When you are sending a request without a token or with the invalid token you will get a 403 status code. But this should be 401. So I make a video demonstrating how to fix it. you can check it from here: czcams.com/video/ucx6wo6dp98/video.html
Thank you so much! This is very helpful. I've been struggling a lot with implementing JWT-based security on my api during the last quarter of 2023. Almost all tutorials and guides were already outdated and contained a lot of deprecated methods, and reading the documentations were a pain in the ass too. I got stuck with my personal project cz of it. Until now! You saved a lot of beginners, Iftekhar. Thank you!!!
hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you
Literally I watched lots of videos, didn't understand that much because JWT implementation java a little bit complex and finally got your video sir, this is really amazing for those(like me) who want to understand the architecture behind the implementation and the procedure of implementation. Really appreciate your valuable time and this amazing explanation. Thank a lot sir.
I'm glad my video could help you understand the complex topic of JWT implementation in Java! It's always great to hear that my explanations are helpful to viewers like you. Thank you for watching and taking the time to leave such a positive comment!
My man, you're a life saver, I was building a auth-server microservice for my college class and spring security wouldn't work. Threw that all way and followed your tips and guides, now it's running and the authentication is the sweetest thing. Thank you so much for your help!!!!
This tutorial is awesome, i didn't code for 2 years, now i'am back at it, it was very difficult, but this video was everything i needed, thank you so much.
I really thank you for this tutorial. After searching for a long time this is the first one I found that is no using deprecated mothods for JWT version 12.
I'm impressed🎉, Just for a suggestion when you write something can you please explain it's purpose so we can also understand it more clearly and it will be helpful for future audiences. ❤
best explanation and its new methods uimplemented in this video .can you make any end to end project with all validations for learning purpose can you please make it. It will help to lots of students .
Tutorial was good sir. Everything worked. But I would be happier if those configurations and other security implementations explained a bit better. I have to find them separately.
Shouldn't we access the endpoints(/demo, /admin_only) with the token generated by the login operation instead of register ? We suppose that we want the token to be different at every new login. Thank you.
I'm so confused about the Spring security as every next person is talking about the up to date tutorial. That means after every six months the security changes? If that's so, how a given application in spring works if things are going deprecated so fast.
hey buddy its like a harry potter stick just wow .... because i have been doing this on today from early morning and stucked at debugging the code why some request permited but still not working and after seeing this tutorial with a source code i just have to change appplication.properties file nothing else and code runs fine. Many thanks for sharing video with us along with latest spring security filter chain implementation without any deprecated warning code. 🙂
brother, thank you for the video. i did everything as you did from what i understand. using postman, login/registration works. but when i log in and generate a jwt token and use that token to login in i get 401 error. i also get 401 error on every page other than the login/register pages. ive been looking at the source code trying to find a difference but i cant.
Your video has been incredibly beneficial to me, and I want to express my sincere gratitude. At around 58:30, wouldn't it be better to use the HTTP status code 201 Created for the /register endpoint?
Hello , thank you for the explanation when i register the token is generated , but when i try to login it's forbidden and in the database , the password is not hashed it's written as it is do you know why this might be happenning ?
hello sir , I implemented jwt using your way for my USER entity class but ! there is one more class i.e VISITOR to that entity I also want to generate and validate token , how can i do so . let me remind you both these classes are two different entity classes and have different tables. hope you understand what i mean and I dont use roles and permission
Im having issues with cors not allowing my requests that are coming from my react front end, Im trying to send the POST login request we allowed and cors is blocking me saying "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." do you know what could be causing this issue?
hello, i am able to log in and register but when i use the token to login i receive this error ".HttpMessageNotReadableException: Required request body is missing" and i am unable to log in. any ideas?
Thank you for your comment! I'm glad you appreciate the simplicity and cleanliness of the video. It's always great to hear positive feedback from viewers like you.
hey, ur video has helped me a lot, but i got an eror 'ERROR: column "role" is of type roleenum but expression is of type character varying Hint: You will need to rewrite or cast the expression.' when i tried to insert user into database, pls help, i already altered the column role in database to enum. Tks a lot
Thanks for the great video! I completely copied your project, a new user registers, a token is issued, but when I try to authorize the user on /demo or amine I get 403, by the way, the same in your previous example, the /login page opens, and on /user and /admin I get 403. Tell me what could be the problem? I’m creating a new project, the dependencies are the same, I copy your code completely, I don’t add anything, but I get 403. Thank you in advance!!!!
