Spring Security Tutorial | In depth Course

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so security is very important part of the application that we develop so whatever the user is using your application that user has to be authenticated and authorized to use your application so it's a very key feature of your application so in this video we are going to learn about the spring security how we can allow the user to register to your system with an entire complete flow and how to let your user to login to your system using spring security auth 2 and open id so without wasting any further time let's get started [Music] so in this video what we are going to do today is we are going to create a complete registration flow with login functionality for a user so we'll start with creating the functionality of registration where user can register the system using the rest apis we are going to create the rest apis only today and the same thing that you can implement in your ui application as well so we'll create a rest api for a user to register to your system where you will take the first name last time email id password confirm password and all those details and user will try to register to your system and when user registered your system user will get an email to confirm that email to confirm the account that the details that a user has entered are correct or not so that particular thing we are going to mimic it today once the user confirms its email address we will be activating the user we will also add the functionality if the user has forgot the password so we'll create an api where user can reset the password as well at that particular time what we will do we will confirm its email that whatever the email a user is entering if that email is correct and it's available in our system then we'll send an email with the reset token to change the password we'll also create the functionality to change the password where a user will enter its email id old password and the new password and we'll validate the old password and email id is correct then we will be able to change the password as well and we will also allow the user to log into the system with the registration process the user has completed so whatever the details user has entered in our system with those credentials user will be allowed to enter our system using the oauth 2 and open id so watch 2 and open id are the standards within the industry where everyone is using that you would have seen everywhere like login with gmail login with facebook login with twitter github everywhere right so that kind of implementation we are going to do today with our custom authorization server so these are all the fundamentals of security and we are going to implement today speaking of fundamentals i have hopped on a train to learn website technologies and the fundamentals of web 3 is cryptocurrency so i've learned the fundamentals of cryptocurrency from brilliant.org who are kindly sponsoring this video now brilliant has very interactive courses with lots of example and a repeatable coding which will trick your mind to have a deep focus on the learning that you are getting from the courses so whatever time you are spending on the particular courses to learn anything you will be in a deep focus to learn that particular thing it will hook you into the courses this is a completely different experience of learning than the traditional one you learn one topic and instantly there is a quiz or a problem or a any solution that you have to implement whatever you have just learned from that particular topic that is really good because it will just print the topic into your brain which you have just learned with the practical examples from that course and not just this there are more than 60 plus courses available ranging from algorithm fundamentals neural networks search engine quantum computing computer memory management and lot more now if you are interested in this lifelong learning you can sign up to this courses for free by going to brilliant.org forward slash daily code buffer and the first 200 people to visit the link will get a 20 off on their annual premium membership i'm also planning to learn quantum computing i think it's a super interesting topic let me know your thoughts in the comment section below now back to the video now as we talked that we are going to implement a complete registration process with the login functionality with springboot let's go to the intellij idea and let's create a simple me1 project and in that we will be adding our different modules for registration and authorization server and whatever you're going to implement so let's fire up the intellij idea okay i'll go to the main project click on next let me create the folder documents java workspace spring security tutorial i'll open it and this is the project that i am going to create let me add the coordinates com.daily code but first i defect as spring security tutorial version as this and finish it so within this we are going to add our project as a module so let's create the first project let me go to the browser and here let me go to the start.spring.io [Music] the group idl gave us com dot daily code buffer and the artifact i'll give is spring security client i hope the spellings are correct client yeah i'll give the package image client packaging is jar javascript is 11 and let's add the dependencies so i'll add the web dependency i'll add the lumbar dependency then i'll add the gpa dependency then my sequel driver with spring web lumbar sprinkler gp and mysql driver so i think with this we'll be able to create our application we will add the spring security module later in this video so let's generate the project and add as a model in our intelligent area so i'm just generating the project over here i'll go to documents java workspace okay now you can see that the project is showing up now let me add the module over here okay inside modules i'll add the module spring security client and i need to change the packaging as form here you can see that my project is showing up and this is my details the spring version i'm using is 2.6.3 spring data gpa is added spring starter web is added my sequel connector is added lumbar dependency is added okay all the things are added let's go to the src main resources and let's change the application.properties to application.yaml so i'll do refactor rename to yml and i'll change the property that this should run on server dot port 8080 now let's add the another dependency about the mysql connector and the jpa what i'm doing is i'm just pasting the details over here it's pretty simple okay you can see that spring.datasource.url i have mentioned over here currently i am using the mysql in my system so i have given the path of the mysql that is jdbc mysql localhost 3306 and i'll give this schema name as well but before that we'll create a schema okay after that i've given the username and password of the uh my database and the driver class name i've given spring dot gpa dot shows equal to so all the queries will be printed and hybrid ddl auto is update so whenever there is a change in our entities it will be reflected in our database so this is the standard configuration that we have added in our system so now let's go to the mysql and create the schema so i'll just open the mysql workbench let me connect so i'll create the new schema and i'll say it's a user registration okay apply the changes close and here you can see that the user registration schema is created i'll use the same in our intellij idea okay this is my user registration schema now within this particular application we are going to build a complete registration flow first so before that let's create the different packages that we are going to need so we go to the java in the client package will create the different packages controller entity service repository and model i'll create one more if any configuration that we have to do we will add that in the config folder so these are the standard packages that i have created now let's start to build our application so firstly we'll create the controller registration controller okay and we'll annotate this with it rest controller annotation okay my controller is ready then let me create the entity as well the entity i'll create as a user entity and we need to annotate it with accelerate entity now let's add the different properties as well so i'll just add private long id private string first name private string last name private string email private string password then private string role what is the role of a user okay then i'll just add one more private boolean enabled equals to false by default the user would be not enabled disabled okay so these are the fields that i have added what i'll do i'll just annotate with the elder id and i'll just use generated value strategy equals to generation type dot identity and i'll use the lumbar to add the data setters and everything at the red data annotation okay so my user entity is ready and one more thing i'll add is in the password i'll just add one validation that is column length should not be more than 60 okay so i'll just do length equals to 60 okay so maximum password should be 60 characters as we are going to use the big crypt password encoder we will be encoding the password in the hash code values using the decrypt encoder and we are going to store that password in our database so no one can see the password so these are the details now let's create the service and repository so first let me create the repository within the repository package i'll just create a java class and i'll say user repository and that will be the interface i'll annotate it with edit repository and user repository will will extends gpa repository this gpa repository is of type user and id is of type long okay now within the service let's create the service interface and the implementation of that particular service as well so let me create the class and i'll say it's a user service and it's an interface and i'll do the implementation for that as well that is user service implementation that's a class that will implement user service okay and this will be annotated with service annotation so my controller is created my entity is created repository is created and my service interface and the service implementation for that interface is also created so now my all the basic classes are created so now let's go and implement the registration flow before that let's announce the winner of the giveaway of the mx master three mouse and the winner of the giveaway is whatever the user popped on the screen so i'll be reaching the user from the comments that they have added in that particular video to get the contact details so i can ship the product to them so congratulations to the winner and thank you so much everyone for participating in the giveaway now if you're feeling that you have missed out on the giveaway so don't worry there will be a lot of giveaways in the future and if this permits there will be a bigger giveaways as well so keep supporting and thank you everyone for participating and congratulations to the winner as well now let's go to the registration controller and create the rest api i'll go to the rest controller over here and here let's create the apis now before adding anything to the registration controller we need to create a model as well so let me just first create the model and i'll just say it's a user model and here i'll add the same properties that i have added in the user entity i just need these details i need password as well and there should be matching password as well right when you are creating the form you will be adding the matching password as well annotate with data nuage constructor and all logs constructor okay so my model is ready so let me go to the registration controller let's create a method public string register user and this will be headered post mapping to slash register user i'll just keep it resisted that would be better and i'll be taking the request mapping as well so i just take request mapping sorry request body and this request board is nothing but your user model now at this point we need the user service object as well because we are going to call the user service and from that particular user service we are going to call the repository so let me just create the object for that private user service and i'll just auto wire it and i need the user object the user is com.daily codebuffer.clien.org this one user equals to user service dot i'll just do a register user and i'll pass the user model okay i'll create the method create method register user in user service okay i'll go to the implementation and i'll implement the method and in this particular service i'll need the user repository as well so let me just create the object for that as well okay and i'll just use the rate auto wired now in this particular let me create the user object user user equals to new user and all the fields from the user model i'll set to the user so user dot set email i'll do user model dot set email sorry user model dot get email user dot set first name go to user model dot get first name user dot set last name user model dot get last name user dot set role and i'll just do user role okay for now but later we can create this particular thing as a dynamic as well but currently let's make it simple to understand because we need to understand the security part more and user dot set password as user model dot get password now one thing to note over here is whatever the user dot set password that we are doing over here that is the plain simple password that we are getting from the user but when we set to our database we need to convert that to the encrypted password so we need to use the password encoder to encrypt the password before saving to the database so let's do that first now for this particular password we need to create a config so let me just create a new java class and i'll just say web security config and for now i'll just annotate with the red configuration and i need the password encoder so what i'll do i'll just say password encoder so to use that particular password encoder we can see that we are not getting the class so we need to add the spring security to our project so let's go ahead and add the spring security so let's go to the pom.xml file let me go to the browser within this same project let me add the security okay and if i go to the explorer i can take this springboot starter security okay so let me add the dependency and for the testing purpose you can add this as well so let me add that dependency as well so if you want to add the test cases for this you can add these cool right so now let's get back to the web security config and here rather than using the configuration i can directly use enable web security okay let me remove the imports and here i can use now password encoder so i'm not getting the class over here so let me restart the main one so i can get it so what i'll do i'll just revalidate the cache so sometimes this kind of issue will happen so you need to invalidate the cache and restart the intellij idea so now you can see that i'm getting right so i'll just use it and use password encoder and i'll just do return new bicrypt password encoder and i'll just use the strength 11 and i'll define this as a bean so i can auto wire it so if i go to my user service impl here i can use it i can use private password encoder and i can auto wire it okay and now when we are saving the password over here before that we'll just use password encoder dot encode so this password will be encoded over here and then once everything