIN User it give me HTML error how to solve it please help me
Please check out this czcams.com/video/SpBHdWvRKZ8/video.html
I am not able to mapped RequestMappingHandlerMapping
when i am using this code:::
http.authorizeRequests().antMatchers("/rest/**").authenticated().anyRequest().permitAll().and()
.authorizeRequests().antMatchers("/secure/**").authenticated().anyRequest().hasAnyRole("ADMIN").and()
.formLogin().permitAll();
show this exception : :: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure antMatchers after anyRequest.
and not showing any service path in console.
please solve the problem.
I am trying to extend Security config to WebSecurityConfigrurerAdapter but not ale to do it any suggestion
Please check out the session below 👇
czcams.com/video/5jDrBD4Y1MI/video.html
@@Javatechie WebSecurityConfigrurerAdapter is now depreciated, refer spring documents
Sir, My Url Based Authentication is running but the role based is not running it's Showing that UserDetailsService cannot be Autowired. How do i solve this problem ?
Please follow step by step how I explained if required refer Github source code
how you resolve this problem?
@@Javatechie i do it! but doesn't work? but for both the users ADMIN and USER, it doesn't allow
Did u used proper antmatchers ? if there is small change in syntax then it won't work
When i login through postman the above example it is giving error "status": 404,
"error": "Not Found",
"message": "No message available",
"path": "/"
Check URL mapping
i tried this example but it works without
hasAnyRole
if we remove only it’s working
otherwise 403 error
Kallam behavior should be same if user role is not authorized then it should give 403 forbidden
but i am using ADMIN role
i am trying with ORACLE
Yes, he forgot one thing. "role.getRole()"
CustomUserDetails java class you need to fix ( SimpleGrantedAuthority("ROLE_" + role) ) to SimpleGrantedAuthority("ROLE_" + role.getRole()).
now system ROLE will work fine and you can use hasAnyRole again.
wallace please check in UserDetailsServive already mentioned
Can you show this by taking studen details and then if user is admin then only show delete column and if the user is other then admin then just show edit column in the database table
Check below video czcams.com/video/SpBHdWvRKZ8/video.html
Part 2 czcams.com/video/tEbHTc8BOaQ/video.html
Hi , I followed your tutorial & staring to do it but I m getting error
org.springframework.beans.factory.UnsatisfiedDependencyException: etc ... PLease help me
Please share complete error
Authentication works fine but role based authentication doesn't work even for basic methods. It is redirecting me back to the login page as html file in postman
Can you import my code then compare it
@@Javatechie it;s the same code. just changed the properiest file for sql connect
properties*
have you added custom login page..?
No
Hi, @Java Techie, I am able to understand most of the things but in the end, there is an issue can u help me in resolving it. While testing with Postman to add a user to the database, There is no "user added successfully" message at the end also there is no user added.
Are you able to see DB query in console ?
@@Javatechie Nope there is no response in the console. I get only a 200 OK success message with a HTML code
It means your jpa not inject , check whether you annotate @Component in your UserDetailsService or not
@@Javatechie I tried with that as well it is not working .ALso u haven't given @Component in ur code. Can I share the screenshots of the code through some platform? if u r comfortable
i am also getting the same issue
i get an a error even I send correct user name and password with correct role exception is :
Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
It seems some firewall issue
How can i fix this can uh suggest answer for this query
Can we connect remotely so that I can access your code .
hello. In Spring new version, SecurityConfig.class throw exception: Can't configure antMatchers after anyRequest, can you solve it?
Hi we can configure , which version you are using?
@@Javatechie first, thank you for reply and then this is Spring boot 2.x. Can you show me how to solve it?
@@tienta8053 spring boot 2.x internally use spring 5 ,
So can you check my first spring security video , you can find I used antmatchers
I did just as you tutorial even copied the code on GitHub but when running the program still throws the error: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure antMatchers after anyRequest
@@Javatechie I think the problem lies in this code:
http.authorizeRequests().antMatchers("/rest/**").authenticated().anyRequest().permitAll().and()
.authorizeRequests().antMatchers("/secure/**").authenticated().anyRequest().hasAnyRole("ADMIN").and()
.formLogin().permitAll();
why if i do like that http.authorizeRequests().antMatchers("/secure/**").authenticated().anyRequest().permitAll()
or like this http.
authorizeRequests().antMatchers("/r/**").authenticated().anyRequest().hasAnyRole("ADMIN").and()
.formLogin().permitAll();
it works but both of them doesn't work !!!!!
I am getting this Error: " Can't configure antMatchers after anyRequest"
Below is my configure method from SecurityCOnfig:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/rest/**").authenticated()
.anyRequest().permitAll()
.and()
.authorizeRequests()
.antMatchers("/secure/**").authenticated()
.anyRequest().hasAnyRole("ADMIN")
.and()
.formLogin().permitAll();
}
Me too, did you fixed it ?
This sould works fine, you can delete non secured line if you dont need unsecured enpoints:
@Override
protected void configure(HttpSecurity http) throws Exception{
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/endpoint/not/notSecured", "endpoints/not/secureds/**").permitAll()
.antMatchers("/admin/endpoints/**").hasAnyRole("ADMIN")
.anyRequest().authenticated().and().formLogin().permitAll();
}
I unable to find your kubernates video, can you pls share the link :-)
I didn't started yet k8s series