π Add to Chrome β Itβs Free - YouTube Summarizer
Category: N/A
No summary available.
00:00
things are working out basically we were able to uh secure the application with the help of Spring Security and then we were able to login as well but the only thing is we are able to login with the help of this username and password what I want to achieve is I want this data to
00:16
be coming from database because we can have multiple username password and even if Spring Security says hey let me give you an option of having more users here don't you think we are Harding the values uh in the real world we don't do that so we want to store this data in database and fetch it from database to
00:32
verify the user that should make much more sense but if you want to do that we there are multiple steps involved and lot of steps and that's why if you can see the video is lengthy the thing is when you build applications huge applications which will go for months or years the setup like Spring Security and
00:50
database connections will hardly take one or two days or maybe more depend upon the complexity of your project but then you do that only once not for the entire time of the project you do this setting once and you just you just use it in the remaining time which is a lot of time you focus on building a feature
01:07
right whatever logic business logic you want to implement so in this video let's do that initial part of work of securing the application and let's see how that works U again video is bit lengthy so just be with me and I will do step by step so make sure that you practice when you are watching this so that you will
01:22
make much more sense okay so let's go back to the security config now what is happening is whenever you log in of course Spring secur is using the application properties to verify the username password but who is working behind the scene if you remember we have
01:37
talked about different filters in fact we have asked our co-pilot as well what are different filters we have one of the filter which is username password authentication filter now that filter is responsible to verify or to take the username password and get it verified and who is responsible to do that so
01:53
somewhere somewhere in between we have something called a user details service see in the application when you talk about different layers like web application we have different layers right we got controller we got service we got repo layer and when a client sends a request request goes to the controller controller says okay my job
02:09
is to only accept the request and respond but if you want to do any processing that will be done in the service layer what if you want to do some database connection that's where you have repository layer right now here to verify the username password we can use something called a user details
02:24
service now by default it was getting used but I want to customize it I don't want wanted to use the application properties I want it to verify the way I want and how do we do that it's very simple you can ask hey don't use the default one use mine which I'm giving
02:39
you but how you will give it something to the sping security and that's where what we can do is we can create a bean because when you create a bean bean will be there in the spring spring container and your Spring Security will pick it pick it from there so what bean I want to create I want to create a bean of
02:55
user details service this is a in buil thing inside this swing security and I will say user details service what I want to do is just return this object my job is done right so it will behave the way I want I'm happy but then how will
03:11
you create the object of it first of all let's verify the package for this so if you see here the package is springf frameworks. security.
core. user details.
user Detail Service and now I want I just have to return the object of it how difficult that can be I can
03:26
simply say return new user details service okay but the syntax is bit different you know we are getting cly brackets as well what is US user details service if I click on this oh it's an interface I was not expecting interface
03:43
the thing is if you have interface you can't create the object of it then we have to go for a long way uh what is a long way either we have to get we have to get the implementation of it or we can use some inbuild implementations we have to create a class which implements this but we'll do that later at this
03:59
point let let go step by step and and use something which is inbuild so I'm going to use a class which implements user details service and that is in memory user details manager okay how do I verify that this class implements the user details service you can click on
04:15
this and this is a Constructor if you go up it's a class that's a good thing that means we can create the object and this implements user details manager okay uh if I click on this this extends user Detail Service so our job is done uh so
04:32
indirectly in memory user details manager is implementing user details service okay is our job done here uh not exactly we are simply ring an empty object right or the object which is not having any value so it will work and it
04:47
will not work it will work because it will run it will not work is because if you Pro provide the username password how it will verify I want to show you something and I'm expecting it will it will work the way I want let's see I'm going to enter the same username password when I'm when I'm logged in or
05:03
when I'm trying to log in and let's see if that works so the username is naen password is telesco and if I go back to I will try with post man at least you can see the username password there right I can go to authorization you can see the username password is nisco I'm going to try to hit students let's say not the
05:19
get request so not the post request but the get request for the students and uh let's verify the authorization once again it's nav and talisco and enter you can say it failed 401 unauthorized so why it's not working is because now we are not using default
05:35
service we are basically returning our own user details service object and if you want to do that you have to customize this now how will you do that now if you look at the Constructor of inmemory user details service there are multiple Constructors let's go to it in this uh you can see it has a Constructor
05:52
which is empty it also has a Constructor which takes the collections of users okay and we we got one more which takes a weog basically we can pass different user objects by giving commas or user details objects by giving commas let's
