How to configure Spring Security Authentication - Java Brains
Vložit
- čas přidán 2. 05. 2024
- In this video, you’ll learn how to configure the authentication mechanism of Spring Security. We’ll learn this by creating a couple of users in memory and have Spring Security authenticate and verify against them. The process you’ll learn in this video is the way to do authentication configuration in Spring Security and will be the useful to you irrespective of whatever your actual authentication approach is.
Java Brains website: javabrains.io
#JavaBrains #BrainBytes #WhatIs #SpringSecurity #Spring #SpringBoot #Java #Tutorial
Hi Javabrains, I love all your videos very relatable and smooth but for the security video, web security adapter has been deprecated, I would love it if we could get the updated version of this lesson. Thank you sir.
thanks for this comment man , I was very frustrated to finding it
👍Can not wait to watch next video!
When I'll get job, I'll buy all of your courses cause u a amazing man
Sir , i have been following you since your first video on youtube and javabrains. I have gone through all your videos and learnt a lot. I work for a MNC company, and trust me it is because of only YOU. Thank you .Indeed.
Good to know! In that case, according to the rules, you now owe me 25% of your salary! 😜
Seriously though, thanks for following me over the years! Really appreciate it!
@@Java.Brains 😀😃😄
Thank you! It would be great if you added a guide on upgrading WebSecurityConfigurerAdapter - it's deprecated now. But once again - thank you very much for the guides! They're awesome!
True
@@LalitKumar-cw9rf aur bhai lalit kya haal chal ? Samaj gyi spring security ?
@@LalitKumar-cw9rf lalit ji ke maje he bhai tuje kya pata wo aajkal kya kya mje lete he 😃
Hi Koushik, I have learned so much from your video tutorials. Thank You!!
simple clear explanation, thanks for this
Thanks for the great tutorial!
Thanks for making this tutorial.. I was waiting for this egarly..
Can you please make a playlist on integrating angular with spring boot and spring boot security??
yes please!!
Yes Yes Please!!
Please do, If possible..
yes!! much needed...
also, If anyone is aware of and good playlist/resources on this, please do share!!
Hey, try looking up REST interfaces. It is basically the same, but your Spring Boot controllers listen to those RESTful HTTP requests. Once you get the hang of it, it is really easy to see that it really doesn't matter what context you are in because all communication is done via RESTful requests. :D
Hi Koushik,
Could you please take examples of securing apps you created in microservices series it will cover two topics security in general and with spring cloud....
Thanks 😊
Thanks for this tutorial. I learned a lot
Thank you for sharing this video!!
Note for my ref:
How to configure authentication
configure () method provided by the authenicationmanager class
Two steps for this
1. Get hold of authenicationmanager builder class
2.set the configuration
@enablewebsecuirty
Extend websecuityconfigureadapter class and override configure() method
.setauthorizationtype()
. user ()
.password()
I was expecting the video will contain how to configure security like how it's done in production
Superb! great explanation! Thank you.
it is mandatory that to say that u r very genious
If anyone runs the code with no errors, but can't access your routes even with a successful login, do the next tutorial part.
I had a problem where, even though the login form doesn't return "bad credentials" feedback, it didn't reroute me and I couldn't manually change to those routes. Finish part 5 and you'll be good.
Thank you for your great courses @Koushik!!!
It would be great to include spring security with ldap. As always great video
Hi Christian, you could leverage knowledge acquired through these awesome videos to do the following tutorial - spring.io/guides/gs/authenticating-ldap/
Excellent explanation
Superb explanation sir
Thank you sir..Well explained
Hi Kaushik ,
Please make one video on the JWT access token as well
Wow man you teach amazing
As you know, in Spring-Security websecurityconfigureradapter is deprecated, now how to configure AuthenticationManagerBuilder and HttpSecurity using In-Memory, JPA and JWT. Please explain.
Dheivamae! Neenga dhaan en thala!
sir can u pls add tutorials for JWT token and OAuth2 also.
Are you planning to do a series on Java Messaging Servicr?
dude, you are like a demigod or something. Thanks for the great stuff!
Very nice thanks.
Hi Sir,
The video is great. However wanted to point out that from SpringBoot 2, WebSecurityConfiguerAdapter is deprecated. As SpringBoot 2 supports only Java 8 and above, they took the advantage of default methods in interfaces and introduced WebSecurityConfiguer interface. You can implement the interface and there is no change in any of the methods though. Request you to mention it in further videos.
Many thanks for the great job done by you.
Thanks for the comment. I’ll make sure to cover the Spring Boot 2 change in a subsequent video
This was much needed... thank you.
