1
00:00:00,300 --> 00:00:07,140
In this election, let's try to set up a resource server which exposes some restabilize in a secure

2
00:00:07,140 --> 00:00:14,100
manner, so that only authenticated and authorized users can invoke them to get details about o'collins

3
00:00:14,100 --> 00:00:17,130
transactions, loans and cards, etc.

4
00:00:17,190 --> 00:00:23,670
We can also discuss how to establish a link between resource server and key club server so that my resource

5
00:00:23,670 --> 00:00:25,260
server can interact with the key.

6
00:00:25,270 --> 00:00:31,050
Glock's over to check the validity of an access token provided by client applications.

7
00:00:31,260 --> 00:00:35,460
So as you can see here, I've created a Mavin project with the name resource.

8
00:00:35,460 --> 00:00:35,940
So what?

9
00:00:36,180 --> 00:00:41,070
First, I will check what kind of dependencies that we have inside Baumgart XML.

10
00:00:41,400 --> 00:00:46,680
So don't worry what our source code that we are going to discuss inside this lecture.

11
00:00:46,900 --> 00:00:54,090
I'm going to upload to this video so that you can download and explore it based upon your convenience.

12
00:00:54,270 --> 00:01:01,380
So as you can see here, my bombed out XML, the very first dependency that I have is springboard startup

13
00:01:01,380 --> 00:01:02,310
data Jipé.

14
00:01:02,580 --> 00:01:09,180
And the very next important dependency that I want to highlight is since my application has to act only

15
00:01:09,180 --> 00:01:09,910
as a resource.

16
00:01:09,910 --> 00:01:15,480
So I have to add a dependency springboard starter or to resource somewhat.

17
00:01:15,540 --> 00:01:22,140
So this indicates to my spring and spring boot application that this is then a resource server which

18
00:01:22,140 --> 00:01:24,750
is trying to leverage or to framework.

19
00:01:24,810 --> 00:01:30,150
And next, we have other dependencies like springboard starter Web Springboard Tools.

20
00:01:30,300 --> 00:01:37,050
So Springboard Tools is a dependency which will help me in reflecting my core changes without restarting

21
00:01:37,050 --> 00:01:38,190
the server manually.

22
00:01:38,430 --> 00:01:40,980
So internally, my springboard dirtballs.

23
00:01:40,980 --> 00:01:44,760
Whenever I make a change, it will detect what gender haban.

24
00:01:44,850 --> 00:01:49,770
And it will deploy only that change and stop deploying the entire application.

25
00:01:49,920 --> 00:01:55,170
So with the help of springboard tools you are, restarts and deployments will be super fast.

26
00:01:55,260 --> 00:01:58,260
So this just an advantage to this project.

27
00:01:58,530 --> 00:02:02,590
But without this dependency, also your project should work.

28
00:02:02,610 --> 00:02:08,460
But in order to reflect your changes, you should be doing manual restarts and deployments.

29
00:02:08,759 --> 00:02:13,110
And the next dependencies that I have added is internal hedge to database.

30
00:02:13,290 --> 00:02:17,700
So in this project, I don't want to use any dedicated excusal database.

31
00:02:17,910 --> 00:02:23,070
Instead, I want to use internal had strewed database to stored my data.

32
00:02:23,250 --> 00:02:28,920
So this is one of the way also that you can do inside springboard applications whenever you're doing

33
00:02:28,920 --> 00:02:29,640
Pewsey.

34
00:02:29,820 --> 00:02:37,770
Since we already done previously by storing the data into a dedicated cloud database like MySQL database.

35
00:02:37,950 --> 00:02:40,470
So here I want to show you a different approach.

36
00:02:40,650 --> 00:02:47,280
So that's why here I'm adding an extra database to store all our details internally without the need

37
00:02:47,280 --> 00:02:49,130
of maintaining a database separately.

38
00:02:49,140 --> 00:02:53,490
And at last, we have a springboard startup test, which is used for unit testing.

39
00:02:53,820 --> 00:03:01,470
So once all these dependencies are added, you can go and open the MainSpring boot application with

40
00:03:01,470 --> 00:03:03,210
the name resource server application.

41
00:03:03,480 --> 00:03:07,680
You can see there is nothing fancy, you know, about springboard application.

42
00:03:07,980 --> 00:03:14,880
We also did the similar annotations for projects that we developed in the previous sections, like component

43
00:03:14,880 --> 00:03:22,620
scan will scan all the controllers configurations during startup and enable GP repositories will enable

44
00:03:22,620 --> 00:03:29,490
all the repositories that we have inside our project so that we can interact with a database and fetch

45
00:03:29,490 --> 00:03:31,650
that data and entities can.

46
00:03:31,650 --> 00:03:39,360
We used to scan the entities or models associated to your database table that we have inside our project.

47
00:03:39,570 --> 00:03:46,650
So once this is done, if you go and absol we have a conflict class where we maintain project security

48
00:03:46,650 --> 00:03:49,230
config, I'll come to that package and class.

49
00:03:49,350 --> 00:03:55,530
Apart from that, everything is very similar to what we have discussed our developer previously.