06:09
use this so what I want to do is I want to return different objects or different users how would I do that it's very simple you come back here and if you remember it was taking the object of user details so let's create the object of user details and if you see user
06:24
details oh even this is interface okay lot of interface to deal with that means we have to get a CL ask for this to implement uh not exactly I will show you something so we'll say user details I will say user one is equal to uh let's use a class called user so there's
06:41
inbuilt user in the spring framework and if I click on user it is a class and this implements user details and it got a lot of methods one of the method which we're going to use is the buildup so we are going to use the Builder Okay so to
06:57
achieve that what we can do is we can say user since it's a builder Pon I will say enter and dot dot dot the first thing I want to assign is the password encoder see the thing is whenever you store data in database or whatever data you are saving by default we store that in a plain text what I want to do here
07:14
is uh let's say if I want to store the username and if I store that in a plain text that's fine but if you want to store a password it's a plain text anyone can read it not a good idea right so you should you should do encoding of your password so that no one can read it
07:30
so at this point I don't want to make it complex so I will just go with the default password encoder so I will say with default password encoder and this is dicated don't use it I'm just showing you so that since we are learning into learning phase I will I can show you anything but don't use it in production
07:47
uh next I want to assign is a username so let's say the first user is Kieran let's not use n nain now because we have used it before so let's use Kiran uh the password I want to mention is K 1 to three then I also want to assign the roles again it is optional but let's say
08:03
I want to assign a role so K is user here and the password or then once it is done so we got the username password and roll I can simply say build Now by doing this build we can build this particular object and this build so not the Builder I think we have have talked about
08:19
Builder or build okay it doesn't matter so this build Returns the object of user details and that's what we wanted right so we got our first user we can create more users if I want otherwise I can simply pass this user user one and our job is done but let's say if I want to pass one more just for the experiment
08:36
this is user two and let's say hush hush is h 8 123 and let's say hush is an admin so we can create different rules maybe user admin trainer or anything you
08:51
want anyway and then I can pass different users here not just one multiple now since it supports Vero you can pass any number number of user just by giving comma okay still till this point we have not connected to database okay we are still trying to understand how do we uh customize stuff okay let's
09:09
see if this works let's restart the application we can use browser or maybe I will just try to do that with the postman this time I will go for nav and Tesco it should not work and if I use Kieran and the password is K atate 1 123
09:26
I could have used browser but then on browser you can't see the password I want you to see the password if I click on send it says okay so this is working if I give a wrong password of course this should not work uh let's try with hsh as well and hsh is H atate 1 23
09:42
let's say 1 2 3 4 it should not work and one to three it should work and it's working so that's how basically you can customize or you can have different users but again not a good idea still is because we are still using the hardcoded values in the code I want this to be
09:57
coming from database in that case we can't use this is because this thing is actually returning the default one so comment okay next step now we want to work with database how do I do that see if you want to work with database we have to understand One More Concept see
10:14
when you pass the details username and password in the login form that object when your server receives it it's in basically an authentication object which is still not authenticated it goes to something called authentication provider who will basically provide the service
10:29
of checking it and validating it and then Mak it as a authentication object by default is running behind the scene but now I want to customize it because this time I don't want to use a default authentication provider I want to use mine and that authentication provider can be used to connect with database to
10:45
some ldap service or some other service and for database we have a different authentication provider and let's use that so basically what I'm trying to say is let's create a bean to change our authentication provider itself altoe and I'm not going to use the default one so let's let's create our own so public
11:00
authentication provider and I will say authentication provider there's a method name and let's return the object of authentication provider how difficult it can be uh we can simply create the object and return if I click on authentication provider it's back so
11:16
interface is back it's an interface so that means we have to look for a class which implements authentication provider as I mentioned before there are multiple authentication providers right one of them is for database and that is called a dow Authentication provider so let's use that so now authentication provider
11:32
and if you see this is a class A Relief okay and uh okay so it actually extends abstract user details authentication provider if I click on this it implements authentication provider so indirectly is implementing it and we should be happy with it let me close all
11:48
the extra files which is open here want this and let's say this is a provider equal to new DA authentication provider and simply return this our our job is done right actually not now what's wrong with this see this will return the
12:04
object for sure okay this should return the object but the problem is this one basically need to connect with database and get the data and at this point we don't even have the database we don't even have I mean we have not specified who is our dbms we are going to use pus
12:21
by the way uh it has no idea what is your table name database name nothing we have mentioned and that thing we have to do first so we'll do that sometime uh but if you want to specify those things we have we have what we have to do is we have to go to provider the first thing you have to mention is I don't want to