Thanks for your comment! I'm glad you found the explanation helpful. To use @PreAuthorize in the latest versions of Spring, you can simply annotate your method or class with @PreAuthorize and provide the necessary permissions or roles as arguments. Make sure you have the necessary dependencies added to your project as well. Let me know if you have any specific questions!
@@LearnWithIfte yeah but that's the problem i was facing while using @PreAuthorize I got 403 but while setting up role authorization in config file it works fine.
Please check if you are sending request with proper request body. Request is case sensitive. You can check the code in my GitHub. Link is in the description.
Thank you for good video. If somebody see in terminal - "org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL .....", just add jpa: generate-ddl: true
Hello friend, I need help with the code, it allows me to register and login but when I access the endpoint it gives me a 200, however it does not return anything, but when the token is correct, it may be that it doesn't matter at all.
It depends on the requirement. In this video, I have shown the fundamental thing. In the real world companies may require an extra level of security. If you can understand the fundamental level, then you will be able to do the advanced levels of work. But you need to study a lot.
You need to some tweak. First inside jwt service class you need to create a method to generate other property. below is an example of the method: Map getMyClaimsMap() { Map extraClaims = new HashMap(); extraClaims.put("hello", "world"); return extraClaims; } then you need to update generateToken method as follows: public String generateToken(User user) { Map claims = getMyClaimsMap(); //get extra properties String token = Jwts .builder() .subject(user.getUsername()) .issuedAt(new Date(System.currentTimeMillis())) .expiration(new Date(System.currentTimeMillis() + 24*60*60*1000 )) .claims(claims) // set extra properties in token payload .signWith(getSigninKey()) .compact(); return token; } Hopefully It will help.
@@tanushachekkapalli5251 please check the isValid method in the JwtService.java class. many people make mistakes while writing return statements of this method. You can follow the source code from the github
Guys i solved my problem. It was on JwtAuthenticationFilter. In the line "if(authHeader == null || !authHeader.startsWith("Bearer "))" i forgot the "!" before the "authHeader.startsWith" function. This causes you to be able to login and register but not use any other endpoint.
Thank you for your feedback! I'm glad you found the tutorial helpful. I'll definitely consider covering refresh tokens and external auth providers in future videos.
Awesome but the way you implemented is not correct, 1.First user registre then server will send a success response your registration is success now you can login. 2.Then user will login will crendetial now server will send a access token.
@LearnWithlftekhar why do you use personal preference as application.yml please use application. property because a guy who is new in programming can confused
Thank you for your work! I have a question. When you are accessing "/demo" without a token, you get a 403 error. But shouldn't it be a 401 in this case? A 403 means that you are authorized but do not have access, while a 401 means that your token is invalid/empty. How can this issue be solved?
Thank you so much for your support and for bringing up this question! It's great to see that you're paying attention to the details. You're right, there seems to be a mismatch in the error codes. I'll look into it and work on finding a solution. Your feedback is truly appreciated!
Hi, I have figured out the solution. We need to add a CustomAccessDeniedHandler to provide 403 error for appropriate cases and also need to add an exception handler in the SecurityFilterChaing method to handle both 401 and 403 status. I have pushed the update to the git. you can check it from github.com/hello-iftekhar/springJwt
When you are sending a request without a token or with the invalid token you will get a 403 status code. But this should be 401. So I make a video demonstrating how to fix it. you can check it from here:
czcams.com/video/ucx6wo6dp98/video.html
OK sir thank you so much 👍👍
I tried that but it didn't help
Thank you so much! This is very helpful. I've been struggling a lot with implementing JWT-based security on my api during the last quarter of 2023. Almost all tutorials and guides were already outdated and contained a lot of deprecated methods, and reading the documentations were a pain in the ass too. I got stuck with my personal project cz of it. Until now! You saved a lot of beginners, Iftekhar. Thank you!!!
