#5 Setting UP JDBC Authentication with Spring Security | Security Database Default Schema

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] okay so recording started hello everyone welcome back and how you guys are doing so hopefully you guys are doing good and you guys are practicing this spring security series and you are actually you know learning so much i i hope so so you guys are practicing and learning things do not just watch this series right uh practice practice for the best results okay straight away let's come into the topic all right so in this episode we'll be learning how to get users from the database how we'll be storing users inside our database because so far in this course we are basically storing users inside our server memory but i'm going to teach you like you know how you'll be storing your users data or you just credential inside a real database just like mysql and how you will be pulling those data or loading those data into your application whenever a user is trying to log in so i'm super excited to teach you all these things i'm super super excited and let's go down and dirty and let's learn some really really interesting stuffs see you in the video [Music] okay so what we have done last time we have here yeah yeah yes go ahead we have defined method user defined login page logout page oh okay okay okay got it got it last uh last session we have done with that uh login and log out stuff isn't it i mean our own login and logout stuff yes cool cool okay today let's do something interesting okay and again i will be hiding a lot of things today maybe if you i mean as a java dave if you're going to think like you know how it is working internally things like that you'll have so many questions but i'm going i'm not going to answer those questions today because i will have a separate session for that but today i'll be just doing something really funny and you'll be loving it because today we will be loading data from the database we'll be loading user from the database okay so now tell me this is the configuration file that we had so far i can remove all this uh comments that i now tell me from where we are storing the data as of now yes in memory where i have where i have defined that method here sir configure configure exactly so this method is helping us to load the i mean to create the user inside the i mean inside the memory only inside the server memory only right now we are storing the user information that's what we say in memory authentication because we are authenticating the user who is basically trying to do login to our system let me do control s and let me run this application and you can see that a login screen and that login screen when somebody is trying to login basically his data his information we are storing it inside our server okay server memory so every time basically i'm stopping the server here or i'm starting the server here those data is getting destroyed and created again and again but in real time will not do that right we will be where we'll be storing the data i mean how you will basically handle this scenario can you tell me this login logout this sign in this scenario how you will be handling uh can anybody just tell me like what should be the go to approach in any of the website if someone is trying to login what he needs to do first let's say there is someone is coming to my website okay imagine uh this website any anywhere i can go listen seleniumexpress.com okay someone is going to this website if he clicks in login okay first of all we will get the data the login and password data he need to first sign up exactly he need to first register or sign up now when he'll be signing up first of all he'll be giving his username first name last name email everything when he do a register at that time where the data will go db through the db okay so in the db the username and the password will be storing isn't it so right now where we are storing these information in our application in the memory itself right so i will be removing everything every code that i have written here today i'll be removing it because right now i will not hardcode my user okay i'll not be hardcoding my user uh right here rather i want to load the user from the database so this is going to be our topic today okay so here load the users information from the db okay and we will we'll be following a simplest approach the more we will learn maybe we'll go for some different uh tricky scenario while implementing some complex things but right now let's follow the easiest approach the go to approach okay actually spring is making it really really easy okay so now let's understand how basically we can do that okay so lower the user info from the db so the user information okay so what are the mandatory information to create a user inside spring security any idea user id and password okay rule exactly username password and role these three things a user must have whenever you are creating any user inside spring security he should have username password and role okay cool so right now what we can do maybe i can show you something right now okay before that i will just i'll just introduce you something okay let me go to my google chrome maybe i can start going for uh spring security uh default schema okay so there is something called a default schema in spring security i'll tell you what you mean by that so spring people says hey you can follow our approach our approach to store data inside database and if you'll be following our approach then you really don't have to write any code okay the code has been written internally and we have already written the code you have to just follow us whatever the instruction i am giving or the whatever the instruction the spring people are giving us we just have to follow that right now what spring is saying that hey you can follow our user schema okay and if you are going to follow that then very easily you will be able to load the username password from the database okay so they are saying you have to create two tables first table is user the user table inside the users table not user because table name will be always plural i told you so users table will be creating a table called users now we'll be having three columns there the first column is username the second column is password the third column will be enabled okay so any guesses why we are having this enabled column here we can restrict the user who are able to log in sometimes we need to it uh yeah just like that no uh exactly not this is basically whether the user is enabled or not let's say right now you are you are using facebook right you are the active user in facebook let's say right now you you just delete your account for seven days or ten days now they will not be removing your data from their database right they will be just they will be doing a stop delete that two two kind of delete i told no stop delete and hard delete okay yeah hot delete means they will be completely removing the data from the database okay and stop delete means they'll be creating another column called enabled okay maybe they'll be using some boolean value true or false if true the user is active if false uh the user is not active okay so this enabled is just to track the user let's say there is 10 users present in my database and one user this particular column is false okay if it is false main that means that user is not active rest of the nine are having true this enabled then they are active users and one user is inactive so here we will be storing the user information okay so first of all let's do this work and then we'll go to the next thing so you have to understand first thing is that whatever way they are telling you to create the table like table name is users uh column name will be username password and enabled and this column will be not null not not okay you have to exactly create your table just like that you cannot take the username as my username or you cannot take the password as some other column value no that's not allowed okay so if you