12:37
use I mean I want to use a password encoder which is the default password encoder which is no op password encoder do get instance so what we doing is we are not using any password encoder you can use that I will show you that later how do we use some different password
12:54
encoders at this point I'm saying there's no password encoder default one so you will see the plain text next I want to specify before return returning this object is the user details service if you remember at the start also I mentioned that uh behind the scene user
13:09
Detail Service works and that is responsible to verify it and now I'm saying that I want to even change the authentication provider it will also use the user Detail Service we have to specify that so I will create my own user details service not the bean of
13:26
which we created but somewhere here I want want it to inject the object I mean I want spring to inject this object at Auto but unfortunately even spring will have no idea how do we provide this or maybe spring will provide default one I
13:41
don't want default one I want to customize it I want to have my own user Detail Service okay how do we create our own user Detail Service it's very easy right this is the interface the only thing we have to do is create a class that will make our job easy right okay so let's create a class called user
13:57
details service or maybe some other name which implements you do to service and before I do that I just want to make some changes I want to create different packages you know we are not keeping things in a proper package so I will say controller package we already got config so we got controller I want to have a
14:13
service package I want to have a repo package I want to have a model package okay so the reason I'm doing this is because the controller should be
14:29
a part of a controller right the home controll should be part of hello controller the student controller should be part of the controller package the student which is a model should be part of a model and that's it now in this service basically I want to create a class which
14:47
implements the user details service and I will say my user details service I can also say the details service but that's fine and this implements user details Service as
15:02
simple as that the only thing you have to do is uh first of all let's Market a service second I want to you know you can see we got an error here it's because in user details service we got a method we have to implement this method which is load user by username so okay
15:20
it's simple you can just come back here and say implement the methods which is load user by username and do something okay I'm not sure what to do it just said load user by username this is tricky how will I load the user by username and from where I have to load
15:35
it see that's where we have to think about layers now we have a service right and service says I want to get some data and data should be coming from database and who is that layer who will give you the data it's your repo right so that means if you want this to fetch the data
15:51
we need a repo layer so I can simply go back here and create uh in the repo I can create a class it's actually interface because remember we have talked about jpa in jpa you define the interface for the repo and it will give you all the methods so I will say uh
16:07
this not student I'm what you working with so I will say user user repo and this repo will extend the jpa repository the thing it is not working is because we have not added the dependencies see till this point the
16:23
project is still a simple web application right nowhere we have talked about the JP no way we have talked about database so that means if you want that dependency we have to add two dependencies one for the jpa and one for the postgress now as your dbms changes you can use different dbms driver here
16:40
so I will go back here and I want some dependencies to achieve that I will go back to my browser and I will go to mvn repository and here I will search for spring boot jpa uh the first one which version
16:56
anyway we are going to remove the version so anything you pick up that works and just copy this not the entire stuff it also promotes their own website it's a good thing but I want to keep it clean I don't want to specify the version because that's something we have specified up here if you can see yeah we
17:12
have specifi the version in the pent so we don't have to specify that here okay that's one the next dependency I want is for post now depending upon which dbms you use you can change it so let's say if I want to use uh post SQL ddbc this
17:28
is a driver if you want to use myql SE for myql driver and from this I will pick up the uh one which is not vulnerable which is this one again it might be vulnerable it's just that they have not tested it properly so I can just copy this and paste it here so we got two dependencies and once you add
17:44
them you just have to reload your mavin so it will download dependency for you okay I think dependency added let's go back to the repo the user repo and let's see if you can get the dependency now so we just cut this control space yeah now I got it so it says jpa repository we
18:00
have to pass two things one is the class which will refer to the table I will explain that in some time and the primary key so the primary key is integer now uh in fact you don't even need the primary key as a integer okay we'll see that so what we can do is when
18:16
you talk about jpa repository or the concept of data jpa you define a model class so for a table so of course in your database you'll be having a table in fact let's do that let's let's do step by step it will make much more sense now since I'm using po you can use any dbms you which you want I'm going to
18:32
use POG okay and to do that I will open my PG admin so in this machine I already have poqu already have PG admin installed so make sure that you download poqu uh get PG admin if you want a shortcut way you can just go to post giz
18:47
download uh for Mac they have done something new not sure about Linux or Windows so you can get something called pos. apppp I'm not sure if this works on Windows but for Mac we have this for Windows anyway the setup is very easy for poqu for Mac you can just get this
19:02
and run it it will work by default the username will be your system username and your password will be zero I mean blank so you can use that so it depends upon how you configure this so I got my PG admin open uh I will explore the databases in this I got database I'm
