π Add to Chrome β Itβs Free - YouTube Summarizer
Category: N/A
No summary available.
00:00
and now it's time to focus on security see the thing is when you talk about software development of course we build projects and then in that process basically we have to first learn the language we have to learn the Frameworks and then we start implementing the
00:15
project the most important thing in a project when you build it is it should work of course right if your software is not working then all the other aspect doesn't make any sense so the first thing is focus on building a working product next is the project or the
00:31
software should be stable I mean we build projects which works and then suddenly it stopped working for few inputs and then uh maybe because of some issues it gives you other issues now that means your software is not stable and most of the application which I use
00:48
on my phone are not stable right U even it can be a banking application I mean the only thing which works perfectly I think is calculator right apart from that you will see bugs in most of the software and it will be no software in the world
01:03
is 100% bug proof and if you think that one of the software is bug proof maybe we have not done enough hard work to find the bugs but yeah it will it will have some bugs we have to make sure that you reduce the number of bugs at least the major bug should not be there and by
01:18
doing that you're making it stable so in Java also we can do that with the help of handling the exceptions and stuff then the most important thing which comes here is the security and we know know the importance of security right and that's why on your phone as well you
01:34
implement the locks maybe it can be your fingerprint reader or your face unlock or using a pattern or a password we do keep the password as 0000 just to make it easy but again not a good idea uh still we know the importance of security Now whatever we have built till this
01:49
point and whatever we have learned in the project which we have built is not secure because anyone can go there anyone can do anything with the project uh what if you want to make it secure you'll be having multiple users not everyone should be able to do everything example if you are building e-commerce
02:05
uh we will be having different rules there so someone the seller will add the product the buyer will buy the product right so everyone will have different role and they have to log in to achieve those roles and that's how you can basically you can secure it and that's not the only way you can secure it there
02:21
are multiple ways of securing it but as a developer we focus on uh login log out or with the help of username password or maybe some other formats so yeah so how do we Implement security Now if you're not using spring if you're using a normal s JSP to build web
02:36
application implementing security is a big task I mean trust me if you spend 10 hours building a product you'll be spending another 20 hours securing it but Spring Security will make your work easy how we'll see that step by step but
02:52
then how do we know how do we secure the application what are the steps you have to follow sometime we feel that it is secure secure and then some hacker will hack it by showing hey it's not secure then you will secure it it works in the normal applications but think about banking application think about uh uh
03:10
Healthcare records U so sometime we are not sure how do we secure it we don't want to wait for someone to hack and then tell us that's how I can hack your software or the application now to do this uh we have something called oasp now oos stands for open web
03:27
application security project and what they do is every four years they release some important security measures which you can take or some issues and then you can work on those issues and make sure that you don't have that in your project and they call it as oasp top 10 so if I
03:45
click on this top 10 here so you can see these are the top 10 risk of 2021 so they release this in every four years so the next version or next update is expected to be coming into 2025 so depend upon when you're watching this uh so you can look at the recent uh top 10
04:02
so this was 2017 this is 2021 and these are the measures these are the security risk and you can just go through this it talks about access control cryptography uh how do you encrypt and how do you decrypt which standards you following
04:18
are you handling the injection attacks U then designing is it is it your the way you design your software is it secured there are lot of things which are mentioned here uh I would also add a link of OAS top 10 in the description I already made a video on this so you can
04:33
have a watch but make sure that you follow this to understand different security issues which we have okay so the good thing is if I mean if you are not using spring then you have to think about all those things you have to implement them step by step now when you use a framework like spring which has
04:49
its own uh security implementation which is called Spring Security it takes care of most of these things and it by default it will say hey you're doing this maybe it will not make your web secure so do this and it will give you suggestions as well it will restrict you
05:05
to do certain things and if you follow that you're basically making your application secure and what I'm talking about you will get to know that in some time uh I mean in the upcoming videos so now let's try to build a project and let me show you how easy it is to secure your application using Spring Security
05:21
so to do that what I will do is first of all let's create a new project of course I can edit my existing project but I want to show you how do you start a project thinking Security in the mind okay so let's go to our start. spring.io and here we'll create a mavin project with Java language uh this is
05:37
3.3.1 the group ID is com. telescope uh the artifact ID is Spring Security example of course you can use any name doesn't matter and packaging will be J versions 21 now dependencies
05:53
of course you can secure different type of applications uh example if you are securing your Hardware let's say I have this this uh uh phone with me and I want to secure this basically I can just keep it in a room and I can lock the room so that no one can access it that's
06:08
external security but what if someone can hack it online so for that we have to build Spring Security so I'm basically trying to secure a web application using sping security so I want to have a web feature uh I will also get Dev tool just in case if I want
06:25
to use that we can also use database see ultimately when you say login usern login password you may want to store that in database so of course we need to have database as well but maybe we can add database part later at this point just try to keep it simple uh so we got
06:40
web and uh Dev tools I will get now Spring Security Now this will make your app secure and I will click on generate so it will download the project that the only thing we have to do is we have to unzip it and open that in the intelligy
06:57