are using their schema uh if you want spring to handle the code by itself then exactly the way they have written the code the way they have created the table you have to take the exact columns because internally these names will be used okay in their code let's say right now i will be creating one table okay some someone is saying let's say so nali is saying that okay villas i don't want to create a user table i will be creating a customer table okay and inside customer table i will have i think uh somewhere we had i think in the morning batch we have created a table maybe i can show you that maybe i had that inside the college so see this table i got a customer table okay now inside that i have user id name email password role so one table i had okay here here is my uh user id here is my name is akil his email id is this one password is this one see the column name pwd email name i don't have any username column here so if i want to create something just like this then i have to write code by myself okay but no we will not be creating table like this we will be following spring way of creating table okay because they are telling us that okay you you just write like this and rest will take care so let's go ahead and do it so maybe let me create a table or let me go to one of the other schema let me close everything go to mydb so what i have here student can i drop this table am i using this table somewhere maybe not or maybe yes so let me create a new schema otherwise okay the schema name i'll give evening okay so just to make sure this is your schema and you guys will be using it and i won't be touching that in any other batch so now here in the evening schema i'll be creating a table very simple okay what is going to be my table name i don't have to think i'll go to that documentation first of all let me ping this one because when you guys will be practicing you'll be using this documentation and see this is spring's documentation right this is not some kind of website this is springs website only so i'll go here first and i'll ping this one in the group so that you'll be using it and the next one so now users is the table user name is the column copy that username paste the username just right here and this table name is going to be what you just copy that users and paste it just right here okay the next one the username data type is going to be what so see that username voucher ignore case 50 is going to be the size and it's going to be not null so obviously there should be a username and this is going to be the primary key so i will do what i will make it uh varchar and this let's make it 50 characters okay it will be the primary key and not normally checked so what is the next column password virtual ignore case 50 not not so let me copy that password let me go here paste it and this is also let me make it 50 okay so 50 characters and this is also going to be not now that you a user should have the password the next one is enabled copy this go there paste it and this is going to be boolean okay let me go there and search for boolean enter okay it's converted to tiny in that's also fine tiny basically will hold zero or one so i can say one for uh active zero for not active okay so one means true zero means false that's also fine okay and we also make it not null this is not null or not okay this is also not normal i'll make this not known okay i'll click on so just verify it username password enabled okay three things we have and these three things are not null okay i'll do apply apply and close now let me go to the table let me open up that table there you go right now can i have some username entered can i have the lib let's say delete password is um let's say the leap one two three i'm just storing the password in clear text maybe after that we will encrypt it okay enabled let's say he is an active user so one let me take one more let's say revati and let's say depth t one two three and season enabled user let me take one more maybe i'll take karthik maybe karthik one two three and he's an enabled user as well i'll do apply apply close okay now if i do select start from okay i got a table called users in the evening schema and i got three things username password and enabled imagine i have given some kind of registration form to the user maybe you can go to here think like we are giving some kind of form like this sign up form register form just like this okay so the user is going and entering the data he is doing register then the data is going to this table here okay now we have not created that screen right so that's why i'm directly entering the data here maybe later we'll be giving a screen to the user and then he will be entering the data and the data will come here okay now i'm directly inserting the data here but imagine is coming through a sign up form okay so my users table is ready right now so far we are on the same page or not i want to hear it from everyone we're on the same page yes okay making sense i think you have attended this session in the morning maybe yeah yeah yes okay tonally making sense yes okay i'll be sick you are good so far uh yes um okay perfect so right now we are good okay we got a table here the users table and we got this data okay now let's go for the next thing what what is the next table spring is saying so right now just now delete for your someone said right when we are creating an user we need three information first one is authentication how we will be authenticating him by the help of the username and password and there you go this is our username and this is the password let's say this guy delete is entering to up to my website but is he an admin is he a normal user he's an editor he's an subscriber he's in customer what kind of role he has we don't know that right so way to define the roles the role we can define inside another table okay and first of all tell me one user can have multiple role or not yes or no once yes yes one user can have multiple roles let's say abilis is also the admin and also the user let's say yours is only the user refti is the admin the user and also the customer right so we one user can have multiple roles and for that if we will go to that website here so we need to create one more table called authorities so authorities and roles are kind of same but kind of same i'm saying i'm not saying they are same but you can imagine like authorities means what kind of roles you have let's say there is a guy so now there is a girl sonali and c has two authorities i mean c has two roles he has an admin and c is an uh what do we say user okay so that thing will be defining here so let me create another table authorities this first let's try to understand okay before after that i'll be creating we'll be creating a table so we have two columns one is called username and this is going to be varchar type and it's going to be not null then the authority authority means roles right so they are saying authority we can say roll okay so right now we'll be going with their pattern so we'll be saying row authority only but you understand authority means role only okay and it's going to be not known okay the next thing will be creating a constraint a foreign key constraint for the username so see this authorities table is right now dependent on the user's table how it is depending is depending on username i can show you in a diagram basically i had it for the morning batch man just give me one moment i'll just pull that out just give me some time maybe maybe i can do what i can join from my other laptop scheme one sec guys i'll be showing you a uh presentation it may be a slide and that slide will make sense so that you can visualize these two tables not required but i just want to show you okay can you guys hear me yes sir okay so what i'm gonna do uh i'm sharing my screen are you guys seeing my screen here yes okay okay so what i want to do i want to show you when presentation okay so many things here okay now this is the table okay we have created this table and this is our user and here