is set user repository dot save user and we will return back the user symbol right so user service implementation is done now let's go back to the controller and here what i'll do i just return success okay so you can see that the one part is done that whenever user will try to register to the system the data will be saved to the database and the user will be disabled in starting now we need to send the email to the user so that with a particular link so that user can click on that particular link and the user can be activated so that's the standard process right so for that what we have to do is we have to create the event for it because that's the other task that you are doing the particular process that you are doing over here that should not take the extra time for that okay so what we will do we will just separate out the process we will create one event and that particular event will handle to create a particular email and send the email to the user so that's what we are going to do but if you want to test out till this particular flow you will be able to test it out and the user will be saved to the database with the disabled as a status so yeah what we will do to send an email and to separate out the process from this flow we will create the event so let me just create the object of the event and we will be using the application event so we'll just define private application event publisher and i'll auto wire it now once we get the user user is saved to the database we can create the event so at this particular point i can say publisher dot publish event okay and now you can see that this particular publish event is taking the application event as the input parameters so we need to create the event that we want to publish so let's create the event so for that let me just create the event package over here okay within this event package i'll create the java class and i'll say this is the registration complete event which will extends application event we need to create a matching constructor for the super okay so let me just create it and here we'll be taking the user object user user and i'll be also taking one string as the application url cool right so here you can see that the event is created now i want to have this two particular field as well so let me just do one thing i'll just say private user user and i'll just say private string and copy this application url as well now this particular application url is nothing but a url that we have to create for a user when we send the email to click on it okay so that's the thing and from here this dot user equals to user and this dot application url equals to application url okay now my event is created now i can publish this event so if i go back to the registration controller i can create the new registration complete event okay and here i need to pass user object first and then i need to pass the url so let me just keep a string for now but later we will create the or we will build the url okay so this particular part is complete now we just publish the event we need to listen that particular event and we have to do something on it okay so let's create the listener for that particular event that we have created that is the registration complete event so i'll go to this particular entity package and within this i'll just create one more package this will be list in your listener and within this listener let me just create the java class that is registration complete event listener okay and this and this particular class will implements application listener okay and this particular listener is of which type that is the registration complete event and we need to implement the method so let's do that okay so this is the implementation part now at this part what we'll do we'll create the verification token for the user okay so whatever the token will create and will attach to the link so that when a user clicks the user will redirect back to the application okay with link so we'll create a link over here and once the link is created we can send mail to user that's the two things that we are going to do over here so let's get the user now user user equals to will get the user from the event so we'll do event.getuser so when we go to the registration complete event here we will add the getters and setters okay because i just need to get a sense so let me go back to the registration over here and i'll just use the get user and i also need string token equals to and the token i'll just create as a uuid dot random uuid dot to string now whatever this particular token is right that particular token we can save for a particular user so that when whenever a token whenever link is hit by the user that particular token and the token that we have in the database we can match that particular token and then only will be verifying the user okay so we need to save this token as well so for that we will create the entity again for it so let's go ahead and create the entity for it and for that particular entity we have to attach the user as well okay so i've done the mistake over here that listener i have added in the events let me just drag and drop to the event okay now in the entity let me create one more entity and i'll say this as a verification token this will be ntd and this will be data as well add the id attribute okay and here i'll define one more thing that is private string which is token and private date expiration time okay whether particular token will be expired so we will generally give about 10 to 15 minutes of time to for a token to expire and we'll also give for which particular user so we'll do one to one mapping for a user over here so here we'll just define one to one mapping and we'll define fetch equals to fetch type dot eager and we will do the join column over here the name of the join column will be name equals to user id nullable false and the name of the foreign key foreign key equals to add the rate foreign key and the name of the foreign key i'll just do fk underscore user verify token okay let me just reformat the file cool right we have added the verification token as the entity as well which will have id token and expiration time now from here we need to create the couple of constructors so we can pass the user end token to this particular entity so let me just create that let's create a constructor verification token where we can just pass the user as well and the token this dot token equals to token and this dot user equals to user and one more field that we have is the expiration time so how that particular expiration time would be calculated so for that let's create the method this dot expiration time equals to calculate expiration date and here we need to pass some static values so suppose uh let's create one static value over here private static final and expiration time okay so i am going with 10 minutes of time okay expiration time as 10 minutes so this is something that i'll pass over here that this is the expiration time and let me create the method so i'll use calendar calendar equals to calendar dot get instance calendar dot set time in millis and we'll pass the new date new date dot get time now with this we will add some time calendar dot add and we'll add calendar dot minute calendar dot minute and we'll just add expiration time and we'll just use return new date calendar dot get time dot get time okay simple thing you can see that whatever the expiration time that i'm passing over here i'm adding to the current time and i'm passing the value over here so it will be around 10 minutes from the system time so that will be set over here and i'll create one more constructor over here public verification token where it will just take the token so if i just want to work with the token okay i'll just call this super and this dot token equals to token and this dot expiration time equals to calculate expiration time and i'll just pass the expiry time symbol right and here let me just add the nux constructor okay so this verification token is created now let's get back to the event listener now at this particular point you can see that i've got the user and i've got the token as well now at this point i can save the token and user to the database so here as well i will need the user service so let me create the object for it private user service and i'll just auto wire it and let's say user service dot i'll just create one method that is save verification token for user where i'll just pass the token and user okay and i'll create the method let's go to the implementation over here and here i can implement the method that is the save verification token for user okay now here what we'll do we'll just create the object of verification token equals to new verification token where we'll pass the user end token and for this particular verification token as well we need to have a repository right because we have not created the repository for this so let's go ahead and create the repository in this repository package let's create the new interface and we'll just say verification token repository okay this is the interface and this will extends gpa repository this jp repository is of type verification token and of long and will annotate with repository cool right now the repository is created let's go to the event listener this is working fine now let's go to the user service impl the verification token is created and i need the object of verification token repository as well so i'll just do private verification token repository and i'll auto wire it simple right and this i can use over here that verification token repository dot save verification token super simple right now my user and token both are saved to the database now at this particular point i need to send email to the user now what we are doing over here is to save the time we are just mimicking that we are sending the email but if you want to actually send the email i have created a dedicated video on spring boot where i am showing you how to send the email from the any of the email client that is which uh in this but in that particular video we are using the gmail to send the emails so that you can implement over here but here we are just making that we are sending the email and we are printing that email in the console so we can get the url and we can use that particular url to verify so now let's get back to the registration event listener and here you can see that create the verification token for the user with link this particular part is created we need to create the link now and we need to send the email that particular part is remaining so let's implement that so here i'm creating the url string url equals to event dot get application url so this particular application url we have not yet implemented the particular method to create the application url but we will implement and we are hoping or we are assuming that we will be getting the application url to the context path okay and then we can add the path from there so from here i'll just append the path and here i'll just pass it plus verify registration so this is some path that we are going to implement registration verify registration and i will be passing the token equals to plus token simple you can see that this url will have the application url that will be your context url plus so this is some api that i'll be creating that is the verify registration and as a parameter i'm passing the entire token okay let me use the slf4j over here to print the logger and i'll just print log.info and i'll print over here is click the link to verify your account okay and here i'll pass the url i think this is pretty simple that we are passing the verify registration that one end point this end point we are still going to implement and we are passing the token over here and we are just making that this is the email but ideally this is where you will send the email you can create verification email method over here you can pass the details and you can implement it over here okay so this is the marking that we are doing over here now the application url so this application url we are passing from the registration controller right at this particular point so let's mimic this url let's create the url so for creating the url and to get the context of the url you will need the http request so let me just inject that i'll just use final http servlet request request and here i'll create one method application url and here i'll pass the request and let me create the method and from here we can create the url return http plus request dot get server name plus colon plus request dot get server port plus request dot get context path okay so this is a simple method where it's returning the path now this particular flow you can see that it will come over here when we are going to register it will pass the user model where it will have the first name last name email id password over here we are going to pass from the response body means from there as a part of json and it will save the user over here we will get the user back and we will create one event where that particular event will send the token to the user and form of an email and that particular email can be used to verify the user okay that's standard flow that we are going over here so everything is implemented i guess let's re-verify okay cool so let's start the server okay your server is started now one thing to note over here is when we go to the browser okay and when you go to the local host 8080 and here you can see that we are by default getting a sign-in page and this particular signing page is from the spring security that we have added the dependency okay and currently there is no user or there is no extra configuration that we have done that spring security will understand so what spring security is doing that it is giving the password as well you can see that this is the password that we can use and the default user is the user to log into the system that's what we can do over here but we do not want to use that we need our custom implementation so that is something that we are going to implement but for this particular api right currently whatever the api that we are using that particular api is also protected so that api we need to bypass like when we want to register it's it is not necessary to log into the system right because we want to create the user so there will be some whitelisted apis or whitelisted urls that we want to bypass and for rest of them we need to enable it so that is something that we have to implement okay that is some configuration that we have to do currently we won't be able to log in directly or use any of the api directly so let me add the configuration for that so we are going to implement a security filter chain over here security filter chain and this will be the pin that will be defining and this will be taking http security as the input parameter will be injecting http security and now we can do something on the http so what we'll do with this http we will disable the cors and dot csrf dot disabled okay so we are just disabling the thing over here and it requires the exception so i'll just add in the method signature so i am telling that there will be some apis that you need to handle and this all the apis i need to permit okay what will be the apis i'll define over here so let me just define private static final whitelist urls and this is string of array and which are the urls i can define okay this is hello i can define slash hello i can define one more that is the registration controller slash register okay and i'll define over here that white list urls so this should be permitted all so any