19:19
going to use the same one and if you see there are different tables here Let's ignore all in fact there's also user okay let's not use theis database let's create our own so I will click click on database I will say create a database and let's name it Tesco one not a good
19:34
name for database but that works click on save so now we got different database and in this if you say schema we don't have any table you can see it's empty so now let's create a table here so I can just open the query tool here and say
19:49
create table so create table users in fact you can also get this done from the code itself using jpa but I want to show you let's say if you have already have a table how do you make it work so we got table and let's say we have three values username and password so the type of ID
20:06
should be integer the and this should be also be primary key the username is text the password is also text and let's execute this so what this will do is this will basically create a table for you and now let's see if you have data so I will say select start from
20:24
users and run this it's empty let's insert some data so we will say insert into users values I want to insert one that's my ID then I have to enter username which is let's say naven and
20:40
the password is let's say N1 123 I want to have one more user let's go with two users so we say two not double codes single codes social and the password is s at rate 1 2 3 so we got two users and
20:57
I will simply execute this line line I think it executes both the lines okay so select uh select and run works so you can see we got the data Here and Now I want to basically connect them so we got table right now in jpa when you want to connect your table with
21:12
the code basically what you do is you create a class which represents it so let's go back here so we need a class like user which connects with your table and the user class should represent the user table the reason I went for users in POG is because I think user table is
21:27
already there for the POS inbuild implementation so it doesn't allow you can just check check and let me know in the comments but here I'm using user or maybe we should create users even that makes sense so let's create this class we don't have this class users and where will you do this you will do that in the
21:43
model so in the model I will right click I will say new class and I will name this as users so what are things we need here first of all I need the we need to basically represent your table and a class right so I will say primary int ID primary string username and
22:02
private string did I say primary before ignore I will say password and in this I will say at ID because that's my primary key and I'm assuming that you know JP okay I'm not teaching you JP here so I will say entity and that's done our job
22:17
is done here but we need geta sets for this so I will say generate geta sets for both all three variables and maybe in future if you want to print it you will also Al use the two string for all the variables okay uh it says one
22:33
problem what is that one problem okay we have to import the package that's the problem don't tell me okay that's it looks like our job is done is it let's see let's go back here and now since I already have a user Depo now we have a
22:49
power to connect with database I'm so happy no actually we don't we don't have a power is because even if your usero says it is connecting no in the application we have specified which dbms you are working with what is your username for the DAT for that dbms
23:05
what's your password let's configure that first and we will do that in the application properties so here basically we have to specify different properties one is spring data source. URL and we have to specify the URL for jdbc which is jdbc colon post
23:20
group SQL now depending upon which dbms you're using if you're using Mas replace Mas there colon sl/ Local Host this remains same colon then you have to specify the port number for your for the dbms now since we using postgis the port number is 5432 for m is 3306 depending
23:37
upon which dbms you use just change the port number change the name here and then slash your database name that is sc one next we have to mention the username so data source dot username is equal to I think it is postgress for my machine and the
23:53
password so spring. datas source.
password and the password for this machine is 0 0 okay so now we have specified dbmc working with we have specified the username and password this should work but it will not the reason I
24:09
know I mentioned that we have lot of things to do so just be with me this is looking good let's go back to the my user details Services because we are still returning null we don't want to return null what we want to do is we want this to connect with the user repo
24:25
so I will say private user repo rep and I will say this is auto wired and for the repo I have to mention that this is the repository okay and now basically with the help of this repo I can fetch
24:40
now what do you fetch if you see the method name is load user by username that means we are getting username here we just have to verify if the user exist in the database so I can say users user one maybe a user is equal to I say repo dot now in the repo we have
24:57
lot of methods right we call not uh find by ID and all those stuff but then we now we don't have to find by ID we have to find by the username so I have to say find by username and just pass the username right uh and in the Depo we can
25:14
use DSL and we can say users find by username and we can specify the username so now basically we got this method and this will return the user and we just have to check if the user is is there we can say if the user is equal to null in
25:31
that case I want to print on the console as well first of all let's print on the console that the user not found okay how will you let your system know that the user not found If You observe this particular method returns user not found exception what if you can just throw it
25:47
so here you can say Throw new user not found exception with the same message user not found is is that simple but what if you found the user in that case what you will return it's very
26:02
simple in that case you will return the object of user details okay and if you see the video is still not completed we have we still have to work with the user details okay now if you click on user details I can simply create the object of user details right you can say new user details but
26:19