In order to extend WebSecutiryConfigurerAdapter I had to use @Configuration annotation before the class declaration and use these dependencies -
org.springframework.boot
spring-boot-starter-security
org.springframework.security
spring-security-test
test
Sir, could you please make videos on Design Patterns
Hi,
Can you make IDE colors more visible? I cant see anything you write.
Tnx for you great tutorials.
thanks sir
Which bean should I use for hashing the password? Also, if I have multiple users stored in db, then how can I provide them authentication mechanism?
Thanks bro
Awesomeee!!!!
For postman you have to disable csrf and use basic authentication
Sir you have the idea whats going behind each and every method you explain. How you are getting that knowledge , through spring documentation or any other reading material. Knowing that will be really helpful when a new concept/version comes in or any changes happen, then we can follow those steps and learn ourself.
have you found the answer to this question? please tell us also.
that is a really good question to ask. Hope you found your way of learning, I am struggling with the documentations, they are so vague.
Content is awesome,but since it is a dark theme ,cant see the program clearly,i request to change the editor theme to normal
Don't you need to add "@Configuration" to the class?
Can you please share a tutorial to integrate JWT
Hello Java Brains and other users, Pls help me to understand:
When we bootstrap spring security overriding configure(AuthenticationManagerBuilder auth), why authenticationManager gets initialised with User data and AuthenticationProvder. What is the use of it?
As per say, AuthenticationManager implementation is provided by ProviderManager during request flow via Filter chaining process. Pls help me with understanding.
When an angular app is calling a spring boot api, how would it supply the username and password?
which ide do you use?
WebSecurityConfigurerAdapter() is deprecated please update
Thanks
why did you shift from Eclipse to InteliJ?
Wonder why WebSecurityConfigurerAdapter class is there inside org.springframework.security.config.annotation(?).web.configuration package !!
Big fan
Big fan :D
At 5:50, The method configure will have @Autowired also. Otherwise, It is not reading the configuration. Request you to please update the video a bit. Many Thanks for the videos.
can you create some complete application with angular 7, spring boot,spring security, hibernate and mysql....Please
Why isn't the AuthenticationManager builder also exposed as a Bean that Spring just finds and uses?
How can I call it using postman for basic auth.
Hi sir thank you for the video. Which theme you are using for IntelliJ?
mail me please if you find
Did you figure out?
Please demonstrate Spring Security Using Kerberos.😁
Hi thaks for your tutorial. I have followed your Microservice tutorials and was learning zuul and all. But stuck with an issue.
i don't know if my issue is relevant on this video. I have set up zuul and spring security with micro service. But with out authentication i can use all microservices via zuul. It works perfectly. But when i incorporated JWT authentication while accessing microservices after authentication throwing CORS issue from accessing Angular. Could you please comment what should i take care to avoid this issue.
Is your API server on a different host from whatever is serving your Angular page? If so, you'll need CORS enabled for your API server. If this is the issue, it should really have nothing to do with Spring Security or JWT.
@@Java.Brains yes both on different machines.
httpSecurity.authorizeRequests() .antMatchers("/**/cart/**").permitAll()
These statement allow me to enter into cart service. Even in different hosts. I belive zuul proxy do something here.
But when i add Authentication am getting the error. That's why i doubt security has something to do with zuul. Or i doubt i miss some configuration.
Great explanation! But could you put greater emphasis on design patterns, it would be easer to understand .
Thanks! Can you please elaborate on your suggestion? Do you mean separate design pattern tutorials or explaining patterns as they occur? (I’m assuming you’re referring to the builder pattern that we encounter in this video)
@@Java.Brains I am just learning design patterns. And I find them helpful for understanding when I manage to recognize them. So I wish you would mention them. For example, the role of WebSecurityConfigurerAdapter as an adapter, when AuthenticationManager builds. Maybe it is excessive it is up to you. Nevertheless you gave more than enough information. Thank you!
Will you please update this tutorial because WebSecurityConfigurerAdapter does not exist in Latest Spring-Security Version 6.2.2. As all spring boot version above 3.0.0 using security versions above 6.
I am getting java: cannot access javax.servlet.Filter
class file for javax.servlet.Filter not found in SecurityConfiguration which is extending WebSecurityConfigurerAdapter
If u want to use useremailId instead of username for authentication how to do
I'm ur big fan.you really have motivated me and taught me a lot of courses. I hope my comments do motivate u too and continue ur work
Thanks! While I may not respond to all comments, I do read them all. It's a constant source of motivation, for sure!
