MASTER HTTP Basic Authentication in Spring Boot in Just 1 Hour | Step-by-Step Tutorial

TheCodeAlchemist · Intermediate ·🔧 Backend Engineering ·1y ago

Key Takeaways

This video tutorial demonstrates how to implement HTTP Basic Authentication in a Spring Boot application using Spring Security, covering topics such as user authentication, password encoding, and authorization.

Full Transcript

hey guys welcome back to the channel in today's video we will learn how to implement username and password based authentication in a spring boot based rest API and we will implement this using HTTP basic authentication when we talk about HTTP basic authentication it is probably one of the simplest and commonly used authentication mechanisms which are available so in this video we will follow a step-by-step plan we will start with a spring boot rest API then we will Implement Spring Security and then we will Implement HTTP basic authentication and by the end of this video you will know how to secure your apis using HTTP basic authentication and before we start please check out the first video which was on the Spring Security architecture so that you understand each and everything that we are going to discuss today let's get [Music] started let's start with HTTP authentication mechanism what is this HTTP authentication is a very simple authentication mechanism it is a way for a user or a to provide their credentials and generally these are in the form of username and password so here we have the client and the server client wants to use some functionalities provided by the server so client needs to authenticate itself for that client will provide the username and password now this username and password will not be sent to the server in a plain text manner it is first encoded using Bas 64 encoding and this encoded value is sent using the authorization header so as you can see this is the author authorization header which will be set by the client in the request the value of that header always starts with the text basic and this encoded value that you see represents the base 64 encoded value of username and password now this represents the credential of that user when the request reaches to the server the server will check the credential it will decode the value basically this value and it will check if the user exists in the database it basically performs the authentication if it is able to perform the authentication successfully if it identifies the user then it sends 200 and okay response back to the client otherwise it is marked as unauthorized and the authentication fails so that's what HTTP basic is all about you encode the username and password using base 64 and you pass this value in the authorization header which always starts with basic and then coded value the server will decode the value it will find the user it will check the password if everything matches perfectly then the user will be authenticated and a successful response will be sent back to the client and then the client will be able to access anything that is protected otherwise a 401 unauthorized response will be sent to the user that hey the authentication fiiled okay so before we move on let me quickly show you how the username and passwords are encoded using base 64 encoding so you can find many encoders and decoders online here is one that I'm going to use for the demo let me clear the screen first so for example let's say the username of the user is user and the password is pswd now this combination will be joined by the colon and this whole value will be encoded using base 64 encoding so after the encoding process your username and password will look something like this this is an encoded value what server will do when it receives the value in the request it will decode the value so if we try to decode the same thing using base 64 decoding you can see it will be able to see the username and password which were sent in the request and now the server can use this username and password to basically apply the authentication mechanism that is what B 64 encoding and decoding is all about now as you can notice this is simply an encoding this is not encryption so this value can be decoded back which means it's not secured so if anyone gets your encoded value he or she will be able to decode it back and he or she will know the username and password that were provided so to make it more secure it is generally used with https having said that HTTP basic authentication is a very simple mechanism that's why it is more suitable for let's say internal applications or very small applications by internal applications I mean let's say there is an organization which is running all the applications behind a boundary so that means means it is only accessible by for example a set of employees which are already authenticated so in such scenarios we can use HTTP basic authentication otherwise this encoding is not strong it can be decoded now that we understand base 64 authentication and encoding and decoding let's see how can we implement this in a project suppose we have an API that we want to protect using Spring Security then we have the user this user wants to use the API in order to use the API the user must authenticate himself and as we are using HTTP basic authentication so what we are saying user must provide the username and password when the request reaches to the API the API will decode the value as we saw using base 64 encoding and decoding so the API know the username is this and the password for example is pswd now the first thing that we need to do is we need to identify or we need to find out if the user exists in the system so that means we must have a user store now this user store will store the information related to the user like usern name user email or password otherwise how do we identify how do we match the user we need a user store now this user store can be a database a relational database or a nosql database or there could be an API which is responsible for managing the users now our API in this case will call this API to find the user information this is also one way of implementing the user store or we could use a third party solution to host or to store the users so there are couple of options to implement a user store the important thing is we need to store the users we need to have a user directory or repository so what API will do it will try to find the user using this user store by this user name let's say if the user does not exist in the user store then API will return an error that it is a non-existent user I cannot find the user but if the user exists it will get a user back and in that case what API will have to do it will match let's say this user is you then it will match this password with the password