urls which have this pattern will be white listed okay will be permitted and i'll just do return http dot build so this is a simple security that i have defined over here that i'm just disabling these urs and csrf so i can do post request and everything for now and i'm allowing all this particular urls whatever i have defined over here so in the future whatever the other urls that we are going to build that will be protected behind the security that will be defining later so let's start this roll again and here you can see the application started and if i go back and here you can see that i am able to directly call the hello api right so one thing is working fine now the same way register one we can use using the postman so from the postman let's try to register one user and before that if you go to our database let me refresh all and within this user registration you can see that the tables are created that is the user and the verification token okay currently we see there should not be any data okay there is no data in either of those table now let's go back to the intellij idea and this is something register that we have to call right so let me open postman okay let me create a new request over here this will be the post request and http localhost colon8080 slash register is the url let me reconfirm we'll go to the registration controller register is the url and we are going to use the input parameter over here that is the first template and everything so let's define in the body raw binary distribution and let's define i'll define first name last name password and email okay first name is sub bear last name is dowdy password i'll give one two three four five six seven and shall be read gmail.com symbol right so these are the details that i'm passing over here and if i click on send and you can see that i am getting the response success over here okay and if i go to the database hit on user you can see that i'm getting the email first name last name and password you can see that it's encrypted using the big crypt my role is user and enable zero so it's false now and if i go to the token you can see that the token is not created so there is some issue so let's check so if you go to the so you can see that the user entry was inserted over here okay but the verification code was not inserted now the issue i can see over here is this is not a component yet right so spring doesn't know about this yet so let me just add this as a component so spring knows about this and this will be executed so let's restart the server okay server is restarted now let's go to the mysql and let me just delete this okay so no records now okay and let me go back to the postman and from here let's hit send okay success if i go back to the mysql user is there verification code is also there so my event is also working fine you can see that the token is created user id 2 and all the details now if i go to the intellij idea here you can see that the event is created and the link is also there like click the link to verify your account and this is the link and we forgot something over here that is the forward slash right so we will add that forward slash over here and the token is this particular token so you can see that we are able to create the link and this is something that you will be sending the user in the email but we are just making over here now we need to handle this verify registration like whenever a user is clicking on this particular url when there is a verify registration we need to take this token and that particular token needs to match with the token that we have within that time frame right so if if a particular user is doing after 10 minutes then we need to define that token is expired and if it's not if token is valid and within the time frame interval we should be validated and we should be activating the user so that's what we are going to do so let's first correct this url after 80d we'll add the slash and then we will implement this verify registration api so here we'll define this okay and now what we will do we will go to the registration registration controller there is one post mapping right so we'll create one more okay here let's define public string verify registration and this is the get mapping where we will define the slash verify registration and there will be one token so i'll just define there will be a request param token and the request param name is also token and i'm defining over here string result equals to user service dot verify instead of verify we'll just say validate verification token and here we'll pass the token okay and here i am defining if result dot equals ignore case valid i'll be passing valid or invalid from the method so if it's valid return user verified successfully else return bad user okay simple thing now let's implement this method let's create the method in user service and let's implement the method this is in the user service implementation class now here we need verification token verification token verification token equals to verification token repository dot find by token and i'll just pass the token okay and this particular method we need to implement so let me just create the method find by token it will take the token as the input parameter and it will pass the verification token here we got the token now if verification token equals to equals to null then just return invalid token now after this i need to get the user from the verification token and i need to check the expiration time as well so let me just do that i'll just do user user equals to verification token dot get user i'll create the calendar object close to calendar dot get instance now i need to check something over here if verification token dot get expiration time dot get time minus cal dot get time dot get time is less than equal to zero so i am just so you can see that the time saved in the database minus current time is less than zero that means the token is expired so we need to make that happen that the token is expired so let me just format the code here we need to make sure that the token is deleted from the repository so i'll define verify token repository dot delete verification token okay and return expired so now at this particular point we have velified that token is also valid and it is not expired as well so we need to do user dot set enabled as true we are enabling the user and we are saving user repository dot save user back and we are returning valid so yeah you can see that it's very simple right we are just checking that whatever the token that we are getting that token exists in the database or not if not it's an invalid token if so we are getting the user and with that particular user we are getting the calendar instance and we are checking the expiration time if that particular expiration time exceeds then we are deleting the token and we are just telling that it is expired otherwise we are enabling the user and we are saving back to the repository so we will go back to the registration controller and you can see that the complete flow is done right now let's restart the application okay application is restarted now let's go to the database okay let's delete everything so we can see better let's delete apply user deleted okay so there are no users and no tokens available now let's go to the postman and let's create this user so we'll click on send and the user is created if you go to the database the user is there and the token is also there okay so what we are going to do over here is we are going to get this url okay you can see that the url is there so copy url will go to the browser to verify let's go to the browser let's verify and you can see that we are getting user verified successfully because spelling mistake is there i'll correct it out okay so if you see over here if you go to the database earlier you can see that the enable flag was zero so it was disabled now if i again re-query it you can see that it is verified successfully so now user is verified so this is the complete registration flow you can see that we can also check some of the failure scenarios where we can just change the token and if we hit you can see that we are getting the bad users so the token is bad right so if we if you wait for 10 minutes okay after 10 minutes if the token is expired then what it will do is it will delete the token itself okay so this way you can implement the complete association flow with the token implementation where you are sending the token and that particular token has been verified in the database now once this particular complete show is done there might be a scenario where you didn't get the email or there might be some issue in the server where you didn't receive the email so you might have seen this everywhere like there will be a recent functionality right recent token or recent otp whatever so for this particular registration process also we can implement that particular functionality where when we click on that particular button it will regenerate the verification token and it will send in our email so that particular token also we can use to verify so let's go ahead and create the functionality where we can ask for the regeneration of the verification token and that particular token we will be using so let's do that let's go to the intellij idea and let's implement that functionality so currently you can see that we everything we are doing from the rest apis this rest api is you will be using in your ui application so let's create a method that is public string resend verification token okay i'll annotate with get mapping and i'll just say resend verify token okay you can give any name and here what i'll be taking is i'll be taking the old token okay whenever there is a request from the ui to the back end for this re-verification token send that old token as well so from that particular token we can verify so i'll just take the request param and this is the token string world token and i also need the http request to generate the url again so http seeks outlet request and request so here what i'm doing i'm just creating the object of verification token verification token equals to user service dot generate new verification token okay and i'm passing the old token over here so i'll get the new verification token so let me just create this method okay i'll go to the implementation part and i'll implement the method now with this particular verification token old token what i'll do i'll create the object of verification token verification token equals to verification token repository dot find by token and i'll be passing the old token over here okay so if i get the token what i'll do i will set the new token verification token dot set token where i'll pass the uuid dot random uuid dot to string so i will just set the new token and with the help of verification repository i can save the token back to the database and can return the token okay so at this point i'll get the token over here in the controller so let's go to the controller here i'll get the token here i'm taking the user out of that user equals to verification token dot get user now at this point again we need to send the email right like this is your new verification token verify this for your particular user so we can create one method where we will be sending the email so we can just say recent verification token mail simple method i'm creating where i'm passing the user object and i'm passing the application url with the request and i can say to the user that verification link sent simple right so now let's create the method so this is the method that i'm going to create so let me add the code over here okay so for this i'll go to the application event listener and i'll get the url and this logger message go over here let me paste it url equals to instead of this i'll just directly use the application url okay verify registration okay i need the token as well over here right so let me just pass the token as well so what i'll do i'll pass the token as well verification token and i'll update the method okay where it's taking the verification token here verification token dot get token okay so you can see that the url is created and click on the link to verify your account and for the loggers let's add the slf4j so recent verification token email this is implemented ideally you will be sending the email but to save the time we are just printing out in the loggers so this is a method where you will be sending the verification token again so this is also a new api so let me just handle this in the spring security so if i go to the web security config and here we can add okay now i'm adding currently now but it will be helpful later currently i have permitted everything so currently there won't be any error but the list we are maintaining will help us later okay so let me just add for the verify registration as well so now let's build the application again okay application started and let's go to the postman and let's change something okay instead of shabbir i'll just say nikhil one two three four and i'll just say nikhil at gmail.com and we'll click on submit to create a new user okay new user is created success okay users are there you can see that the verification token is also created and you can see the token is starting from 285 c53 okay so it's from the two way table file now if you go to the intellij idea you can see that you are getting the link as well where you can verify okay to wait for the wifi but now suppose i didn't receive it okay just assume we didn't receive it so we need to call that again so what i'll do i will call the api again okay so let me just go to the registration controller and you can see that it's the recent verified token so instead of verify registration the same url let me just copy it okay copy url go to the postman new request and instead of recent verify token this is something we need to change instead of verify registration okay so what it will do is it will try to check this particular token if this particular token exists in the database okay that at that time what it will do it will replace with a new token and we will get a new token okay so let's hit this url you can see that we are getting the verification link sent and if we check the database the earlier token was 28 double phi if i hit the query again you can see that the new token is generated and the token is four one seven two three something like that and the same link would be generated here as well you can see that the link is generated verify registration token is the new one and when we copy this url go to the postman new okay and we can click on send and you can see that user verified successfully okay so my complete flow is working where we are registering the user we are verifying the token and if we didn't get the token we can ask to resend the token as well that is also completely working fine cool right now what we are going to do is we are going to implement the functionality of the reset password because if we forget the password at the time of login we need to reset the password right that also will be implemented using this particular token flow with the email and later we will be implementing the change password as well now we'll create one method where user can click on reset password and user will get an email with a link just like the way we have created all this right it will be a link where when we click on that particular link it will be to add the new password and that particular new password will be saved okay just imagine that you are clicking on the link and you are getting the page but yeah we are going with the rest api so we'll be