This video demonstrates how to implement JWT (JSON Web Token) authentication in a Spring Boot application. The process involves: (1) configuring Spring Security's AuthenticationManager to authenticate users using email and password, (2) adding JWT dependencies (jjwt-api, jjwt-impl, jjwt-jackson) to pom.xml, (3) creating a JWT service to generate tokens with claims (subject, issuedAt, expiration) and sign them with a secret key, (4) implementing a custom JWT authentication filter that extracts tokens from request headers, validates them, and sets the authentication context, (5) configuring stateless session management and authentication provider beans, and (6) removing form login configuration to enable token-based authentication. The final implementation allows authenticated users to access protected endpoints by passing the JWT token in the Authorization header.
Day 4 Hour 20 JWT Token Integration | Logging in The User | Spring Boot + AngularAdded:
Butcher.
Madam Madam Mad.
Yo [ __ ] I'm second now.
Just start. I just started and posted a link.
important authentication important.
So, We have to get it, you know.
I hope I like this. I'm second now.
Yeah.
So, we we will work on only one API today.
So the API is uh localhost 8080 uh URL this URL you know I'll copy this URL that's it okay we we have to only work on this API. This API is nothing but authentication.
Okay. So it is a post API.
Post API that means it has a body. So body is our uh email.
In this case, email is uh my email which we have registered uh on first day using register API. It's present in our DB. And then there is password.
So I'm telling you my password openly.
My password is password 1 2 3.
Okay, this is request. Okay, I'll mark it. This is API request.
Uh, bro, for Thorin, you better now mess with me, bro. For the whole day I was traveling today, I was in Oh, nice. You are in diary abil.
and response y bro in di just for vacations and our response will be uh it should be 200 okay response and response is like it will have all username okay uh id role all these but along with token it will have our token and this is what we are going to add today to our response because this API response is still there. If I go and run the application, uh, if I go and run the application right now, let's see. Uh, bro, you from I'm from Pune, bro. I have no enemies, man.
Peace.
Uh, make some enemies, bro.
Okay, the application is running. Let's go here and let's see what it gives us currently. A it gives what?
What? White field. It gave 200. Okay, bro. My mom and sis wanted to shop and I'm back to the home now. They freaking handed me the load. Went in the female market. I was just cooly. Child abuse is happening.
No comments on that. You are going you are going to be abused for lifetime.
Post mapping login.
Uh body 1 2 3 I guess. No. Yeah. 1 2 3 password password.
Uh are doing job. Yes, I'm doing job.
Currently working in a company. I have five years of experience mostly in the front end side and the deployment but not much on the back end. Hence I am improving my backend skills right now.
It's you know uh it feels good to talk with you guys you know on daily basis is doing MCA good after BCA BCA is enough bro you can get job if your goal is to get into job then BCA is more than enough uh as per the current market you just start preparing for the jobs take at least one one year of experience job experience and then you can think of doing MCA later on without having uh actual industry experience going for masters I don't I never felt it right it's my personal opinion so yeah this was this is our current response in this response we just want to add token so adding that is not going to be chalma such now it became responsibility no I am the I'm currently in Pune name a what's your name Ajo what what's your name bro George I thought di would be crazy place but I was not up to the mark my expectation it was not up same expectations fulfill when I was in I liked some places historical places was good metro was good but So modern city what could be a di capital des it was like okay it's just another town how much AI you use in coding bro it depends for job almost 90% I'm using AI because it's it has become some repetitive task. Uh while learning something new, I try not to use AI to write code but to but use AI to ask the questions like learn the concepts, learn the steps.
My name is Joe living near karat. Oh okay. Karate I live in Vimmanagar bro.
There are many folks are from uh Pune.
Raj is from Pune. Thorfin.
Where is our discord?
Should I add this link here? I'll again add this link here.
It's good.
Uh same feeling I got now. I think that indoor is way better than Indor is that good city or important indoor is very clean. Every every city in India should learn from indor how to screen stuck obs.
People are very people have good civic sense there.
The first thing that we need I was reading about is authentication manager.
Okay. So, in this one, I'll write the comments. In this one, we have to first uh don't save.
So we have to like first uh I'll write todo authenticate authenticate user based on uh email and password.
But we will not do this. It will be done. It will be done by the spring uh spring framework security module which is authentication manager and it is bit confusing you know.
So this is the first task authenticate and then if user is authenticated then generate JWT token okay and then add uh we'll pass this token to this response you token simply.
Yes. Yes. Yes. I I am going in steps you know documentation.
this RFC document. Next JWT custom custom JWT authentication proper to integrate authentication.
Google authentication GitHub authentication.
So this will be a good thing to implement 2.0 framework and how it will work.
But first we'll do JWT JWT about we will go we will replace our JWT with this or 2.0 O and then we are done then this and then error handling so that it will be universal errors and for the front end also I'll do the same Friday office bro I might go early today as I'm freaking tired no problem bro lots of traveling today 6 hours of traveling and 6 hours of my mom bargaining from the shops in the market and me the uh take rest.
Take rest.
I'll use this to debug you know uh intelligib anti-gravity. So I'll use this to write code. Okay. What I missed in the messages I hope you guys understood what I'm trying to do here. you know mindset.
Yeah.
we'll tell everything about this. So this is the first thing uh it's from the spring documentation and yeah provide manager this authentication manager manager gives us some things uh this is this is it's a interface authentication manager and it has one method which is authenticate and this is what we want to use. So basically if we go to our code and we have to autowire this dependency.
So auto wired paper I'll keep it aside.
uh autowired or authentication manager.
We need this authentication manager private uh authentication manager.
Okay, it's go import. Yes, imported. See it's coming from spring framework security authentication.
So it's part of spring framework security. So all the request I'm supposedly go to this while um authenticating I know that because just auto wiring it will not work.
So uh this authentication manager it has authenticate method and to this uh we need to pass two things.
Are you in Bangalore? No bro I'm in Pune.
New member in the discord bro. Okay let me check.
Hi Ajo.
It's a cool name. It's a Jenzi name.
Major AO bro.
Hello Shri Sai we need you today.
Anti-gravity. Yes. this authenticate.