which is returned by the user store if it is matching then it means it is a genuine user authentication is successful the API will return 200 response for example the user is authenticated and now user can access the secured endpoints of this API but if it doesn't match then it means user has provided wrong credentials and in that case we can send let's say 401 that hey you are unauthorized to access this AP so there are two important things that we need to do first we need to have this user store where we will store the users and then we need this password matching mechanism now with this thing in mind let's move on and understand the project that we are going to develop so here we have this project outline how our API would look like and how the project will work with Spring Security to secure the endpoints let's focus on the top part first so here as I said we need a user store and for the Simplicity we'll start start with the simple solution that means we will have a mySQL database and in this mySQL database we will store the user information that means username password and email so we will have a mySQL database now in order to store the data and read the data from mySQL database we will simply use spring data jpa so we will have a user repository then we will Implement a user service that will work with this user repository and this user repository will interact with the database then we have a controller and as this is a no security check that means it will be a public endpoint that means anyone can access this endpoint without authentication why we need a public endpoint because we need to register the user first so there will be this endpoint API / register for example the user will first use this endpoint it doesn't need any authentication because this is a public endpoint and using this controller this service and this repository we will store the data in the mySQL database for that user and once we have the user in the database let's say when the user is trying to access a private endpoint which is this controller the second controller which represents a private endpoint which is secured by Spring Security then that means whenever the user is trying to let's say access this endpoint API / greed then the user must be authenticated and that's when the Spring Security part will be triggered and we also know the user will provide the username name and password which will use HTTP basic so the value will be sent in the authorization header which starts with basic and the base 64 encoded value all right so when the user provides the credentials we know the Spring Security part will trigger which will start with step 2.1 before it can access the controller okay and this is the part coming from Spring Security architecture which we have already covered in the last video so make sure that you watch that video first otherwise you will not be able to relate anything so we know there will be a spring filter in the filter chain which will trigger the Spring Security filter chain which will pass the request to authentication manager and the authentication manager will select an authentication provider and in this case this authentication provider is related to http basic all right and this HTTP basic authentication provider knows how to authenticate a user or a request using HTTP basic mechanism that is the role of authentication provider each authentication provider is responsible for a specific type of authentication so in this case this will be HTTP basic authentication provider all right now when the authentication provider starts the execution it needs to know the user as we discussed in the previous slide we need to find the user first so how do we find the user first from the mySQL database we know we have the repository but we have to provide some way to read this user data from the mySQL database to Spring Security that will be used by authentication provider and we discussed in the last video we can use user details service which is provided in the Spring Security framework or in the dependency and using this user details Service Spring Security will know how to load the user so this user details service will work with the existing user service and this user service will then talk to user repository which is an established flow already it will read the user from the mySQL database so there we have the user data all right and then this authentication provider will use this user data which is return from the mySQL database to match the username okay and the password and if the authentication is successful then it will store an authentication object in the security context holder and for the demo we will access this authentication object in this controller to let say print a message that is the overall flow that we are going to implement in this demo and one thing I missed the role of password encoder so in the registration flow which is this one when we store the user information in the mySQL database instead of storing the password in a plain text manner we will use this password encoder Bean to basically store the password in the hashed mode in the hash format so that the passwords are more secured in the database so what are the key components that we are going to develop we will have two controllers we will write these two controllers then a user service a user repository okay and then we will also provide an implementation of user Detail Service and a bean of password encoder then we will also configure the Spring Security filter chain in the project we don't need to actually configure all this this will be handled by the spring security so I hope you understand the overall flow that we are going to develop now let's move on and start with the handson so here we have the Le project to save some time I have developed a skeleton project which already has the spring data jpa part okay not the Spring Security but the simple spring data jpa part to register the user this thing we already know about if you're not comfortable please check out this playlist okay so starting with the application. EML file in this EML file I have provided the database configuration of my mysq database so I have a database Spring Security demo nothing special about it going to the user controller this is a very simple user controller which is exposing a post end point okay to basically register the user so we receive the request then we map the incoming data to us a dto which is a very simple dto with three Fields username and password and email all right then this controller will pass on the request to user service let's go to the user service this is a very simple user service it is using the user repository and here we are using spring data repository so nothing special about it either going back to the