SPRING SECURITY 6 with JWT Authentication: Secure Your App in MINUTES!

preview_player
Показать описание
In this video I will show how to use Spring Security 6 with JWT Authentication to Secure Your App in MINUTES. I will do it using the Web Filters to handle both JWT requests and credentials requests.

Content:
* Added the Spring Security 6 dependency and a JWT library
* Created a JWT Web Filter to handle the JWT in the HTTP Authorization header to authenticate the requests
* Created a Username and Password Web Filter to handle the login with credentials from the user
* Created a provider to create and validate the JWT
* Created the Spring Security 6 configuration to protect some routes and add the filters.

  1. The Dev World - by Sergio Lema
  2. java
  3. jwt
  4. spring boot 3
  5. spring security 6
Рекомендации по теме
Spring Boot 3 2:05:52

Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation [NEW] [2023]

Spring Boot 3.0 0:51:48

Spring Boot 3.0 + Spring Security 6 | JWT Authentication & Authorization | JavaTechie

Spring Security 6 1:14:28

Spring Security 6 | Authentication & Authorization - JWT

Spring Security 6 3:14:14

Spring Security 6 with Spring Boot and JWT Tutorial

Complete Spring Security 3:45:03

Complete Spring Security with JWT Authentication | Spring Security 6 | Securing Spring Boot

Spring Boot 3.0 1:52:12

Spring Boot 3.0 + Spring Security 6 | JWT Authentication & Authorization

Spring Security JWT: 0:43:06

Spring Security JWT: How to secure your Spring Boot REST APIs with JSON Web Tokens

Spring boot 3.0 2:01:46

Spring boot 3.0 - Secure your API with JWT Token [2023]

SPRING SECURITY 6 0:18:49

SPRING SECURITY 6 with JWT Authentication: Secure Your App in MINUTES!

Spring Boot 3 0:30:00

Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation 2024

#37 Spring Security 0:12:14

#37 Spring Security | Generating JWT Token

#36 Spring Security 0:16:43

#36 Spring Security Project Setup for JWT

Spring Security Architecture 0:14:41

Spring Security Architecture Explained

Spring Boot 3 0:40:10

Spring Boot 3 App Security Upgrade: Spring Security 6 in 2024

Spring Security 6 7:50:54

Spring Security 6 Masterclass with ReactJS, OAuth2, and JWT by Building a Project

Spring Security 6 1:44:37

Spring Security 6 | How to Create a Login System with Spring Data JPA and JWTs [NEW 2023]

Spring Security: Spring 1:52:13

Spring Security: Spring Security + REST + JWT

Spring Security 6 1:55:09

Spring Security 6 Tutorial

¿Cómo crear el 1:06:27

¿Cómo crear el login? Spring Boot 3 + Spring Security 6 + JWT Authentication #backend

Spring Boot and 8:39:30

Spring Boot and Spring Security with JWT

Spring Security Tutorial 1:31:05

Spring Security Tutorial - [NEW] [2023]

🔥 Complete Spring 3:05:31

🔥 Complete Spring Security 6 JWT Tutorials in one video | Spring Security Jwt Tutorials

JWT Authentication & 1:02:37

JWT Authentication & Authorization with Spring Security | Step-by-step tutorial

#15 Spring Security 0:52:40

#15 Spring Security JWT Token Validation | Spring Security 6 JWT Tutorials

Комментарии
Автор

Straight to the point and well explained. Great job!

michaelalozano
Автор

Very useful video. Thank you. Short, concise, very well explained, simple and quite useful.

joanjanku
Автор

Great explanation of the Spring Security authentication. Helped a lot, thank you

ІО-АндрійЛисак
Автор

It was a nice tutorial, but I keep seeing the same mistake over and over from multiple people. Amigoscode did the same thing as you did. The whole point of using JWT token is that you do NOT check against your database. That is literally the most important advantage in comparison to cookie / sessionID. You should have all the relevant information within token itself.
The only exception to this rule is if you actually want to create or modify resource in your application and you need to make sure that the user still exists in the DB. And even in that case, that logic should be part of the controller/service that handles creation/modification of the resource. But if you just want to make sure your user is valid, the token should be all you need. If it is not, then you should reconsider whether the JWT token authentication is the best approach for your use case.
But otherwise great tutorial. Thanks for that :)

jacup
Автор

Thanks Sergio!
Great explanation and very simple code flow!
Very useful!

paolofrancescosciammarella
Автор

Awesome work! This code is so easy to read. Great stuff. Thank you!

szopsop
Автор

Thanks for the video, I think there is a missing point which is that the REST API communication is in clear HTTP, using HTTPS will protect our login object sent in the request body.

marouaniAymen
Автор

Tendrás un ejemplo con el algoritmo RS256 (llaves publicas y privadas)?

CeratiGilmour
Автор

Thanks sound good, but looks like "Hello world".
What about improving it?

How?

1-hour expiration is too long, what if we want
1> around 10 minutes expiration time (5, 7, 10, 15)
2> each time authenticated user invokes any authenticated page - his expiration time should be renewed by this now() moment
3> next request should use new (updated) JWT.

abndev.
Автор

So for credit cards or any sensitive data which would be the way to send it to the backend?

Fernando-mgrx
Автор

Why write this by hand, doesn't Spring Security provide this out of the box?
Creating custom filters and jwt tokens, etc

Jux
Автор

Hi man..how do you invalidate the jwt token anyway?

Lars
Автор

does we need another endpoint for refresh token ?

AhmedZahranDEV
Автор

Tenes otro canal en español o solo este?

federicoo