So how this documentation is authentication uh I'll create a tab one more and I'll ask this question how to authenticate using authentication manager in spring framework. work.
Username and password.
What is this method used here?
Authenticate. Yeah, authentication request. What does this request have?
login request. We have to do the same.
What does this login request have?
Uh let's search this login request.
Uh login request is just username and password. Okay. So that means uh we have to just pass this uh user login DTO dot login DTO dot get email and same username and get password. So these two things we have to pass.
Okay.
H what's the method authenticate in the is not applicable for the argument string okay it doesn't take string then what is taking string only string and string uh aa unauthenticated no authenticate we want and we're doing something.
Authenticate.
Authentication request.
Yeah. Authentication request.
Actually, we need this first. Is it It's saying we need this first quick fix import spring framework security and uh not login request but this this two and then authentication request here. Okay, it worked. Yeah, it worked.
So, but uh you know we have to create its bin. It will not work like this. So, let's run this and uh we'll see the error. We for sure know this will be an error but we want to know what's the error. So, we'll fix that.
Uh, Shri Sai, have you joined the Discord server?
Yeah, he's he's in the Discord, I guess.
So, yeah. Uh, fail to failed authentic is uh yeah, this error we want to know.
Okay. Field authentication manager in com example back controller required a bin of type organization framework security. uh that could not be found. So we need to add this as a bin. So here uh we'll add one class called application config. In this config we will add whatever the bin that we need. I'm not sure how to add that bin. So I have to go and see the documentation.
Uh it's this is this is the better way to uh find how to add uh authentication manager as a bin uh in my spring spring boot application and give me the documentation URL so I'll read I'll understand I'll try to implement not just give me the code because that's what the moto is moto is not to write the code but to understand code to expose the authentication manager as a bin in spring uh boot application you can use one of the modern approaches configuration class no a configuration class.
So, so, so, so, so at least this is this is what we want.
Config document.
Da in required authentication manager that could not be found.
Consider authentication manager in your this.
So public get authentication manager.
Uh I can see so many likes and hearts today. Moto is to understand the code not to write it on code.
Get authentication manager authentication manager. Is it a method?
Uh I didn't understand this.
H get authentication manager.
So yeah get authentication manager you know authentication manager this public authentication manager get authentication manager.
So bin configuration so that I don't know why exactly we give it configuration but I will figure it out and at the rate Uh we'll first write public authentic authentication manager uh authentication manager and parameter what does it take?
How would I know?
Lena authentication configuration it is like middleware how middleares works in NodeJS that's what I'm relating to o configuration all right bro got asleep early I'm super exhausted for real battery low plug in the charger yeah yeah yeah soja by soja soja you were in dill scorching heat today so you are supposed to sleep by now.
I want to know where is this.
Can you share me the documentation URL for this exact below code?
This is very good way to search authentication to container managers authentication plus authentication configuration.
Authentication manager builder get authentication manager.
scratch.
So he was apparently right.
I have to go and search for the things.
Yeah. And then uh get it.
Okay. It's go this only authentication configuration.
uh import this import class and then return oconfig dot get authentication manager that is what we want and uh it's giving us the importation spring framework security config. Okay.
And uh throws exception. Okay. It was asking error. Yeah. Uh and handle Java exception. Yeah. Throws exception.
That's basic.
Okay.
Now what next? Let's try and run the application again and let's see that this error is gone or not or does it need any more things. So error.
Okay. So there is one more error that means we need some more things.
Uh field authentication manager required the bin of this.
I have added a bin.
I have added a bin.
Uh I have added a bin here. So what's the problem? Was application config is empty here. Aa stage changes. Now application config.
Yeah, it has. Do I need any more?
Uh what does this add at the rate configuration means? You know what does this add at the rate configuration means in spring boot?
In spring boot the configuration annotation indicates that the class that a class is a source of bin definition.
It is core part of spring's Java based configuration system. What does it mean?
Declare bins. Tell Spring that the methods inside the class annotated with the bin should be executed. Instantiate, configure and initialize objects that will be managed by Spring container. AA and D the component component tells Spring read this class for bin recipes.
But then he added this you know uh compiler. So I'll get this anti-gravity here and I'll use intellig only.
Uh, explain me this error, buddy.
Ask This error means spring boot cannot find authentication manager bin to inject into user but we added oh bin this why it's in red why it's in red I'm not Let's see.
Uh, it worked. It worked. It seems it worked. Okay. So, what's what's there uh after this for us? I I don't think we need this right now. And then this response. Okay. Let's see what our API would give us now.
Yeah, it give us gave us uh correct this thing. So this step is not required I'm supposing because authentication manager is doing that for us and yeah so let's rerun this.
code snippet or page. Yeah, it's giving fine you know it's fine. So this part is working. So this part is not required. Verify the password matches. No. Authentication manager is doing this for us. If the user is authenticated. Yeah. Now we want most important thing get JWT token.
So token h now now now now I have to open a new search okay search will come oh no here this RFC documentation is not required now zite code this much is required uh first and foremost we'll need some dependencies that I don't know which dependency uh we'll need which dependencies uh would be required to to inject JWT token in my spring boot application.
So whatever the new thing that we'll implement it will start from pom.xml XML that is means injecting the dependencies.
So let's see which dependencies we want.
Shall I consider go fully go Linux for my webdev learning? My laptop uh is dying with Windows.
It doesn't to be honest I'm in this field like five uh five years and it never mattered which OS I'm using. We are not coding for the OS or something.
uh and nowadays every OS every computer is apt to do coding. So it doesn't matter if your laptop is dying then yeah you can go for Linux else it's uh not worth it get some uh kabus not so heavy OS Linux this uh meat guy is very expert in this he he's uh he's tired today he's gone so he might have suggested you some better version if you know you can Long time no see. How's your summer going? My summer is going very well bro. I don't have summer vacations though. I'm I'm here daily bro. Wignes you are here after long time. How are you?
Okay these three libraries we need JWT processing library JJW the most common and this is where we get uh Maven repository. So npm angular and these are these things.
So first we'll go and add JJWT API. JJWT API this and uh give me the latest version.