we'll store our user data username password and enabled we have one more table okay and c now this avilas can have multiple role okay there is a user called avilash he can have multiple role like he can be an admin he can be an user okay so villas is the foreign key basically these two table authorities and user table they are linked with this username okay so this username that we have here you can see this username is the foreign key here in the authorities table that's why whatever if the user we have here only then we can do an entry here if the user is not present here inside the users table we cannot add an user because this username is going to be linked with this one okay let's say there is no delete here right then i cannot insert delete data right here inside the authorities table because delete is not an user here okay so this one is going to be the foreign key okay so this one is authorities here we'll be defining our role so right now you can see obvious is to roll one is admin one is user okay don't think like why i've written role underscore admin you can also write admin there that's also fine you can also write role underscore admin that is also fine i'll be coming back to that but in in the end of the day you just understand this is just a role okay okay just like that frank is an user here now frank is only an user that's why i have written user here don don is who don is a user you can see don is a user this is his password he's an active user okay don is basically an user so two tables we have user table we have already created now we'll be creating this table authorities will be having two columns called username and authority and this username is going to be the foreign key and which is going to be linked linked to the users table is making sense what we are going to do right now just look at the table okay okay the same thing let's try to replicate with uh this thing okay let me drop from here now can i do share okay i can say right now i'm sorry guys this is taking me a while okay cool so the next thing we'll be creating the authorities table right now isn't it let me copy this authorities let me go there you can see it is changed to dark right now the dark theme because it's seven o'clock right now this was the theme changed automatically same same db only so right now uh i will be creating another table and this table name is going to be authorities okay and the column name is going to be what user name will have two columns one is going to be username control v8 okay and username data type is going to be voucher i am not able to change the username archer make it 50 and in this table there will be no primary key and i'll ask you why maybe first of all let's go with that then i'll ask you why so in the authorities table you can see if you are going to see the schema there will not be any primary key okay now i can take authority this is the second column now let's go there and let's say authority here okay now this is going to be 50 characters also let me take 50. this is fine you can make it 45 but i'm just matching whatever they're instructing i'm messing with them okay now they are saying this authority is table going to have a foreign key constraint and this is going to be bring to the users table username okay so now we are here inside the authorities table i can click on the foreign keys and i can give an i can create a foreign key i can give any name here but let me copy their name whatever they are saying fk authorities users copy that okay go there this is the foreign key name control v and now the reference table now we are inside which table we are inside which table authorities table right now i'll go to foreign keys and i'll i'll just refer this uh foreign key to the users table now i'll be referencing them with this one username of this this particular table called authorities is going to be mapped to username of users table okay and that's it so now anything else we are doing they are saying that create another index okay they are saying to create a index for username okay on authorities username and authority for this to just create an index maybe for faster you know that index we are using on some name maybe for faster retrieval but we will be ignoring this particular line for now if you want you can create two indexes for username and authority by clicking in the index uh option and you can start creating indexes right here but i won't be doing it right now i am happy this much is enough let me do apply and verify it we are creating two columns username and authorities index is fk authorities user index and we are linking this particular you know constraint this particular foreign key called username referencing to the users table username column so i'll do apply close there we go now i can do what i can see authorities table here i can do search and here i have username and authority now notice one thing guys you can directly enter the data here i i just do what directly i just click here and enter the data right you cannot do that because this particular table does not have a primary key and if the table does not have a primary key then mysql is not allowing you to enter the data directly here so what we can do right now maybe i can do a insert into manually write the code insert into table my table is evening.authorities and here let me insert some data okay maybe i will in short values first my first user was delete right so maybe for the lip i'll be entering uh the values like uh first one is the username username is uh the leap okay make sure this delete is present there in the users table if i'll go to the users table then i got this guy here right dilip and for him i'll be giving you my authority right now uh dillip and the authority that i'll be giving him is admin okay let's say he has an admin authority just do uh hit this bolt and obviously you can see in short interest happen it's happened fine now i can do a select okay the leap is there which is having an admin role right now if i want again i can give the leap and another rule let's say i can write um maybe uh he they live is also an user okay so right now i can do i can hit that one yellow bolt and you can see right now the leave got two roll right now he's an admin and he is an user maybe i can insert i can give roles to the other people and what who are the other users i have karthik i have and drop the i have make let's make this karthik and repti as user okay let me go there maybe i can copy this and paste it uh one time and let me change it to karthik and let me make karthik as an user fire this yellow bolt and look into the data inside the table i got karthik as an user and also let me change this to refti okay and also let me make lefty as an user there you go search this okay now i got the lift has two roles admin and user karthik is an user definition user okay looking good okay can i do one more thing can i can i write here let's say sonali and user can i do this if i fire this what will happen data will be inserted or not no why no foreign exactly exactly if i'll hit that then obviously you can see you know cannot either update the child row and obviously it is happening because of the foreign key constraint that's fails right so okay looking good so right now so far we have not done anything so far today right if i'll do a reverse engineer and if i'll do continue if i'll hit my password okay if i do continue here maybe the one that we have created is evening continue continue execute continue close so this is our entity relationship right now we got two table authorities and username we got three columns here in the users table username password and enabled in authorities we got two usernames and authority if i click here they both are linked with username okay so that's the foreign key perfect now let me go back to here now we will do what we will load the data from here okay we will be loading the data from where from what is my table hey what is this can i do refresh maybe where i was previously here only okay there you go here