creating a rest api where we will be getting the new passwords and token and email id and based on that we will be saving or will be updating the password over here so let's create a method that it will create a link for a user to reset the password okay so let's do that so we'll create a method over here public reset password at the rate post mapping and i'll say reset password here we'll be taking the request body and we'll be taking one object so let's create one object let's go to the model and we'll create a class password model let me annotate with data private string email okay currently let me just add this later when we need any other details we will add the details in this password model let's go back to the controller in the request body we will be taking password model password model over here and let's implement the functionality here okay so here what will be user will be passing the email id with which they have created the account and we will validate if that particular email id is present in our system then with that particular email id we will be creating a new password token and we will send that token to the user over email with that token we will again validate and we will ask them to reset the password okay so let's do that we'll do user user equals to user service dot find user by email and we'll pass password model dot get email okay let's create the method let's implement the method as well and here we will return user repository dot find by email and we'll pass the email okay and this particular method we have to add in the repository so let's create the method it will return the user based on the email that we are providing okay now here i'll be getting the user okay and here we'll check if user not equals to null now we got that user particular right if user is normal then i can create a new token and save the token for the password reset so let me just create a token string token equals to uuid dot random uid dot to string and we'll call the user service dot create password reset token for user where we'll pass the user and token simple right and let's create the method and we'll implement this method as well now for the password reset token as well we need to create the entity the similar thing we will do as we had done for the verification token so let me just create the entity i'll go to the entity package and create the new password token i'll just name password reset token okay i'll go to the verification token and copy everything from here and the password reset token i will add all the details and i'll change the constructors and i'll annotate it with entity data in nox constructor okay so let's do that as well entity at the rate data and the rate nuage constructor and we'll change the foreign key as fk user password token okay super simple we just created the similar thing for the password reset token as we had done for the verification token now let's go back to the user service impl and in this method let's create the object of password reset token now for this password to say token we need to have the repository so let's create the repository for that we'll go to the repository section let's create the new java class it should be interface password reset token repository and this extends jpa repository and this jp repositories of type password reset token and id is of type long and we need to annotate with the rate repository cool right now let's go back to the user service in pl we created the password reset token and now we need to add the password reset repository over here private password reset token repository and will auto wire it and this repository will be used to save the data password reset token repository dot save password reset token simple right now let's go back to the registration controller at this particular point your password token is set now you need a url let's create the url so that we can hit that url to reset the token so i'll just define the url okay string url and for the url we will create one method password reset token mail similar to what we did for the recent verification token email where we'll pass the user object and for the application url we will pass the application url where we need the request so let's inject the http request as well okay we'll pass the request and we'll pass the token as well let's create the method let me refactor this method the name pass password reset to command okay now here what i need the similar thing i'll just copy this and i'll paste over here i'll just use the token over here and here instead of verify registration i'll just say save password okay this is the link that i am creating and click the link below to reset your password cool right and this url we will return from here now when you click on this url you will be redirected to enter your new password right new password and the confirm your new password so at that particular time we will be needing more details to save the password so let's create a method to save that particular password so here when you click on reset here you will get a link when you click on the link you will pass more details to save the password now this particular save password we will create public string save password okay this is post mapping and i will give the same thing save password okay here you can see that it is taking the token as the request parameter so let's add that at the red request pattern token which is string token and it will also take the extra data as a json format right like your new password and the email id whatever it is so for that i will just use this particular password model as a request body so let me just add it below over here and then it request body password model super simple right now here we need to verify the token and we need to save the details so first let's verify the token string result equals to user service dot validate password reset token and we'll pass the token and let's create this method we'll go to the implementation and we'll implement this method and here it would be similar to what we have done earlier to verify this token right so i'll just copy this information from here i'll paste it and i need to change some details instead of verification now code it would be password reset token and here i'll refactor the name password reset token and this find by token we need to create so let's create this method if you go to the user sorry sorry this should be password reset token repository and this we need to change we need to implement this so let me just add the method okay in the password we said token repository okay now we are checking if password is a token equal grenade invalid we are getting the user from the password reset token regarding the calendar instance password is a token.expiry time and all and here we need to use the password reset token repository delete password expired and okay and i don't need these details so let me just remove that simple thing we are just validating the password reset token if token is not available in the database it's an invalid token if token is expired then it will be expired otherwise it's invalid token okay let's go back to the registration controller and here we will get the valid now and here we'll check if results dot equals ignore case valid and i'll negate the sentence if it's not valid then i'll just return invalid token okay or expire token whatever now at this particular point my token is valid okay so i need to update the password so for that i'll go to the password model first and let's add few fields private string old password and private string new password sorry new password okay these three fields now let me implement optional user okay user equals to user service dot get user by password reset token whatever the token is based on that i need the user back so i can change the password so here i'll just pass the token and let's implement this method let's go to the implementation and implement this method and here we will pass return optional dot nullable okay optional dot off nullable we will do password is a token repository dot find by token will pass the token dot get user simple right we are getting the user from this token now let's go back to the controller now here we need to check if user dot is present do something else do something so if user is present we need to change the password else invalid token and here i'll just say password change not password change password reset successful okay and here we need to change the password set the password so we need to call that method so here what i'll do i'll just say user service dot change password here i'll just pass user.get and password so i'll just do password model dot get new password let's implement this method i'll implement the method and here we'll just do user dot set password password encoder dot encode new password and user repository dot save user password is saved now so now here you can see that we created two apis to reset the password and then to save the password so now let's restart our application and let's test this functionality return statement is missing let's handle that password reset token email return url let's run it again and here you can see that your application started and you can see that your new table is also created for the password reset token if you go to the my sql let's refresh everything and here you can see that your password reset token is also created okay cool now what i'll do i will try to reset the password for this particular user that is nikhil okay currently you can see that the password is something like this which is gemv and something like this okay so we'll change the password so what is the url that we have to create let's go back and to reset the password we need to call the reset password and in the body we need to pass the email id okay so we'll do that let's go to the postman let's close this get request and let's copy this post request [Music] reset password will copy this and paste over here go to the body raw json and we'll copy the email from the database itself so let's copy the email okay sorry okay so for this particular user when we hit on send i should get a url and with that particular url if i pass more data that is my password then i should be able to change the password currently there is no reset password token over here okay so if i click on send you can see that i got the url that is save password and this is the token and if i check the data you can see that i have a token available okay for my user now i need to use this in my new url this is also post request and in the body save password i'm getting the token as well and in the body i must get the token that i'm passing okay and i must get the new password as well so let's do that so the token i am providing over here from the parameter itself for the body let me go to binary raw text to json and here let me pass the new password the new password i am passing is one two three okay simple thing i'm passing the token new password and i should be able to save let me just check that the new password attribute is correct new password i'll just copy from here okay now hit on send you can see that password reset successfully okay and if i go to the database current password you can see that it's starting from g e m v n okay this is some password encrypted password and let's re-query it and you can see that the password is changed successfully so your token also was verified and the new password was set successfully so this way you can do the reset password verification flow in your application now let's do the change password flow so let me go back to the intellij idea go back to the registration controller and the same way you did for the save password you will do for the change password where in the change password we will get more information what is the email id because currently because earlier we verified the user based on the token that we created now we need to verify the user based on the email id the login user itself and then we need to get the old password if we are able to match the old password with a particular user then only we will update with the new password that's the logic right so let's create one more api public string change password okay and here i'll do the post mapping and i'll just say change password and in the input parameter i'll take the request body itself the request bodies again password model and we need to find the user by email so i'll just new user user equals to user service dot find user by email and i'll just pass password model dot get email okay we had already created this find user by email method so we are using the same now we got the user now if user is there then we need to check the old password so whatever the old password is entered that particular password should match with the password in the database so let's check that if user service dot check if valid old password and here i'll just pass the user object and password model dot get old password then do some if condition if operation okay so if the password is valid then we can change the new password and i'll completely negate this if so return invalid old password if this is all good then i'll just say save new password functionality will implement and after that return password change successfully okay now let's implement this check if value dual password so let me just create the method let me implement this method in the user service impl and here we will just do return password encoder dot matches and here this particular matches will take the old password that is the password that we are passing that is a raw password and the other thing is user dot get password the encoded password it will try to match this the old password the password which we are passing and the password which is already stored in the database if it matches then all good otherwise we need to raise the exception so let's go back to the registration controller it will come at this particular point if password is all good then find otherwise throw invalid old password now we will implement this save functionality and here we will just say user service dot change password will pass the user and we'll pass the password model dot get new password to save the password that's it right we are just doing a simple thing over here whatever the password model whatever the email id that we are getting we are getting the user from that email id we are checking if the old password is correct or not and after that we are updating to the new password so let's restart the application and test this now let's go to the postman let's create a new api request let me just copy this it's a post request instead of reset password it's a change password and let me add the body data as well we pass the email hold password and we'll pass the new password as well the email idl passes is of nikhil the whole password we set was i think one two three but let me pass five six seven and the password i want to set is seven eight nine okay so at this particular point i should get the error right because the old password is not correct that i am sending back so if i hit on send there is some error okay so let's see what is the error i'm getting the null pointer exception obviously right because this particular user is not available we need to handle all these particular exceptions okay currently we have not handled all the exceptions but when you are implementing perfectly we should be handling all the exceptions currently i'm just showing you the way so let me just copy the email id correctly okay and if i hit on send currently you can see that invalid old password i'm getting now if i give the