Spring Boot Cloud Deployment: Secure APIs with Basic Authentication + Backend Project
Skills:
Backend Performance70%
Key Takeaways
Secures Spring Boot APIs with basic authentication and deploys to the cloud
Full Transcript
Yeah, let me also share my screen. I hope you guys are able to see my screen. Okay, great. So, welcome to the third day and also the last day for the spring boot camp/crash course with Shantanu with G at Geeks for Geeks. Okay. Uh please do not draw on my screen. I really don't like it and I don't think the drawing is beautiful either. Okay. Coming back to the crash course that we were creating. So, I was just telling you or I was just welcoming you to back to this session. So today is the third and the last day and today we will be trying to talk about a few more topics. So the topics that we will be discussing today are the following. We have deploying spring boot application to cloud basic secure APIs with basic authentication and hands-on mini backend project. Okay. So we will be trying to talk about securing our APIs with basic authentication and also a hands-on mini backend project. So these are the two things that we will be doing for the mini backend project. We will be taking forward our uh crash course spring application only. So we will take this application only forward in terms of uh making our mini backend project for securing APIs with basic authentication. We will be using spring security. And lastly deploying spring boot application to cloud. This is something that we are not going to study because it requires a few resources where we want to deploy our application which I don't have with me and these resources are usually paid. So therefore I will not be able to deploy the application but I can still tell you a few steps that are necessary. However, they will be very volatile because depending on what kind of deployment strategy and what kind of tools your company uses, what I teach may be absolutely relevant with what you will require to do when you have to deploy a Spring Boot application in real time. Are you able to understand what I'm saying? Somebody has asked I almost finished the first session but I couldn't successfully have JDL URL work so could not attend sessions. I don't I think you might face a lot of challenges in today's class to shika. Okay, let's get started. So let's try to safeguard our APIs. Okay. So we will be using a we will be using spring security. Now to order spring security or in order to understand spring security we need to understand two important things. We need to understand two important things. Now what are these two important things? What I want to explain is the idea of authentication. Okay. So we all know that let's say can you see your Instagram messages if you're not logged in? A quick question. Can you see your Instagram messages if you are not logged in? No. Right. But Instagram definitely has a function to see to to allow you to show your messages. But the only thing is that you can only see it when you are logged in. Correct? Can you see your account bank account balance without logging in into your net banking or without writing the right UPI PIN? You cannot do that, right? So in there are many operations that a backend application provides but those operations must be secured due to with something those uh operations must be secured because of something are you able to understand what I'm saying they must be secured with the help of something so that is one of the security layers that we will apply so there are multiple ways to get it done in case of spring boot or in case of a Java application. However, as of now, we will not be focusing on the complicated ones. We will be focusing on the best way to do this that is with the help of spring security. Okay, we will be trying to talk about this kind of functionality with the help of spring security. Are you able to understand what we are going to learn in studies? I think I need to turn on processing over here. For some reason, it's not coming right. Okay, let me just restart my intelligent. Just give me one second. Oh, okay. Just give me one second. There's a small issue with my intellig DJ. Just give me one second please. There was a small issue with my intellig. I just fixed it. And after that I have restarted my Intelligj. I this I think there's some okay I think that error went away right yeah no no no so I am facing one very small problem with my intellig probably it's because I recently updated my intelligent that's the reason why I'm facing it okay fine if we come across this error we'll look into it later okay let's get started so I was just telling you about uh implementing a security feature on our spring application. So right now we have the possibility of getting a student and other things right as of now only student in order to fetch the information of student updating a student deleting a student all of those kind of operations. Okay fine. So the first thing I'm going to do is in order to implement any sort of uh security I need to add spring security into my system. Okay I need to add spring security into my system. So the first thing I will do is that dependency dependency and over here I will write spring dash security spring security core only I think I need to add right just give me one second I need to make sure that I am writing the right spring security uh Just one [Music] second. Okay, I can't find it. I'll just search it on Spring Initializer. So let me open Chrome. I actually forgot the real name of the dependency. Security. So this is my dependency. So I'll copy it. go back and paste it over here. Okay. So this will add spring security into my system. Okay. So right now we have only added the dependency. What have we done? We have only and only added the dependency. Okay. Now let's start our application. So I'm starting my application of spring security. Sorry of crash course spring. So I'm just starting my application. Let's wait for it to start. It's taking some time. It's taking more time because of my recent IntelligJ update. So, it's just indexing. Then it will start, I guess. Let me try starting again. Yeah, now it looks like it's going to start. Yeah. So, my Spring application is now starting. Okay. And Spring Boot has started to work. Okay. Great. Now I'll go back to my browser or I'll go back to Postman. Let's say open Postman. Okay. Or other than that I am also opening my browser and I write localhost 7070 / multiply two numbers. Remember this URL multiply two numbers question mark a= 10 and b= 10. Do you remember this thing? You remember this thing right? But do you see that the moment I put this and I hit enter I see a page like this. I'm seeing a page like this. Right? I'm seeing a page like this. So even though as you can see that I have not really done anything. I have not done anything. I have just added the dependency of spring security. Apart from that, I have not done anything. So even when I have not written any extra piece of code, I am still seeing a browser window where it is asking me to write a username and password. Are you able to see that? Are you able to see that? So what is the username and what is a password? What is the username and what is a password? Now that's the main question. What is a username and what is a password? Okay. So the username in this case is going to be by default it's always user. But what is the password? The password right now is given to us by spring security. So if I go back to my intellig over here you will notice that at the time of starting my application I got a password. It says generated password is equals to this. This is this this. It says this generated password is for development use only. Your security configuration must be updated before your before running your application in production. Okay, let's try to copy this password for the time being. Command C. And I'll go back to browser and I'll try to paste this password over here and then click on sign in. The moment I click on sign in, I'm able to get my value that is of adding two numbers. Now let's say if I change my numbers, let's say uh 2 and 10. 