i was right so here i got users let me do refresh so i want to load this user right now right now my data is in my database i will tell my spring security that hey spring security load the data from the table and for that i'll be needing your help right now and you will be telling me that what to do because right now some of you may be going through the basic hivenet that we have had 10 sessions for hibernate or maybe the jdbc in youtube or jdbc sessions that we have here now you should be our about how to connect to your database so let me go to my eclipse and now your job is you are going to help me to load the load the user from the dv okay right now don't see any other code okay if you don't know also this thing that's also fine right now this is the method that we have overridden from web security configure adapter the configure method okay now help me now here we need to tell to this configure method that hey go and look inside the db for the user okay now we have to do that and first of all before we load the user name password role from the database you just need to tell me that what we need to do first how our application is going to connect to the database this is our spring up this is our java app we need to connect here config for linux yeah config file we need to go to config file can i go to the config file maybe where is that config file okay app config now here what i'll be doing we need to establish the connection i mean database properties we need to switch yes yes so to establish the properties what we need you are correct i mean we will be establishing the connection yes and how can it be in here yes it's come again we will be using jdbc template yeah we can use jdbc template okay jdbc template needs something to connect what what is that something data manager data source sorry yeah data source yeah you are talking about driver manager that's also fine yeah data source data source is the one that we'll be needing so how we can connect to the db we'll be needing data source okay now data sources are what interface yes java dot sql is an interface so in spring do we have any implementation class for this data source yes we do have uh yeah what is that delete you may drive a driver manager data exactly exactly driver manager data source okay and that we have that inside though maybe spring jdbc while you are practicing or maybe in hibernate also maybe initial tutorials i told that we'll be needing driver manager data source if you're new here also i know you should be knowing the data source we need to connect to the database but data source is just an interface and we'll be needing an implementation class for data source and for that we have to go for driver manager data source can i do command safety and i'll write a driver manager data source is not there because i do not have that dependency in my phone file so maybe i can go to google chrome maybe i can drag it to here and here i can look for data so let me go for mavin dependency and what dependence i need let's say spring jdbc let me go for spring jdbc only it'll be pretty easy uh because i will not be using spring jdbc only data source i need that driver manager data source for that i just want to implement this one so jdbc spring jdbc and let me click on some stable first okay anyhow versions we are taking there i'll be copying this spring jdbc version i'll going to i'll be going to my pom.xml okay where is my pom.xml let me go to their pom.xml right here i have so many dependencies i told you step by step what i need what i don't need those things only i pasted here now i'll be pasting it right here command a control shift f so here the version i don't need to hard code okay so i can go here spring version i'm taking here 5.2.6 so you can see webmpc i'm using the spring version and spring version is defined here so maybe i can copy this spring version here copy that and come to uh where is that dependence right now uh python 2.9 right here i can paste it this color does not look good okay so right now spring version if i click here there we go 5.2.6 we are maintaining this person for each spring chart for wave mvc and right now for spring jdbc also what is that spring jdbc also i'm having spring version this one okay now can i go to the data source okay can i do command t command t to see the implementation class for this now we can see i'm getting so many things and i also will have driver manager data source okay so now that class is available the implementation class control safety driver manager data source now we are getting this one now we'll be using this class here to set our database properties as you guys said so now let me go to the configuration file as mo he said we will be creating um what will be creating a data source instance data source bin inside my configuration file so right now here help me to create a bin okay uh so i'll be creating a data source object okay and this data so this method is going to return me a data source instance so data source and this is going to come from java.sql and now here for data source is an interface and i have to create an implementation class for data source so data source uh maybe driver manager data so i can use driver manager data source driver manager data source is equal to new driver manager data source okay there you go now i've created the driver manager data source instance now i can simply return it return this instance whatever you have created copy that paste it here and make it a bin okay because you want spring to call this particular method right so also let me make this method public if i want i can also do that command s there you go now here we will be setting few properties how to connect to my db so now i'll say driver manager data source dot set username and my username is uh root root okay then the next one driver manager data source dot set password my password is a village okay and also i want to set the url okay how can i get the url which url facebook url set url okay uh now what is going to be my url which url so which is my schema evening schema right where this evening schema is i'll go to home i'll do right click here okay i'll copy the jdbc connection string copy the connection string to copy jdbc connection string to the clipboard copy that and let me go there let me paste the connection string here and let me remove that user equal to root anyhow i am specifying the user by myself here root i have missed the caller i mean double quote okay and here i'll be connecting to which schema where i have the user and here evening inside this schema i have the authorities and user isn't it so maybe you don't see this one don't get confused by saying this now authorities and user is there inside the evening schema so let me go and paste it here let me paste okay there we go i am done my data source has been created okay so now you don't have to do anything if you know create a bin you are done now your data source bin will be created by spring now you have to go to spring security config okay and inside the configure yes yes please what about the driver oh exactly cool cool right right thing now i have not saved the driver right now just i'm about to get some error so driver manager data source dot set driver class name and what is going to be the driver i'll be using which database i'm using mysql right yeah so what is the driver i need my sql driver so can i do command safety and look for the driver and see i'm not getting any driver from my sql package why is that different right because jar is not there exactly let's go there and look for the mysql uh mysql connector enter and look for the jar mysql connector j copy that i mean click on that we'll be copying uh 8.2.3 and let's take that no not a problem copy and maybe i'll go back there to the bomb and inside the pom i'll be pasting the jar here command a control shift f2 format so my mysql connector jar is here so build is also done command safety let me hit driver right now and there you go i'm getting it from mysql which one to use which one