service here we are actually creating the user entity so this is the user entity that we have created okay simple spring data jpa entity with three fields and one primary key all right going back to the service we map from the dto to user entity and then we are calling save method of user repository to save the users so let's start this program and try to see if it is working so the service is up let's try to add a new user for that I'm going to use Postman now this is the URL of my controller register controller / API SL userregister and we are going to use a post request because we want to create or register the user there are three Fields username demo password demo1 23 and email demo gmail.com so let's hit the request and we got the response user created successfully let's check the data in the database this is the database that I created Spring Security demo and in this we should have the user table and if we check the user table we should have a single Row the user that we just created so ID is one email password and demo so that means the basic flow is working fine so far we are not using anything related to Spring Security now that we have a very basic simple API let's secure it using Spring Security so the first thing is if you notice we are storing the password in the plain text manner so it is clearly showing the password of this user that the password is 1 2 3 how do we secure it as we covered in the in the architecture diagram of this project we need to use the password encoder and how do we get the password encoder well we need to use the spring security so let's start by adding the Spring Security dependency to a project we'll go to the project let me stop the application and uh we'll go to the pom.xml here in this pom.xml we simply need to add a single dependency that is for Spring Security this is the one spring boot starter security and this is coming from boot that's it and uh let me reload the project okay so it has downloaded the dependency now without changing anything just by adding the Spring Security dependency if we restart the application let's see what happens so as we can see Spring Security is now securing the application how do we know we can see this log message in the logs that using generated security password so what Spring Security is doing by default it secures all the endpoints and at this point it doesn't know anything about the user store that we are storing the user in a mySQL database so what it does it creates a dummy user and it also creates a dumi password for us to use and every time when we start the application it will create a new dumy password and dum user of course so this time if we let's say hit the same request we get the 401 unauthorized because now this endpoint is secured by Spring Security so just by adding the right dependency of Spring Security the application is secured but of course we don't want to use the dumy user and password we want to use the users that we are creating in the my SQL data store so let's do that let me stop the application and the first thing that we will do we will create a config file where we will provide security related configurations so in the conf folder we will create a security config class and this is going to be a configuration class so we will use at theate configuration annotation all right and in this annotation I mean in this config file we will create a new bean and this is going to be a password encoder which is coming from Spring Security okay now there are many password and coders available in the Spring Security you can Google it you will find the documentation the one we are going to use is bcrypt like this it is as simple as that and now that we have this Bean available in the context we can use this password and coder same as any other Bean in a spring project so we'll go back to the user service where we are storing the user information and the first thing we will do we will Auto wire this password encoder like this and then we can use this password encoder to encode the password okay so where we are storing the password or where we are assigning the password to let's say this user entity instead of assigning the simple password in the plain text manner what we will do we will now encode this password like this so whatever the user is providing using the registration endpoint what we will do we will encode this password so now what will happen in the database we will see the hashed password which is more secured so let's start the application and test this flow so the server is up that means we are at least configuring the password password encoder right but how do we test it we don't want to use the random password or the default user we want to use the user that we are creating all right so how do we do that step number one was to integrate the spring security by adding a dependency in the pom.xml then in Step number two we created a new Bean of password encoder that we will use to encode or hash the password while storing the user information and the same encoder will be used to match the password in the authentic flow now the step number three which is probably the most important step is to configure a Spring Security filter chain all right and how do we configure the Spring Security filter chain we'll go back to the configuration which is security config and same as password encoder what we generally do we provide a new Bean of security filter chain so let's do that we need to create a new Bean of type security filter chain this security filter chain will use something called HTTP security which will be initialized and injected by Spring boot so we don't need to worry about that once we have the access to this HTTP security object what we generally do because it follows the Builder model so we do something like this and here we can configure the Spring Security filter chain so the first step is first of all because now we are configuring and overriding the security filter chain we need to tell Spring Security that what kind of authentication mechanism we are going to use in this application since we are going to use HTTP basic so we can provide that information using HTTP basic Builder method then as you can see it accepts some parameters and these parameters are basically an object of customizer do with defaults what it will do it will a tell Spring Security that we want to use HTTP basic authentication then it will apply the default configurations of HTTP basic of course if you want to override some configurations we can do that but default configurations would do just fine for the demo so one we have configured the HTTP basic authentication mechanism second because this is going to be a registration endpoint for this demo we will keep this endpoint as public as we covered