2 and 10. You can see I'm getting the number 20. So do you notice that when I hit my second request when a is equal to 2 and b is equal to 10 then in that situation we did not get another prompt of logging in right are you able to notice that for example if I copy it and open a new tab and paste the same thing you will notice that now also it is not asking me to login again. Are you noticing this? Now also it is not asking me to login again. Right? However, if I open a let's say a new window and if I write the same thing over here, then also it is working absolutely fine. But if I open an incognito window and paste the same thing, it will ask me to login again. Do you see what's happening? This is because of session management. So spring security is also capable of doing session management. So once you have logged in, Spring Security is going to return to your browser something called as a session ID which you can see in the cookies. This is your session ID which spring security has given to the browser. Okay. So on the basis of this value, Spring is able to understand that you are still logged in. You are still logged in. Are you able to understand what's happening? Okay. If I want to log out, I'll have to write / logout. Then it asks me, are you sure that you want to log out? And if I click on log out, then I have I will get logged out. Are you able to understand what happened so far? So, Spring Security has the capability of maintaining sessions. Spring security can allow you to do diff many many different ways of authentication including including OOTH, JWT, etc. etc. It can allow you to do a lot of things. However, this is the most basic form of authentication that is a username and a password. Are you able to understand what I am trying to say? Okay. Now let's say that in this case if I restart my application the password will again become new like I will have a new new password again. Do you think it's it's a good thing? I personally don't think so. Don't you think that we should have a defined username and defined password right? We should have a defined username and defined password. So we can also do that. We can go to application.properties properties file and I can write let's say spring security and here I can write something like this spring dot security dot user dot name let's say I want my name to be shantanu and the password must also be shantu let's say password is also shantu I can write dot password is equals to shantu I can just write this. So what will this do? This will make my username and password is equals to Shantel. Okay. So if I restart my app, restarting my application. So now that I've restarted my application, do you see that the automatically generated password prompt anymore? Do you see that? Do you see that it is trying to generate an automatically generated password again? Are you able to see that sort of a message? No. Right? This is mostly because now we have added our own username and password. Therefore, it doesn't require to generate its own uh generated password. So now if I go back to my browser, okay, and if I do a login again, let's say slash say multiply two numbers, it takes me to the login screen. Here my username will become Shantanu and my password will also become Shantanu. And if I click on sign in, it is now able to sign in. Are you able to understand how it's working so far? Are you able to understand how it is working so far? Anybody any questions so far? Anybody any questions so far? Can we store the username and password in the database? Yes, we can and we will do that later. We will do it. If the so if your if your users are stored in a database then and let's say a usern users information is stored in the database then of course you can use that also if you want to do it if it is your first class and for anybody you will most probably not understand 90% of it so yeah Naven is asking can you tell overall code what do you mean by overall code overall code is our whole application our whole GitHub repository what exactly on the server is where exactly on the server is a session getting stored. Can we see that logged in details maintained by the spring server? Technically no because the way it's happening is that spring security is internally maintaining your session because right now you just have one user only. So against this user it will try to maintain its sessions without making use of any database at all. I cannot provide you any recorded videos. Venode this is on YouTube and this will be available on YouTube only. If this is your first class, most probably you will not understand a lot of things. Can we get an overview on OOTH or JWT? We can try to talk about it. However, I will not be discussing about both of those two topics in detail because it will take a lot of time and most people will not have context around it. For example, Arshad, you at least know what a OOTH or JWT is and there are more complex forms of authentication which I think people might not be able to understand and that is not something we are all we are covering in the session as well. However, if we have some time then maybe we can discuss the spring security starter dependency only provides this UI, right? Yes. So all of this UI that you saw on the browser that is coming because of spring security only. So spring security is a whole package that can do everything you want it to do for security. It can do everything you want because of security. Okay. All right. So we So this is called as basic authentication. This is called as basic authentication. So when you want to authenticate on the basis of username and password only this is called as basic authentication. Is this session stored same as when we use login controller and microser? Well, that depends on what your login controller is all about. Kishan, I need to see your login controller in order to answer this question. Coming back to our uh discussion. So, I was just telling you that I was just telling you that this is called as basic authentication. Okay, this is called as basic authentication. What will happen if we try to login with same user credentials in new incognitive window? Then then two sessions will be maintained. There will be two sessions that will be maintained. For example, like uh if I open an incognito window and if I write localhost whatever and if I write shantanu and then shantanu again, you can see that on the incognitive window also it's working fine and on the normal window also it's working fine. So it is maintaining two sessions of the same