Thank you for watching. I am glad to know that it was helpful for you.
hello brother may you please assist me in my application used springboot security problem is after a successful login it's calling the login page again not redirecting to the specified endpoint. How can I share my classes with you
THANK YOU! Best video because you used up-to-date methods and not many deprecated ones like other videos
I'm glad you found the video helpful!
true
Literally I watched lots of videos, didn't understand that much because JWT implementation java a little bit complex and finally got your video sir, this is really amazing for those(like me) who want to understand the architecture behind the implementation and the procedure of implementation. Really appreciate your valuable time and this amazing explanation. Thank a lot sir.
I'm glad my video could help you understand the complex topic of JWT implementation in Java! It's always great to hear that my explanations are helpful to viewers like you. Thank you for watching and taking the time to leave such a positive comment!
same here, watched tons of videos but this one is the best of the best. everything is explained. short and sweet
My only response is wow😲❤❤
I have watched so many videos related to spring security but not like this. Finally found one. ❤❤❤❤ Huge respect.
Can you please share or list the videos you've watched already? As, I've also watching a bunch of videos to gather concepts and solidify things.
My man, you're a life saver, I was building a auth-server microservice for my college class and spring security wouldn't work. Threw that all way and followed your tips and guides, now it's running
and the authentication is the sweetest thing. Thank you so much for your help!!!!
This tutorial is awesome, i didn't code for 2 years, now i'am back at it, it was very difficult, but this video was everything i needed, thank you so much.
Thank you for watching. I am glad to know that it was helpful for you.
You don't have a clue how much this video has helped me!
Sir, I understood the concepts well because of your teachings.
Very informative. I traversed so many spring boot auth videos and this one is the best
I saw this same comment of yours on another video as well. Why you doing so?
I really thank you for this tutorial. After searching for a long time this is the first one I found that is no using deprecated mothods for JWT version 12.
Thank you for watching. I am glad to know that it was helpful for you.
Thankyou, it really worked for me! learned something new 👍
Thank you for watching.
❤You are making complex to very easy with your professional explanations. 🙌 ❤
I had a hard time finding a tutorial that uses version 12.x.x
This one solved my problems
Thanks so much
Thank you for watching. I am glad to know that it was helpful for you.
Thank you for the updated and detailed tutorial on this subject
I'm impressed🎉, Just for a suggestion when you write something can you please explain it's purpose so we can also understand it more clearly and it will be helpful for future audiences. ❤
Thank you. I'll definitely consider explaining the code and its purpose in my future videos.
it's a good one. clean explanation. It would be great if you could include refresh token as well.
Thank you for your comment! I'm glad you found the explanation helpful. I'll definitely keep your suggestion in mind for future videos.
Please consider a tutorial spring boot with keycloak. Your explanation is really great ❤
Thank you for the suggestion! I'll definitely consider making a tutorial on Spring Boot with Keycloak.
This really helped me a lot. Thanks for such a tutorial
Thank you for watching. I am glad to know that it was helpful for you.
Best video so far on Spring Boot security.Respect!
Thank you for the kind words, glad you enjoyed the video!
Love the way you teach simple and perfect keep doing it
Thank you so much for your kind words! I'm glad you find my teaching style helpful.
Great video!! It really helped me, I found difficulties since a long time in security but thanks for help
Thank you so much! I'm glad the video was helpful for you in overcoming your security difficulties. Keep up the good work!
Perfect video sir, this very help full for me. Thank you for make this video!
Thank you for watching. I am glad to know that it was helpful for you.
Thank u sir for amazing explanation all concept is Crystal clear 🙌 so Thank you❤❤
I'm glad the explanation was helpful! Thank you for your kind words.
Love your content. Sir please post a video in a week🧡🧡
Thank you for yout support. I will try my best to do this.
very easy to understand. thank you!!
Thank you for watching.
Thank you @LearnWithIfte!!!! Really helpful for my studies.
Thank you.
Keep Going, You are going a long way. All the best
Thank you for the encouragement!
vaiya,spring boot micro services with real time projects er ekta complete playlist er jonno onurodh roilo in english please...love u....
Such a good video and very clear explanation!
best explanation and its new methods uimplemented in this video .can you make any end to end project with all validations for learning purpose can you please make it. It will help to lots of students .
Thank you for watching. I am glad to know that it was helpful for you.
Thanks! It was perfect, ! It really helped me!