03. So I'll copy this and I'll go to my application properties.
Application properties.
application properties and e not application properties pom.xml pom.xml XML you at the end we'll add this uh okay then after this we need JJW it is inter interface JJWT API is an interface uh public API for JWT library used to create and consumes JSON web tokens in Java yeah that's what we need uh then JJWT impl the actual implementation of the API runtime only Okay. I'm not sure what that mean, but yeah.
Uh it's semi version download version.
What's this runtime and all compile time? Runtime scope compile time.
Let me refresh.
Uh fine and now 3 weeks of summer, two weeks went off in a blink of an eye.
Still one week left and then exams.
Summer vacations exams all the exams are done or some exams.
Somebody disliked the stream I just saw.
Please please give my like back. Whoever just disliked the stream, please give my like back.
Then what's the third dependency is uh Jackson JJWT Jackson support for JSON serialization d serialization using Jackson runtime run comp.
What does this mean?
Okay.
Dependencies download because just because of the dependencies. Yeah. Stop and rerun mids then externals then same by summer problem. You know what's the problem with this summer vacations and then exams. We are supposed to enjoy these vacations but we can't. And we are supposed to study for the exams but we can't.
So it goes very dry.
Give only one 1 hour 2 hour only in morning or in the evening somewhere sometime just to study rest you you give it just for the enjoyment a worked no problem problems with our dependencies. I don't know why this scope runtime and this true 100% yeah by same oh palu it it is just an unwanted pressure on our minds throughout the vacations but yeah I have I have been through that just try to give one dedicated hour in that hour you will not do anything else just but to study and not too much of time just give 1 to two hours that's enough study for 1 to two hours focusly and Then enjoy your summer vacations.
That's also important to enjoy.
Now I want to know see I'll I'll write a simple code that I can think of string token and uh right now I'll write dummy and it should be given by get it get it from JWT somehow.
Okay. So, how it will look, you know, I'll rerun this.
Uh uh now I have to go and find the code to get token from these dependencies from JWT basically. So if I go here and do send array I didn't did this user controller and this token I have to update the user response as well. So in this user response I have to add uh private string token.
Okay I don't need this I suppose.
And uh now I need this. I guess I don't need this now. And in this one I'll go and add token string token because that is what we are doing here. Token token. And then this dot token is equal to token. Okay.
Added here. And then in this one. So there is some shortcut that I was seeing the YouTubers were using add uh actions uh uh getters and setters. Yeah. Token.
Okay. Yeah.
Yeah. Now I'm expert in Java.
What? Why it's crying? Found problems related to this user response may look long. Use getter setter. What?
Oh, I see. I don't have to use this.
Yeah, I can remove all this and I can just write getter and setter lambok. If this is correct. Two problems. If there are two problems, then I don't want it.
Uh is it not crying? Yeah, it's not crying. And uh back to this. Oh, I removed the No, I didn't remove anything.
Uh expected seven arguments but found six.
Uh, it's saying password.
Mhm.
1 2 3 4 5 6 7 1 2 3 4 5 6 7 or Yeah.
Bro, fix this syntax something syntax error here.
Uh, fix this syntax consistency.
Yeah. Should fix a daily routine as soon as possible and learn. Well, yeah.
Consistency. Don't stress out too much.
Keep it simple. See, life as simple as simple as possible.
It [ __ ] us back because we are a lazy animal. Right now we are very lazy. Soist.
I have learned this very hard way. Never keep a difficult schedule or from 6:00 to 11 a complete schedule you know no it will never work out just keep okay whenever I wake up with the cup of tea I'll read for 15 minutes that's it not more than 15 minutes then I'll scroll reals for 2 hours then after that I'll read for I study I'll study for half an hour then I'll go play cricket something something resist brain deleted.
Keep as low resistance as possible in your life. Lombok requires enabling annotation processes. Enable enable sub enable bro.
Uh yeah, dummy token. See this dummy token we have to replace with JWT. Now go and search, do Google, search for JWT.
Now tell me how to get token from JWT in Spring Boot.
Want to do as much as possible. taking time but one day paka want to do as much as possible.
uh taking time but one see start from very small thing very small which example key for example fitness maybe for example fitness you want to go to gym so in your mind you are seeing some reals you know uh guys are getting fit running 10 km 5 km hitting gym 2 hours a day and you you get motivated and one day you try to go and buy subscription for the gym. Uh you go for a day or two then you stop.
This happens because we have uh spiked we have spiked the expectations drastically. So it should not go like that. If you are you want to get fit just wake up at any time you want just do something uh stretching exercises at your home just for 5 to 10 minutes. Okay do this for at least 4 5 days after fifth day you will realize no I want to extend my stretching time from 10 minutes to 15 minutes to half an hour.
You will start to look into video something something but you will do stretching for half an hour. After seven day you will notice okay I'm getting addicted to this it's giving me good dopamine not a spike but a good natural slightly increased dopamine so you will try to pursue it more and in that surge of uh small dopamine hit you will try to increase that dopamine so you'll try to find good options you will do cycling cricket something sports or maybe gym then after that little bit of spike when you join in uh the gym or whatever the physical activity you want you will be very consistent you will right now you will not understand what I'm trying to say but after that you will be very consistent so give your mind a doses in ch amount so that your mind will understand I'll get this many benefits Yeah.
English good good habits. We have to incorporate little little good habits in our life.
string bearer token get header extract token from header bro extract token from header bro I'm upset on that I see one less like here.
I should have some notes. No, as a randomly, let me find my note something.
I know there is JWT service that we need to create but what does it will have?
So uh not this I want to generate my own JWT token and uh for that I surely need uh a JWT service. Okay.
And uh I'm I'm not sure how to write that but yeah guide me in that.
Hey camera prompt.
What the [ __ ] again. Not this.
Not this bro. I want to generate my own token.
JWT token.
Once user is authenticated from authentication manager. This this is the step that we have done already.
Authentication manager.
After that, I want to generate the token.
But I know that I'll need a JWT service for that.
So please is not required. So guide me to write this service and what all uh functions I'll need in that.
Got it. Uh unit class that actually build science and issues token. Yeah, here is simple JWT code.
uh generate token. So instead of looking into this code, uh can you share me the original documentation for this so that I can get enlightened just like Gotham Buddha.