user. Okay, clear. Sorry. Can we control the number of sessions if we want to? Yes, we can. Okay, is it clear? So the control to verify is with Spring Security. But if you want to have our own verification system, we So if you want to have your own verification system, that depends what your verification system is. Most probably you will want to have a username password system on the basis of the user the database username and password or you might want an OTP authentication system or you might want an o2 authentication system or you might want a pasi authentication system whatever you want spring boot has it that's what I want to tell you so you have to write extra code for that you have to write extra configurations for that and the more complex process you go into the more complex the more complex your code will become simple as that okay so spring security is doing most of the work for you here. So right now my job is to teach you basic spring security which is what I'm trying to do. If you want to make things more complex, you are free to explore and understand how to make it more complex. If we cannot see where the user session details are getting saved, then if the admin wants to roll back the logged user, how can we how can the administrator do it? There is again a code that you can write for it. All of those things are possible. But the main thing is see it's all about use case shared. If you have a use case, you need to figure out how do you implement that use case. If if we go according to the logic that you're presenting while asking a question, there are 100 million use cases that can be generated around every single topic of spring security which I cannot teach in the class. The whole idea is that that sessions are those sessions are getting stored somewhere internally because of spring security which you can definitely access if you need it. If you don't need it then spring security is not going to show you those uh session management things by default. If you log out from one window then is it logged out from another window automatically? No, that is not true. The window where you log out that session gets deleted. If that session gets deleted then any other session which is active with the same session ID that will become invalid. Why would somebody go for more complex security measures? Is default spring security weak for some or some flaw? It can be weak. It can be weak. What if somebody steals your password? Like today we have multiffactor authentication right where we have a authenticator kind of an app which does this authentication for us. That is one interesting way. Now if you're working in a company which has 100 let's say if you're working in a company which has 100 applications and each application needs an authentication. So you can use your company's email ID and password to log to each of these 100 applications. That is one way. Or you can store your own email and password for each of these 100 applications separately. Now, is that a good idea? Probably not. Is there any way to know how many users are currently logged in? There are ways. There are ways. Yes, there are ways. That's all. That's how I want to tell you. JWT plus bid plus CSRF for a good combination of authentication. Yes, it is a good combination. I have defined name and password as camel case nage. But it's saying bad credentials. Uh have you restarted your app after you have changed the after you've written your name and password? Okay. I'll have to see your screen in that case. Uh is it working with lowerase N? In both cases it is it working? Yeah. If it doesn't work there also then there is something wrong with your code. Okay. All right. So this is what we do for basic user authentication in spring. Okay. You can either define your own user or you can define your own uh or you can use a system generated password. However, it is never a good idea to use system generated password. Anybody any questions? I hope this is mostly clear. Okay, let's move ahead. Now, we will be trying to talk about the mini backend project that we will be creating. So right now the time is 8:30 and in this mini backend application I will be creating the project I will be writing code but I will also ask you to write code. So if you are not following along with me or if you are not on your system that means not on your computer and if you're joining from phone or you think that only watching this will help you retain everything in your head then you are wrong. it. This is going to cause problems for you. Tomorrow most probably you'll forget everything or in one week you might not even remember anything and after one month you will say oh I did this spring security course crash course on by geeks for geeks on YouTube for 3 days. However I don't remember anything. So it is only beneficial for you if you start writing code or if you start to do this exercise along with me because if you don't do it then most probably you will forget every single thing you have learned and that's literally facts. There is no up and down left or right with this. It is facts. You will forget everything. Okay cool. Let's get started. So now for the meantime before we go and delve deeper into our spring application for the time being I am commenting out spring securityities uh dependency until we write more APIs until we write more APIs I am commenting this spring security uh dependency for the time being okay and I'm also stopping my spring boot application okay so right now we have a student controller okay similarly we will be writing some more controllers let's say one student is there. Now, what can the student do? Now, this is a this is a one-on-one discussion I'm having. There is no right answer or wrong answer. We are trying to create a small back-end application. Okay. So, I want you guys to suggest me what kind of application we should create. That is a suggestion I'm asking from you. So, one quick question is what is the type of application you would want to use which has a student which has a student. So, you tell me what kind of application should we create? I am asking for suggestions. E-commerce. E-commerce does not have students, right? It has users. Attendance management system. Okay, library book. Okay, let's try to do a course enrollment application. Okay, course enrollment. So, there will be courses and students can enroll in that course. Something like that. Does that make sense? Okay, let's try to do a course enrollment application. So there will be a course or there will be so many courses and then there will be students that will enroll into courses. Make sense? Make sense? Like Udemy, now Udemy is not course enrollment like it's a like you don't enroll into a Udemy course. You purchase a course. It's like it's like an e-commerce website. Udemy is like an e-commerce website, right? Udemy is like an e-commerce website. Okay. So we will do a course enrollment kind of a project. Okay, let me go back to my browser. Let me open that drawing tool that I use. No, we can continue in the same project only. Okay, so this is my drawing tool. Okay, so now let's think about it. Okay, so first of all, we will have a course. A course. Okay. What will the course have? The course will have ID. The course will have uh name. The course will have price. The course will have let's say