to use don't tell me first one cj1 right because that's the latest now let's go to here to the cj1 and maybe i can do right click copy qualifier name because you know that i won't be typing and i'll go to config and i'll paste my driver class name right here okay now it should work now i don't have to do anything my configuration is done so data source object will be created if you will not be writing it it would have helped so delete the seven hour five minutes okay uh cool so now we will be going to config file so here right now i told you inside the configuration file right now we'll be having a configure method and here inside the configure method we'll be loading the data we'll be loading the user now where from you will be loading the user we need to tell to this authentication manager builder auth right to this object i'll say auth dot uh right now we'll be doing a jdbc authentication previously we are authenticating the user by looking into the users and password everything available inside the in memory that's why previously we used to do in memory authentication because right now our data is not there inside the memory our data is there inside the database so whenever somebody is trying to login we have to see the data inside this table okay inside this schema okay so this is to connect to this schema we'll be needing a jdbc connection and obviously we'll be saying that jdbc authentication okay so jdbc authentication is used for looking into the database if you are loading the user from the database you will be using this method okay now to this jdbc authentication how it is going to connect to the database it will be needing a data source so i need to give him a data source object now that's why i have created the data source object right here okay now you just tell me in this class in this config class here i need the data source object so how can i get the data source object maybe i can write here private uh data source uh data source java dot sql data source okay now what i need to do i need to auto auto wear it why because obviously whenever i'm writing been there this object is already been created and they are inside the application context now i just need to cache that object by doing whatever just right here now i get the data source object simply copy this object and paste it here there you go you don't have to do anything maybe you can do one more thing maybe uh we have not uh we do not have any password encoder isn't it and we also have not stored the user by having the id just like no or big crypt or things like that so i i'm i'm storing the user password as a plain text so maybe i can say dot password encoder and this time the password encoder is which one i'm storing the user in plain text so which kind of password encoder i will be using no exactly so nope is a singleton one right the lib so i can use that get instance method right no password encoder dot get instance method uh just to get the no password instance if you would have used bcrypt directly write a new uh b crit okay uh maybe be crypt password encoder that would have worked right now no does not have any constructor it's a singleton class so i'll do no op password encoder dot get instance there you go right so now this would work finger crossed ctrl a command shift f to format the code and uh basically okay let me not format the code because i got some code here and i'll be bringing that uh in later but right now this should work let's see that what is happening what is not happening now let me first of all i don't trust this tomcat and for that i will do what first of all let me build this project and i will be deploying a freshwater maybe i'll just do a simple clean install right click run it um run maven install let's see let's wait till the build is success now once it's done i'll do right click run is run on server next finish and let's see what is going to happen either my server is booting up or not fail to load could not air could not connect to server could not connect to server why am i something happened here okay what kind of issue this is let me close this one and maybe let me do one thing let me clean that tomcat directory right click clean okay and also let me remove if anything is there inside maybe this one let me remove it let me do finish okay and also let me clean the tomcat work directory as well let me do okay there we go right click run is let me deploy that on the server next finish don't tell me that it's not going to deploy right now yep okay something happened right now if i am going to use any of the endpoint if i'll go for my classes if i remember it correctly we have some endpoints there may be inside the controller maybe we have a hello world controller here we have an endpoint uh hello this is a secure endpoint right let me copy this endpoint hello let me go here let me paste it hello enter let me see that okay i'm getting a login page let me copy this url to somewhere else let's let's not use it here because we'll be coding here maybe i'll go to here paste it enter okay i got a login paste now let's try to login by using by using the username and id that we have inside our database so i got one dilip and dilip 123 let me try that let me go here let me try the leap and delete one two three enter okay i'm logged in so can i try with help hello yeah there you go can i try with buy there you go can i try with hello world okay there you go yeah i'm able to login and if i do log out if i'll do if i'll be doing a log out i'm obviously logged out let me try with a different user maybe i can go with uh karthik okay and repti is also there i can try with refti right now can i try with lefty uh maybe i can do one thing i can directly hit and secure url it will be also sure that there's a secure url let me hit hello now see when i'm typing hello it is redirecting me to the login page right so i'll write hello enter so i'm redirect redirected to the login page now let me hit uh right now rft and reft one two three enter there you go right now repti is log i mean she is logged in and she can access the secured uh you know sources and also the logon logout button we had inside the hello world page so see if we want she can clicks on logout and says right now logged out of the application right so this is how simple this is how how much lines of code that we have done we have done nothing literally nothing we have just created a data source instance and that's it and we have used jdbc authentication dot data source dot password encoder and this password encoder we are using because we are storing the data as a uh you know plain text okay what if if i want to encrypt this data maybe i can try that also maybe i can go to uh be creeped calculator because i want to be creeped uh you guys have ten more minutes maybe five minutes i won't be taking more that's okay sleeping yes okay okay they live one two three so this is right now the encrypted value maybe i can copy that uh we are good so far you have any questions you can just ask me right now so right now let me change that password value to this this is encrypted and a big crypt value okay decrypt is a i mean in big crypt uh algorithm we are applying and creating a hash so that the hacker cannot decode it and hacker does not know right now what is the value of this right now i am using the lip123 maybe i can take the next one uh karthik one two three copy that maybe here i will be going for kastic one two three go with this this is the hash copy that maybe i'll go to my database and you know what guys this is going to fail i know why i'll tell you why it is going to fail maybe the next one that we have is reptile right copy that sorry copy this and go back paste the depth here calculate this is the hash for empty copy that come back and paste that uh you know no you know that decrypt uh code here people do apply it will be failing you'll see why it's failing anyone can guess why it is selling you can direct more than 50 yes basically this decrypt this value will be 60 this one is going to be 60 character