Uh I'm missing on chat or something.
Uh want to do as true 100%. Like hi.
The worst part is knowing how to enjoy life by taking advices. Worst part is knowing how to enjoy our life by JSON web token. Yeah, JSON web token.
Uh data tracker. Uh this this this internet engineering no no collision resistant name numeric date.
Uh guys, but uh if you are watching it, please do like the stream. Uh I'm putting a little bit of efforts in doing these things. So please consider liking the stream. It will really uh help and it will if you like this kind of stuff you know if you like this kind of stuff uh if you are into some kind of coding or something or you want to have a you if you want to be part of a good network then consider just liking the stream so that next time whenever I'm streaming it will come to your suggestion your YouTube homepage or shorts page and then you can join and then you can see the chats and uh Discord server. We are we are discussing so many different kinds of things in this to be some guys are into Linux, some are into web development something. So it will be a good community. So do consider joining the community and it will start from your like just try to give a like today and then if you really like after watching two three streams then do consider joining the channel by subscribing it. So, you don't have to subscribe it today. Just like the stream.
Uh, my OBS is [ __ ] I guess.
Yeah, live is also correct.
service official repository.
JJWT aims to be the easiest to use and understand. Easiest to use, bro.
Library for creating and verifying JSON web tokens and JSON web keys.
implementation API uh src JSON web token or two spring security class API reference.
Yeah, I know today's stream is going to be boring for you.
question. Why? Go.
I'll probably get married by end of this year. So till then I can grind too much because just ask randomly by the end of this year. So maybe in December initialize authentication provider there is generate token method it's saying generate token.
JWT generate token documentation.
Uh guys, you can think of joining the discord server as well. The link is in the pinned comment.
Gender token will have what it will have.
Just a minute, guys.
service folder.
JWT service.
JWT service add the red service and we'll need one method here. Uh token public string generate token.
Okay.
Method method.
So it's saying return there is a method called generate token and it's saying use our own like hashmap new hashmap string and Nothing.
Hashmap, comma, user details.
User details.
We have to pass the user details to this user details. Okay. Spring security may user details and then return generate token.
generate token token. Okay.
Okay. One is just returning us the string. But why two methods then?
YouTube video.
Uh yeah thanks bro but it's complete >> after that what we did we created this request this is a simple pojo to accept username and password after that what we did we need to authenticate our object so we called our existing authentication manager and we authenticated >> yeah return JWT util generate token show me this method Now this needs a authentication object. So we made use of username password authentication token over here and we pass this username and password and this guy did its job authenticated. If this authentication failed then exception will be thrown and user will get 401 >> exception. Then what we have we have implemented a JWT utility and we have added a simple function to create a JWT.
>> Ah this it he created a JWT util not a service. Okay. And a string generate token. Yeah, this this is simple.
Generate token string username to simple service.
So we'll refer this delete delete. Delete.
Uh, aut folder new package util and we need one class called JWT util.
Okay. And this is just a component component import class.
Okay. And in this component he created a method uh public string generate token and string username.
So public string generate token and email. Yeah, in our case it's email. And then he used JWTS.Builder.
JWTS.
Let's figure it out on the go. So return JWTs dot JWTs.
Does he have something? JWTS.Builder.
I want to use JWTS dot builder here.
Yeah, I got my like back. Thanks for that.
Okay.
What it did?
JSON web token.
From where does this uh JWTs is coming? No, JSON web token is not there. No, in our pom.xml.
Uh it's there.
So why this error? Maybe I'll reopen this.
cannot resolve symbol add my own dependencies is it because of that thing scope thing scope is compile time maybe or if I I'll give it a error directly cannot resolve JSON web token cannot resolve JSON web token.
I'll erase this code. Don't worry. Uh analyzed add dependency injection.
Okay.
The dependencies downloaded when we clean install.
Anti-gravity Gemini 3.5 Pro is like ultimate JSON Compile time scope.
Does anybody know what uh because keep all JWT util Stop.
Your package does not exist. Antigravity clean.
Let's back to the chat. Okay, there are no new chats. Uh please guys do like the stream radio. I can see it.
Uh this is classic ID glitch.
Where is terminal? And it's saying me to run this clean compile.
Finished.
Still I can see the issue.
It's not getting synced.
Still the same error pro.
uh if you guys are joining today you can also see my like last three streams in the first stream I did actually created uh the UI in angular and it's there in my git repo you can go and check that out uh right now I'm uh I have created register API login API and now I'm doing JWT integration like the token the basic basic most possible authentication is JWT token and that's what I'm trying to integrate today so what it will Boom. It will just this was our response and in this one I have added this dummy token.
Right now this dummy token will be replaced by JWT token and whatever the other APIs like this API it should work with the token like this token and it should give us the reply uh response. So that is what our goal is. So for all this to add one single line of token in this one and uh only for this login API we'll need username and password after that we will not be asked to enter a username and password that that is what authentication is okay and we'll store the token in the local storage uh on the front end side not the session cookie or something something no we'll use local storage and then I'll show you how to integrate this in the front end and we'll do musts error handling and then we are good to go.
After that I will uh do a step up to integrate to replace this JWT whatever we are doing with the oath 2.0 maybe by the Google authentication time integrate though I'll do that. So starting repository if even if you want that to use this as a starting as a starter package you can clone it and use it for free and uh for my future projects also I'll use this same uh client may change client can be mobile application or uh web application or whatever it be but the starter will remain the same.
Okay. So, back to my code.
Yeah. Hello.
I will list the contents of your back end.
I need one more monitor over here so I can see my code ID and chats because chats anti-ravity.
Sh user response user response.
Where is response entity? This this user response.
I I think we need to extend this uh user details.
Extend implement.
Yeah, implements it's an interface not in user details I guess in user entity we have to do this.
[ __ ] off. [ __ ] this [ __ ] Yeah. and then open IntelJ again.
Maybe it's a glitch.
Yeah, it worked.
Indian jardly we are no AI policy so we'll sorry AI but I'll have to let you expiration or JWT secret.
