Spring Security Fundamentals - Lesson 5 - Endpoint authorization - Part 1

I promised myself that whenever I understand a difficult topic as well as you do, I will share my knowledge in the same helpful and clear way you do. That's how much I appreciate your assistance right now. Thank you!

temirlanmukashev

clear, straightforward tutorials. awesome job thank you very much
😍

nimacode

good job thank you master you are the best in spring (from morocco)

Learning_now

Thank you for your kindness, you are helping the developer around the

buddha

Love the series! Keep up the good work!

joseignaciocarbone

thank you again! these are helping me so much!

michaelhashimoto

Hi @Laurentiu thanks for the series.. I think it would be good if at the some point of this series you cover about securing websocket with spring security too.. (Just a suggestion :) )

sky

thanks.. watching your series made Spring Security much more clear..

can you make a video explaining how to implement Role and Authority, where a Role consists of group of Authorities, all stored in a MySQL database?

randaldurayhim

Laur, this is just great content, 20 hours, every hour contains extensive information. A question, shouldn't slow down or consume a lot resources of the system if we authentication each endpoint.

Joseph-oztx

For some reason, I keep getting my comments deleted, what a shame... Please put in the description of the video the changes regarding the mvcMatcher. I saw that you made a video at Lesson 10 regarding that. You should link that video somewhere in the comments / description of the video. It will guide people better.

nitnelavspetorials

Hello Sir. Please What is the rule for the usage of the and() method of the HttpSecurity object?

lenigaussgauss

Hello Love the series. Just wondering why for example you prefer using "var" instead of the actual return type e.g "var uds =" instead of "UserDetailsManager uds =".

isaiahkibet

Hi, I would like to ask if this playlist still good for the latest of spring boot and spring security?

uinrpir

Hello Sir thank you for this brilliant course. Since the authorisation process comes after the authentication process, Is the authentication process applied on every single request before the authorisation or only once when the user enters his authentication parameters?

lenigaussgauss

Thanks @Laur Spilca. Just to be clear, when we use UserDetailsService with ORM do we insert authority name(In Authority Class) as "ROLE_ADMIN" with prefix during registration process, if we are using roles later for authorization purpose in login ?

LelouchTheFirst

I have been watching your videos for a few months. I like them. I have been trying to figure out the answer to a question for quite some time. I am hoping that you could answer. Is it an anti pattern if I define the Outh client for UI(react) in the backend using a confidential code grant? If not then I am not able to find such a full stack example. It is always PKCE in the UI. What I am trying to do is make one MS as an outh client which will give JWT token to UI and all other MS as resource server.

ashishsengar

Hii what is the difference between these two :- 1. adding basic authentication using configure(HttpSecurity http)
2. adding basic authentication using filterchain bean(basically what you did in this tutorial)

suryasikharej

Hey. I am having challenges with my spring boot application after I upgraded to spring 2.7.3. I understand the webSecurityConfigurer is now deprecated. How do i setup security configuration in spring boot now that webSecurityConfigurer is deprecated?. The application works fine on the local machine but it gives me a preflight error because no Access Control Allow Origin is present in the header when I deploy it to GCP and I feel there is something I am doing wrong with my security configuration. Please guide

webeltech

Great lecture. If permitAll() is called after authentication how can I call an end point without authentication at all? For example I want to have register end point for my app.

eyaliaroslavitz

Hello. Thank you so much for sharing your knowledge. There is a strange behaviour.

I've configured two users, "bill" and "john", each having a role and an authority. For example, "bill" has the "MANAGER" role and the "read" authority, while "john" has the "ADMIN" role and the "write" authority.

In my access control expression, i have it same as you do. However, with the current configuration, both users are rejected when trying to access an endpoint.

Interestingly, when I remove the roles and only use authorities for both users, the access control works as expected: "bill" can access the endpoint, and "john" cannot.

I would like to understand why this issue occurs when I use both roles and authorities and how I can make it work with both roles and authorities in my configuration( or should i ? :) ) . Any help or suggestions would be appreciated.

naebara