filmov
tv
57 - How to secure REST API using JWT and Spring Security in Spring Boot -Part 2 | JSON Web Token?
Показать описание
#JWT #JSONWebToken #SpringBoot #REST #RESTAPI #SpringSecurity
=====================
JWT is a JSON based open-source standard for creating access tokens that allow us to secure communications between client and server.
in simple words, JWT only creates and validates the token, the authentication part is taken care of by spring security.
Create - encode the username with a current timestamp using a signature algorithm
Validate - decode the token and extract the username
How will it work, if the token is not available for the very first time?
It will call the authentication manager authenticate method and this method will accept the username and password,
so based on details it will validate the credentials, and the authentication is taken care of by spring security.
if credentials are valid then we will look forward to creating a token using JWT build in methods of Jwts factory class
and Jwt builder interface. else it will throw the exception like bad credentials
how will it work, if the token is available in the authorization header
using this screenshot you can clearly understand how are we going to send token as part of the header
it will extract the username from the token using JWT build in methods of Jwts factory class and Jwt parser interface
once the username is extracted then JWT work is done rest of the things taken care of by the spring security user details service class
=====================
Why do we need a Secret key, What is the use?
This is a string that is used in the signature algorithm that generates the cryptographic signature for the token.
The idea is that this key must be known only to the application,
because anyone who has this secret key then they might be able generate new tokens with valid signatures.
=====================
The PostConstruct annotation is used on a method that needs to be executed after dependency injection is done to perform any initialization.
=====================
Security Context holder which is a helper class, which provides access to the security context.
By default, it uses a ThreadLocal object to store security context,
which means that the security context is always available to methods in the same thread of execution,
even if you don't pass the SecurityContext object around.
=====================
JWT is a JSON based open-source standard for creating access tokens that allow us to secure communications between client and server.
in simple words, JWT only creates and validates the token, the authentication part is taken care of by spring security.
Create - encode the username with a current timestamp using a signature algorithm
Validate - decode the token and extract the username
How will it work, if the token is not available for the very first time?
It will call the authentication manager authenticate method and this method will accept the username and password,
so based on details it will validate the credentials, and the authentication is taken care of by spring security.
if credentials are valid then we will look forward to creating a token using JWT build in methods of Jwts factory class
and Jwt builder interface. else it will throw the exception like bad credentials
how will it work, if the token is available in the authorization header
using this screenshot you can clearly understand how are we going to send token as part of the header
it will extract the username from the token using JWT build in methods of Jwts factory class and Jwt parser interface
once the username is extracted then JWT work is done rest of the things taken care of by the spring security user details service class
=====================
Why do we need a Secret key, What is the use?
This is a string that is used in the signature algorithm that generates the cryptographic signature for the token.
The idea is that this key must be known only to the application,
because anyone who has this secret key then they might be able generate new tokens with valid signatures.
=====================
The PostConstruct annotation is used on a method that needs to be executed after dependency injection is done to perform any initialization.
=====================
Security Context holder which is a helper class, which provides access to the security context.
By default, it uses a ThreadLocal object to store security context,
which means that the security context is always available to methods in the same thread of execution,
even if you don't pass the SecurityContext object around.
0:07:23
57 - How to secure REST API using JWT and Spring Security in Spring Boot -Part 2 | JSON Web Token?
0:16:39
57: How to Secure a Faculty Mentor
0:23:58
Top Five Security Tips
0:33:53
Free CCNA | Wireless Security | Day 57 | CCNA 200-301 Complete Course
0:00:22
How to make a secure website episode : 57
0:00:12
#57 How to protect yourself From The enemy That Using Martial Arts
0:06:07
Chrome 57 changes - Secure your site using https
0:29:00
Tech Done Different [Ep 57]: Starting With Security
0:36:09
The Significance of Jesus' Burial - Matthew 27:57-66 - Mike Sorcinelli
0:01:37
57 Minute Data Security Challenge
0:01:40
57 min Data Security Challenge
0:15:24
Navigating SaaS Security | Ep 57
0:06:30
About that FreeBSD Security Advisory...
0:00:22
How To Protect Yourself?!👊| Amazing Self Defense #57
0:01:31
Would your business pass the 57 minute data security challenge?
0:11:39
57-Secure Map Network Drive
0:30:08
Episode 57: Security Without Compromise!
0:00:14
How to protect yourself 👊? Amazing self defense 57 - Cách tự bảo vệ chính mình 57
0:00:18
how to protect yourself from the Enemy 57
0:07:16
Foundations of Computer Security 57
1:09:57
#57 Retro Gaming and API Security with Rob Dickinson
0:01:52
Tech Security Tip #57: Back To Basics (CDN Technologies)
0:04:21
Stripped Write Protect Screw? Remove It With The Nejisaurus PZ-57!
0:32:32
Lec 57 Ingredients for Statistically-Secure MPC
Комментарии