maximum student size. Maximum student size. Fifth will be what? Uh ID name code. ID name price number of days. Six will be start date. Anything else that we need? Anything else that we need for a course topics? Okay, we can have a description. Let's say description. Maybe end date. Don't you think we can calculate the end date by number of days and start date combination? We can do that, right? Okay. What else? Mentor details. Okay. Let's add a mentor. Eight. Mentor. Credits. Not really credits. Uh we are trying to do something like geeks for geeks, right? Book again, we don't need a book. It's a digital course, right? Class attendance, I don't think that's necessary. Certification is not necessary. Enrollment end time. Uh last day to enroll. Okay. Yeah, that's a good one. Let's say 9. Enrollment end date. Hm. What else? Instructor details can have with class entity. Yes, that is true. Copy of enrollment. What does that mean? Study material progress data. Teacher details. Teacher details already present in mentor. Discount. Discount will come in will become a part of price. I think we can stop over here. Okay. So, this is the information about a course. Correct. This is the information about a course. Okay. Let's say it has no exams, just uh videos. That's it. Okay. So, this is the information about course. Okay. Now because we are also using a mentor so we will have information about mentor as well. Mentor. So what will be the info that I need for mentor? For mentor I need men ID. Mentor ID first name. Last name, current company, years of experience. I think this is it for mentor. We can also maintain the list of student enrolled till date in the course. We can do that but we will do it separately. Sir, we will do it separately. Okay, this is fine. Okay. Now we know that there is a mentor, there is a course and there's also a student. There is also a student. Okay. There's also a student. Now you know that a student will enroll in a course. A student will purchase a course. Something like that. A student will enroll into a course. Yes or no? A student will enroll into a course. Now let's say there are two courses. Course number one is around Java. Course number two is about C++. Then can one student enroll into more than one course? Yes. Right. So one student can enroll into more than one course. Okay. Now one more quick question. Let's say the student enrolled into a C++ course which is a 15 days. So the student enrolled into C++ course and after 15 days the course was finished. Now the student thinks that they want to learn C++ again. So they are enrolling into the C++ course again. The next the new C++ course. Can we do that? We can do that also. So we can say that a student will enroll into a course. Therefore there will be an enrollment table which will maintain which student was enrolled to what course. Okay. So this will have information like this enrollment enrollment. This will have information as enrollment ID. Second it will have uh student information which student enrolled. Third, it will have course information. Which course was the student enrolled in? Four, it can have uh enrollment date. Enrollment date. What else do we need for enrollment? What other things that we need? Email. So email can be taken from student only, right? Student will have email. What about foreign keys? Forget about foreign keys. Right now I'm trying to understand what will enrollment contain. I'm not asking what will enrollment database table contain. I'm not asking about that. class time okay let's skip it for that we don't want to I don't want to make it very complicated student should have list of courses that he has enrolled with can can we not take that out from the enrollment table enrollment information only we can find out all the enrollments by a student by for a given student from the enrollment information only instead of keeping it in the student status enrollment status yeah that is a good one so enrollment status can be What uh what should be the enrollment status? What should be the values for enrollment status? Active inactive. So don't you think the enrollment will be active when the enrollment exists and uh the course is before the enrollment uh the course is before the end date. Don't you think so? So if the current if let's say a student is enrolled into a course and the course end date has not come yet then the enrollment is active then the enrollment is active course completed course registered course in progress H that's a good one that's a good one so let's say I can write five status good What else? Let's say a student enrolled into a course and then cancelled it later. Cancelled it later. For cancellation, we can have uh because it can only be two values. So I'll maintain a boolean is uh number of courses enrolled. No, that we will not do. Upgrade course. What does that even mean? Upgrade course. Is it like a Pokemon that you will upgrade it? Number of seats available in the course. Let's say it's an online course. So there's no idea of there's no idea of uh seats. Fe status it's already present in the price of the course sir we can make it status inactive why we need 6 we can make it inactive why we need 6 h so the status what does the status mean status can mean let's say registered which is by default then we can have cancelled which is okay and then we can have completed So three statuses can exist. Therefore I can remove is active, active, inactive, complete and cancelled. Let's say three statuses can exist which will be active, complete, cancelled. Make sense? Status can have three values. Active, complete, and canceled. All right. So we will stop here and now we will start writing our code. Okay. So first of all let's go to student. Okay let's go to student and we have to add one more field over here for student that is email id. So I will write at the rate column and I will write at the rate name is equals to email. It cannot be null. So I'll write nullable is equals to false. And I will also write unique is equals to true. What unique is equal to true will do is that it will create a database constraint which will make sure that no two users have the same email id. Okay. N is writing we can move the status inside student entity and is active or inactive in the enrollment. No one student can enroll into multiple courses and each each enrollment can have its own active inactive status. Okay. Then this will be a not this will be an email field. Email private string email. Okay. So this is the student information. Okay. This is the student information. All right. Okay. Now we will go to student repository. Everything is already taken care in the student repository. As of now, everything is also already taken care in the student service, right? Everything is already taken care in the student service about adding a student, getting a student by ID, updating a student, and deleting a student by ID already taken care of. Okay? And then we also have a student controller which is already taking care of CRUD operations of a student. Is it all clear so far? Is it all clear so far? Yes or no? Okay. So technically this is already ready. Can we say that that this is already ready? This is already ready. Right? This is already ready. Now we will go to the mentor. Okay. Now we will go to mentor. Okay. So for mentor also we will have