π Add to Chrome β Itβs Free - YouTube Summarizer
Category: N/A
No summary available.
00:00
so now we got a default form using which you can log in right but then I want to change one thing and then during that process we'll understand different concepts in between uh the thing which I want to change is the username and password because by default you are getting a username as user and the
00:16
password you are getting in the console I don't want it I want to have my own password so that's one thing but then there are certain things which you have to understand in between first of all who is handling the security part here how exactly uh when we are defining the
00:32
controllers someone else I mean that someone else is your page the login page is coming in between how that is possible next I want to talk about the session so when you log in I can access the same page multiple times I I mean not just same page in the application if
00:49
you have multiple controllers in this case we only have one but let's say if you have multiple controllers do we have to log in for each request uh not exactly because we have something called session behind the scene how that s is getting created and if I want to see the session ID can I can I do that so I want
01:05
to check that as well and then what if I don't want to use a login form what if I want to do that from a postman can I do that so Postman basically any rest client uh can I do that so let's try that everything in this video so first thing how that login form is coming there when I'm requesting for the
01:21
homepage see to understand this let's go back to the basics of spring web see when you create controller so let's say we have this box here this is your server and the most important thing here is the controllers right so these are the controllers which you're calling now let's say this is your uh home
01:37
controller this is your add controller or this is your check balance controller so let's say if you have a bank account or you want to check your balance so we got multiple controllers here right and a client will send the request right so that's how the flow goes right so client send request response goes from the
01:53
server to the client right everything is good of course the object here is the HTTP request object this is http response object uh which we get from the server and this is your container now if you talk about this controller here behind the scene these things are running on a surate container see as I
02:11
mentioned before spring web GS into two parts one is a surate way which we are doing now and then there's also reactive way we are not focusing on reactive here spring reactive we are only focusing on the spring web now in this every controller gets converted into selet
02:27
behind the scene so basically you are are able to run this on Tomcat because of that svets so all these things all your controller gets converted into svets okay so this is running on the seret container now this is your Tomcat which is a serlet container right but
02:44
then before the request goes to the controller we got something here which is called your front controller so this is your front controller also called a dispatcher svet so every request from the client when is going goes to the
03:00
controler which you created it goes to the disp salet but before it goes from the disp salet there are more things there by default we don't invoke them or even if they are there they're just passing it but we can customize it so when you add Spring Security we are
03:17
calling those things those things are responsible but what are those things so those things are your filters so there's a filter chain here so I don't have horizontal space I will do that in vertical so basically what you have is you have something called a filter chain here so request goes from the client to
03:35
the filter first this is your filter chain and then from here it goes to the front controller and then from front controller it interacts with different uh different controllers here now what is this filter chain in the filter chain you will be having multiple filters this
03:50
is filter one let's say F F1 this is Filter 2 this is filter three and I'm not saying that you'll be having all this filter by default there might be few filters there might be more filters it depends upon how you configure your application by default there are certain filters but then when you talk about
04:05
Spring Security it adds its own filter here okay so what it does is when the request goes from the client to the server the the Tomcat it looks for the filter first do we have any filters now Spring Security says yes there are filters multiple filters not just one
04:21
let's check what are those filters are in the earlier version we used to see those filters here for some reason just not coming in the console uh not sure why so what I will do is I will ask my co-pilot to give me these security
04:47
filters okay so you can see it is giving you a list of filters 11 filters but I think there are more filters which is not showing uh so if you scroll down or if you scroll up basically here uh we got security context assistance filter we got logout filter we got username
05:02
password authentication filter now this is what was working when we got the login form so even if you're ACC accessing for the home controller it says hold on uh you are not logged in so let me take care of it so this filter comes on picture then we got login default page generator filter page
05:17
authentication filter request cashier aware filter there are lot of filter here as you can see uh but I think there are more which is not showing so there are a lot of filters of course you don't have to remember all because Spring Security take care of it but when you want to customize it yes you can customize those filters then you need to
05:34
know those filters and this filter so F1 F2 which I'm showing here these are those filters uh by default that it it applies some filters to you and that's why it is giving you a login form now behind the scene how this Filter Works is it works in a chain format so when a
05:51
request goes to the server it says okay let's execute F1 F1 can decide I I mean F1 I can actually change data as well let's say if you want to add two numbers uh 2 + 5 it goes to the filter it checks I mean using filter you can check uh are
06:06
those two numbers actually integers or are there two numbers bigger than five so whatever filter whatever condition you want to add basically you can do that in the filter you can change the request you can change the response as well because response goes in the same format so if the request goes like this
06:23
the response goes like this right so it goes to the filter so you can change the request you can change the response and whatever you can whatever you want to do uh but here we are not changing data we just checking if the user logged in or not so one of the filter here acts like a login filter it says Hey the user is
06:38
not authenticated let's send the login form okay but let's say if the user is logged in already and by sending the session ID they can basically check if the user logged in yes don't ask for the login page let's send the request so that's how this Filter Works and they it
06:54
uses something called chain as I mentioned so this filter will send request to F2 F2 will send it to F3 three so there's something called Next filter or do filter chain so it goes for the next filter I hope now things are making sense how exactly uh when you call a controller the security part is
07:09