Uh now we have to build this like uh the guy was doing. So the first is set subject. He set the subject as email.
Yeah, we'll also set the autocomplete then set username set uh set subject then set issued at. Yeah, set issued at this then set expiry.
Uh expiry is JWT expiration. I hope it takes that.
Then sign in with the key.
Sign with the signature.
Uh sign with key.
Where is the key? Uh he has created this key. Secret key. Do we have a secret key? Yeah. Get secret key.
We have a function for that. Get secret key, comma, signature. H256. And compact is like give it mean a string baby.
JWT secret JWT secret. Okay.
token by using all these things. We have added subject, we have added issued at, we have added sign with sign with this particular secret and this guy will accept a key only. So secret key only this will accept. So this string we need to convert to secret key by using this method by using this keys which is again coming from your JSON web token. Right?
And this will just return a token for us. And another thing we have uh done is basically we have added this particular libraries in our pom.xml >> it's the JSON web token JWT token runtime. Okay.
>> So this generated authentic >> code this particular library is in our pom.xml right. So this >> you know being a multilingual person it's very good that I can understand different language of uh this tutorials knowing multiple languages I know Marati Hindi English little bit of Telu so it's good I can see many like >> authentication token for for string we need to we have we have implemented a Okay. Okay. It's it's just doing this generate hot or token. Let's let's try this.
Get this method. Go to the controller controller controller controller and then uh aa it already did for us.
So something is missing.
JWT utility and we have added a simple function to create a JWT token by using it's gave 200 but uh it gave wrong response all these things we have added subject we have added issued At we have added expiration time and we have added sign with sign with this particular secret author request. We can see now this O request we need to create right address and admin 1 2 3 4 authenticate implements user details from the spring security implement methods.
Get email override this. Get password get okay get username is again give email only uh is account expired user details super account non expired it's directly true true user details super is enabled uh we have is enabled or something is active we have is active and is deleted so we can use combination of both get ro is active active active public set active active active is okay.
Now if I go and rerun because response uh guys I can see huge watching but huge is just for me but please do like the stream. Yeah. Yeah it worked bro.
Oh user user details is coming from spring security.
This is their object spring uh framework security car and spring security framework abides by this uh interface and that's why it was trying it was not understanding what's the user uh may use okay okay by use getter and setter Isn't it?
Get or set.
Let's try this token to this dashboard.
beer token.
Ah, okay.
It gave 200 means it authenticated but didn't give us the correct response. So maybe something another things are wrong.
So it became so easy. Wait.
See this.
Okay. So, these were the changes what we made.
snippet like very simple code you know uh generate token simple builder JWTs build user response token important token and then this authentication manager and then this token uh JWT generate token method.
Now this method is failing. Uh it actually passed. It gave us 200. Okay.
But it didn't give us the response correct response. So why that? We need to debug this.
Uh it's giving us this page.
Is it because the response is just a string or uh what's the issue? Yeah. API.
So, let me ask copilot.
Yeah, let me ask copilot sir user controller this uh why I'm getting random HTML in the API response for this simple API. Okay.
The dashboard dashboard endpoints requires authentication without a JWT token. Spring securityities form login redirects you to a form security this login.
And default success.
Permit all or permit all.
Wait, we'll see you know just a minute. I understood the because form login hence it is giving us this form login remove.
It's a simple task but that I don't know.
So let me look for this thing.
O config may we have to have to have to remove this form login.
Uh alternatively if you want dashboard to be public. No, I want dashboard to be behind the security. No, I want dashboard behind the security.
It should be accessed only when token is provided.
I'll I don't update, bro. Don't update, bro.
Undo all.
Yes. Undo.
We are missing out on big piece.
Hungry now.
Okay. So, seems like people have left, but it's okay.
Salah is best.
We are missing one on the filters part.
I guess filter is what I'm missing here right now.
Just don't write the code. just tell me what I'm missing here because every request will come and then uh from that request we have to get okay I understood I don't need this okay so I understood the problem why our dashboard uh uh this is giving us this form even though it's 200 okay uh the problem is first we are using still this form login and second after they uh register and authenticate these two API like uh login and register API these two are not behind the security wall but after the login is successful then we are getting the token and after that every see this and after that every API should be should give us response just using this token not anything else.
So whenever a request will come from that request we have to get the headers.
Okay, we are passing this beer token in the for in the form of header and get the uh get the token.
After that we have to validate the token, check its expiry, check subject, check everything else and if it's valid token then we have to give the request to the controller. So there should be something before the controller and that I know what comes before the controller is filter. So we have to create our own filter.
Now I understood. Now the next thing to figure out is how to create uh how to create this filter.
That's why he was time.
Let me enjoy my amus and I'll be back. Filter add that I understood.
So I can go here.
Um I'll create one package and I'll write filters and oh there is a one there is filter folder already he created dumbass in this filter there is this file JWT authentication filter so what we will do we don't want any code written by the AI. So, I'm deleting this.
Yes. Yes. Yes. For sure, bro. Live stream.
filters filters concept.
So new tab Google feature.
So, what's the filters in Spring Boot?
Amrest filters documentation.
In the serlet API, you can add the Jakarta survey filter to apply interception style logic before and after the rest of the processing chain of filters and target serlet.
There are also base. See this is very important concept if you are really here for the spring boot. Now filters is very important. Filters comes before controller.
So whatever the request uh API request that we are hitting we think yeah it has dashboard. So ideally if there is no authentication for example if there is no authentication then it will go to direct controller and in controller it will find okay dashboard and it will come directly to this method. But if we write a filter the request wouldn't go to the controller first. It will go to the inter interceptor which is the filter not interceptor exactly it's a filter.
it will go to filter it will filter out the request and then it will go to the controller and that is what an advantage of this. So we have to learn this and create the filter so that this um form login system will uh remove from our o login o config. So currently we have this form login. So uh the goal is to remove this because currently API response form login. So that is the problem and we will solve this problem because we likes the problem. We like the problems.