correct password that is one two three i should be able to update the password you can see that password change successfully now the password is 789 so currently you can see that we have successfully implemented the change password functionality as well now there are a lot more functionalities that you can implement within the entire registration flow change password flow and reset password and everything these are all the foundations that i have shown over here but there are more advanced things that you can do like handling the ip address and locations and everything if you want to check out check out the article from the ugan i just mentioned the link in the description below i have taken the lot of reference from that so if you see this right the complete registration flow with the help of spring security i have taken a lot of inspiration from here so you can check out this entire tutorial it's very in-depth than what i have implemented in this particular video so you can check out this complete flow and you can implement in your project according to your requirement i highly highly recommend this particular article it's implemented very well so you can check out this article i'll link this in the description below now from here we can understand the complete registration flow registration with the email with the tokens with the reset token verify token change password reset password and all the functionalities we have implemented now we need to implement the login functionality so what are the users that we have created right in our database we will create a login functionality to validate a particular user and to enter into our system so now let's implement the login functionality it's very important okay so before we implement the login functionality we need to understand about the auth 2.0 so you might have seen this auth to implement it at many places so everywhere you go you will be seeing this particular buttons to log in with those particular authentication providers there will be octa or xero and many things okay so these are all the authentication providers based on the auth 2.0 standards now before we implement anything we need to understand about the auth 2.0 so oz 2.0 which means open authorization is a standard designed to allow websites or application to access resources okay hosted anywhere on behalf of the user so it's like very simple if i give you the analogy i have my mobile phone okay and if you want to use my mobile phone you have to take permission from me to use that particular phone that's a simple thing so that's the analogy that we are going to understand from there so i have my phone that means i have my resources or my apis if you want to access it you need to take the permission from me to use those apis or to use my mobile phone okay so that's the standard that has been os 2.0 so os 2.0 is just the authorization protocol and not the authentication so it only provides the authorization like you are allowing someone to use your resources i am just allowing you to use my phone okay simple things it's just the authorization that you can access this but what about the authentication that authentication comes later when you connect open id with it okay so all 2.0 and open id connects together and you will get the complete authentication and authorization working together now the other important part of the os 2.0 is it is designed primarily as a means of granting access to a set of resources suppose you have a set of resources like if you take the example of a twitter twitter has its own api if you want to access those apis you need to request for it right you will be requesting twitter to use it okay and the twitter will give you some extra details about authorization client id and all those tokens and everything to use those apis so it's just like that and watch 2.0 uses access tokens so we will go in detail about the access tokens and how everything works but this is a basic idea about it now in watch 2.0 these are the basic jargons that you need to understand because everywhere this will be the thing that we will be talking about that is the resource owner client authorization server and resource server entire auth 2.0 depends on this and you will be implementing this only let's understand resource owner what is resource owner a user or system that owns the protected resources and can grant access to them i just give you the example right i have my phone and i am the sole owner of that particular phone because it's my phone okay and if you want to use it i can grant you access and you have to ask for me so that's the resource owner now the client the client is the system that requires access to the protected resources you my friend you are the client because you want to access my phone right so a client will need the access from the resource owner and here you can see that client must hold the appropriate access token if you want to access my phone you need to have my password right so that is something that the access token will be given to you so that's the resource owner and the client now the next is the authorization server so this is the server receives request from the client for access token and issues them upon the successful authentication and consent by the resource owner so it's something very simple right authorization server will what it will do is it will just give you the token on behalf of the request that you are giving okay authorization server is nothing but to authorize your request it will just check that are you authorized to use that particular resources that you are trying to use and once the consent for that is given by the owner resource owner then authorization server will allow you to use those particular resource that's a simple thing and the resource server a server that protects users resources and receives access request from the client it accepts and validates the access token from the client and returns the appropriate resources to it so it will just try to handle or it will have all the resources so it will try to handle all the resources and if any of the request comes with the proper authorization with the proper code then it will allow the client to use those resources otherwise it will decline the request so these are the terms these are the main terms that we are going to implement we will be implementing the authorization server we are going to implement the resource server and we are going to implement the client so whatever the application that we are going to build the apis that we are going to build that will be your client so with that particular client we will be implementing the authorization server and the resource server so all everything works together and your request will be authenticated now if you go back to the intellij idea if you see here this is your spring security client this is your project where you have the different apis right whatever we have created so these are the apis that is your client and this particular clients whenever you are doing any request you might need the access from the authorization server or the resource server whenever you want to create any of the things it's simple as that right so we have to create the authorization server and all this authorization will be handled from your database okay if you go to the database these are the users that we have right shabby and nickel currently so all your authorization will be validated against this particular users will be passing the user details it will handle this user details and once the users are validated it will be allowing the resource to use and the next thing that we have to understand is the scopes scopes are important concept because scopes exactly defines what you are allowed to use okay suppose you are not the admins you are just the user then you have only rights to read the data if your admin you have some rights to modify the data as well so all these particular things are defined based on the scopes of the application okay scopes for the particular user and all these particular scopes you will have to give the consent to use those particular scopes so it's very simple like if you are going to any of the websites and there is a button to log in with google when you hit on that button login with google you will be redirected back to the google page and where you will be entering your credentials once you enter the credentials you are authenticated by google and after that you will be displayed the scopes like these are the permissions that your client is asking right to read your name to read your email id to read your profile picture these are the different scopes they have defined so it's asking the consent from you that a particular client is asking all these particular details from me and if you hit allow then only the consent is accepted and the particular client is allowed to use those resources it's similar thing so these are scopes and if you see this particular flow over here so this is just the abstract flow there are different particular variations available based on the different current types and the flow will be changed accordingly so the ideal flow would be like you have the client your application your user that is a resource owner your authorization server and your resource server and this is your service apis entirely on top of the authorization server and the resource server whenever application wants to use anything application will create the authorization request to the user to the resource owner like i want to use this particular resources and user will grant the access like you grant the access when you click on the gmail right after login to the gmail so you gave the grant like okay you can use those resources to the client now client got the consent like okay i am allowed to use those resources then client will send that grant to the authorization server okay i got the request okay i got the permission now okay this is the permission so what authorization server will do is okay it will validate okay you got the request you got the code now take this token so authorization server is giving token back based on the code that we got as the grant okay so now the token is given back to the client after validation now with this particular token the application of the client will head the server to get the details so once that particular token is valid until that particular token is valid so resource server will allow those requests if the token is not valid resource server will not allow those requests it's a simple flow this particular things you need to understand that is a client resource owner resource server and the authorization server this is how everything will work together now we will go to the application and we will implement the authorization server and we will connect our client with the authorization server and we will also create the resource server so if there is any resources that we have created behind the authorization server then user can use those so let's go to the intellij idea okay we have one client available and this particular client has a controller and you can see that there is one api get mapping slash hello so this particular request should be allowed only if you are logged in now let's implement the authorization server so we need to create the new authorization server application so let's do that so now if you want to understand this flow you can go to the auth playground okay oauth 2.0 playground this one okay and from here you can understand that particular flow so here you can see that there are different flows available there are different types of implementation that you can do authentication code pixel implicit device code open id connect and anything okay generally authorization code or the open id connect with pixy would be more implemented so let's try to understand the simple authorization flow i'll add the link in the description below so you can check this out i'll go to the authorization flow and here you can see that it is asking to register a client first okay client means your api from where you're going to access okay before you can begin the flow you will need to register a client and create a user simple thing so let's register a client okay in order to use what api you will need to first register application if you go through this right if you go through this entire flow you will get a much more understanding about the oauth 2 flow so i'll highly recommend you to go through this particular flow as well so you will get more understanding so let's register this client okay and here you can see that you got the client registration data so it's simple it's similar to how you will be registering your application to any of the auth to providers like google github linkedin or whatever like whatever the austral providers are there you have to register your application and you will get the client id client secret let me just open this in a new window and these are the client registration so let me just continue and register this client to the os2 okay and here you can see that this is the first row build the authorization url and redirect the user to the authorization server and currently this way the authorization url will be built so your authorization server dot com whatever the authorization server is slash authorize so slash authorize this this so these are the standard apis okay these are the standard apis from the auth 2.0 wherever you will be implementing this this will be the standard urls if you want to modify you can modify but these are the standards and with this authorize you will be passing more parameters that is the response type what type of response type it is its code so because we have started with the authorization code flow the response type is code okay for the different uh flow this particular value would be different and you can see the client id and cliented equals to client id that we got and the redirect uri this redirect uri is nothing but once the authentication is done where you want to redirect back so that particular uri we need to define and the scope so these are the scopes that we talked about what should be the scope of the access that you want to grant so that scope and this particular state you can see that this state is the parameter the client will need to store this to use in the next step okay so this state also will be generated so these are the standard parameters that will be generated to authorize your request so let's authorize this request against the or server and here we need to add our credentials so these are our credentials so let me just copy the username and this is the password okay once you log in it will be authorized and here you can see that now it is asking for the consent okay that do you approve or not so we will approve and here you can see that verify state parameter and here you can see that it is checking the earlier state and the current state after redirection the states are same if it if it matches then continue if it doesn't matches then what is the flow so you can check both the flows so let's continue with the it matches continue so you can see that once this match is the next is the exchange the authorization code so after that whatever the code we got right we need to hit this token uri to get the token so here you can see that the grant type equals to authorization code we are passing the client id we are passing the client secret okay whatever the client credit was we are passing the redirect uri and also we are passing the code okay whatever the code we got from the above step so once once we hit on go against this authorization code and all the details