to do same thing. So in the entities folder or package I will create a new Java class and I will name it mentor. Okay. So I have to do the same things for mentor also. Add the rate entity. It's going to be cumbersome repetitive work. So this will not look interesting but we have to do it anyway. So I'll write table I'll write name is equals to mentor. Then there has to be an ID. So, private long ID. Okay. What else do we need? Start date. Sorry, first name, last name, current company, and years of experience. Okay. So I'll write private uh string first name private string last name uh current company and years of experience. Okay, fine. Private uh years of experience. Should it be a double? Sorry, should it be a floating value or integer value? Int value? H float. Okay, let's make it float only. Float. uh years of experience. Now one quick question. If let's say I moved with int then would it be better to use int or short? Just a random question. Would it be better to use int or short? The answer is short because it would have taken less space if we would have used int which is okay. It would have done our job. But the whole point is nobody can have years of experience more than 80 or 60 right. So that would have been better. We can also use can we use bite 128 right 8 into yeah no I think not I think bite will not do some in some cases it will overflow. Okay so we will write some more logic at the rate column name is equals to ID. Okay. Name is equals to ID. null level will be false. Okay. Same thing will come over here. Sub column name will be first name false. Does it make sense? Does it make sense? Looking good. Okay. Nice. Okay. Fine. So, this is our new entity. This is our another entity. Okay. So because we are also going to accept it in uh input from request body. So I will also write not blank not blank. What's wrong over here? Annotations are not allowed over here. Oh, okay. Okay. So now years of experience is a floating value. Now main question is can somebody's years of experience be negative? Can someone's years of experience be negative? Right. So I can write at the rate min and I can say minimum value is zero. Can somebody's years of experience be higher than 60 40 actually? No. Right? So I can just write let's say 40. So you cannot write a years of experience which is greater than 40. You're not a model. Okay? Make sense? Clear? Is it clear? Great. Okay. So, we will do the same thing. So, I'll create a repository interface. Uh I will call this mentor repository. Repository mentor repository. I will decorate this with Android repository. Okay. And I will write implement sorry extends JPA repository. Oops. JP repository with mentor and long clear. Isn't it a good practice to keep the primary key as difficult as impossible to guess for the end user for DB DB security purposes? Maybe string UU ID. Well, yes and no. Both u UU ID is a great option. Great choice. But a lot of companies use long. Don't you think that long which is uh how many? It's like 64-bit integer. It's a 64-bit, right? So can somebody has the cap capability of choosing 64 characters, 64 unique characters at any point in time? Probably not. With UU ID, we have the number of characters fixed. So it can be a 32-bit long UU ID string. So somebody can randomly get 32bit and make the job done. But however in long it's a 64-bit challenge. So the length of your long can be greater than this can be a very large value. So what I'm trying to say is that you are right. Yuyu ID will work but long is also very secure and nice. Cool. Let's move ahead. So this is my repository file. Similarly I'll have to create my um service file. It's kind of cumbersome repetitive work. Not my favorite thing to do but we cannot do anything about it. We have to write it. Service ad service private final mentor repository. Okay. Public mentor add mentor. Okay. Then I will write mentor mentor. Okay. Does it look good so far? Does it look good so far? Right. Remaining functions you will write. I will not write. So getting mentor by ID, deleting mentor by ID, updating mentor by ID, that is you. That is something you will write. I will not write it. If I feel the need of writing it in the class, then I will write it. Remaining things I will not write. Remaining things you will write. Okay? And if you don't want to write, then I have no words to say. I have no words to say. Okay? Same thing. I'll go into the controllers and I will write mentor controller and here I will write at the rate add at the rate rest controller and I will also write at the rate request mapping and I will write at the rate / mentor okay similarly I will write private final mentor service mentor service auto. Add the rate post mapping. Does it look good? What is HTTP status codecreated? Well, if you create something in your back end or if you are trying to add something new, usually we return a created status which is equal to 201. I am still so like Indians fight over languages, right? People in our audience are fighting over ids. Which one is better? SDS better, Eclipse better, Intelligj better, VS code better. You should the the ID which is better for you is the one you are most comfortable with. So if you like Eclipse, use Eclipse. If you like STS, use STS. If you like intelligent, use intellig. That's it. Give one example of how we can send status. This is how we can send status. This is how we can send send the status. Okay. Are you asking status code as number? Is that what you're asking? Are you asking the number? Like how can we send 201 by writing 201? Is that what you're asking, Nishant? Uh I'll have to check the constructor for this. Let me see if I have something. I don't think we have it. Status code. Nah, we don't have it. We cannot send it like that. However, you should know what kind of whatever number you want to send, there has to be a HTTP status message or HTTP status enum associated with it. Just use that. Cool. Okay. So far everything is clear, right? Now let me run my app. Okay. So I will run my application and now I will create mentors. So I'll create two to three mentors. Panda is asking HTTP status.201. No, that will not work. Okay. Starting my app. Okay, it's working fine. Okay, so we will add a new mentor. So first of all, I will move all of them into a folder called a student student and moved create a new folder called as mentor. Add request of adding a new mentor. So, http/localhost localhost 770/mentor/ add. Okay, let's try to add a mentor. So, let's say the mentor is like this. So, we have first name of the mentor, first name, let's say the first name is Abhishek. Abhishek last name let's say permani okay then we have what first name last name current company current company and years of experience okay so let's say current company let's say current company is let's say Microsoft and let's Say years years of experience years of experience is let's say four okay or let's say 4.1 because it's a float value okay so now if I click on send let's see what happens it says a bad request why is it a bad request let's check okay so it's trying to say something uh years of experience default source resolvable Let's see what it is saying. Last message must not be blank. Last name must not be blank. Okay, fine. Let's look at our code. Rejected value is equal to null. Okay, just 1 minute. If I go to student