Securing Your API: Implementing Authorisation Headers in Spring Boot and Firebase

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
today we are diving into the very crucial aspect of API security the authorization header authorization is a gatekeeper for your API a determining who gets access to what resources so let's walk you through a demonstration first and then we will dive deep into the coding aspect of it so I've created an API with the endpoint of create and I'm passing the authorization in the header and I'm passing a key over here and let's send it once to check so right now it's saying 401 unauthorized so what we'll do is we'll go to our login API that we created in the earlier videos if you have not watched it I will definitely suggest you to have a look at it once and I'll will put the link on the top and I will click the send over here again and here you can see that I have gotten a response in the ID token so this ID token is really crucial for us uh because it's generated by Firebase and it tells us which person is trying to access your API so I'm going to replace this authorization key over here and see uh so I will click Send and yeah so we are getting four uh 200 error right 200 success response right now and I'm getting S as response because I have passed uh in the body set so let's do it once more and type a test over here and we'll click a send so right now what you can see is if the authorization key is valid we are getting a positive response but if we try to Tamper around with this right now I'm changing it a bit and try to send it it shows us unauthorized so now that the basics of authorization is clear and how it's being passed we'll go to the uh Java aspect of it and see how the code works as you can see my screen uh in the dependency I have added a new dependency that is your uh spring boot starter security this will handle our entire authorization journey and how the things will work the next step is to create a filter config Java file uh so I will explain you what this filter config does basically so it's a configurational file and it's a bean so it will be attached to the program as soon as as the program starts and what it's effectively telling is to load up the filter registration bean and uh the authorization filter I will go to that class and in this class what we are doing is we are making it as a bean and we are adding a URL pattern to it okay that is API slash and you are telling that whichever apis that come into it whichever uh API that has the endpoint as/ API like this SL API uh it should be authorized and it should be authenticated so we'll go ahead and check the fire authentication filter class so what effectively this filter class does is it's it it checks it takes the request as an input and it extracts the HTTP request out of it and it gets the URL so this options part you can just ignore as of now because it will be handled and explained to you on a later videos about why we need to enable the options and everything but coming down to it if you see that the HTTP request we are passing and checking if it has an authorization string in it and we are checking if it's if it's the ID token and the ID token is not null once it has gone into it it will check and uh verify the if the Firebase Au uh instance is valid or not and it will go ahead and check verify the ID token that which we have passed once verifying it it will get the uid from it the user ID and this entire process then will lead to the successful passing it from this particular method uh the Firebase authentication filter over here and let's go ahead and check what I have created in the user o controller so I created a very simple API that is your create endpoint and I'm just taking a string uh as an input and I'm just returning that string only for this video purposes so right now what all we have learned we have learned that uh the filter needs to be done and the API endpoint has to be put on and this is the user ID so let's do one thing we'll put a debugger over here and see how this this user ID that we are getting should match the user ID that we have provided okay so the deug has started let's go ahead and uh go uh to login once and we'll send the login API again we'll copy the ID token and copy the ID token and put it in the create over here so right now I will click on send so the debugger has stopped over here and you can see in the decode token uh while we open the claims and we will check that this user ID we have gotten a user ID right so we'll go ahead and check this in our Firebase instance as well so this user ID that we are using to log in that user adate example this uid and the uid that we are receiving in our code matches so that means that it is a valid token and we can proceed with this fact and it's returning the variable as the test variable okay so I hope this video was pretty much clear about how to set up your entire process I will attach the code in the description itself of the video hope you like this video and in the next video what we will do is we'll go ahead and start off with the user creation process that we explained again in the previous video of the explanation of it so we will we have effectively set up this part of it that we are accepting all the authorizations but next next we'll move to create the get API and the post API for the creation journey and all this data will be inputed from this API itself so catch you up in the next video and hope you guys like the video definitely do subscribe to the channel to follow up on more yeah happy coding guys
Info
Channel: Sidharth Sahoo
Views: 296
Rating: undefined out of 5
Keywords: SpringBoot, APIAuthorization, SpringSecurity, FirebaseAuth, WebSecurity, APIProtection, SpringBootTutorial, BackendDevelopment, WebDevelopment, RestAPI, SpringFramework, JavaDevelopment, TechTutorial, SoftwareEngineering, SecureCoding, DeveloperGuide, OAuth2, Authentication, SoftwareDevelopment, TechEducation, FullStackDeveloper, Programming, CodeTutorial, SpringBootSecurity, SpringBootStarterSecurity, APISecurity, SecureAPI, FirebaseAuthenticationFilter, JavaSpringBoot, LearnToCode, TechMentor, TechnologyExplained
Id: 0levwmKa2ec
Channel Id: undefined
Length: 5min 32sec (332 seconds)
Published: Thu Nov 09 2023
Related Videos
How to Set Up a MongoDB Atlas Account | Step-by-Step Guide
Sidharth Sahoo
84
Transport Layer Security (TLS) - Computerphile
Computerphile
457K
MASTER JWT Authentication with Java Spring Boot 3
Wazoo Web Bytes
11K
Exploring XCP-ng from a VMware User's Perspective
2GuysTek
81K
Why Does Scrum Make Programmers HATE Coding?
Healthy Software Developer
475K
Google Data Center 360° Tour
Google Cloud Tech
5.1M
FastAPI + OpenTelemetry in 5 Mins: Setup & Trace with Jaeger!
Prograamer
90
Spring Boot 3 OAuth2.0 Authorization Server OAuth2.0 Resource Server Angular Full Stack: Capítulo1
Luigi Code
12K
Microsoft 365 SPF, DKIM and DMARC; Improve Your Email Security!
Jonathan Edwards
27K
5 Rules For DTOs
Ardalis
5.9K
Adobe's First Real Competition
Theo Rants
36K
😮 IMPRESIONANTE 🤯 AUTENTICACION Spring Boot (Spring Security) & Firebase | 4SoftwareDevelopers
4SoftwareDevelopers
1K
Spring Boot Firebase CRUD Application 4 - Implementing Firebase Services in Springboot
ProgrammingKnowledge
11K
Spring Boot in 1 Minute
in28minutes - Get Cloud Certified
223K
How to use AWS WAF (Web application firewall)/Web ACL? - Step By Step Tutorial (Part-11)#aws #devops
Rahul Wagh
15K
Developers: Pivot to Robotics?
ChangeNode
36K
Cybersecurity Architecture: Who Are You? Identity and Access Management
IBM Technology
85K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.