Great job! You have helped me a lot!
Thank you for watching. I am glad to know that it was helpful for you.
Tutorial was good sir. Everything worked. But I would be happier if those configurations and other security implementations explained a bit better. I have to find them separately.
Thanks for watching. I will try to add explanation in my future tutorials.
That was very useful. Thank you.
Its really an amazing detailed video. Will you please enhance it by securing multiple microservices with this JWT authentication ?
sir can you please do the same in spring mvc project(Using thymeleaf) for frontend
Sir could you please add the refresh token as well to this lecture?? That would be really helpful.. thank you.
bro great job, thank you so much
Shouldn't we access the endpoints(/demo, /admin_only) with the token generated by the login operation instead of register ? We suppose that we want the token to be different at every new login. Thank you.
47:03 | 'Reactive' not use "new WebAuthticationDetailsSource", because ServerHttpRequest. pls!
Please check the source code from github. You will find it in the description.
thanks for your video its very helpful
You are welcome
Can you please tell me the color theme you used for this video? Also thank you for this lesson sir, helped me a lot.
This is Material UI theme
@@LearnWithIfte thank you very much!
I am getting a 401 error. I appreciate the video defining 403 vs 401, but could you do a video that fixes the 401 errors?
Love this! Keep going brother!
Thank you so much for the support! Glad you enjoyed the video!
I'm so confused about the Spring security as every next person is talking about the up to date tutorial. That means after every six months the security changes? If that's so, how a given application in spring works if things are going deprecated so fast.
hey buddy its like a harry potter stick just wow .... because i have been doing this on today from early morning and stucked at debugging the code why some request permited but still not working and after seeing this tutorial with a source code i just have to change appplication.properties file nothing else and code runs fine.
Many thanks for sharing video with us along with latest spring security filter chain implementation without any deprecated warning code. 🙂
Wow. Thank you for watching. I am glad to know that it was helpful for you.
nice tutorial, but please what could be the course of error 403
Здесь не хватает русского комментария.
Спасибо.
Сейчас тяжело найти актуальную JWT.
Thank you for watching.
It would be interesting to see how to host a spring project)
Thank you for your suggestion! I'll definitely consider making a video on hosting spring boot. Stay tuned for future content!
Thanks from Brazil 🎉
Thank you sir ,but I have a question when I do register I found thé 401 code but i dont know why???
It's my fault, thank you so much for this video, now it's working very well
What kind of font family do you use on your intellij ?
Great work sir, if possible make videos on chat applaication suing web socket
Thanks for the heads up! I'll definitely make a tutorial on this. Keep an eye on my channel for more updates!
celan explanation. It would be great if you could include refresh token as well.
Thank you for your comment! I'm glad you found the explanation helpful. I'll definitely keep your suggestion in mind for future videos.
Do Dear Iftekhar have a developer community group that asks for things they don't understand in any sociel network tg, instagramm or any other?
thanks a lot.
Jajakallah khairan
Great explanation. Thanks
Thank you so much for your kind words! I'm glad I could provide a clear explanation for you.
Why don't you separate the responsibility from User Model and make a UserSecurity class and then implement UserDetails? 17:29
Its just one way to implement it. If you want to make a seperate UserSecurity class, go for it. Both techniques are right
Why we are not using @Autowired instead of constructor injection
You can check this video to understand it: czcams.com/video/fUsKNjGO4Is/video.htmlsi=eMrMs8vECrNY90eT
brother, thank you for the video. i did everything as you did from what i understand. using postman, login/registration works. but when i log in and generate a jwt token and use that token to login in i get 401 error. i also get 401 error on every page other than the login/register pages. ive been looking at the source code trying to find a difference but i cant.
Please double-check the return value of *isValid* method in *JwtService class.* There is a _ "!"_ symbol, you have may missed.
@@LearnWithIfte i have the "!" symbol, its in "!isTokenExpired" im not sure what else it could be
Please share your code. learnwithiftekhar@gmail.com
@@LearnWithIfte i just sent the email, the subject is "github source code of jwt". thank you brother this means a lot
Amazing video!!!🤙
Thanks!!
Your video has been incredibly beneficial to me, and I want to express my sincere gratitude.
At around 58:30, wouldn't it be better to use the HTTP status code 201 Created for the /register endpoint?