in the architecture diagram so that anyone can use the register endpoint in order to register first and then the user will be authenticated so how do we exclude the endpoints from the authentication process well there is another method here authorized HTTP requests like this and again it accepts a Lambda so we can do something like this okay and auth request dot any request dot authenticated so by writing this code we are telling Spring Security that all the request any request that means all the requests will be authenticated and that is the default behavior of Spring Security by default it secures all the endpoints but what we want to do if we go back to the user controller we want to make this endpoint public so that any user who doesn't have the account yet can access the endpoint in order to register itself okay so we want to make this endpoint public how do we do that we'll go back to the user config I mean the security config and uh the order matters here the first thing we will do we will use a request match like this and in this request Mech we will provide the endpoint we can also provide some while cards but in this case because we have a single end point so what I can do I can simply uh go back to the user controller I can simply provide this endpoint SL API slash ususer slash register and permit all so what is happening here we are telling Spring Security that all the endpoints that we provide here you need to match the incoming request and you need to permit them do not authenticate but anything else any other request which is not part of this uh you know expression will be authenticated so using this we can exclude endpoints from being authenticated so so far what we have done we configured the Spring Security filter chain then we are making this endpoint public anything else will be authenticated we also configured password encoder and we are using this password encoder in the user servers to basically encode the password so now we should be able to access this endpoint without being authenticated so let's try that and since in the application. EML file we have ddl hyund Auto configuration has create that means uh the data must have been deleted okay so the user table is empty that's good so the service is up let's see if we can make it work we'll go back to the postman and we have the same request and the same body the only difference is now we are configuring the security filter chain and we are making this endpoint public but if we try to send a request we are getting 401 again that means there is something wrong but we don't see anything in the logs that is another important Point let's say in case you are not able to see anything in the logs why something failed then there are some loging configurations specific to Spring Security that we can enable so I have this ready I can simply pay Ed the login configuration so let's enable them like this and uh let's restart the application the service is up so let's retry and this time we can see a lot more details in the logs and we see an error invalid csrf token found so by default csrf is enabled which is failing this request so we'll go back to the security config we will disable the csrf for this demo generally we don't disable the csrf because this is critical for security purposes but because this is a purely backend application this is a rest API there is no UI of front end involved so in that case we can disable the csrf how do we disable the csrf well we follow the same Builder method model so there is another method here csrf which accepts a Lambda okay and using this Lambda we can uh disable the csrf having done this let's restart the application and see if it works this time so the service is up let's retry and see if it works this time and this time we see 200 okay user created successfully let's go to the database and check the user info in the table and as you can see we now have the password hash we are not storing the password in the plain text manner we are storing the hashed value because now we are using password encoder so we successfully have the user info inserted in the database the next step is the authentication step how do we authenticate a user how do we provide the user and password and then match it so the part one we are already doing we are storing the user info now we will focus on the authentication part so let's go back to the application let me stop the application here and the second thing is to authenticate the user to do that first I will add a private endpoint because this registration endpoint is a public one we are excluding it from the authentication let's name it greed controller and this is going to be a rest controller with the URL pattern on of let's say API SLG greed and then it will have a simple method like this a get method okay now what do we do in this greet method so you remember we talked about the security context holder okay so if the user is authenticated spring Security will add this authentication object to the security context holder and this authentication object holds principle which is the user authorities and credentials so that means we can access the authenticated user using this authentication object from the security context holder so that's what we are going to do in this method because this is a private endpoint that means only if the user is authenticated he or she will be able to access this endpoint so that means if the request comes here in the Greet method the user is already authenticated so we will access the user information from the authentication object how do we do that so here we will first get the user from the security context holder okay so for example this user is null for now and then we will simply return a message for example something like like high user you are allowed all right how do we get the user from the security context holder that we will see soon okay so this represents a private endpoint the second thing is when the request comes to the Spring Security let's go back to the architecture when the request comes to the Spring Security it will call the authentication provider finally okay and the authentication provider needs to know the user detail it needs to read the user data in this case because we are storing the user information in the my SQL we need to provide a way for the Spring Security to read the user by the username from this mySQL database how do we do that we talked about this we need to use the user Detail Service so because we already have the user service so what we can can do we can implement this user details service and it has a single method which is load user by username so whatever username we are getting in the authenication request because now we are providing an implementation of user Detail Service