Clear cut explanation. Please change the comment statement colour as it is not visible to see
Thanks! Yup, I too realized that after recording. I’ll try to change the color from next time
Thanks for the tutorial Koushik, however, the WebSecurityConfigurerAdapter is now deprecated
sir , have you removed application.properties file data , as i havnt and this is driving me crazy
Question : what is the significance of role
hi I found this videos useful and i like the way you teach but while using your concepts while practicing i cannot use WebSecurityConfigurerAdapter class for instatiating the AuthenticationManagerBuilder later i came to knew that WebSecurityConfigurerAdapter has been deprecated and cannot be used so how can i proceed with the hands on experience kindly guide me thanks in advance for your time and consideration
are you still looking for answer?
@@user-ze6zl4ux1r I am looking
what u found guyes help@@sandeep7043
i found comment down that helps :
Please make tutorial on Kafka and Kafka stream ..
at 8:50 the hashing password card is not appearing
Hi Koushik,
Help me understand a bit, do I need to configure EVERY user in SecurityConfiguration ?
What if I have 3600 users ? Do i need to configure everyone ?
What if one changes a password ? Do I need to remake the configuration every time ?
Thanks
good question? I have the same question, did you figure it out? thanks
I think you would most likely save the user's data in a external DB by letting them save their data through the registration process. Then, when they try to change their pw, the request would change the corresponding value in the DB. You would have to implement the methods and endpoints, but i do not think that you have to configure everything in the Configurer, unless you want to hardcode something for test purposes
websecurityconfigureradapter is now depricated
Dark mode in the intellij is not that viewer friendly. Else, the videos are amazing
This way is removed from latest Spring Boot. Maybe update the content? Thanks a lot. I love this tutorial.
new way of getting in memory authentication (SpringBoot 3.2.0):
@Configuration
public class SecurityConfiguration {
@Bean
public InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User
.withUsername("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
@Bean
public PasswordEncoder getPasswordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
}
What does "configure a user" mean?
Is this all still up to date? Or is there a part that is outdated? Please let me know.
the 'WebSecurityConfigurerAdapter' is removed its outdated
Thala! Please tutorial on Spring microservices with Oauth2 and Okta authentication
Yup, keep following this series for Oauth2. I haven’t personally worked with Okta, but I’ll see what I can do
Thanks a lot ji
WebSecurityConfigurerAdapter is now deprecated what is the recommended class to use now?
you can use this one:
@Configuration
public class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authz) -> authz
.anyRequest().authenticated()
)
.httpBasic();
return http.build();
}
}
How to disable the spring security aunthetication
How to get user from database.
can anyone point me to good springboot learning resources for reading. I find very tough going through official documentation. thank you!
and udemy videos also gie limited knowledge..so not udemy recommendations please.
The font colours are dark same as background which makes reading what's on screen very tough and almost invisible. Please take care of it... :-(
🥰😍
In spite of extending WebSecurityConfigurerAdapter and overriding configure(AuthenticationManagerBuilder auth), the application is starting eith default password.
stackoverflow.com/questions/43868329/custom-security-is-not-working-when-extending-the-websecurityconfigureradapter-c
WebSecurityConfigurerAdapter is deprecated now
u explain very slowly if u can speed up a bit too we will not mind.rest u are great no doubt.love n respect.
A kind suggestion: You can view any video presented faster by setting your video playback speed to 1.25, 1.5, etc within the youtube app/page setting.
It is time you show us how production applications are made
Is there any code/github link?
czcams.com/video/TNt3GHuayXs/video.html
Use default mode...hard to see in dark mode....
gives "Bad Credentials" after entering the configured in-memory username and password
stackoverflow.com/questions/43868329/custom-security-is-not-working-when-extending-the-websecurityconfigureradapter-c
Getting this error with all the changes done " This application has no explicit mapping for /error, so you are seeing this as a fallback. "
Check your controller class once, what mapping have you given for it.
2:26 using AuthenticationManagerBuilder to configure AuthenticationMamager
Extending websecurityconfigureradapter
Thank you so much.
Çalıştıramayan arkadaşım olursa yardımcı olurum.
why memory man?
Incase someone is facing issues with the code not running properly use this code:
@Configuration
public class SecurityConfiguration {
@Bean
public InMemoryUserDetailsManager userDetailService() {
UserDetails user = User.builder()
.username("blah")
.password("{noop}blah")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
If you not able to use NoOpPasswordEncoder.getInstance(), then use the special construction nearby password : .password("{noop}bar"). {noop} delegate to NoOpPasswordEncoder
Misleading title
These videos have no real-world application whatsoever. I just wasted 13 minutes waiting for something that actually makes sense to happen.
vary bad