unfortunately user details is a interface you can see I here that means we have to look for a class which implements this or we have to create our own class and the idea is create your own class so many classes right but as I mentioned
26:34
this is just one time setup okay so let's go back to your model and let's create the user details or maybe you can call it some something else you can say my detail my user details or you can say user principal so normally in the terms
26:51
of Spring Security the user principles refer to the current user who is trying to access or who is trying to login and that's a user we are checking right so instead of saying my user user details you can say user principle but user principles implement the user details
27:08
that's what we are trying to implement and if you see the list of methods we have to implement let's go back here and if you click on user details look at the methods so many the methods to implement okay we don't have a choice so I will just go back here and say implement the
27:24
methods all the methods so we got all the methods here okay now is it difficult to implement all see when you're building a full-fledge application yes you have to mention everything but in this example I'm going to skip certain things example you can see we have different methods which which returns bullion example is it
27:41
enabled uh we have to return something at this point I'm assuming that the account is enabled so I will say true is currenti shal not expired true it's not expired yet is account non lock yes it is not locked of course in the big application
27:57
you have to take care of all those stuff uh is account not expired no true get username I can't say true now because we have to actually return the username we have to actually return the password and we have to actually return the authorities the roles uh we can even
28:12
skip roles if you want uh but let's try to implement that but the question is if I'm creating this class which is user user principles or which is implementing user details how will I attend this values I don't have this values you don't have it but from from the class
28:28
where you want to access this has this values you can see in users we have this values so the username and password is there so what I can do is I can simply create the object of user principal and we can pass this object our job is done
28:43
right once you pass it you can accept it here and then you can get the value you just wanted the values right I can just right click here say generate a Constructor which can take uh okay I could have return this my by by myself I'll say private users user and let's pass users user and
29:03
this dot user is equal to user so what we doing is we are basically assigning this object uh which is coming from the Constructor to the user and once you got the hold on the object I can just go back here for the username I can say
29:18
user do get username password user. getet password and for this collection now we have to return the rules right because one user can have multiple rules and in the database we are not even working with it how do I handle this here so maybe we can return
29:35
some static values on null so let's return the static value so I will send new but it is asking you for the object type of granted Authority okay so I will return so there's a class which implements this so I'll say simple uh granted Authority and I can pass the
29:50
role as user so by default every user will be getting the access as user now the only thing is we can't return return a single object it was expecting a collection okay so I will say collections dot uh if you want to only one object there is a method called
30:07
Singleton let's use that okay after talking for so long I hope this will work let's try uh so let's try let's see if this works and then I will explain uh let's let's go back to everything step by step so let's restart the application
30:22
and go back to the postman let's see uh we don't have her in database do we no click on send you can see this is unauthorized but what we have in database let me verify the database Fields once so we got naven or let's we work with Su and soal is username and password is s123 so it is
30:41
sual and it is s let's try with wrong password okay unauthorized let's write let's work with the right password it worked okay so after so long things are working out so data is coming from database but still uh we have one thing to do which we'll do in the next video
30:57
which is we have not encrypted the password so yeah let's try with naen if naven is working so naen and it's n atate 1 2 three so this is working let's go to the code once and understand what we have
31:12
done the first thing we have we are doing is we are making the changes okay let's talk about the XML first we have added two dependencies one for jpa because we are working with database and which database we are working with poquiz that's one thing next we have done some changes in the application
31:27
properties we have added the URL username and password so the URL is this for post username for post and password for post then we have to basically configure this security config by default it was using some authentication provider we are saying let me provide
31:43
authentication provider which is the Dow authentication provider to make it work you have to pass two things first password encoder and second the user Detail Service our own user data service and since we want our own we have to create our own class which we are doing
31:59
here and this says okay you can create this class you just have to implement one method which is load user by username to make it work we need to work with the repo because repo will do the database connectivity if it is connected you got the data it's it's good you say
32:16
return the data or return the object if not you can print usern not found in fact when I was testing it we also got a message here you can see user not found okay so you can do this but then you can't simply return this user server user principal is
32:31
because we have to implement the user details uh interface there which has so many methods we just have concerned about the username password and the authorities so that's lend the code make sure that you check the code okay uh you will find the link in
32:47
description and do that once do this code by yourself then it will make sense I know there are lot of files to work with and we have spent enough time to understand this so yeah that's it from this this video I hope to see you in the next video I hope you're enjoying do let me know in the comments bye-bye