Uh browsers can submit form data only through this HTTP request. Okay. But non- browser clients can also use HTTP put patch server selector methods to support form fields. Okay. The spring web module form contain filter to intercept HTTP put patch this request aa forwarded headers as request goes it's like a middleware in node it's more likely likely that because it in that also we can mutate request and responses object as request uh goes through proxies such as load balancers the whole host port scheme may change and that makes it a challenge challenge to create the links in that point. Non-standard headers code bench Yeah, bye.
How to write a custom filter.
Mhm. Not. I'm feeling this is not right.
There is this interface.
Yeah, once per request filter then only it understand key it is a filter. Okay.
So at least try this.
So JWT authentication filter extend once extends once uh per request filter. Okay.
And then yeah, implement this whatever the [ __ ] Google extends once per filter and do filter internal HTTP request I response I filter chain and throw serlet exception system outprint incoming request aa this from this incoming request uh get method get request URI Okay, how to get uh headers from this? Because the token is available in the headers only you know.
So how to do this?
HP server request response.
how to extract token from the headers.
Let's ask this how to extract because token.
So how to extract JWT token uh from the request headers here.
Here. Here starts with Ber string header. This phone token validate chain chain saying use this filter chain do okay and return request response and token string token 1 2 and one space 1 2 3 4 5 6 and seven.
we'll need this uh things now see I I am getting this now this token we have to decode it and after decoding this we need to verify the things out of this so how to decode this there is a way JWT io and go and if I paste this token uh I'm getting this yeah Rohit Mund subject uh expiry and there is a secret so I have to verify these three things secret uh validate expiry maybe validate issued at as well and then check if email user email I can see something on discord is there Uh yeah. Hi Ragul. Are you in the chat right now? Ragul cho bio. Good night. Good night. Good night. Good night Raj.
Ragul. Ragul. Are you in the chat bro?
Because I didn't see any of your text here.
It's okay. back to back to this service.
That's what I'm feeling.
Q.
So I can write a method over here.
Uh maybe public not public private uh string.
I'm just doing a guess work over here right now. Get email from token. Yeah, implement JWT parsing logic for this. So how how how bro? How?
How can I implement this method here?
Sal How to implement this method?
It's saying JWTs again.
Use JWTs to JWTS.
It's saying key instead of this you know uh JWTs JWT already public string extract email from token. Yes.
Yes bro. Yes. Parse builder. No. Parser build.
Then build parse claim get body get subject.
Maybe this is right. And we can use this extract email in this here.
We can have like string email. Yeah, this now we have to import this.
Hey, import JWT util bro.
import J capital method wide. It's crying one related problem non-static method extract email cannot be referenced from a static content it's a static method static public static string is static.
Hey JWT secret public static Let me see the chat.
So maybe I have to check is null first and foremost.
So that's that is nob brainer.
If uh this email is not equal to null.
Not equal to null.
Okay.
Authenticate condition.
Let's see content.
Security holder. H yeah. Security context get holder not email empty security context holder authenticated is also null. Import class.
Import set authentication.
Set authentication.
Get authentication.
Yeah. Get authentication.
And if it's null then that is means it is authenticated that means user present.
So yeah user details user details load user by email.
Details import class.
User details service. User detail service.
User detail service. I is it uh is it something from the spring itself?
I guess so. It is something from the spring itself. So let's try private uh final. Yeah, user service import. Yeah, it's from there. Fine. Now we got the user details. Why it's crying, bro?
Aa, it needs a constructor.
Okay, fine.
User details service. Does it need a constructor? No, I can use this with this and this dot this. And if I remove this.
Yeah. No, it needs a constructor. Okay. Okay.
What else?
User details request like this we are giving.
Is there something else? Huh? We have to also check this token is validate or not these things. Uh validate token we have to write this.
So please write this J as capital JWT util and validate more action implement this method. I'll write this method there.
H now bro in this method yeah string email extract okay and return is not expired is not expired method we also need so create this method and in this one it's the time logic so date expiration parser uh date expiration set build now.
Okay.
Um okay, it it worked. JWT util validate then this I don't know username password it is also something from uh this cab score spring security or something so where this would come from user password authentication this is also from secure import option Uh import create class. No. Import. No.
This is something from spring security.
username authenticate password token uh or token and then user details credential user details get authorities okay whatever it needs it has passed and security holder get context I guess this is this is it Uh anything else that we need to do here?
Let's should I try it? Uh let me check the flow again. Is it done?
There is no flow. There is just this filter.
Okay, let me save this and let me see will it work or not or what error it will give.
Okay, no compile time error. Let's hit this endpoint.
form login config.
Now we don't need this. So what's the alternative for this?
Uh guys, can you please like the stream?
I can see people almost 100 views, 110 views so early. So 110 views and not even 10 likes. So please do like the stream.
Whoever is new to the stream, please do consider liking this stream because once you like the stream, the next time the stream will come to your suggestions and even then also if you like it.
Even then also if you like it then you can think of subscribing it. I'm not asking you to subscribe. Just give a give a like to this stream. And uh what my goal is I'm learning in public as you guys know whatever whatever the mistake I'll make I'll make it in public and I'm not afraid of uh making mistakes and I'll learn and next thing I want to create a good community of people around me here and uh that's what I'm doing. So I have gathered we we are a good people of good number of people here. So everybody is into some kind of a tech some kind of a learning new thing. So you can also think of joining the discord server as well. The link is in the pin chat. It's free of cost. People discuss new things there. Also do some buri if you are okay with that.
So you can think of joining this but please do like the stream. That's what uh Okay. Now the error. Yeah.
or config we have to remove this and form login that's for sure but after removing this line what else we have to do here Authenticated request match dashboard will be yeah any request dot authenticated not form login and then dashboard permit all bracket missing.
Okay. Any request this much? So, okay.
Uh there is this session creation policy something that we need here. after this uh import class. Yeah. And then after this filter then there is authentication provider.
I'll say this is not with us right now.
Uh and then do filter. Add filter something.
Add uh what is this? Add filter before down arrow.
Add filter before JWT authentication filter.
Okay. Import this class. We have create we have created this class.
J is capital cannot resolve.
Why this is not being imported JWT authentication filter copy copy path copy option let's write manual lead then import this JWT filter and authentication provider. Yeah.
So I have to inject the authentication provider. It seems auto and this. Yes, thank you for suggesting this and constructor.