Spring Security knows that there is this service which has the implementation of load user by username it doesn't care about the implementation it just needs to know that there is some implementation which is implementing this method because Spring Security will call this method to get the user details otherwise it has no way to read the data and match it against the entered username and password now the task is we need to provide the implementation of this method all right again what is this user details it is another interface provided in the Spring Security that represents the user so we will have to provide the implementation of this user details as well all right in a way of course so we are one step closer to reading the data from the database and comparing it against the username and password that the user has provided so how do we read the user we know we have the user repository but now we need to read the user by the username okay not by the user ID so that means we can write a new method here something like this user find by username okay and then username so what spring data will do by reading the method name find by username it will write a select query it will generate the select query at runtime and it will use the username in the v Clause because we are using find by and then the property or the attribute this is plain spring data that we have covered in this video as well all right now coming back to the user service what we can do first of all we will read the data from the database so that means we have user U equals to user repository. find by username and then we will pass the username so we have the user from the database once we have the data from the database which is the user entity which is written by us okay this is written by us the second step is we actually need to return the user details because spring doesn't know anything about this user entity as far as Spring Security is concerned Spring Security needs an instance of user details so we need to convert this user to something called user details how do we do that well there are different ways to do that what I'm going to follow is we will create a new model and we will call it authenticated user and this authenticated user will implement the user details interface okay and this user details interface has some methods which must be implemented which is basically get username get password and get authorities okay so right now we are not dealing with roles permissions and authorities so let's keep it as it is as for the username and password we can get this information because we have already read the data from the database so for example what we can do we can have the user entity here like this and we can get it injected like this and then we can use the same user object to get the password and get the username okay let's go back to the user service here what we will do we will create the object of authenticated user like this and we can pass the user that we have fed from the database and then we can simply return the user or to simplify this let's remove this line and write it like this that's all so let's recap what we did we implemented the user Detail Service which has a single method load user by username which will help Spring Security to load the user by the username okay then we are reading the data from the database using plain data jpa spring data jpa nothing special about it and the only thing else that we did we created a new class authenticated user which is implementing the user details which basically represents the authenticated user as the name suggests all right that's it now what Spring Security will do when we access the private endpoint it will trigger the Spring Security flow all right it will see that it has an implementation of user Detail Service so this method will be called the data will be feted from the database and this object has the username and password so Spring Security will match the username with this username okay and the password with this password now the thing is the user will provide the password in the text format but the database has the password in the encrypted format Spring Security will automatically use the password encoder that we have configured in the security config which is this one and it will use the method uh there is a method matches so it will use this method basically to compare the passwords this is the raw password that the user will provide and this is the encoded password which will come from the authenticated user so that's how Spring Security is going to authenticate the user so we have implemented the key details let's restart the service and test the flow so the server is up and one thing if you notice we don't see the random password generated anymore but here we can see now the Spring Security knows that we have a user Detail Service which is implemented by the user service so it knows where to find the user data you can see it here all right so the first thing first let's see if we have the data available because we have the ddl auto as create the data is removed so first we need to hit the register endpoint to add the user let's do that we get the user created successfully all right let's check the database and uh we have the user details in the en I mean in the encrypted format next we'll go to the postman and this time we will hit the private endpoint which is the Greet endpoint all right this is going to be a get call and uh the end point is going to be/ API and slash create okay now before we move on we actually missed one thing if we check the controller we missed to read the username from the security context holder as we intended to do so let's do that otherwise we will simply see null in the response so we know the authenticated user if the authentication is successful will be stored in the security context holder so first we will access the security context holder from the security context holder we get the context and from the context we get the authentication object as simple as that so from the security context holder we get the security context and from the security context we get the authentication object and once we have the authentication object we can get the principle the authorities and credentials and so on so let's see we get the principle which represents the user now if you notice it is returning an object and this object is nothing but the Authenticator object I mean authenticated user that we created here which is an implementation of user details all right so we'll have to cast it like this and then we can use user dot get username as simple as that let's restart the API quickly so the service is up let's go to the postman again we need to register first because the data has been wiped out from the database okay