maybe so what i can do i will click on the user i can click on this range so here the password one we can change it to 70 okay it will be 60 or 50 or 60 maybe we'll be changing it to 70 apply it close that's okay done now can i can i get that the other one that i have maybe users there you go now can i do apply apply close yeah done so now all this password password i have encoded right now this password i encoded now if you are going to try to log in can i go back if you are trying to log in do a refresh if i'll be trying to log in with let's say the lip and i'm hitting the lip one two three log in it is going to say you invalid login or password this is not a correct password because right now you are hitting the lib123 but the data that you have here inside the database is a hashed value right so the leap one two three and this value is not matching so what you need to do right now you have to see uh you have to generate the hash for this whenever you are saying let's say let's say you are saying delete and here you are saying the leap one two three now for this delete one two three the hash value you have you have to generate the hash value for this and that value you have to compare with this one and you have to make sure that the hash is coming same for i mean for both both things like you know this house is delete one two three and that has also which will be generated the value should be same okay now this one let's say says delete one two three the house which will be generated for this it should also say the leap one two three and which kind of encoder will be using obviously a big crypt password encoder will be using because this value we have hashed by using a big crypt password encoder so maybe i can do what uh here instead of saying a no password encoder maybe i instead of hard coding the encoder here maybe i can put the encoder right there maybe here i can create one more encoder so i'm inside my config file right now so i'll be saying password encoder and now here this password encoder which one i'll be using i can use password encoder this is the interface and what is the implementation i'll be giving return decrypt password encoder right new decrypt password encoder this is an implementation of password encoders because this password encoder is the interface if you remember this is the implementation class so can i do at the rate bean here there we go now i have created a bin okay for password encoder maybe in my security config file i can create one more variable here well let's wait for some time okay now here i can create one more variable private uh what is that password encoder can i do password encoder password encoder and i'll make it auto where okay now you got the password encoder right here copy this one and simply go to here inside password encoder i'll paste that value right it needs a password encoder right and there you go you do ctrl s now let it restart and we will see whether the things are working or not uh working or not right now we have created the hash value so even though you have my database access still if you are looking into this one inside the users table you do not know what is the value of this particular you know uh the the salt that you have right here perfect so now looks like it's good i can go back to here now i can simply go with delete and delete one two three log in and boom i'm logged in now obviously for this one we do not have any page attached that's why it's saying 404 but we can try with some secured resources like hello it's also working if you can go with buy this is also working can you go with hello world okay this is also a secured access i mean secured resource still is working if you want to do a out it click on log out try to go with refti right now depthy and repti123 login and there you go i'm logged in let's say hello world and obviously you'll be able to access this one log out and you are logged out of the system all right guys so before we get started with this particular video i just want to quickly tell you a few things maybe you can skip this particular things if you are a new user to my channel you can basically skip this particular stuff and go into this particular time or this particular time stamp well i want to tell you something guys you know you know if you're following this course along from the video number one i told you that you know i'll be sharing you some java 8 resources and actually i have shared around um you know shared my paid java 8 course to around 100 people okay for free and you know right now if you are raising a free request i'm not going to take it anymore because anyhow those hundred people they are learning and i have created the username and password a credential for them so actually um you know they are learning it for free and i i have to bear that cost because anyhow those videos are hosted in some video hosting platform and i have to pay for that so i cannot actually upward to give more than 100 people access at a time so there is no benefit guys there is no benefit i'm making out of it so actually i'm paying for a lot of different stocks and also i'm paying for those extra 50 60 dollar for those 100 people and now what i'm gonna request you people who have taken the java 8 course for free uh once you learn it i mean at least you know if you are learning it for a month and if you are okay with those contents then you just talk to me again and you know tell that i will ask you know i don't need all these videos anymore so please you know you know deactivate the account so i can deactivate the account so that to someone else i can actually give that particular course for free because as i said i can only offered um you know to give that particular course to 100 people so please please help me to do that if you have taken that course the way i have connected you the way i have given you that particular course for free the same way once you are done with that course talk to me that available deactivate the account and i don't need this particular course anymore i'm good with the content right so that i can actually create one more account for someone needy and i can give that particular course for free okay i hope you guys understand so there are also people who are in weight so please think about them and one more thing guys the people who are actually uh going for the micro services or springboard course of mine make sure that before you raising a request a paid course request make sure you guys have completed the spring code and mbc videos in in my youtube playlist that's the prerequisite without attending those particular sessions without taking those particular courses if you're attending it or or if you're making a particular request for springboard course i'm going to resect it so these are the two updates that i want to give you before i get started with this particular video sorry for wasting your two minutes and right now let's get started with this particular video and i'll see you around making sense guys whatever i have done so far yes okay deliver making sense yes sir okay okay okay okay i know you have not watched the previous videos but still whatever we have done at least kind of giving you something like what we're trying to achieve here yeah i understood what you are trying to ask but last few 10 minutes i didn't understand okay okay tell me which one uh which one uh obviously that uh b script used right that one yes so this website you are saying huh yeah this one and uh um while logging in with that password why did it work in the first attempt i didn't understand okay okay so right now basically i have explained this in maybe the first video or second video uh of a sec you may go through that and that will help you anyhow but for a sorting i mean if i'll run if i want to wrap it it's like a c now whenever you have a password let's say you have a password in the database where is the database okay now we got a password here i mean this is the encoded password okay so right now whenever you are storing password in the database