Secure Spring Boot Web API using JWT and Spring Security - JWT Authentication and Authorization

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video I will show you how to implement user registration authentication and authorization in Spring boot web apis using Jon web token then in the next video I will show you how to implement Ro based authorization first let's create a new springbot project so here we can type spring initializer then let's go to the first link let's select Maven in the group let's provide com. bookstore for example then let's provide the artifact so we can call this application bookstore then let's add the dependencies so the first dependency is spring web then let's add diff Tools in this video we will connect to mySQL database so let's add the MySQL driver then let's add spring GPA also we need to validate the user data so let's add the validation dependency then we need Spring Security so here let's type security then we need to select either Spring Security or o to Resource server if we select this dependency then we need to add a Jon web token library but this dependency already includes Spring Security in addition to a Jen web token Library so if we select this dependency then we don't need to add any additional Library that's why I will select this dependency then let's generate to the application let's save the file I will save it on the desktop then let's extract this file and let's open it using an IDE then let's configure the application to connect to the mySQL database so let's go to application. properties so we will connect to this database now let's save this file then let's create an entity model so let's create a new class and you can create it in the models package so just here let's add models and let's call it up user we can call it user but later we will use a class called user that is defined by Spring Security so to get rid of any confusion we can call it up user then finish then let's add two annotations to this class then let's define the different fields of this class so we need the ID which is the primary key and it is auto incremental then we need need the first name the last name we need also the username which will be the unique identifier of the user so the user of the application will login using the username and the password then we need the email that should be unique and here we have the phone number we have the address of course we need the password we can add the role to add the role based authorization and then here we have created ad which is the date of adding this user let's import this class then let's add the Getters and the Setters let's save the file and let's create a repository so let's add a new interface first let's create a new package called repositories so just here let's add repositories and let's call this interface up user repository then finish then let's extend the GPA repository then let's add additional methods that allow us to find users by username and by email so we need find by username and this is the username and we need find by email and this is the user email let's save the file and let's create a new controller so let's create a new class let's create it in the controllers package and let's call it home controller so this is AR controller so just here let's add The annotation at rest controller then let's create some end points so we can create the root end point it will be accessible using the get method then we have the/ store endpoint then we have SL admin slome and finally we have/ client slome so to fix the error we can delete this annotation and let's replace it with star let's save the file and let's run the application so now the application is running correctly and it is available at this for number so let's try to access to this end point we can use Postman and let's select this URL let's send the request and here we have unauthorized so by default all the routes of the application are protected and we need to change this configuration so let's create a new class so this class will be used to configure the application so let's create it into a new package and let's call the package config and let's call the class security config then finish so because we will use this class to configure the security of the application we need to add two annotations then let's create a new Bean that allows us to configure the security filter chain so we will register a new beIN of type security filter chain we will disable csrf because we are creating a web API and to use Jon web tokens for the authentication we have to use the stateless session creation policy we will allow all the users to access to the root URL so here for the root URL we have permit all then all the users are able to access URLs that start with/ store this URL will be accessible to everyone and the same for this URL and this URL and to access any other URL the user should be authenticated so because we will use GWT authentication we need to register a beIN of type GWT decoder so first let's save some properties in the properties file so we can save the secret key and the issuer for example now let's read the secret key from the configuration file which is security config then let's register a GWT decoder that will use this key let's stop the application let's save all the files and let's surun the application again let's go to postman and let's send a get request to this URL and this time we have a success response and this is the welcome message now we need to configure the authentication manager to read the users from the database so first we need to implement the interface user Detail Service so we will create a new service and let's create it in the services package let's call it up user service then let's implement the user details service and let's implement the method of this interface so to read the user from the database we need our repository which is called appuser repository so it is already added to the application so we can request it from the application using autowired then let's implement this method so we can read the user from the database based on this username and if you want to authenticate users by email then you can call find by email then if we find a user in the database then we will create a spring user and we will return it otherwise we will return none let's import the missing classes then we need to register this class so just here let's add The annotation at service then let's configure the authentication manager to use this class so let's go to security config and let's register in new bein so here we will register in new beIN it is of type authentication manager and it will use the app user service that we already created and registered here we have the provider