controller, I have written sorry mentor controller I've written request body mentor mentor that's correct only right mentor/ add last name f i r s l a s n is there something wrong with this that I am missing? I think you have written your table name in the snake case and you are passing the attributes in camel case and postman. No, so that's table name that's related to database not related to what I want. Okay, let me see the database also. It's the last day of the course. Muhammad, today's the last day. So there are two tables mentor and student. That's correct. Let's go to the properties. We go to columns. We have ID come. Okay. Everything is looking good. Cool. Now let's see why are we getting this error. It says a bad request for us. So we'll have to check why are we getting bad request. H not blank. Let's go to the mentor class current company last name first name. Okay, I think I know why this is not working. I'll have to write on no ox constructor. Then I have to write getter and underate setter. Let me restart. I think this should work this time. No, we usually in entities we don't write at the rate data. And if you have decorated a class with at the rate entity, we do not write at the rate data in that class. It can create some sort of problems. It can make your application slower because of how Lombok internally works. Okay, there's something wrong with Postgress. column email of the student relation contains null values. Okay, this is happening because in our student table in our student table we previously did not have an email column, right? But now we have added it and now we have also made it non we have also made it non-nullable and unique. Therefore, it is not working. So what I will do is that I will delete my student table. I have deleted my student table and I will restart my application. So, restarting my application now. It should work. Yeah, my application is running great. So, let's add a few mentors. So, this is my first mentor. Yeah. So, you can see that now it is working absolutely fine. So, now this is one of my mentors. Let's add another mentor. Okay. Let's add another mentor. Let's call it Hesh. First name, last name is Pant. Current companies, let's say Visa. And years of experience is let's say 3.5. If I click on send, then this will create one more mentor for us. Okay. Is it clear how the mentor initialization is happening? Mentor creation. Great. Okay. Fine. So now if you go back to the database, sorry, not this. and select try to see all the rows. This is what we are able to see. You can see that the information is present in the database. Correct? The information is present in the database. Great. All right. Now, let's go back and I want to do one more thing. So, one more thing that I want to do is that for every student that gets created, so the student class, I will also write a password field. I also just want to write a password field. So let's say I write private string password at the rate column name is equals to password nullible is equals to false. Okay. If I restart my application again this will not work because nullable is false. So it will create a new password column but for every student that is already present for them the password is going to be empty therefore it will fail but however we have zero uh rows right now so it will work so I'm going to restart my app database migration without deleting database for that you have to use a liquid based file which is going to make things more complex. Okay, things are working great. All right, so now we have two mentors. One is Abhishek and the second is Hitesh. Okay, both of the uh both of the uh tables are also now present in our system. Let's go to the student table. It has the following columns. ID, email, first name, last name, and password. Great. Everything is looking great so far. Now let's move ahead. So now we will also create few students. So let's say I go to this place and if I go to student class right mentor. Let's say my create my first one is Akash Johi. Let's say email as Akash at the rategfg.org. Okay. and password is equals to akash at the rate 1 2 3 # GFG. Suppose this is my password. If I click on send, then this will create a user for me. As you can see in the sorry, it will create a student for me, right? It has created a student for me. Similarly, let's say I want to add one more student. Let's call the student name as uh Rashmi. Rashmi Kumari email is going to be rashmi at the rategfg.org and password is going to be rashmi at the rate123 # gfg rashmi. Okay, click on send. So now we have one more user, one more student that is created whose name is rashmi. So far is it clear? So far is it clear what I'm trying to say? Okay. So can we say that we have successfully finished student and mentor? Can we say that as of now? Now now the two more complicated things will come and enrollment. So let's try to d let's try to talk about courses right now. Okay. Let's try to talk about courses right now. Now the now our class will become slightly more complex. Okay. Now the class will become slightly more complex. Okay. So now in the entities I will create a new Java class and I will call it course. Okay. First of all I will mark this entity table name. Okay table name is course. Similarly add the rate id at the rate generated value strategy is equals to generation type sequence and then I can write private long id. We'll also need to write add all ax constructor sorry no ax constructor [Music] getter and setter okay these are the things that I've added now let's try to add other things so first we have a course name before that I will write add column name is going to be ID and nullable will be false. Okay, great. Now we have another column called as course name. So I'll write name is equals to name only null label will be false. Okay, and I'll write private string name clear now what other things we have price. Okay, so we'll write price at the rate column. Now what should be the data type of price? Should it be an integer? Should it be a float? Should it be a double? Should it be a uh what should it be? Technically, in my opinion, it should be a double value. It should be a double. However, float for people who are saying float that is also fine. We can use float also. But double is a more suitable field for this. So, I'll write name is equals to price big decimal. Wow. Are you going to pay cralable is equals to false? I'll write private double price. Okay, private double price. Now, what should be the minimum and maximum value? So the minimum is the course can be free. So zero. Do can we have a maximum value of a course? Should we have a maximum value? This is the question. Should we have a maximum price of a course? If yes, then what? Okay, many people are saying no. So, we will not put an upper upper limit on this. Okay, we will not put upper limit on it. Cool. Now, this is my price. What else do we need? Maximum student size. Okay, fine. So, this will be an integer. This will be an integer. I'll write private uh int max or let's say capacity capacity add the red column name capacity nullable will be false. The maximum capacity the minimum capacity should be zero. Right? Minimum capacity should be zero. Minimum capacity should be zero. Is that correct? Minimum capacity can be zero. Is that correct? Apparently no. Because you