idea Community version so unzip done I will just open this project now so this is a project I will click on open and yeah I got my project here so basically I got Spring Security project and now uh I want to test it if this is working so what I will do is to start with I will
07:14
disable the Spring Security part so at this point I will just say comment and reload the mavin changes that's important now when you once you reload you don't have Spring Security in the project so it is it is normal spring boot application and I will go to SRC in
07:31
the main I will create a controller because at this point we don't have any controllers and if you want to secure you need some resource to secure right so let's create a resource and I will say this as a simple hello controller nothing fancy a simple hello controller
07:48
and here basically what I'm going to do is of course I have to make it controller and I'll make it rest controller I don't want to create the uis I will simply go for the rest end points and here I just want one method and we have used this before so I will simply
08:04
say greet and this will basically uh get mapping and the URL is homepage so whenever someone request for the homepage I want to return welcome to teliscope that's it nothing fancy just a simple text okay so for the homepage
08:20
this is the text I want to return I want to check if this is working so I will go back to my application and here I will click on run this should run on port number 880 is free and it should be free so if I look at here yeah it is running on port number 880 how do I verify this
08:36
I will open a browser okay so I got my browser here and I'm going to hit Local Host 880 and you can see it says welcome to theis scope now this is the resource I want to secure of course this can be a very complex Resource as well something
08:51
which interacts with the database or maybe it is doing some bigger task it doesn't matter right resource is a resource maybe you want to secure your a simple pen or maybe you want to secure your gold chain both are resources you will need a locker to secure it so how
09:08
do we secure this what I want to do is uh if someone request for the homepage it should first open the login form of course right there should be a login form that means we have to create a UI for the login form that's one next when a user enters the details the username
09:24
and password we have to verify that in the back end how do I verify that maybe I need a database where I will have username passwords lot of steps right okay let's do that in this video or maybe in the next video Let's see uh okay maybe you can judge by the length of the video how difficult it will be so
09:41
what I will do is I will just go back here uh to the pal and I will enable this Spring Security because now I want to secure it and just by enabling it let's see if the if the application still works I will just reload the project and let's see what errors you
09:57
get so that we can focus on the building a login form and other stuff okay so now I'm hitting the same URL which is Local Host 880 if I enter oh this is weird and awesome at the same time weird because I was
10:12
expecting some error or maybe it should say something that you don't have a login form and the awesome thing is Spring Security is giving you a login form just by adding the dependency but the question is is it just a login form or is it working okay now that's tricky
10:28
first of all I'm not sure what the username password is I'm just guessing so maybe the username will be user actually the username is user but what about the password is it the user let's try sign in no it's not working so you can see it says bad credential so just
10:44
checking something I'm saying user uh password should be naven no it's not working maybe it's not even picking my local uh I mean desktop name so what will be the password and username username is user for sure the password where do I where do I find the password
11:00
now if you go to the console and if you if you scroll up can you see that it says using generated security password is this this is the password I can simply copy this and go back here and
11:15
paste it and voila so just by adding a dependency it is giving you a login form it is also giving you the logic to check if the username password is correct and it is doing that okay now now let me show you it's actually working if I open
11:32
the another tab another incognit to tab here or private window for Safari and if I say Local Host 880 it is still asking for the login form so it maintains the session as well but if I open a normal tab or let a new tab and if I hit the
11:47
same URL it is not asking for the login form so session is also maintaining so a lot of things is doing doing behind the scene right this is cool now we got this right and this perfectly makes sense but it also says something it says this generated password is for development
12:04
use only don't use it in the production okay that's good also we only got one password in your system you'll be having multiple users how do I achieve that how do we have multiple username password and now you might be thinking there should be some magic where Spring
12:20
Security will have all the username password no Spring Security is Magic but it's not actually a superhuman can I say that or in India we say rajnikant I'm not how many of you know this context but yeah so Spring Security has no idea what username password you'll be going to use and that's why you have to use database how we are going to do that
12:36
let's see in the upcoming videos but we have to do a lot of work to secure it with the help of username password but the main thing what it has done is it is giving you a login form it also gives you one more thing what if you want to log out so you can just use a URL here and say log out enter it will say are
12:53
you sure yes I'm sure log out and then if you're thinking this is just a UI gimmick uh no let me just just open this tab once again and I will hit the Local Host 880 it is asking you to sign in again so log out actually works it's not just a gimmick where you see a UI which
13:10
says log out done it's actually protecting your application so once you log in once you log out it's gone okay and uh but yeah there are a lot of things we have to talk about and we'll going to discuss that in the upcoming videos but this point we just added the dependency for Spring Security and it is
13:27
giving you a login form if if you want to change something if you want to change a password you can do that in the resource so in the application properties you can set your username passwords here but again you can only set only one username password maybe you don't want to go for this password every time so maybe a Super Root uh password
13:44
you can set it here username password uh but the ideal way is to work with database and how we're going to do that let's see in the upcoming videos so I hope you are enjoying this series where you're talking about different concepts of spring and if you're enjoying it let me know in the comments and also hit the
13:59
like button which will motivate me to make the videos faster thank you so much bye-bye