getting activated is because of these filters we have talked about a lot of things now let's go for the second point which is the session ID so when you say this session is getting generated because if I relaunch this and of course it will give you a new password okay this is a new password I will just copy this because I want to re log in and
07:26
just refresh this just wanted to make sure I'm not Lo logged in and now I'll be saying user and this is a password sign in now I'm logged in right and it doesn't matter how many time I refresh I can still see the same page it's not like it is giving me the login page but
07:41
after log out it will give the login page what if you are changing your browser so when you change your browser you got a new instance right a new particular application even that will ask you for the login uh just to show you the proof I'm opening my Chrome Local Host 880 it is sending a request
07:57
for the homepage now the inspect element of chrome is better than Safari I've never tried on Safari let's try on Chrome so I will do the same thing again same password enter I'm signed in how do I check this session ID you can check it from here right so you can just go back
08:12
here and say inspect more tools and developer tools okay so here uh if I refresh once again let's go back to the con Network Tab and here if you can see we got continue so basically that's a a
08:28
query parameter they're sending but required this is request for the homepage okay this is request for the homepage I will click here and if you see there are certain things here one of the thing is the session ID if I click on this uh you can see s session ID so this is a part of a cookie and this is
08:46
your session ID so that number the alpha numeric number which you can see here it's it's actually heac code uh that's your session ID and every time you log in it will change let me show you so I just refresh this and now send the request for the log out yes I'm sure and
09:06
if I go to log out new session ID or is it the same thing even I forgot what was session ID before doesn't matter let's create a new user and I mean new login sign in and request for the Local Host because you can see we don't have
09:21
question mark continue there so it says Local Host and we got a new session ID there if you can see the number has changed if you remember the old number but what if I want to print this here in the response just to see if the session is changing or not you can do that from
09:37
your code so just go back here now if I want to print this session ID what I can do is I can just go back here and get the hold on the HTTP serlet request so as I mentioned before behind the scene everything is serlet right even the controllers are
09:53
serate so it will have two objects the request object response object they're called HTTP server request object and HTTP seret response object I just want a request now don't want to play with the response one so this is the HTTP subet request object which I got hold on now
10:09
this request object has multiple methods and just wanted to confirm so this HTTP seret request should be a part of jakara ser. HTP package okay with this object I can simply say request.
get session dot get ID so this is this will
10:28
basically return the ID let's relaunch the application because we have changed the code and we got a new password so let's copy this as well go back to your browser I will stick to whichever Safari is there in fact let's hit back to Chrome itself okay so first of all we'll
10:43
do the I mean it will log out by default because we have restarted the application no no no session is still there okay so now let me just log in once again and sign in so we are logged in and you
10:59
can see we are printing the session ID as well so if I go to Local Host you can see this is the same value which you can see there right I hope you can see this font size but yeah this is this is the same thing and every time you refresh you will get the same session ID and not
11:14
just for this particular URL doesn't matter which URL you go to you will get the same session ID but yes if you delete your cookies this will be gone so you will be logged out automatically it's as simple as that so that's the session ID which we were trying to print and of course we can have multiple
11:29
controllers you do that with let's say I want to print the about content I want to add two numbers whatever you want to do just check if you're getting the same session ID okay what next the next thing I want to do is uh I want to change the username password I'm not happy with the
11:45
password which is is generating here how do I change it see one of the filter which is the username authentication filter if you remember one of the filter we have here which is this uh this checks if you have your username password mentioned in the property files
12:01
if not it will simply create its own password what we can do is we can add the username password so for doing that you can say spring. security.
user.name and you can mention the name here so I'm going for name naen and spring.
12:19
security. user.
password and I'm going to set this as teliscope so the username is naen the password is Tesco and this is a property okay I know in the community version it will not highlight much if you're using ultimate version this looks good but yeah let's use community so now with this let's restart
12:36
the application and go back to the browser so first let's hit the log out and now we are logged out so let's try with the user and in fact what about the password is it is it generating the password if you scroll nowhere it is generating a password because it knows
12:51
now that you have your own password so let's try with this password first which is teliscope and I sign in no bad currenti Sals so now I will try with naen and Tesco sign in we are in okay it
13:07
says save the password no because I'm going to change it okay so now if you refresh you're still logged in and you can access it multiple times is that good so now you have your own username password I know I know what you're thinking uh what about different users different username passwords we'll do
13:24
that in the upcoming videos but yeah at least we can change the username password I want to do one final thing which is uh logging in through the postman or maybe any UI tool or any rest line tool so I do have Postman in this machine so I will just uh fire it so
13:40
that's Postman used it for some other URL this time I want to hit Local Host colon 80 this is the homepage and send okay so you can see we got an status code which is uh 4 41
13:57
unauthorized that means you are not allowed here you know why you're not allowed because you're not sending the username password how do we send that so if you can see we have a tab here which is authorization and by default there is no Au we have to say hey I have a
14:13
username password and to do that you will click on basic o there are multiple options here we got JWT barrier token multiple options I will stick to basic o now and let's explore others later basic o so let's enter the username which is naven and the password is teliscope in
14:29
fact let's give some wrong password TCO one send still unauthorized th Isco and we got the response it says 200 we are happy and it generates a new session ID because a new login so you can see this session ID is not matching with this so
14:44
different users different S ID okay uh looks good so that's how basically you can change the username password you can access it through the postman now we understood also how Filter Works we have seen that in the diagram here yeah that's what I talk about in this
15:00
particular video and we'll talk about some certain more things but if you want to not just sending a get request post request will it work let's try that in the upcoming videos bye-bye