so user is created successfully now we will access the private endpoint and this must be GRE so because this is a private endpoint so that means the user must be authenticated which means user must provide the username and password how do we provide the username and password using HTTP basic using Postman so in the authorization tab in the postman here we can select any authentication type which is supported and you can see a lot of authentication types like be token basic o oo API key and as we go on with the playlist We will cover most of them in the Hands-On videos but for now we will simply focus on the basic o because we are learning basic authentication so we will select basic o and as we select the basic o we see two Fields username and password so let's provide the username which is simply the user that we created so username is demo and the password is demo 1 23 so this is going to be demo and demo 1 23 that's it let's send the request and we see high demo you are allowed so that means as we provided the correct username and password everything that we implemented using user details service and user details it was successful it successfully fetched the data from the database using user Detail Service then it compared the passwords that means this raw password with the encoded password from the database using password encoder and because it was a perfect match the user was authenticated and so the details were stored in the security context holder and that's why we see the username correctly here and one more thing if we check the headers we see the authorization header because that's what HTTP basic is all about we provide the encoded value in the authorization header in the request so we see the authorization header was set and it has an encoded value all right but what does it represent so uh let me change it so we see as we discussed the value starts with basic and then we see the encoded value this is nothing but base 64 encoded value so if we copy this and decode this using the same online decoder that we used in that case we should see the username and password which were provided and we can see this is demo colon demo 1 23 exactly what we provided so for the same reason this is not secured because anyone who has the encoded value can decode it using base 64 decoder all right so this is what we discussed in the HTTP basic well the uh credentials are encoded and then passed using authorization header and when we reach to the API okay the Spring Security will find or will try to find an implementation of user details service because that's how it knows how to read the user implementation doesn't matter in this case we are reading the data from the database in other cases will we can make an API call basically to another API which holds the user information ultimately we will provide an instance of user details because that's what Spring Security recognizes all right and in the greed controller we are getting the username from the authentication object which is stored in the security context holder that's how we implement the username and password based authentication in a spring boot API it might sound complicated first but if you rewatch the video there are Qui things that we do all right like providing the implementation of user details service and user details then in the security config we provide the password encoder and then we configure the security filter chain that's it so that's all for this video in the next video we will enhance the same application to use permissions and rules that means authorities which again will be very simple if you just follow along so if you like the video please make sure you like And subscribe and if you have any suggestion put them in the comments that's it for now I will see you in the next one thanks for watching

Original Description

Code - https://github.com/therealdumbprogrammer/spring-security-httpbasic-auth Playlist - https://www.youtube.com/playlist?list=PLpxcSt9FGVVFqDPqI8m_F5SvDZTMbZ1YX --------------------------------------------------------------------- In this video, you'll learn: ✅ What HTTP Basic Authentication is and when to use it ✅ How to configure Spring Security for HTTP Basic Authentication ✅ Setting up user registration with secure password hashing ✅ Protecting your API endpoints with Spring Security ✅ Testing your setup with Postman We’ll be using a practical example to demonstrate how to build a secure API using Spring Boot, MySQL, and Spring Data JPA. By the end, you’ll have a clear understanding of how to implement and test HTTP Basic Authentication in your own projects. 00:00 Intro 00:51 What is HTTP Basic 4:50 Usecase 7:15 Project Overview 13:28 Code walkthrough 17:20 Adding PasswordEncoder 20:12 Configuring SecurityFilterChain 21:55 Excluding endpoints 25:15 Logging security Exceptions 28:00 Disabling CSRF 29:48 Implementing UserDetailsService 33:12 Implementing UserDetails 36:50 Running the Project 42:54 Closing ----------------------------------------------------------------- #springboot #springsecurity #security #java #programming #coding #https
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Playlist UUjEfGki6QSKs0mL6-h2pm3Q · TheCodeAlchemist · 5 of 50

1 #java threadlocal #coding #programming #education #softwareengineer #shorts
#java threadlocal #coding #programming #education #softwareengineer #shorts
TheCodeAlchemist
2 ThreadLocal values #java #coding #codingtutorial #programming #programmer #education #shorts
ThreadLocal values #java #coding #codingtutorial #programming #programmer #education #shorts
TheCodeAlchemist
3 Immutable Design and Java Concurrency | Immutability Explained
Immutable Design and Java Concurrency | Immutability Explained
TheCodeAlchemist
4 #java concurrency and immutability #coding #programming #100k #shorts #javaprogramming
#java concurrency and immutability #coding #programming #100k #shorts #javaprogramming
TheCodeAlchemist
MASTER HTTP Basic Authentication in Spring Boot in Just 1 Hour | Step-by-Step Tutorial
MASTER HTTP Basic Authentication in Spring Boot in Just 1 Hour | Step-by-Step Tutorial
TheCodeAlchemist
6 #springsecurity #java #coding #programming #springboot #education #javaprogramming #shorts
#springsecurity #java #coding #programming #springboot #education #javaprogramming #shorts
TheCodeAlchemist
7 Encoding passwords in #springsecurity #springboot #java #programming #coding #security
Encoding passwords in #springsecurity #springboot #java #programming #coding #security
TheCodeAlchemist
8 #springboot #coding #springsecurity #shorts #java #programming
#springboot #coding #springsecurity #shorts #java #programming
TheCodeAlchemist
9 SECURE Your App with Roles and Permissions in Spring Security!
SECURE Your App with Roles and Permissions in Spring Security!