we will get the token and that is the token that we have to use so once we click on go at the end you can see that we got the token this is the access token for your resources from your client so you can see that there there's a refresh token the scope is also defined what is the scope of this token it's a barrier type okay when it expires so all this information is there so you can try for the another flow as well and you can check it out how everything is working so this is a general idea how this oauth 2 will work and similarly we will be implementing in our system so now let's go to the spring initializer okay start dot spring dot io and let's create the authorization server so let me just add the group id com dot daily code buffer and the artifact i'll give is auth authorization server the package name will give auth server okay packaging is jar jar version is 11 and let's add the dependencies so i'll add the lumbar dependency i'll add the gpa dependency as we need to connect to the database i'll add the mysql driver i'll add the security and i'll add the web dependency so these are the dependencies that i'm adding in my authorization server so let's generate the project and add in the intellij idea so i'm just generating the project let's open in the finder unzip it let's copy this go to documents java workspace spring security and i'm adding over here okay now this should be added to the intellij idea and if i go to my parent that is spring security tutorial let me add the module or to authorization server okay here you can see that automation server is imported i'll be using the services now within this authorization server okay we need to add one more dependency that is the authorization server so let me just go down over here in the dependency section let me add the dependency that is the spring security auth 2 authorization server the version that we are using is 0.2.2 so this will allow us to create the authorization server now for this authorization server let's go to the java main resources let's change the properties files to yaml and let's change the server port server.port to 9000 okay so i'm just changing the port and for this as we are going to use the jpa with the same database i need to add the configuration details for the same so let me just go to the spring security client i'll go to the resources application.yaml let me copy this detail and let me go to application.dml and paste this simple right i'm just using the same my sequel localhost 3306 user registration schema username password is root class name provided and shows equal is equal to 2. so all these details are there now for this particular authorization server as well we need to use this user registration and the user flow right so we need to have the user entity user repository and the user services that we have defined in the spring security client to my authorization server as well ideally if there is any duplicate or duplicate files that you have to use so you can separate out all those particular files in a separate project and you can use that particular project's dependency in your prom.xml file you can go ahead that way also but currently let's directly use those so in my java folder let me create the packages i'll create the package entity service repository config so i need the user entity so let me just copy this and paste it over here then i need the user repository so let me just copy user repository and paste in the user repository now in your auth authorization server we need to implement the custom user detail service now user detail service is the default service provided for the users to interact with the spring security to check if the user exists or not so that particular thing we have to customize it to use our database so we need to create the custom user detail service for that so let me just create a class that says custom user details service custom user data services is the class in the or authorization server and this is the service and we will implement this as a transactional and this particular custom user detail service will implement user details service this user details service you can see that is part of the spring security okay and there is a method that we need to implement that is the load user by username so whatever the username is for me the username would be my email id whatever that we are using so with the help of the user id that we have we need to load the user from the database and we need to pass back to the spring security so spring security can handle that user this is very important step okay because without implementing this user detailed service spring security will not know about the users that we have in the database so for this reason only we had added the user and user repository entity and repository in our application copied from the client so let me just create the object of user repository and i'll auto wire it okay now instead of username i'll just make it as email so we can understand better so here let's implement it we need the user object that is the what we have added in the entity okay so let me just use this delicate buffer or server.ndt this user equals to user repository dot find by email we'll pass the email okay we got the user then we will check if user equals to null then throw a new user not found exception and you can pass no user found and after that if so and now we need to return the user that user would be of this one that is the origin.springframework.security.com that so this is the we need to return back okay and here this particular user needs few details so let's pause it user dot get email then user dot get password currently i'm passing everything to true because if you see this we need to pass username password it's enabled account non-expired credentials on expired account unlocked so one two three four true this value i can get from the user itself so user dot is enabled rest everything to true okay and the last thing it requires is the authorities authorities is nothing in the spring security that what all things that you are authorized to use the resources it's just as the scopes okay so let's implement the method for that as well so i'll just implement get authorities method and here in this authorities i'll pass the list dot off user dot get rules and this get authorities let me just create this method and this is a collection that extends granted authority now we need to create this granted authority so let me just create the list of granted authorities authorities equals to new era list and for each string role in roles okay and let me just rename to roles i will need to add the authority so authorities dot add a new simple granted authority si simple granted authority and i need to pass the rule then return authorities okay so let me just add the new over here cool that you can see that you my thought that we did a lot of things but it's simple we just created the custom user details service and implemented the user detail service which is very important part of the spring security to load the user based on our database that's the custom implementation so we injected the user repository and this is the load user by username method that we have implemented the method which is taking the email as the input parameter we got the user from the database if user is null then user is not found exception withdrawn else we created the user object from this user that we have from the database so we passed all these details email password enabled everything okay all these details you can pass from the user you can add all these details in the database okay and we can handle it and we got the roles and based on the roles we created the authorities okay so the user is created so now we this particular user will be part of the spring security so whenever we need a user we'll get directly from you so you're custom user detail service is done now comes the other thing that we need to implement the configuration we need to add the configuration for our authorization server so this implementation would be standard for all the authorization servers so there is a bunch of code where you will be creating the public keys private keys and all those stuffs to handle your authorization server so your clients can connect to it and the exchange between the authorization code and the token can be happen smoothly so it's a bunch of standard codes that i'm going to add over here and i'll try to explain it so for that let me create the configuration file so in the config directory config package sorry i'll create the java class and i'll say authorization server config okay so this configuration would be basically standard configuration for your authorization server i'll just add the configuration and i'll just add proxy bin methods to false now there are a bunch of standard implementation that we have to do so let's add that we would be needing the password encoder so i'm just adding the password encoder over here so now you can see that the bin is not available so we need to create the bean for it so let's create the bean for it so let me go to the custom user detail service itself and here let me just create the bin okay i'll just use password encoder i'll just make it a public method and return new baker password encoder with strength 11 same thing that we have added in your client as well and annotate with pin no fancy stuffs okay so now in the authorization server there it is gone now let's add bunch more things now we need to add the security filter chain okay so let me just create the bean of it let me just so you can see that we have implementing the security filter over here and we are injecting the http security so what we want to do for our security so it's simple stuff this particular thing you can see there the auth to authorization server configuration dot apply default security so we are applying the default security over here that means that default auth to authorization functionality so default slash authorize api slash token api all those default apis are there right for the oauth 2 all those default apis will be defaultly added to our configuration so that's what we have done over here for our security filter chain okay if you go to this particular class you can see that this is the apply default security that we are calling and these are the bunch of default configuration has been added over here okay you can see that all the rsa keys and uh jwt encoder and everything has been defaultly added over here and we are calling that apply default security so all those particular apis are available for us to all those default apis will be enabled and then what we are doing for this http we are using the form login and we are customizing this form login for the default so with the default configuration for oauth2 everything will be set up with this line of code okay and we have added the highest precedence for this bean to be used so if you want to configure any of the apis for the oauth 2 then this is the place that you have to configure but i am going with the defaults you should go with the defaults unless there is a specific requirement okay so this is the configuration for that now as we saw earlier every time the clients were getting registered to the authorization server so here also we need to register the clients so client registration also we need to enable over here we need to add the configuration for it so let me just add the default basic configuration i'm just copying this code because this is the standard code okay now there's a lot of things in this method but don't worry everything is simple so here you can see that it is registered client repository so this is the repository that has been provided for all the clients to get registered okay so if you want your custom implementation you just have to implement this interface okay it has the couple of method that is the save find by id find by client id that's it you just need to implement these methods according to your requirement according to according to the database that you're using or according to any of the things that you're using if you just implement this three method to get the particular output or particular return type that's all good okay so currently i have only one client available okay i am using only one client that is my spring security client this particular spring security client i want to register with my authorization server so that's why i have just added one client statically over here ideally you won't be doing this these are the steady configuration okay if you want to do dynamically like with like how we saw earlier you need to use the jdbc registration client or your custom registration client where you will be getting all those details or you will be generating all those details and giving to the user who wants to use your authorization server i know what i want to use because this is my project this is my client and for this client there are details that i am using over here that i am positioning over here and this details i will give to this client so this client can connect to the authorization server that i have okay so this is a simple thing i'm creating the object of registered client with a random uuid okay and what i'm giving this details that is the client idm passing the client id as the api client that is the name of my client so my spring security client this is the name i'll be giving to this spring security client then i'm giving the client password that is the client secret i am encoding the password with the secret then client authentication method so i'm using the client authentication method as the client secret basic okay so whatever the secret information that you are passing over here with that particular information i'll be able to authenticate my client these are the grant types that that we are allowing you can see the authorization code password refresh tokens so these are all we are allowing for the client to access through then these are the redirect urls i will talk about this redirect urls later so these are the urls of your client so once the authentication once the authorization is happened from the authorization server where you want to redirect back so i want to redirect back to this particular urls now how i got this particular urls that i'll tell you like how we got this these are the standard format urls that you can define okay so everything i'll tell you later once we implement this but consider these other two urls redirect urls then i have defined two scopes okay one scope is the oidc scopes for your open id connect because we are authenticating as well and the other scope is read scope api.trade and then the client settings i have extra added so what i am doing is in the client setting is client settings dot builder dot require authorization consent so i am enabling the consent over here that my authorization server this server needs to give the consent back to the client to allow okay so it will have the page of the consent as well if i don't add it there won't be consent the consent will be directly given and i'm building this particular object okay and i'm using the in-memory registered client repository so this particular register client will be in the in memory itself of this particular authorization server there is one more default implementation added that is the jdbc registered client repository if you want you can directly use that as well and if you want you can create your custom implementation as well as far as i know there will be only these two implementation by default provided by the spring auth server because there are a lot of databases and there are a lot