cannot create a class that has no capacity. So let's say we have defined a rule that at least you need to have 10 students. Okay. So we have written 10. Okay. Now, what else we have? What else do we have? Number of days. Okay. So, I'll write private int number of days. Okay. Okay. What should this be? Column will be number of days. name number of days min and max. So it should at least be of 3 days and let's say it should maximum be of 2 months. So 60 days. Okay. Let's say we have only decided this. Okay. Now what else? Start date. Okay. So let's write a start date. So for a date object we will write private date start date. So you can see the type of this class is date type date. It's coming internally from Java not from spring boot. It is a Java class. So I will write at the date column name is equals to start date. start date. Okay, nullable is equals to false. Now, one quick question. Why not java time.local date time? We can use that also. If you want to use it, you can. We can use that also. I'm trying to keep things very simple. Okay. Now, my main question is just one quick question. Do you think that the start date should never be less than the date at which the course has been created? Like let's say I am trying to create a course today that is 8th of May but I'm saying the start date is 8th of May 2024. Does it make sense? No. Right. So I need to write something like minmax over here. Yes or no? Now the thing is I don't know how to write it. So I'll ask AI. I I I will have to ask AI. So I'm just going to ask it to AI. Let me open chart GPT and uh let me bring it in front of you. This is my ch GBT and I will ask my chy. The reason why I'm showing you what I'm doing with chat gypy is because it's a part of development today. Tomorrow if you go to any company you will most probably be using some sort of AI tool to ask questions if you don't know something. So if anybody in the class is thinking that haha Shanton is using AI for understanding things he doesn't know blah blah blah then go ahead and think about it doesn't give me any harm. Okay, so moving ahead. Uh I have a date field in a class. I want to implement something like at the rate minimum to create a validation. How to do that? So it says we can create a customized annotation. It says we can create a customized annotation and then oh my god it's a lot of work. Do you see which AI tool your company into it allows employees? We use Gemini mostly. Then into it has its own uh gen studio. We use that also. and uh we use GitHub copilot, we use codo genen, we use cursor AI, we use llama, we use winds or whatever we use a lot of things. Okay, so as you can see to do this it's a complex uh thing as you can see. So we are going to skip it. We going to skip it for people asking for my LinkedIn all you need to do is search on LinkedIn. Probably first or second profile will be mine if you know my name. Okay, so this is what start date is going to look like. What else do we have? Number of days. We have start date also we have. Now we have description. So we'll write a description. So private string description. So description can be null. So I will not write nullable equals to false. I'll just skip it and I will write description d. That's it. What else do we have? Mentor. Okay cool. So now we have mentor. So I'll write private mentor and mentor. Okay, this is what I want to write. Now there's a quick interesting thing. So this mentor object is an entity in itself, right? This mentor is an entity in itself. Because of that very reason, because a mentor is an entity in itself, we have to declare a we have to declare a relation. So now the concept of database will come into picture. Now the concept of database will come into picture. Are you understanding what what I'm saying? Now the concept of database will come into picture. So the idea is something like this. So one course can only have one mentor. Right? One course can only have one mentor. But one mentor can teach multiple courses. Is that correct? One course can only have one mentor but one mentor can teach multiple courses. Right? Therefore the relation over here will be one to many. The relationship over here will be one to many. So this is how we declare relationships inside a spring boot entity. This will be a one to many relationship. If you don't understand what one to many means, you need to study database relationships. Sadly the only relationship we are going to talk about is database ones. So yeah, can we have many to many? The answer is no. Because if you do many to many that means that one course can be taught by multiple mentors as well. But that is not the case in our situation. So because one course has only one mentor. Therefore the right relationship over here will be added one to many. Okay. So for this also I will write join column. So now I don't write column. I will write join column and I'll write name as mentor ID. This will of course be nullable false. Okay. Are you able to understand what I'm saying? But one course can be taught by multiple mentors as well, right? Isn't it? Yes, it can be. But according to the our application, one course can only be taught by one mentor. That is how we are creating our application. It is our use case, our business logic. So one course can be purchased by many students and many student can purchase as many courses and many student can purchase as many courses that they want. Yes, that is true. But we don't have a relationship between a course and a student in this class. We don't have it. We are going to maintain it in a separate table of registration in company allow chat GP like yes of course companies companies allow them allow it. Is it clear one to many? If you don't understand what one to many means then then your ideas of rel database relationship is weak. If we had differentiated between a course and a class then a course Then a okay course is C U RC and and a clas
Original Description
Register for free to attend more workshops on Full Stack development, Data science, AWS, Devops & DSA: https://gfgcdn.com/tu/UJ6/
☁️ Deploy your Spring Boot application to the cloud and secure your APIs using Basic Authentication! In this tutorial, we'll walk you through the process of deploying a Spring Boot backend project to the cloud, configuring Basic Authentication to secure your APIs, and completing the project setup.
✅ What You’ll Learn:
How to deploy a Spring Boot application to the cloud (AWS, Heroku, etc.)
Implementing Basic Authentication for securing REST APIs
Best practices for securing APIs and managing user authentication
Building a backend project with Spring Boot and connecting it to a database
Steps for cloud deployment and testing the live application
📌 Topics Covered:
Introduction to cloud deployment with Spring Boot
Setting up Basic Authentication for API security
Creating and configuring Spring Security for authentication
Deploying the Spring Boot application to the cloud platform of your choice (AWS, Heroku, etc.)
Testing secure APIs and managing user authentication
🎓 Level: Intermediate
Perfect for: Developers, DevOps learners, and backend developers looking to deploy Spring Boot applications to the cloud while securing REST APIs.
👍 If you found this tutorial helpful, like, comment, and subscribe for more Spring Boot, cloud deployment, and security tutorials!