Yeah, it worked.
Uh, what else? Then return build. Maybe that's it.
Maybe that's it.
Hope no errors. There is some error.
Consider defining bin of type or au authentication provider.
It's a clear error. It's a clear error.
Authentication provider.
is an interface.
So config authentication provider and implements.
Authentication provider.
Import class.
Import class spring security.
And uh why this is crying?
Pull method authenticate to make it abstract.
Oh.
authentication provider [ __ ] My mind is [ __ ] Sorry guys, I'm back.
So today's topic is slightly boring it seems.
So I'll get a help of music.
Just a minute.
Okay. So it's saying uh binai authentication provider but we used this. So let's see what is this authentication provider.
So what's uh authentication provider and why I would need it's Green core computer component component spring security responsible for processing specific type of authentication request. It contains the actual logic to validate user credentials. Okay.
Come on.
I don't think we need this.
Application config.
I'll add another pin of this.
Someone Let's see. Error.
Oh, circular dependency.
Circular dependency. Uh JW defined uh this user service or config and authentication provider or config.
We can have this here and uh pass encoder.
So we don't need this apparently.
uh uh string password encoder.
I think it's fine because it's a circular dependency issue.
Yeah, I solved the circular dependency issue. Wow, great. I'm proud of myself.
Uh A because null pointer exception because secret is null.
Secret is null.
Because we made it static.
Because we made it static. We made it [ __ ] static because of this method filter.
The filter is a st protected method. And in this one, we use this uh where the [ __ ] is that method?
Yeah, this method.
Get username extract email. This method, this shouldn't be static.
This can't be static.
How can I solve this problem? If because of only one method, I have to make everything static.
know I can easily do cheating but that's not Right.
This can't be static, you know.
This method shouldn't be static.
If I uh make it a service and then inject it then maybe I don't have to make it a static and that's when this error will go. So that means I have to create a service uh JWT service and not to depend on this.
Okay, seems okay to me. So I'll go and create a class and I'll name it as JWT service and I'll move these things here. So first and foremost add the decorator service to this and then in this method we will Tonight I do.
myself to the We met cannot resolve.
This token expired.
The night we met private final JWT service JWT service and do this JWT service dot Okay.
Why it's crying?
Uh JW might not been initialized. Add constructor parameter.
JW service.
Okay, this problem seems to be resolving but problems.
We have problems here.
Take this song. This song is like cannot find declarations to go.
Part of body.
solve this problem.
Yeah.
Fix this static full of I guess you guys are bored at this point.
But we have progressed uh quite well.
This was giving us 200 uh okay error. We were pass able to create the token and just this the form login was still there and I forgot to include the most important point which is authenticated provider as a bean I haven't injected it and that's where the problem lies so I have to solve this but the static non-static which issue I asked AI to please help me Sh.
It seems all the problems are solved now.
Yeah, it seems it is resolved.
I hope it works. Yeah, it worked.
It worked. Now, let's see this token.
Now, let's see this token if this works.
Yeah, it worked.
Let's see our changes by it work here finally.
It's giving us this URL. This code JWT code is finally here, bro. And this dashboard is worked. This dashboard.
So, I'm happy now.
Let understand the changes.
Hey, what's this errors?
The constructor authenticator is duplicated.
Oh, my voice and all is not coming or what?
I hope my stream is fine.
I'll come to at the end. Let me do this. Yeah, this was the issue form login. Now we don't need this form login. We only need CSRF uh CSRF dot disable. Okay. Cross server uh site forging something. And then request matcher only register and O login should be permit all behind the security like behind the JWT token. Rest all is directly uh will be authenticated using token. So for this one permit all any request do authenticated then session management because we have to make it stateless. So session creation policy is set to stateless and then authentication provider. This is the missing piece. This was the missing piece that I added right now. I didn't added the bean for that. So I went into application config and I added a bin of this uh sorry this bin authentication provider. I already added for authentication manager but didn't add it for authentication provider because it didn't throw me an error earlier. So I did this and then authentication provider it will go to authentication provider. It does I have to see what's the internal implementation of this authentication provider now.
This method I used.
Okay, it worked.
Yeah, it's it this is the method that we have used authenticate to authenticate the user and just that we didn't add it's been I still not sure why it asked us to do this the authentication provider uh the authentication provider user detail service password encoder and then written provider okay then add filter it will go to our filter This was again a missing piece that I added. So this is nice.
I don't need comments now.
This was again the best piece of code that I figured out. So because of this there was an error. Uh the spring was unable to understand what our user is.
So this uh then or config yeah I'll pushing this then user controller uh will remove the unused imports from here.
We don't need this commands.
We don't need this.
Okay. I don't need this.
Okay.
Here we use Lombok setter.
JWT util final.
I should not sing on this tree.
Yeah, commit. This is the final commit for this one.
I should not sync for sure.
It's It's not sounding at all while I'm syncing.
Okay. So it will ask me for the paraphrase again. We are done. I'll show you how it's working one more time.
Yeah. So I'm happy with the progress today. So this is the login. Let's let's start with the register. No from register. So duplicate this tab and uh not duplicate this tab. Discard changes. Duplicate this tab and then go and register here not slashregister and the body. In the body we'll need for example if there is uh let me take some other person email fin uh password 1 2 3 Go.
I achieve her.
Okay, I'm testing it for the last time because It's working. Uh there are only two entries in the database. So I have asked it uh full name is this this this.
So I'll use this not John do. I'll use some user the subscriber's name.
So this is our subscriber. He's asleep now because it took a lot of time.
I'll ask him to log in tomorrow.
th to the rategmail.com and password is rohit 1 2 3 and send. Yeah, the user is created successfully.
And now using the same with the for the login. So to finit 123 is the password.
Uh Rohit 123 is the password. R capital.
So R capital and it will it should give us a token. Yeah the token is here. And now using this token I have to go to dashboard. So this token should be passed in the beer token for this dashboard and send. Yes.
I'm posting this in the discord just for one.
It's working Thank you.
I'm posting this in the discord so that the people should know I have implemented this and can get the code from the if you want to join the discord you are open to join the discord.
See guys, finally implemented the JWT authentication.