Hello , thank you for the explanation when i register the token is generated , but when i try to login it's forbidden
and in the database , the password is not hashed it's written as it is
do you know why this might be happenning ?
Hey, thanks for watching. Unfortunately I don't have any idea why this is happening. Please check my code on github.
Thanks a lot dada
springSecurity by default puts UserDetails isAccountNonExpired, isAccNonLocked, isCredentialsNonExpired as true
hello sir , I implemented jwt using your way for my USER entity class but ! there is one more class i.e VISITOR to that entity I also want to generate and validate token , how can i do so . let me remind you both these classes are two different entity classes and have different tables. hope you understand what i mean and I dont use roles and permission
Please make a video on Oauth2 resource server with jwt
Im having issues with cors not allowing my requests that are coming from my react front end, Im trying to send the POST login request we allowed and cors is blocking me saying "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." do you know what could be causing this issue?
Hi, you can check this www.baeldung.com/spring-cors
this is another excellent resource: spring.io/guides/gs/rest-service-cors
hello, i am able to log in and register but when i use the token to login i receive this error ".HttpMessageNotReadableException: Required request body is missing" and i am unable to log in. any ideas?
Simple and clean... 👍👍👍
Thank you for your comment! I'm glad you appreciate the simplicity and cleanliness of the video. It's always great to hear positive feedback from viewers like you.
Hello, could you make a video on how to connect this with Angular app on front?
Thank you for your suggestion! I'll definitely consider making a on that. Stay tuned for future content!
hey, ur video has helped me a lot, but i got an eror 'ERROR: column "role" is of type roleenum but expression is of type character varying
Hint: You will need to rewrite or cast the expression.' when i tried to insert user into database, pls help, i already altered the column role in database to enum. Tks a lot
Can you please share your code? You can share your github link. learnwithiftekhar@gmail.com
Amazing, good english, good explain
Thank you so much for the kind words, I really appreciate it!
Beautifuly explained
Thank you so much! I'm glad you found the explanation helpful.
thank you so much!!!!!
You're welcome!
Great video, great job
Thank you!
Can we get new video for writing test cases for this project?
Sure.
Very helpfull video! Could you please tell me what Theme you use for IntelliJ? I really like the colors of your editor :)
I'm glad you found the video helpful! The theme I use for IntelliJ is called Material Theme UI, it's one of my favorites too!
vaiya ,please make a video on bkash ,nagad payment gateway with spring boot please...
Thanks for the great video! I completely copied your project, a new user registers, a token is issued, but when I try to authorize the user on /demo or amine I get 403, by the way, the same in your previous example, the /login page opens, and on /user and /admin I get 403. Tell me what could be the problem? I’m creating a new project, the dependencies are the same, I copy your code completely, I don’t add anything, but I get 403. Thank you in advance!!!!
Can you please share your code?
Oh, I added the code from your repository and it worked! Thank you! Now I’m thinking about how to combine this with thymeleaf)))@@LearnWithIfte
With thymeleaf you do not need this jwt token. You can check this video czcams.com/video/jPmkcFjbQCM/video.htmlsi=u-KrMMBnNBmdu2KD
Thanks for video, and what about cors? If we will call this api from frontend.
Thanks a lot for watching my video. I will write a blog on this and will share with you here. Hopefully, it will be helpful for you.
Great Explanation. I also got problem in using @PreAutorize like how can we use it in latest versions of spring
Thanks for your comment! I'm glad you found the explanation helpful. To use @PreAuthorize in the latest versions of Spring, you can simply annotate your method or class with @PreAuthorize and provide the necessary permissions or roles as arguments. Make sure you have the necessary dependencies added to your project as well. Let me know if you have any specific questions!
@@LearnWithIfte yeah but that's the problem i was facing while using @PreAuthorize I got 403 but while setting up role authorization in config file it works fine.
@@arunsara2183 can you please share your code via github?
Thalaiva your great 💥💥
Great tutorial however after ı wrtie the config class ı get 403 for my any POST request include login and register to (yes i disabled csrf)
Please check if you are sending request with proper request body. Request is case sensitive. You can check the code in my GitHub. Link is in the description.
