Понравился видеоролик "57 - How to secure REST API using JWT and Spring Security in Spring Boot -Part 2 | JSON Web Token?"? Если да, то напиши свой комментарий и поделись им в соцсетях. Тем самым ты поддержишь наш проект. Спасибо!
Описание видео: Else it will throw the exception like bad credentials how will it work, if the token is available in the authorization header using this screenshot you can clearly understand how are we going to send token as part of the header it will extract the username from the token using JWT build in methods of Jwts factory class and Jwt parser interface once the username is extracted then JWT work is done rest of the things taken care of by the spring security user details service class ===================== Why do we need a Secret key, What is the use? This is a string that is used in the signature algorithm that generates the cryptographic signature for the token. The idea is that this key must be known only to the application, because anyone who has this secret key then they might be able generate new tokens with valid signatures. #JWT #JSONWebToken #REST #RESTAPI #SpringSecurity #SpringBoot #AlmightyJava ===================== JWT is a JSON based open-source standard for creating access tokens that allow us to secure communications between client and server. In simple words, JWT only creates and validates the token, the authentication part is taken care of by spring security. By default, it uses a ThreadLocal object to store security context, which means that the security context is always available to methods in the same thread of execution, even if you don\'t pass the SecurityContext object around.... ===================== The PostConstruct annotation is used on a method that needs to be executed after dependency injection is done to perform any initialization. If credentials are valid then we will look forward to creating a token using JWT build in methods of Jwts factory class and Jwt builder interface. ===================== Security Context holder which is a helper class, which provides access to the security context. Create - encode the username with a current timestamp using a signature algorithm Validate - decode the token and extract the username How will it work, if the token is not available for the very first time? It will call the authentication manager authenticate method and this method will accept the username and password, so based on details it will validate the credentials, and the authentication is taken care of by spring security.
Официальный источник видео youtube.com/watch?v=N-FWhI89ctw именно от туда подгружается разрешенный автором к встраиванию контент и картинки. Авторские права полностью соблюдены!