Okay, finally it is done. So, let me review this using the AI. I'll ask the AI to review this code.
Uh can you review my code and give me suggestions for the improvement?
improvement till this flow because it is done and uh what it changed till then I can play some chess.
Justice.
Yeah, is reviewing my code. So, meanwhile, I'll play a game of chess are What the [ __ ] Somebody sent me request.
Did someone send me a request?
Don't return entities directly in I got some review commands. So, let's try to solve this before.
Remove unused dependencies. Auto wired user controller. Okay, let's go to user controller. What's the unused dependencies?
Password encoder is unwanted dependency.
This is solved.
Then what's next? Uh switch auto wired field injection to constructor injection.
Then what it's saying?
Switch from auto wired field injection to constructor injection. Okay.
Pro tip. If you use Lombok, you can just put required arcs constru constructor at the top and the class variable as private. Final and lo constructor. Java naming. I don't want to use Lombok that much right now because I want to write it by my own hands. Next comment is Java naming conventions. You are using underscores for private variables while common.
Yeah, C. So yeah, I am from C# standard convention uh dictates using camel case without underscore suggestion name to user service. Okay.
private why it's crying uh cannot be resolved. There's no user service.
Is this correct? Uh I'm just working on the comments review comments because most of the part is done and I have pushed the code just I want to keep it as a clean code in my GitHub. So this this thing I should stop the shots uh live because the audience I'm getting is very wrong from the shots. The useless audience is coming from the shots. I shouldn't stream on the shots because those guys just care about the shots, dances, reals, but not this kind of stuff.
I don't want to go in that field. So yeah, I'm going to turn off my shorts stream.
Why it's giving me problem?
Let's rerun this.
I hope there are no errors.
Yeah.
Yeah, it's working.
So that wasn't an issue but anti-gravity is dumb.
Then what's the another comment that it gave me? Remove dependencies. I removed Java naming. Yeah, fix it. Use response entity for HTTP status code. Right now your controller methods returns row object user comma user response which defaults to HTTP 200. Okay. For rest APIs it's best practice to use response entity entity. So you can control the status code. For example creating a user should return 201 created. Okay.
This I didn't know.
So it should be return response entity created user and http created return 201 created aa let's let's try this It's saying do this import class import this class uh what is created user a user created This is not required. And it's saying use this.
Uh what's the point?
Okay.
Let's try and run this what the response it gives.
Let's rerun.
I hope there are no errors. Yeah, no errors.
Uh, anybody in the chat? I can use that name. Okay, Vignesh was there.
We finish.
Okay, this is created. So let's use this email.
It it gave 200 only. No, what's the change then?
It said return two 2011 as a response.
Uh HTTP status created.
It still gave me 200.
Yeah, it gave me 200. I'll show this to Now I'm just fixing the errors uh like the wrong syntax and all not errors actually just good practices.
So let me give this to anti-gravity and bro it's still giving me uh 200. It's still giving me 200. Okay, response.
Guys, please do like the stream because I almost complete I have not almost I have completed this uh JWT integration. I have shared the screenshot on the discord.
See this token we are generating using the secret and everything else and then based on that authentication another all the APIs are getting run. So we are we have successfully implemented this and this was the goal of the stream. In the next in the next one we will uh create APIs for like change of password reset password and there is a email integration that we have to do for the uh forget password URL. So we will do that and after that the UI that we created in the first stream angular UI.
Uh should I show you running those that Angular UI as well? Let me I'll show you that and we will uh on the fourth or fifth day maybe we'll integrate both like front end and back end. This was the front end that we created that I created. Uh and in this one package dojson I want terminal cd front end npm start. I'll show you the UI because I'm about to end and I'll also get some idea about it.
And what does anti-gravity is telling?
Uh by calling get body you stripped away the HTTP headers. Acha what the change it did.
Okay just that it's saying just that. So let's rerun this.
But while I was writing it, it said no use get body. You know HTTP status created. Uh, is there any new chat name I can use for this? Yeah, AO. The name I like today. AO.
AO.
AO. And password also same.
Oh, okay. Now 200 created.
Okay.
And then it said use the same 201 for login as well response. Okay. User response. Uh this also I didn't like. No. So user response user response is equal to this and return response.
We will improve this. We'll implement two as well. response. Okay.
User response is it response entity. It is response entity.
Okay.
Is it not okay?
What I'm writing wrong here?
User response.
Now this is correct.
What's wrong here, bro? Again, what's wrong?
What's wrong here? I really like the anti-gravities AI.
return.
Bro, my compilers are now off.
New user response. Same with So this I'll integrate with the APIs that I have created this token and this so this has become very simple for for me. Now let's push the code changes. Now I don't think this is needed.
This is not needed.
Okay, I'm about to end now. It's too much viewers question.
So, I'll stop.
I have pushed all the code to GitHub.
Let's let me check my GitHub once.
Oh, okay. I'm done, bro.
I'm really done. I'll just paste this GitHub URL in the chat. And I'm about to sleep now.
Now Sunday is not good for streaming.
Related Videos
Agentforce NOW AMA: Build with React and Salesforce Multi-Framework
SalesforceDevs
490 views•2026-05-28
How agent o11y differs from traditional o11y — Phil Hetzel, Braintrust
aiDotEngineer
450 views•2026-05-28
WEB TECHNOLOGIES UNIT-2 | Degree 4th sem BCOM Computers web technologies unit-2 full explanation💯✅
LearnwithSahera
1K views•2026-05-29
More tests are always better? How to use AI to identify tests that bring little value
Alliance4Qualification
335 views•2026-05-29
Search Algorithms Explained in 60 Seconds! 🤖💨
samarthtuliofficial
218 views•2026-06-01
People of Game of Thrones using JavaScript DOM
AltCampus
296 views•2026-05-30
Introduction to Problem Solving Part - 1 | Lecture 1 | Intermediate DSA
ascensionix
107 views•2026-05-29
🚀 BCS613C Compiler Design | Module 1 to 5 Schema Evaluation 🔥 | VTU 6th Sem 💯 #VTU #bcs613c #exam
Pranavaa-y4y
104 views•2026-06-02