of implementations available so you can always go ahead and implement according to your requirement if you want to use red days whatever center whatever you want to use you can implement this particular repository you can extend this implement this repository according to the database that you're using to register your clients i have one so this is direct so this is a code to register my client we will come back for this to redirect urls later okay but trust of the things are clear that we are giving the authorizations and everything so how to connect my client to this authorization server then now the next thing i required is the public and private key configuration so let's add the code for that okay here you can see that i've just added this information but this is nothing but the standard configuration for your public private keys we just have to create one bin for the jwk source and we're just creating the rsa key over here this is the standard you just need to copy paste it and it will work you don't have to change anything okay until unless you have to change the algorithm like which algorithm that you are using to generate the key that's it rest everything you can directly use it now you might be wondering from where i got this code got this code from the samples shared by the spring security team itself you go to that repository swing security or server all these particular details are there so you can directly use from there this is nothing fancy just just directly use it you don't have to change anything you don't have to bother about it okay now the next configuration that you have to do is the provided settings so provided settings is nothing but the the authentication or your authorization provider or server provider so these are the bin configuration for that so yeah you can see that i have just defined a beam for the provider settings okay you can see that there are a lot of information a lot of changes that you can do we have just defined the issuer you can change the authorization endpoint token endpoint jwk certain points so if you want to configure any of the end points over here you can configure the endpoints okay but by default the standard endpoints you will get these are the beans that i have provided now you can see that the issuer i have provided is http auth server colon 9000 so if you see 9000 that is the 9000 port of my hot server itself if you go to the application.aml this is my auth server currently and i have passed the url for that so now this particular server url you can define in your host files okay so what you can do is you can go to the terminal and if you go to cad slash private etc host file okay and here you can see that this is the host file that you if you want you can change this host file and here you can see that by default the localhost for 127.0.0.1 would be there and i added one more entry for the host as the old server over here that's the only thing that i have implemented so this is the confusion that you have to add for your odd server to work with that particular url so i hope this is clear now so the configuration for the authorization server is done now we need to do the configuration for the basic spring security as well for this so let's add the default spring security configuration so let me just add one more configuration file and i'll just say default security config now you might be wondering there are a lot of changes and a lot of complex things here but don't worry these are very simple and this you have to only once once this is done once it is set up you are good to go always so this is the default security config and we need to enable web security and here i am just adding the configuration simple okay if you see here i'm just adding again the security filter chain and i'm getting the http as the input parameter what i'm doing i'm just changing the authorized request so i'm just doing that all the requests coming here has to be authenticated okay any request has to be authenticated with default form login for the authorization server that's it okay simple thing now a lot of configurations are done for the odd server very little things are left so now we have defined the custom user detail service like this is the user data service that you have to use to validate the user we define the authorization server config like how the authorization authorization server should work you also define how your basic security should work like all the requests should be validated so now one thing is left is your authentication provider like authentication manager how you should be managing your authentication so whatever the user object from the custom user details i created right from here now with this particular details with this user that i've created i need to validate the credentials that i'm providing from the input so whatever the input that i'm providing that has to be validated against this users right whatever the users that i have mentioned so i need to define the custom authentication provider as well so that the users are validated again so let me just create the configuration for that so let me just create this service and i'll just say custom authentication provider i'll annotate this with service and this custom authentication provider will implement authentication provider okay and we need to implement the method as well that is the authentic kit okay these are the implementations that we have to provide now how we can authenticate we need the custom user details service as well so whatever we have defined over here so let me just inject that private custom user retail service i'll just auto wire it and i'll also need the password encoder over here so let me just auto wire it private password encoder and now this is the authenticate method where in which we have to customize it okay so let's do this so let's get the username password string username equals to i'll get authentication.get name string password equals to authentication dot get credentials dot tostring now user details object we need from the security user details equals to custom user detail service dot load user by username and yeah we need to pass email so email we see our username we'll get the object of the user details let me just make it to user that is better now we need to validate the user so let me just create a method check password where you are passing the user and password okay and let's create this method and this is your raw password okay let's implement this if let me rename okay check password i don't know why i make this much spelling mistakes okay now if password encoder dot matches raw password with user dot get password return new user name password authentication token okay where we need to pass user dot get user name user dot get password and user dot get authorities else return new written new bad credentials exception let's say bad credentials okay throw simple so yeah you can see that we are just authenticating okay with the authentication manager over here and we need to add the support as well so let me add this return name password authentication token dot class dot is assignable form authentication okay so this authentication has been handled over here so you can see that simple thing authentication is handled now this custom authentication provider we need to bind okay so let's do that so let me go to the default security and let's bind this over here let me create the object private custom authentication provider okay i'll auto wire it and let me create the bin of authentication manager public void bind authentication provider auto wire it and i'm just injecting authentication manager builder auth and this authentication manager builder dot what is authentication provider that's the custom authentication provider okay so we just bind this custom authentication provider to our authentication manager builder that's it you can see it's simple looks difficult but simple so now your auth authorization server is ready all the configurations are done it can handle all the requests now we have enabled everything now we need to register our client we need to add the configurations in our client to talk to this authorization server okay as every authorization server will give you the details to handle everything in your system we need to do that so if you go to this authorization server config you can see that these are the register client repositories these are the details that we need to handle so this is our spring security client here we need to handle everything in our application.yaml currently we have the spring data source on jpa now we need to add for the spring security oauth so let's add that i'll just copy the details and i will explain you everything if i type there will be some error in the indentation and we might waste a lot of time so let me just copy the details after the ddl auto update i'm just copying every details over here okay so now you can see that it's part of spring security auth 2 and we are adding the client now now after this client these are the custom things now we need to handle custom is registration so this is the name of your client okay we are adding the registration client and the name is api client oydc okay provider is spring now this spring provider i will get into details the client id and secretary is the api client and secret this is the same thing that we have defined over here that is the api client and secret okay api client and secret that is the api client oydc authorization current type is authorization code this authorization code we have enabled you can see that authorization code we have enabled grant type then redirect uri now this redirect uri is standard http your server name your port slash login slash auth to slash code and registration id your registration id is nothing but your api client ydc okay and the same uri whatever it is configured over here the standard format you can see over here okay http one two seven zero dot zero dot one eighty eighty login was two cod and api client ydc that is the client over here that you have defined make sense right now now the scope scope is open id for your authentication as we have implemented as we have added the open id as well and the client name api client ydc and now the below one you can see it's for the api client authorization code where the provider details client id and the client secret we have mentioned the same authorization current type is authorization code and the redirect url is 127.0.10.1 colon 8080 authorized once authorized this is the redirect api it will be redirected to okay and the scope we have defined is api dot ready so this is the scope that we are going to define and the same thing we have defined you can see in the authorization server config you can see that api dot read scope and the other one was odc scope dot open id the same thing we have defined over here that is the open id scope and the provider you can see the provider spring issuer url it's http colon or server caller 9000 if you come back over here you can see that we have defined the issuer over here that is the or server 9000 so the same configuration we have defined over here similarly you can define according to the name that you have given over here so this is the name according to the name everything you have to provide over here so if you come you can see these are the two redirect url you have mentioned over here that only you have configured okay and this redirect url is nothing but the standard format that you have to give based on the client id or the client name that you are giving registration id so this is the configuration now the next thing you need to configure is your web security so if you go to the config we have created the web security config here we have enabled the web security and we have added the security filter change where for the http we are disabling this urs and csrf and we are adding the authorized http request and we are permitting all the urls these all the urls we are permitting but other than that what all the other urls we have to be authenticated to go into that okay so let's add that so i'm adding one more and matchers slash api slash anything anything coming with slash api slash anything has to be authenticated okay and we need to add the configuration for our odd server as well now dot auth to login we need to add now for this to work we need to add the authorization client as a dependency so let's add the dependency so i'll go to the spring security client and i'll go to the pump.xml file and i'm adding one dependency and this dependency you can see it's for spring boot starter auth 2 client so this will be my all stock line now so now if i go back to the web security config i'll be able to add let me stop the server and invalidate the caches so everything is refreshing so give the odds to login and order to login and we need to give the login page which login page to redirect so we can define our two dot login page and we need to pass the url so the standard url we need to pass that is slash auth to slash authorization slash your registration id so whatever the registration id that you have defined right if you go to your application.yaml that is the api client ydc so you will be giving api client ydc your login page dot auth to client customizer dot with defaults okay with default configuration we are enabling everything that's it so this is the configuration that we need to add now slash api right so if you go to the hello controller so let me just add the slash api slash hello over here okay so this is the api that we are going to call and it's just returning hello welcome to daily code buffer okay so let me just start the watch server so your odd server is started and let me start the client as well so i started the client as well okay now you can see that it's connected let me just let me just go to the browser okay now let's go to the local host let me just open the debugging tool we'll go to the networks let me just close this okay and let me go to the localhost dtedt slash api hello for this my request should be redirected to the authorization server for authentication okay and here you can see that it has been redirected okay now here i need to provide the authentication here you can see that it's redirected to the alt server called 9000 login page and here you can see that your hello controller was there right here hello api it was called and it was sent to the epidc this is a url you can see that auth 2 authorization slash api client ydc and and you can see that the authorize was called with the response type client api sorry client id so scope information state information redirect uri everything is passed the same flow that we have seen with the playground right that these are the api these are the end points will be called okay and after that it's been called the authorized we need to get authorized so what i'll do i will add the details see first if i add any details okay and if i try to sign in you can see that no user found so this is a particular flow that will happening so it has to be authenticated okay now if i give the correct information if i go to the my sql okay if i get the nickel over here okay if i pass nickel gmail.com and the password for that we had kept was 789 okay so if i go back to the browser okay if i do 789 and if i sign in you can see that it has been redirected back okay if i go to the slash api slash hello you can see that i'm getting the proper response now okay hello welcome to daily code buffer now if i want to get the logged in user information that also i can get using the principle so let me just add that as well so if i go to the