TheCodeAlchemist
10 #springsecurity roles & permissions #java #programming #coding #shorts #springboot
#springsecurity roles & permissions #java #programming #coding #shorts #springboot
TheCodeAlchemist
11 #java #springboot #spring #springsecurity #coding #programming #shorts
#java #springboot #spring #springsecurity #coding #programming #shorts
TheCodeAlchemist
12 Mastering Pre-Authentication with API Keys Like a PRO
Mastering Pre-Authentication with API Keys Like a PRO
TheCodeAlchemist
13 What is an Event Streaming Platform #kafka #java #coding #youtubeshorts
What is an Event Streaming Platform #kafka #java #coding #youtubeshorts
TheCodeAlchemist
14 #apachekafka #coding #code #java #javadevelopment #programming #youtubeshorts
#apachekafka #coding #code #java #javadevelopment #programming #youtubeshorts
TheCodeAlchemist
15 Running Kafka in KRaft Mode without Zookeeper
Running Kafka in KRaft Mode without Zookeeper
TheCodeAlchemist
16 #tutorial #kafka #coding #javadevelopment #java #programming #youtubeshorts
#tutorial #kafka #coding #javadevelopment #java #programming #youtubeshorts
TheCodeAlchemist
17 Kafka Producer and Consumer with Java: Hands-On Tutorial
Kafka Producer and Consumer with Java: Hands-On Tutorial
TheCodeAlchemist
18 How to Use Kafka Consumer Groups in Java | Beginner-Friendly Demo
How to Use Kafka Consumer Groups in Java | Beginner-Friendly Demo
TheCodeAlchemist
19 #kafka consumer groups #kafkatutorial #java #programming #coding #shorts #apachekafka
#kafka consumer groups #kafkatutorial #java #programming #coding #shorts #apachekafka
TheCodeAlchemist
20 Sticky vs Hash Partitioner in Kafka: Full Guide + Java Consumer Group Demo
Sticky vs Hash Partitioner in Kafka: Full Guide + Java Consumer Group Demo
TheCodeAlchemist
21 Step-by-Step Kafka Transactions Demo
Step-by-Step Kafka Transactions Demo
TheCodeAlchemist
22 The DEVELOPER'S Guide to AI and ML: Fundamentals
The DEVELOPER'S Guide to AI and ML: Fundamentals
TheCodeAlchemist
23 LLMs Explained: Tokens, Embeddings, and API Basics
LLMs Explained: Tokens, Embeddings, and API Basics
TheCodeAlchemist
24 Your first OpenAI API App - Step-by-Step Guide
Your first OpenAI API App - Step-by-Step Guide
TheCodeAlchemist
25 #chatgpt #llm #openai #tutorial #technology #tech #programming
#chatgpt #llm #openai #tutorial #technology #tech #programming
TheCodeAlchemist
26 JVM Bytecode Made Simple: Essential Concepts
JVM Bytecode Made Simple: Essential Concepts
TheCodeAlchemist
27 Master #java Bytecode #jvm #jvminternals #programming #coding #shorts
Master #java Bytecode #jvm #jvminternals #programming #coding #shorts
TheCodeAlchemist
28 #jvm operand #stack #explained #java #coding #programming
#jvm operand #stack #explained #java #coding #programming
TheCodeAlchemist
29 JVM Internals: JVM Opcodes and Java ClassFile Explained
JVM Internals: JVM Opcodes and Java ClassFile Explained
TheCodeAlchemist
30 Java Bytecode Deep Dive | What JVM Sees That You Don’t
Java Bytecode Deep Dive | What JVM Sees That You Don’t
TheCodeAlchemist
31 #java #bytecode constant pool #programming #coding #youtubeshorts
#java #bytecode constant pool #programming #coding #youtubeshorts
TheCodeAlchemist
32 Inside the JVM: Class Loading Explained
Inside the JVM: Class Loading Explained
TheCodeAlchemist
33 Java Developers: You MUST Understand These 5 JVM Memory Areas
Java Developers: You MUST Understand These 5 JVM Memory Areas
TheCodeAlchemist
34 User Signup with Email Verification 🔥 Spring Boot + Spring Security
User Signup with Email Verification 🔥 Spring Boot + Spring Security
TheCodeAlchemist
35 How to Build a Secure Password Reset Flow | Spring Security
How to Build a Secure Password Reset Flow | Spring Security
TheCodeAlchemist