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from GeeksforGeeks · GeeksforGeeks · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
How I got into Walmart | Shailesh Sharma
GeeksforGeeks
Upgrade yourself In 29 Days | GeeksforGeeks
GeeksforGeeks
Learn AWS Fundamentals For Free
GeeksforGeeks
Conversation With Young Achievers | Meet the winners of Bi-Wizard Coding Contest | GeeksforGeeks
GeeksforGeeks
Meet The Winners Of Bi-Wizard Coding Contests | GeeksforGeeks
GeeksforGeeks
Interview Prep Strategies | PayPal
GeeksforGeeks
OLX Interview Preparation Strategies | Hukam Singh
GeeksforGeeks
Meet Some More Winners Of Bi-Wizard Coding Contests | GeeksforGeeks
GeeksforGeeks
Live Mock DSA
GeeksforGeeks
Microsoft Azure For Absolute Beginners
GeeksforGeeks
Python for Data Science | Data Science Master Bootcamp | Arpit Jain
GeeksforGeeks
Getting Started with Data Analysis | Data Science Master Bootcamp | Ashish Jangra
GeeksforGeeks
How to prepare theory subjects for SDE interviews | Geeks Summer Carnival 2022
GeeksforGeeks
Get Your Tickets To The Geeks Summer Carnival | GeeksforGeeks
GeeksforGeeks
TED Talk Data Analysis Project | Data Science Master Bootcamp | Ashish Jangra
GeeksforGeeks
How I Secured AIR 9 in GATE'22 | Tushar
GeeksforGeeks
Learn Java Backend Development | Geeks Summer Carnival | GeeksforGeeks
GeeksforGeeks
How to Recognize which Data Structure to use in a question | Geeks Summer Carnival | GeeksforGeeks
GeeksforGeeks
Learn Data Structures and Algorithms | GeeksforGeeks
GeeksforGeeks
Interview experience at Flipkart | GeeksforGeeks
GeeksforGeeks
Lets Prepare for GATE'23 the Right Way | Sakshi Singhal | GeekSummerCarnival
GeeksforGeeks
Highest Paying Jobs in 2022 | Ishan Sharma | Geeks Summer Carnival 2022 | GeeksforGeeks
GeeksforGeeks
Geeks Summer Carnival 2022 | 5th April- 11th April | GeeksforGeeks
GeeksforGeeks
Preparing for SDE interviews | Soham Mukherjee | Geeks Summer Carnival 2022 | GeeksforGeeks
GeeksforGeeks
Full Stack Development with React & Node | Utkarsh Malik | Geeks Summer Carnival | GeeksforGeeks
GeeksforGeeks
Introduction to Open Source and Roadmap to GSOC 2022 | Geeks Summer Carnival 2022 | GeeksforGeeks
GeeksforGeeks
Web Scraping in Action | Geeks Summer Carnival 2022 | GeeksforGeeks
GeeksforGeeks
Getting Hired at BITCS via GfG Job Portal | Get Hired With GeeksforGeeks
GeeksforGeeks
How to build a faster landing Page | Geeks Summer Carnival 2022 | GeeksforGeeks
GeeksforGeeks
Geeks Summer Carnival | 5th To 11th April, 2022 | GeeksforGeeks
GeeksforGeeks
How to get ideas for Startup | Geeks Summer Carnival 2022 | GeeksforGeeks
GeeksforGeeks
Journey from Tier 3 to JusPay | GeeksforGeeks
GeeksforGeeks
Geeks Summer Carnival 2022 | GeeksforGeeks
GeeksforGeeks
Dispelling Myths and Pre conceptions of Programming Languages
GeeksforGeeks
Must Do System Design Questions
GeeksforGeeks
Understanding Sorting Techniques in an hour | Keerti Purswani | Geeks Summer Carnival
GeeksforGeeks
Get Hired at NEC | Job-A-Thon 8
GeeksforGeeks
Journey from Tier 3 college to Microsoft | GeeksforGeeks
GeeksforGeeks
Get Hired with GeeksforGeeks at SuperK | Job A Thon 8
GeeksforGeeks
GeeksforGeeks: Redesigned
GeeksforGeeks
From Tier 3 to cracking multiple interviews | GeeksforGeeks
GeeksforGeeks
Live Mock DSA
GeeksforGeeks
Youtube Data Analysis | Ashish Jangra | GeeksforGeeks
GeeksforGeeks
DSA Self-Paced Course Preview | Sandeep Jain | GeeksforGeeks
GeeksforGeeks
GATE Live Classes | Prepare for GATE CS 2023 | GeeksforGeeks
GeeksforGeeks
Journey from JIIT to Adobe
GeeksforGeeks
Life Is Unfair Ft. Shonty badmash | LIVE Discord Session | A GeeksforGeeks Exclusive
GeeksforGeeks
Interview Experience at Google | Tech Dose
GeeksforGeeks
Live Mock DSA
GeeksforGeeks
Interview Experience @ Amazon | GeeksforGeeks
GeeksforGeeks
My journey through the tech world from India to US | Vidushi | GeeksforGeeks
GeeksforGeeks
Complete Interview Preparation Course | GeeksforGeeks
GeeksforGeeks
Live Mock DSA
GeeksforGeeks
Getting Hired at FiftyFive Technologies | Job-a-thon 9.0
GeeksforGeeks
GFG Karlo, Ho Jayega | GeeksforGeeks ft. Khaleel Ahmed
GeeksforGeeks
How I got job offers from 2 big companies : Arcesium & Microsoft | GeeksforGeeks
GeeksforGeeks
LINUX for Beginners | GFG x Itversity
GeeksforGeeks
My interview experience at Walmart | GeeksforGeeks
GeeksforGeeks
Get Hired at Speckyfox
GeeksforGeeks
Live Mock DSA
GeeksforGeeks
More on: Backend Performance
View skill →Related AI Lessons
⚡
⚡
⚡
⚡
Common Next.js Errors (and How I Solved Them)
Dev.to · gary killen
Applying Scalability in Backend (CodeBuddy)
Medium · LLM
Why Every Backend Developer Should Learn Nginx Before Going to Production
Medium · DevOps
Connecting Frontend to Backend: A Backend Engineer’s Reality Check
Medium · Programming
🎓
Tutor Explanation
DeepCamp AI