controller hello controller and here if i inject the principal object principle from the java.security and here i'll just say hello and i'll just define principle.getname name let me restart my client okay my client is restarted now let's go to the browser let me just open the incognito mode and i'll just do localhost 8080 slash api slash hello okay you can see that i am redirected back to the login page and if i give the proper information let me just copy the email id okay and i'll give the password 789 and if i click on sign in you can see that i'm redirected back i'm getting this error because i have not defined this particular endpoint but instead of this if i go back to api slash user sorry hello you can see that i'll get the user as well that nicky let gmail.com is signed in okay and as i've defined everywhere as 1.127.0.0.1 instead of localhost if i hit this url instead of localhost okay let me just close this let me just open the incognito again and if i hit this i'll get the login page let me just give the nickel information over here and if i do 789 then it should react to the correct page you can see that i'm getting the correct page now right it's been redirected correctly so this way you can see that we have implemented the auth 2 with open id authorization server and the client as well so it both of them can interact with each other and only the authorized resources are allowed now what if you have a resource server as well so your resource server is there where only the authenticated user can access those authenticated resources and if you want to access those resources using your client how to handle that so let's create the resource server let's create one more application add into our project and let's go around how to fetch the data from the resource server as well so let's try to do that let me just close this uh let me go to the star.spring.io and just do com.daily code buffer artifact s oauth resource server packaging is jar jar version is 11 okay and here what i'll do i'll just add the web dependency i'll add the spring security dependency and i'll add the auth resource server dependency okay that's it let's invert the project and add an intelligent idea so yeah let's generate it open in finder unzip it let's copy this okay let's go to intellij idea and add as a module in our main project let's go to pawn.xml file i'll add the author resource server and move on reload projects here you can see that this is the watch server now let's configure the oauth resource server as well so what i'll do i'll just first change the application.properties to application.yaml and i'll just do server.port as 1890 and i'll add the configuration for the spring security as well so what i'm adding i'm just adding spring.security.oauth2 this is a resource server jwt issuer url is or server 9000 so this is my issuer url so i just configure this as a resource server now we need to handle the basic spring security as well so let's go ahead and do that so here with the java let me just create the new package and i'll just say this is a config package and within this config package let me just create the java class and i'll just say resource server config and i'll enable the web security here we need to create the security filter chain bin so i'll just define security filter chain and this is a bean now you might have noticed that we have everywhere in all the application we have defined the security filter chain okay and i'll just define the http security now we need to configure this as the same way we have configured in our all server and the client as well so we'll just define http dot mvc matchers now all the api request okay we are targeting and should be authorized request dot mvc matches slash api slash all the api request and here we need to add the exception okay let's add the exception dot access we need to provide the access and it should have the access only so here you can see that we are calling the method that access only has authority api read so here you can see that we have defined this scope okay so whenever we are defining the scope for the authority we need to define as scope underscore and whatever whatever the scope it is so we are just handling the api read now if there is multiple we can add the multiple access over here so this is the api read that we are defining dot and auth to resource server or auth 2 is a resource server dot jwd okay and we need to return http dot build simple so here you can see that simply we just defined the security filter chain where we are authorizing all the request where scope is api.tree now let's create the resource or the api for this resource server okay so what i'll do i'll just create one package and here i'll just say controller inside this controller let me just create one java class and i'll just say user controller annotate with rest controller okay and let me create one method public string of array get users return new string and here i am defining multiple users okay let me just define shabir nikhil shivam and let me annotate with the red get mapping slash api slash users okay you can see that the simple api that we have created now suppose this is the api provider this is the resource server okay and now in your client you want to call this api but it has to be authenticated right it has to be within this scope whatever the scope we have defined if you're passing the scope and it's matching with the scope then only we should be able to get the details so we need to configure our client to handle the web client so we'll be using the web client to call this particular url and to find the data so we need to configure our web client as well so let's go ahead and do that if you go to our spring security client and in the palm.xml file in the pom.xml file we need to add the dependency of the reactive spring as we are going to use the web client now this is nothing but you are calling one of the apis that is behind the authorization server that is your resource server you want to call those resources you want to utilize those resources to utilize those resources your web client has to go around get authenticated and should get you the data that's it right it's simple as that whatever the api that you are directly calling from the client and if you want to call another api from the another resource server it has to be authenticated it has to be within the scopes that you have mentioned then only you should get the details so that's what we are trying to implement so let's add the dependency for that so let me go to the file over here within the dependency after the watch to client i am adding two more dependencies and you can see that it's a spring web flux dependency and reactive unity dependency so we can use the web client so now as we are going to use the web client we need to configure it as well so let's go ahead and configure it we will create the configuration class for that now this all things you can see whatever i'm configuration i'm adding that is only one time configuration so the only challenging thing to understand is that configuration part in the starting but once you add the configuration once you get the hang around of it it's very easy to implement the other things so as i need to configure the web client i'll create a new class that says web client configuration okay and i'll annotate with address configuration okay now now there is a default configuration okay you can directly add the configuration so i'll just add the configuration so you can directly utilize it so yeah you can see that i have just added the configuration let me import all the classes so okay i'm sorry i just added the webclient configuration at the wrong place so let me just delete from here let me just ctrl x from here go to the src in spring client in java config here i need to add okay and from the pom.xml file let me just correct it out if i have done any mistake no it's all good in this form only i've added okay make sure that if you're working with multiple projects this type of things happens this this type of issue happens so make sure that you are adding at the correct place so you can see that it's just a filter function added and it's applied that web client will be austral client to configure okay os2 is configured to use and here you can see that this is the authorization client manager where it is using the authorization code refresh token and all those things so this is just the default you can see it's just a default implementation you just copy all these details you just enable the beans web client and watch to authorization client manager and you're good to go you don't have to do anything now once this is implemented we can use web client to call that particular api that we have added in the web in our resource server okay so let's do that so let's go to the controller let's go to the hello controller and here we can call that api so let's do that so right here i am creating one method that is public string of users okay and you can see i'm just passing as a guide mapping and slash api slash users and here we need to inject oauth to authorization client okay and which authorization we need to annotate with registered auth to authorization client okay so we need to bind it so which particular so if you go to the client okay if you go to the resources application.dml this is the one epi client authorization code this is the one that directly we are binding that it will be using the api client as the client id secret the authorization code the url the scope all this information for our authentication for our resource server okay so let's go over here and let's define this that this is the one that we are going to use hope so now it is visible now we need to use the web client to call that so let me just auto wire the web client as well so i'll just do private web client and i'll auto wire it now return this dot web client dot get dot uri so we need to pass the uri so whatever is the uri this one http 127.0.0.1 colon 1890 that is the port number that we have defined in our resource server and slash api slash user is what we have defined as the end point to get the resources okay and then we'll define dot attributes or to authorize client okay so in the attributes that you have to define is server watch to authorized client exchange filter function okay this is what if you go to the web client this is what you have defined right so that one we have defined and let me just do the static and here we'll define the client dot dot retrieve dot body to mono this is of string array dot class dot block so the error i'm getting is because of the attributes it should be attributes okay all right simple thing okay now this particular method is ready it is trying to get the data from the resource server that we have defined and after authenticating authorizing i am getting the data so now let's start the server i'll start the what server first then let me start the resource server as well i'm sorry the resource only started let me start the watch server as well spring client as well okay so yeah you can see that everything is started now if i want to call the hello controller slash api slash users it will try to call this particular resource server that is behind the authorization server as well after authenticating with the proper scopes only i'll get the resources so let me just go to the browser let me open the incognito window i'll just use this slash api slash hello instead of that i'll just define users okay it should be redirected to the login page as it was intended then i'll give the user information and password is 789 and here you can see that it is asking for the consent from the resource server that you should be authenticated you can see that epi client what is the api client api client is nothing but your client if you go to the application.dml api client this is your client right and what it is asking you can see there is one to access your account that is this one nickel gmail.com the following permissions are requested what is it scope only we have defined api read so we'll just give the api read consent and submit the consent and you can see that i'm getting the data over here so you can see that my resource server is behind the authorization server once the consents are there after that only i'll be able to access those resources so that's how the complete flow with the auth to an open id for authorization server resource server and the auth client works so if you want to understand more in depth about everything i'll add the documentation link in the description below so you can check that out i'll also link the different articles where i have read about it i'll link everything in the description below so you can check that out and there are different flows as well like we just use the authorization code flow there are different flows also available so you can try and implement those flows as well but the fundamentals are same just focus on the fundamentals just try to understand everything and learn accordingly ideally there will be very less chances where you will get to implement all this kind of securities because nowadays there are a lot of third-party tools available like octa or xero like gmail github and everything right so most of the times people will be using that only and it is suggested to use it because they've done a lot of work on that the tools are really good so we can directly without worrying everything we can directly get all those security features and i'm also not a security expert by any means but this is what i have understood and i've implemented and is also not a particular flow that you will be implementing the production there are a lot more extra features there are lot more extra configurations that you have to do within this as well to make your application more secure so so these are all the details that i wanted to share about the auth server resource server and client and everything if you have any doubts then do let me know in the comment section below and if you want to learn more about how to package those applications and to deploy to kubernetes and to learn kubernetes then these are the videos and you can check out these videos to learn more about the kubernetes and how to deploy this services to the kubernetes cluster and also how to automate those deployments as well so that's all i have to share if you have any doubts or anything then as always do let me know in the comment section below i'll try to help you out as soon as possible so i hope you've enjoyed this tutorial i know it was very long and it was a complex as well but i have made my best effort to make it as simple as possible so hope you enjoyed it and if you like this video give us a thumbs up and subscribe to the channel for the upcoming awesome videos if you want you can join this channel as well and support me so that's all in this video i'll see you in the next video till then happy coding bye
Info
Channel: Daily Code Buffer
Views: 74,656
Rating: undefined out of 5
Keywords: spring-security-oauth2-autoconfigure, spring-security-oauth2, spring security default login, spring-security-jwt maven, spring security userdetails, spring boot security course, spring boot security, spring security example, spring boot security starter, spring database security, what is spring security, spring security tutorial for beginners, authorization, authentication, spring security, spring security tutorial, oauth 2.0, oauth2 spring boot, spring security in spring boot
Id: tWcqSIQr6Ks
Channel Id: undefined
Length: 158min 19sec (9499 seconds)
Published: Sat Feb 12 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.