@@LearnWithIfte I found my issue(my 168 bits key does not enough for jwt. I found it when i debugging @EnableWebSecurity(debug = true)) thanks
why do we need to save JWT token into database?
Please check this video. Here I have explained the reason. czcams.com/video/OpSU0VgfkL4/video.html
Thank you for good video.
If somebody see in terminal - "org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL .....",
just add
jpa:
generate-ddl: true
Sir my auth header is coming null how to debug it
I am using java 1.8 , it is not working after your 6 mins video as well
The minimum required Java version for this is 17.
Hello, greetings from Uzbekistan
Thank you very much, it was a very useful video, you explained it clearly, but I can't use it, it returns 401
Hello friend, I need help with the code, it allows me to register and login but when I access the endpoint it gives me a 200, however it does not return anything, but when the token is correct, it may be that it doesn't matter at all.
Please share your code. You can send me your GitHub link via email. You can find my email in my channel
In company also security services build like this or any difference is there?
It depends on the requirement. In this video, I have shown the fundamental thing. In the real world companies may require an extra level of security. If you can understand the fundamental level, then you will be able to do the advanced levels of work. But you need to study a lot.
Excellent explanation
Thank you for your kind words! I'm thrilled that my explanation resonated with you.
@@LearnWithIfte I would loved to see fullstack guide with react to fully cover spring security, like you did in Auth0. Keep up the good work man!
Hello, what if I want to add more than the username in the JWT payload ?
You need to some tweak. First inside jwt service class you need to create a method to generate other property. below is an example of the method:
Map getMyClaimsMap() {
Map extraClaims = new HashMap();
extraClaims.put("hello", "world");
return extraClaims;
}
then you need to update generateToken method as follows:
public String generateToken(User user) {
Map claims = getMyClaimsMap(); //get extra properties
String token = Jwts
.builder()
.subject(user.getUsername())
.issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + 24*60*60*1000 ))
.claims(claims) // set extra properties in token payload
.signWith(getSigninKey())
.compact();
return token;
}
Hopefully It will help.
Thank you allah bless you
Thank you for watching.
1:05:21
Status: 403 Forbidden
I did every thing right, why may this happen ?
same to me
please share your code via github. you can send mail to learnwithiftekhar@gmail.com
Same to me
@@tanushachekkapalli5251 please check the isValid method in the JwtService.java class. many people make mistakes while writing return statements of this method. You can follow the source code from the github
Guys i solved my problem. It was on JwtAuthenticationFilter. In the line "if(authHeader == null || !authHeader.startsWith("Bearer "))" i forgot the "!" before the "authHeader.startsWith" function. This causes you to be able to login and register but not use any other endpoint.
greate work ,could you do a curd of anything with role (admin and user )with spring angular and token i have some issues in that
Sure. I will make a tutorial on that soon.
@@LearnWithIfte Refresh tokens and external auth providers would be awesome too! :) Great tutorial
Thank you for your feedback! I'm glad you found the tutorial helpful. I'll definitely consider covering refresh tokens and external auth providers in future videos.
Awesome but the way you implemented is not correct,
1.First user registre then server will send a success response your registration is success now you can login.
2.Then user will login will crendetial now server will send a access token.
@LearnWithlftekhar why do you use personal preference as application.yml please use application. property because a guy who is new in programming can confused
Thank you for your input! I appreciate your concern.
clean explanation
Thank you for watching! I'm glad you found the explanation helpful.
Thank you for your work! I have a question. When you are accessing "/demo" without a token, you get a 403 error. But shouldn't it be a 401 in this case? A 403 means that you are authorized but do not have access, while a 401 means that your token is invalid/empty. How can this issue be solved?
Thank you so much for your support and for bringing up this question! It's great to see that you're paying attention to the details. You're right, there seems to be a mismatch in the error codes. I'll look into it and work on finding a solution. Your feedback is truly appreciated!
Hi,
I have figured out the solution. We need to add a CustomAccessDeniedHandler to provide 403 error for appropriate cases and also need to add an exception handler in the SecurityFilterChaing method to handle both 401 and 403 status. I have pushed the update to the git. you can check it from github.com/hello-iftekhar/springJwt
I have made a video fixing this issue. You can check it from here:
czcams.com/video/ucx6wo6dp98/video.html