we will set the user details service and the user password encoder and we will return a provider manager which is an authentication manager let's import the classes so this authentication manager will use this GWT decoder to decode the received jzon web tokens now we need to create the GWT encoder that we will use to create the Jon web tokens so first let's create a new controller let's call it account controller so this class is a rest controller so just here let's add rest controller and request mapping then let's read the Jon web token parameters from application properties so we need to read the secret key and the issuer then let's create the Jon web token incoder so we can create this function it is called create GWT token here we have the token claims we will use this encoder which is anus GWT encoder and then using this function we will create the Jon web token now I will show you how to register users so first let's create a new model it will be a dto model let's call it a register dto then let's add the different properties of this model then let's create the Getters and setters now let's go back to the account controller and here we need the repository which is the app user repository so we can request it from the application just here then let's create the register method that allows us to register new users so this is the register dto object that contains the submitted data and using this object we can check if the submitted data is valid or not so if we have any validation error then we will return a bad request with the validation errors otherwise we can create a new user using the submitted data that we have in a register DTU so we will create an object of type up user and we will set the first name last name username email using register DTU by default the role will be client and here we have the password so the password will be the encrypted value of the received password so we will use this incoder then we need to save this user and the database so first let's check if we have another user having the same username if yes we will return a bed request with this error message otherwise we will check if we have another user having the same email address if yes we will return a bed request with this error message otherwise we will save this user in the database using this repository then we need to create a Jon web token to this user so we can call the method create a Jon web token and this is the application user so this method is the method that we defined just here then we can build the response so in the response we will add the Jen web token and the user profile and we will send a success response to the user otherwise if we have any exception then we can return a bed request now let's save all the files and let's surround the application so I already stopped the application and let's run it again now the application is running correctly and to register a new user we need to send a post request to this URL so to this URL we need to send a an object of type register DTU let's select body then row then let's select jesa and here let's provide a Jon object let's send the request so here we have a success response that contains the user profile in addition to the J web token let's see the details of this user in the database so let's select this database let's select this table and you can see that we have this new user now I will show you how to authenticate users so first let's create a new model let's call it login d then let's add the fields of this class so we need the username and the password let's create the Getters and Setters then to authenticate the users we need the authentication manager that we already registered in the security config file so let's go to account controller and let's request the authentication manager then let's create the login method that allows us to authenticate the users so in this method we need the submitted data which is of type login DTU then let's check if the submitted data is valid or not if we have any validation error we can return a bed request otherwise let's check if the user credentials are valid or not so we can add the TR catch Block in the tri block we can call authentication manager. authenticate and here we have the user credentials if the user credentials are not valid then this method will throw an exception and in this case we will return a bad request otherwise if the user credentials are valid in this case we can generate the Jon web token so first we will read the user from the database us us this repository and here we have the username then here we can call get Jon web token method to obtain the Jon web token for this user then here we will build the response so we will send the token and the user profile and then we will send a success response to the user let's save all the files and let's send a request to this URL let's select the post method then Bud then row then J up and let's send the username and the password so here we have a success response this is the user profile and this is the Jon web token now I will show you how to authenticate users based on this Jon web token so let's go to the account controller and we can create a new method so this method will be accessible at the URL sl/ profile using the HTTP get method it requires an object of type authentication that allows us to read the authenticated user so here we will create the response so in the response we will add the username that we can read from this object then we can add the authorities and then we can read the user from the database using our repository which is up user repository so we will read the user by username and this is the username then we will add the user to the response and we will send a success response so the URL sl/ profile requires the user authentication because if we go to security config we can see that SL account account is available to any user sl/ login and/ accountregister are available to any user but the other URLs including sl/ profile requires the user authentication let's save the file and let's send a request to this URL so we will send a get request to this URL we need to include the Jen web token so we can copy it from here then here let's select authorization then here we can select Bearer token and let's paste the token let's send the request so here we have this success response we have the user profile we have the username and the authorities in the next video I will show you how to implement the role based authorization using jison web token you can find the video link in the description

Info

Channel: BoostMyTool

Views: 3,140

Rating: undefined out of 5

Keywords:

Id: o1BVL-H7pwk

Channel Id: undefined

Length: 19min 59sec (1199 seconds)

Published: Tue Apr 23 2024