Spring Boot + Spring Security + JWT from scratch - Java Brains

Important note: In the video, I provide the JWT secret as a constant variable in the Java class. As you might imagine, please don't do that in a real application!

It's not a good idea to check in passwords / secret keys in your code. You should get that from a setting / property file that's in a more secure location and not in your source code repository.
(Thanks to Olivier for pointing this out in the comments)

Java.Brains

I really want to meet and look at those people in their eyes who actually dislike this and other videos in this playlist. It is a real work that it teaches you for free and with a quality material. If you cannot like a video, the least you should do is to not dislike. It is basically you who might be missing the pre-requisites to understand the material used in these videos but nothing wrong with this quality playlist. I have learned a lot of stuff from these awesome examples. Excellent show Koushik (y)

Bluesmile

The tutorial covers Spring Boot security pretty nicely, but I think there are some aspects to be pointed out here:
- Some people wonder where the token itself is validated. This was not mentioned in the tutorial, but actually the *extractAllClaims* method is responsible for the validation. It throws exception while parsing claims if token signature is invalid (secret key mismatch) or token is expired. Thus *validate* method in JwtUtils has redundant check of expiration time.
- The great advantage of JWT is that it is stateless, that means id doesn't have to be validated against queried data. This tutorial validates if data of user with provided userId matches the data of the same user fetched from somewhere else (usually from a database). This validation is redundant, since token has already been validated and we are ensured that provided userId is correct. There may be a need of fetching user while validating JWT token, but there is not in this scenario.
- To sum up - *validate* method in JwtUtils can be securely removed

igorzuber

Who says Spring Security is complex to understand, we have such a great instructor like you

Thank you so much

ManishChoudhary-nrtf

An Amazing video with 40 minutes of content. Best thing is how Koushik keeps the tempo throughout and keeps motivating. He holds on to the audience and such an amazing teacher and a humble human being. God bless

dineshchandgr

I love that guy saying that if he gets married, he will invite you. I've realised that you have helped millions, if not billions of devs out there! Keep going big bro

robertinnoelson

If I get married, I will invite you because I feel you like a family after all these years.

valkon_

Note the changes in the HelloResource class at 8:10 .
1) "RestController" instead of "Controller" and
2) Remove the flowery braces from the "RequestMapping"

SaratchandraKasivajjala

I tried to learn SpringSecurity for at least five months, and finally I gave up and used JWT manually for my personal application. But you expained it perfectly and now I can implement both techs! Thank you, very much!

pabloleyes

the world needs more teachers like you. thank you!

safiullahzuri

My man, you're like the Saint Nick of Java! Thank you so much for sharing such great content

AlmightyGauss

Koushik, you are the best instructor! I've been postponed jwt auth implementation in our project waiting for your video about it before implementing. Thanks a lot!

samiryt

Omg Kaushik.. you are a saviour.. I have followed your microservices series when I was asked to make a poc on that.. where I learnt a lot of new concepts from you. And now again I am asked to make a poc on Jwt and again you have made it so simple to understand and implement as well. Thank you so much. You are a trusted resource for me.

Veronica-vqiz

Your style and delivery is excellent, you are making a lot of java devs' lives better!

liammullan

First of all excellent explanation by Koushik
but to those who didn't understand the concept of extractClaim() method

extractCliam() methods takes a functional interface function as an argument which is of type (Represents a function that accepts one argument and produces a result.)
so from the extractUsername() method we are calling the extractClaim(token, Claims::getSubject()); // done using tthe mehtod reference(Done as in calling the static methods)
as the second argument can be wriiten as (Claims)-> Calims.getusername()
as we are saying the claimsResolver that it goona recieves an object of type Claims and from that object it needs to get the string which is Claims.getUsername()
same is done using extractExpiration()

adarshverma

I have seen many tutorial videos but this is the clearest, most useful and most educational I have seen, I thank you very much for your time.

alejandrogandara

Perfect explanation like all previous videos in this topic. Appreciate a lot!

medonly

It's a very good sample for the beginner. It's not too much but can show a brief description of the way Spring Security and JWT work with each other. Viewers need to watch slowly and take note of important points:
- Security configuration
- Adding and registry new filter among Spring Security filters that are provided by Spring Security
- SessionCreationPolicy
- Implementing UserDetailsService service
- SecurityContextHolder, this manages authentication object that operates throughout security validation process

thienquangphan

OMG, you're an OG for this. I've been waiting for someone to explain this for over a year!!!

isaacbarron

I cant Thank You enough for what you have done in my career through your tutorials . You explain everything in simple terms and great enthusiasm. THANK YOU!. Its the best content I have seen in the internet. And some ungrateful idiots will just downvote the videos.

georgekibira