obviously now password i mean how you want to encode the password okay so there are different password encoder are available in spring security okay so what are the password encoder that we have you can go to there is a you know interface called password encoder it will go here now this is an interface right so there are so many implementation class available for the password encoder see this is an uh i mean if you are going to write a password encoder you should write overwrite this encode method override this matches method and obviously this is a default method is up to you you'll be overriding or not but the thing is that this is then a password encoder will help you to encode the password because you don't want to store the password in plain text previously we are storing the password here in the plain text right like the karthik123 okay now imagine that you have the access to the database now if you if you have the access to the users table if you're going to look into that then obviously you will know delete password right oh yeah yes i can see the password yeah so we have to encode the password now so okay encoding to encode the password i will be telling all these things in very briefly in my coming lectures but right now how we want to encode the password if you do command p on this encoder you can see there are a lot of password encoder available given by spring okay just like a big grip password encoder you have also a script this is also a very standard one a script password encoder and this is basically one way of hashing i'll be telling you about hashing hashing means once you generate a string you it cannot be reported back okay for an example this thing i mean right now you'll have a lot of question like then how it is reporting back how the comparison is happening obviously i'll be telling you about it right now imagine this lefty one two three we have used an algorithm that algorithm called big crypt algorithm you can see inside the password encoder we have a kind of password encoder implementation which is that decrypt password encoder if you'll go here see this big create password encoder this is a class and this implements the password encoder right and now it should have overwritten that you know methods like it has a method called matches i have shown you there matches method okay now this is the method which will be executed when someone is giving a password here now this method will do what let's say here you are giving a password right username and password now let's say here i'm giving the lib 123 okay now this password and whatever i have in the database this password that will be compared and how that will be compared this this matches method will help you to compare that okay now this matches method will do what it can take the row password that is coming from you know from the user from the user interface and the encoded password that you have inside the db right so these two password it will compare and it will compare by using his own logic which logic decrypt logic that's why you have seen that i have done what inside the big crypt calculator i have created this string this string this is one way hustling this is the encoded value okay now this value uh how i have encoded by using a calculator called bcrip calculator that's why i have stored this value here inside the database right now the thing is that here in my my security config here inside the configure method we need to tail to spreading that okay you we are saying here inside the configure method that hey do a jdbc authentication and to do that authentication use my data source my data source is whatever i have defined and that data source is going to tell spring security to connect to the user table to here okay now this logic that you have written that this code that you have generated by which kind of password encoder you have used to create this particular long string okay now we have used what we have used we create password that's why exactly now this password encoder this password encoder is obviously where i have defined i have make it auto word i have defined it here now here this password encoder what i'm returning i'm returning big root password right now if if you would have write it in normal normal string like here i would have write a delete one two three now this will not work with decrypt password encoder this is plain string and if you are storing your password with plain string we have another one that is called no password encoder right now if i'll change it to no password encoder so we do we cannot do no new no password encoder because no all password encoder is basically a singleton class possible to control safety no op password can i do no op password encoder if you're going to see uh here so basically spring says the uh i mean nobody check don't use this password encoder because this encoder is deprecated and they are telling do not use it because this password encoder you'll be only be using whenever you will be having password as clear text and obviously you never want that inside your database you'll be having your password in clear text okay so that's why they are saying don't use it and obviously you can see uh there is a method here called get instance okay which will get you the instance okay what is this instance if you click here this instance is a static variable and they are creating the instance here new no password encoder and this no password encoder is the private constructor inside the singleton class we'll have private constructor right and as the constructor is private we cannot use no password encoder encoder equal to no new no or password encoder new keyword we cannot use if you want to get the i mean object of that you can use this get installed at instance so that's why what i was doing previously if you want to go to here now you can do no op password encoder no op password sorry new i can use right so no op password encoder dot get instance okay now if i do that now this one will work delete one two three this thing is going to work let's check whether it's working or not but the other thing will not work i'll just tell you so right now it's completed i'll go back to here i'll go to the login page now i'll just try with the lib delete and his id is delete one two three enter sorry maybe i have written long around the lip and the lip one two three enter okay why saying wrong password uh return this one let me go here delete dilip you delete one two three looks like okay have i applied it close right now can i see the users okay i have delete one two three here right now i can check that can i do a refresh and let's check it maybe delete and delete one two three enter now i'm logged in right now i can go to hello world this is an end point that we have written see i'm logged in here if i want i can do logout but right now we said if i'll be trying with reft this will not work why i'll tell you now lefty one two three if i do login it will say invalid login or password why because this reptile this particular data is going okay and this data is going and now no password encoder will do what it will go to no password encoder i'll just tell you a little bit of uh an interesting thing here the no password encoder will use this method matches method to match the password the row password and the encoded password row password is what whatever we are getting from here now here what i am giving i am giving reft one two three okay so now that password will come to here this is the encoded password this password will come from the database in database what we have for empty this string now see how what kind of logic they have inside no password encoder and that's why they are saying do not use it see they are using row password or two string equals method right so if you are going to compare lefty one two three with this one is it going it's going to return true or false false always right then obviously the password does not match if you do not believe me i already already got in a break point here maybe what i can do