36 #springboot #springsecurity #passwordreset #java #programming #javadeveloper #programmingshorts
#springboot #springsecurity #passwordreset #java #programming #javadeveloper #programmingshorts
TheCodeAlchemist
37 JWT Simplified | What Developers Must Know About Token-Based Auth
JWT Simplified | What Developers Must Know About Token-Based Auth
TheCodeAlchemist
38 #jwt #security #springsecurity #springboot #java #programming #coding #codingtutorial #codingtips
#jwt #security #springsecurity #springboot #java #programming #coding #codingtutorial #codingtips
TheCodeAlchemist
39 #jwt #jwtauthentication #authentication #security #websecurity #springsecurity #springboot #java
#jwt #jwtauthentication #authentication #security #websecurity #springsecurity #springboot #java
TheCodeAlchemist
40 Master Spring Security JWT in 1 Hour
Master Spring Security JWT in 1 Hour
TheCodeAlchemist
41 Want to Master Payment Processing? Watch This Now
Want to Master Payment Processing? Watch This Now
TheCodeAlchemist
42 #paymentgateways #java #coding #programming
#paymentgateways #java #coding #programming
TheCodeAlchemist
43 #education #paymentgateways #payments #paypaltutorial #shorts #programming #programmingshorts
#education #paymentgateways #payments #paypaltutorial #shorts #programming #programmingshorts
TheCodeAlchemist
44 Stripe Payments with Spring Boot | Full Hands-On Tutorial
Stripe Payments with Spring Boot | Full Hands-On Tutorial
TheCodeAlchemist
45 #paymentgateways with #springboot #java #coding #programmingshorts #programming
#paymentgateways with #springboot #java #coding #programmingshorts #programming
TheCodeAlchemist
46 #java #javacoding #coding #paymentgateways #payments #springboot #springboottutorial
#java #javacoding #coding #paymentgateways #payments #springboot #springboottutorial
TheCodeAlchemist
47 #java #coding #programming #jvm #codingtips #programmingshorts
#java #coding #programming #jvm #codingtips #programmingshorts
TheCodeAlchemist
48 Can Spring Boot Apps Really Deploy in Minutes on Kubernetes?
Can Spring Boot Apps Really Deploy in Minutes on Kubernetes?
TheCodeAlchemist
49 #java on #kubernetes with #springboot #programming #coding #programmingshorts
#java on #kubernetes with #springboot #programming #coding #programmingshorts
TheCodeAlchemist
50 Spring Boot + Postgres on Kubernetes | Cloud-Native Series
Spring Boot + Postgres on Kubernetes | Cloud-Native Series
TheCodeAlchemist

This video tutorial teaches how to implement HTTP Basic Authentication in a Spring Boot application using Spring Security, covering topics such as user authentication, password encoding, and authorization. By following this tutorial, you will learn how to secure your API endpoints and authenticate users using HTTP Basic Authentication.

Key Takeaways
  1. Add Spring Security dependency to pom.xml
  2. Create a password encoder bean using bcrypt
  3. Configure a Spring Security filter chain
  4. Implement a UserDetails service
  5. Use Spring Data JPA to interact with a MySQL database
  6. Encode passwords using a password encoder
  7. Test user authentication flow using Postman
💡 HTTP Basic Authentication is a simple authentication mechanism that can be used to secure API endpoints, but it should be used with caution as it is not secure and can be decoded.

Related AI Lessons

Chapters (14)

Intro
0:51 What is HTTP Basic
4:50 Usecase
7:15 Project Overview
13:28 Code walkthrough
17:20 Adding PasswordEncoder
20:12 Configuring SecurityFilterChain
21:55 Excluding endpoints
25:15 Logging security Exceptions
28:00 Disabling CSRF
29:48 Implementing UserDetailsService
33:12 Implementing UserDetails
36:50 Running the Project
42:54 Closing
Up next
This Cop Was Held Accountable For His Brutality! #police #lawyer
Hampton Law
Watch →