Advanced Spring Security - How to create multiple Spring Security Configurations
Vložit
- čas přidán 19. 04. 2023
- In this comprehensive tutorial, we'll guide you through the process of setting up and managing multiple Spring Security configurations for your applications. We will demonstrate real-world scenarios and best practices, ensuring that you understand the fundamentals of implementing various authentication and authorization schemes.
🔗Resources & Links mentioned in this video:
GitHub Repo: github.com/danvega/ssc
👋🏻Connect with me:
Website: www.danvega.dev
Twitter: / therealdanvega
Github: github.com/danvega
LinkedIn: / danvega
Newsletter: www.danvega.dev/newsletter
SUBSCRIBE TO MY CHANNEL: bit.ly/2re4GH0 ❤️ - Věda a technologie
![Spring boot 3.0 - Secure your API with JWT Token [2023]](http://i.ytimg.com/vi/BVdQ3iuovg0/mqdefault.jpg)
Thank you so much, I'm building an app as a university project and I needed separate UserDetails interface implementation for two entities. Tried everything with one configuration and went past your video (thought it's not what I'm searching for). Basically after spending 4 hours you helped me, definitely new sub :) I love Spring.
Really useful tutorial. Short and to the point.
Thank you!
Really thanks you for this series of videos about Spring Security, I start to understand it very well and appreciate how Spring Boot simplifies the security side of our applications.
rare to see a good java content like what you are producting, congrats for that Dan.
Found value? Holy moly...absolutely! Invaluable channel. Period.
Dan makes it look so easy. Thanks buddy!
Thank you, I need this topic these days..
@Dan Vega
Thank you very much for this very much useful video! You're doing good job, very clean and concise explanations. :)
Thank you for nice content Dan!
Thank you Dan Vega
Thanks!
Thank you so much ❤
I'm not getting why the apiSecurityFilterChain ("api/**") matches the "/h2-console"-request.
15:19
Awesome video! Seems to me this way of decoupling might be useful if I wanna separate my security configurations for my SPA web client and mobile client since both requires different types of filters and possibly different oauth flow
really good work. thanks
Great video and explanation Dan! It seems that for higher versions of Spring Boot (e.g. 3.1.5), securityFilterChain method has to be modified to specify appropriate MVC matcher. Would you know the reason behind the same? Also, what could be the probable fix?
Thanks! Sweet piece of cake!
Really good and useful video.
Hi, thank's for this video, I just needed this for my work this week !
Is it possible to do a video on Spring Security ACL with Domain Object Security ?
Have a good day !
Hi Dan. Thank you for enlightening with new tech advances in spring. However, looks like antmatcher is deprecated. But you are using it?
Hey Dan thank you for this awesome tutorial. I'm not finding the annotation @SecurityMatcher can you help me with that.
Great. Can you also explain how to handle 2 different authorization servers like jwt token can be from Keycloak auth server or Spring Auth server?
useful, thank you!!! I applied this to your video with resource server with oauth, get token works with basic and API with bearer token
Glad it was helpful!
awesome.
Glad you think so!
good one! what's the theme of intelliJ? thanks!
I need to perform LDAP authentication and thus generate a JWT token, do you know how to do this?
Why does one want to use spring jdbc over spring data jpa? And since we are here for security then what is the difference between oauth2 and spring security?
Which IDE are you using?
thankssss
Thanks Dan for this intro, do know what is required to handle this multiple authentication filter based on either header or query param, and for ex may be same endpoint /api/V1/auth/ for both authentications ?
I'll have to dig into that and see if it's possible. Can you give me an example of where you might want to do this?
Thanks mister Dan. Could you please clarify: I couldn't quite catch why we needed to explicitly specify ant matcher for h2 path? The documentation 16:46 reads "if Spring MVC is in classpath". But we're in Spring Boot app, Spring MVC is obviously in classpath. Or is this about the fact that h2 console is a separate application and we kinda have to know whether it uses Spring MVC inside?
Just because we are in Spring Boot doesn't necessarily mean Spring MVC is on the classpath but in this case you are correct. The /h2-console is a web resource and not a mvc route like /api/posts is and that's why I am using an AntMatcher there.
could you please make a video about spring security with oauth2 inside it,,and how does it look like if the be and fe place on different domain
Hi Dan. You are doing a great job by explaining updates after 2.7.0 springBoot version. Could you explain please why I can still access secured pages even after I logged out? and how It could be fixed? thanks
In the example that I posted if you try and access /private you will be redirected to a login page. Do you have an example repo where this problem is happening?
@@DanVega Sorry but I don't have a repo but I will, put here how I've configure securityFilterchain(HttpSecurity http):
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/addNewUser").permitAll()
.antMatchers("/addNewDog").authenticated()
.antMatchers("/getAllUsers").hasRole("ADMIN")
.antMatchers("/getAllDogs").hasAnyRole("USER", "ADMIN")
.antMatchers(" /dog/{dogId}/user/{userId}").hasRole("USER")
.and()
.formLogin()
.and()
.logout().permitAll()
.deleteCookies("dummyCookies")
.and()
.authenticationProvider(daoAuthenticationProvider())
.httpBasic();
return http.build();
}
Perfect... I love your content...You just don't paste some functions but explain the idea and methods to implement it. I'll follow up upcoming posts. I believe you gonna have a reference channel with million subscribers. Thank you.
Greate
If you are qualifying the path why is order annotation still needed?
I wish i would have watched this video before writing my Rest api with the help of outdated code while still learning the framework. Now i have to spend my day migrating all of my code to a newer version of spring just because i wanted to build some basic Security. btw. its not that bad. Im just frustrated because i spent multiple hours trying to even understand why nothing works.
56th...Thanks Dan
When I run application I get error
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'postController' defined in file [/Users/aibar/IdeaProjects/Advanced-Spring-Security/target/classes/com/example/Advanced/Spring/Security/controllers/PostController.class]: Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'postRepository'