i can quickly show you this maybe i'll just tell you guys these things i'll explain you just because you are having a curiosity i'm just explaining this one but you can see that for one time i can remove everything good question yeah so what i can do i can go to here um maybe this is no password encoder this is the encoder that i'm using i can just give my breakpoint here in line number 40. now you'll be seeing that the flow will come to here let me go to here here i'm using password encoder no password encoder right so spring knows right now this guy is using no password encoder in his system i mean in his application so go to the other perceptive let me stop the you know server and what i can do i can start it in debug mode debug let me start in the debug mode and make sure i have given a breakpoint there if i go to the no password encoder here inside the matches method okay this is the implement here we have the matches method and here i have given the breakpoint okay now see that okay whether this is the here our flow is stopping or not now let me try let me do a refresh okay now let me try with the leaf first the lip the lip one two three enter okay now the flow came here let me do switch okay now see where is my flow inside no oh password encoder right so now what is the row password over here this lib123 this is what i'm entering in the screen right here this password now what is the encoded password encoded password is also delete one two three because why in db what i have delete one two three right so now this one if i'll do control shift i obviously will return obvious okay i am having some problem with this one but anyhow if i do step over okay now it it it will be going to an exception so anyhow i was not able to do control shift i on that but you can see that that obviously you can understand what will happen obviously that equals method will return you false isn't it so now if i if i will try with the other one let me go to the screen okay the lip is logged in right okay for the lip it will be turning true i'm sorry because the leap and the lip will match no so it will be returning true let me try with repti so that's why the lip is logged in right now so if i'll go to hello world now i can do log out for delete it is successful login is successful now let me try with revt rept and uh reft one two three okay now do login again the flow will go to that method now see the raw password but we have left the one two three what is the encoded value now see this is what coming from the db okay now obviously here what is what is going to the value you can imagine why i'm not able to execute this i don't know i don't know maybe can i do execute here uh okay can i put another breakpoint here it's not possible right i don't know i'm having some problem okay so right now if i'll do a resume obviously it will fail it'll say okay invalid login or password okay i mean it's making sense uh obviously what i'm trying to say here yes yes yeah yeah but go with those videos so initial two or three videos uh of a sec that will make a little bit of sense but about this password encoder guys i'm going to take a complete session i'll be telling you about all kind of password encoder that we have maybe i don't want to complicate things right now by just by showing you the code and things like that but i will be coming back to this as i said complicated module will go step by step but yes you should know at least how this is working okay it's making sense right now like what we are trying to achieve other people i mean we are good so far no confusion maybe for example we stated in the database to store a maximum of 50 digits and maybe they are letters only yeah so when we encrypt when we encrypt the password the password will become more yeah no no no the decrypt one uh felix the big crypt encoder if you'll be using always the string value will be 50 sorry 60. so i can count it it will be 60 only if you can count the what that will be always 60. so whenever you will be creating uh i mean creating the password hash just like this the encrypted value by using a big crypt encoder then obviously the value will be 60 only after everything maybe for um for if i give any random string here that will be 60 only you can see this value will not be more or less so that's why i've given that 60 i have taken that 70 but you can also take it as 60 it won't be increase more than 60 and also one more thing also i can try you can practice that in home you can remove the complete password encoder from here and what you can do over this delete let's say over this one this is the lip one just create an id so what is the id of this no op right so just use the know of right here nope is for no password encoder for b crypt for this kind of value you can write big crypt always maintain one i have two kind of value here either you just stack uh either you store the value by using no or by using b crypt i'm just showing you that doesn't mean that you will store some value by using no by some values by using big crypt some values by using script don't do like that okay so for decrypt you can use b crypt like this the id if you are taking this make sure that your value should be database value should be column value should be 65 because big crypt is how many character 1 2 3 4 5 6 maybe 66 it will be 60 plus 6 66 okay just go for 66 as highest value or take it at 70 and i use the id just like this and at that time you don't have to use the password encoder no i think you you you can try without by removing the password encoder also it will work because you're only you are telling that okay i'm using this no op to store the data and whenever you'll be reading the data use this no op the no means no password encoder they create mean big red password encoder spring spring is well smart to figure that out okay and i'll be telling more about this but you can try this for today okay just use decrypt everywhere and remove this password encoder and here maybe my security config no need to write the password encoder end it just right here don't define the password encoder this will be enough okay so maybe you can try that but i'm reporting back my code because tomorrow i'll be trying and again we'll be having issues and uh i will not understand that okay what i have changed and yeah that's that's okay i'm good any questions so far how is it going guys boring interesting slow fast any suggestion everyone silent sleeping okay cool so try it guys tomorrow i will meet you guys same time maybe uh okay saturday or sunday java 8 class when you want to have it just plan it and accordingly let me know i'll just take the javad class accordingly okay maybe you guys can decide by thursday all right so that's it guys thank you very much for watching this and i hope you have enjoyed this particular session and you have learnt it well like you know how easy it is to connect to the real database and to store our users inside a real database and how we can basically face the data from the database as well so see you in the next episode where we'll be learning how to create a signup form right so that the users can actually register by using a signup form and we actually don't have to you know insert the data manually inside the database so some good things coming off and i'll see you around and i'll see you in the next video till then take care bye bye and happy coding [Music] foreign

Info

Channel: Selenium Express

Views: 3,554

Rating: undefined out of 5

Keywords: Setting UP JDBC Authentication with Spring Security, Security Database Default Schema, spring security authentication, spring security fundamentals, spring security in spring mvc, spring security in spring boot, selenium express spring security, spring framework, spring boot security, spring boot security tutorial, Abhilash, Abhilash Panigrahi, jdbcauthentication, spring security authentication with database, spring security authentication spring boot

Id: RDUc4vVCWjI

Channel Id: undefined

Length: 76min 32sec (4592 seconds)

Published: Wed Apr 21 2021