50
00:03:55,740 --> 00:04:01,620
So there are individual controllers like account controller, balance controller cards, loans, Ganpat

51
00:04:01,620 --> 00:04:02,400
Northe says.

52
00:04:02,610 --> 00:04:06,270
So these controllers exposes the EPA's inside them.

53
00:04:06,480 --> 00:04:11,610
And there are model classes like Akorn Cards, which supports these APUs.

54
00:04:11,880 --> 00:04:17,459
And similarly, we have a GP repository like accounts, repository, cards, repository.

55
00:04:17,670 --> 00:04:20,040
So there is nothing new that I have built here.

56
00:04:20,370 --> 00:04:27,150
Just that I have cleaned all spring security framework related to code like inside this project.

57
00:04:27,390 --> 00:04:35,070
You don't see any authentication provider or password and or any database interaction to validate my

58
00:04:35,070 --> 00:04:38,310
user credentials, like Lordi, user by name.

59
00:04:38,550 --> 00:04:41,520
So all those methods I'm not using anyway.

60
00:04:41,790 --> 00:04:47,100
I will just rely on my geek locks over to do authentication and authorization.

61
00:04:47,340 --> 00:04:53,310
So before I show you what is present inside project security config, let me show you a current controller,

62
00:04:53,310 --> 00:04:55,260
which is one of the sample implementation.

63
00:04:55,500 --> 00:04:59,470
You can see here, there is an API, my account, which is exposed by.

64
00:04:59,840 --> 00:05:07,430
Is controller, what it will do is it will take the email details that are sent in that request based

65
00:05:07,430 --> 00:05:08,420
upon the email.

66
00:05:08,630 --> 00:05:13,760
It will load all the accounts present in the database and give it to the user.

67
00:05:13,970 --> 00:05:20,330
But in order to invoke this API, someone has to pass authentication and authorization.

68
00:05:20,570 --> 00:05:22,040
So how do we enforce that?

69
00:05:22,040 --> 00:05:28,790
Security is with the help of spring security configurations in, say, the class project security config.

70
00:05:29,000 --> 00:05:32,810
As you know, we have to extend Web security configurator.

71
00:05:33,080 --> 00:05:34,970
And Veneri, you extend this class.

72
00:05:35,210 --> 00:05:42,500
We had to override the method configure where we can mention our custom requirements on how we want

73
00:05:42,500 --> 00:05:43,970
to protect our resources.

74
00:05:43,970 --> 00:05:47,510
Incitec, resource somewhat faster lines and come to that.

75
00:05:47,660 --> 00:05:49,640
But before that, you know what?

76
00:05:49,640 --> 00:05:51,530
I'm doing a course configuration.

77
00:05:51,770 --> 00:05:59,120
But this class configuration is more for the UI application that is exposed by Angular app.

78
00:05:59,450 --> 00:06:03,350
And next, I'm seeing every request has to be authorized.

79
00:06:03,560 --> 00:06:10,700
And especially if the API is matching my account, the individual or the client application should have

80
00:06:10,700 --> 00:06:12,500
a role of user.

81
00:06:12,830 --> 00:06:18,410
And similarly, I made for my balance it has to be admin and for loans.

82
00:06:18,710 --> 00:06:21,830
There is no restriction around rules and authorities.

83
00:06:22,010 --> 00:06:26,000
But the user are client application has to be authenticated.

84
00:06:26,270 --> 00:06:32,450
So that way, I also mention for my cards that the user can be user or admin role.

85
00:06:32,660 --> 00:06:35,530
And for slash user also it has to be authenticated.

86
00:06:35,540 --> 00:06:41,280
Whereas for notices and contact APIs, there is no need of any objection.

87
00:06:41,300 --> 00:06:48,260
Those are permitted to everyone and anyone can invoke without authentication and authorization performed

88
00:06:48,950 --> 00:06:50,040
the and matchers.

89
00:06:50,060 --> 00:06:53,660
I'm saying I don't want any Casares checks to happen.

90
00:06:53,810 --> 00:07:01,280
I want everything related to see Assad if he's disabled, because whenever you incorporate or to framework

91
00:07:01,280 --> 00:07:05,690
inside your application, you are already following yanov industry standards.

92
00:07:05,690 --> 00:07:09,440
Then there is no need of following extra layer of sort of token.

93
00:07:09,770 --> 00:07:11,450
But that's why I'm disabling it.

94
00:07:11,600 --> 00:07:17,330
But if you want to follow, you know how to enable it and how to generate a C, a sort of token based

95
00:07:17,330 --> 00:07:19,420
upon our previous actions, discussions.

96
00:07:19,430 --> 00:07:26,930
And at last, the important configuration that I want to mention is in all the sections that we discussed

97
00:07:26,930 --> 00:07:31,820
previously, we used to configure from log in our history to be basic login.

98
00:07:32,030 --> 00:07:37,070
But here, since I won, my project should act as a resource server.

99
00:07:37,250 --> 00:07:40,190
I need to mention dot or to server.

100
00:07:40,520 --> 00:07:45,200
And I'm telling you, it has to follow JWT token standard.

101
00:07:45,410 --> 00:07:53,210
And since Kikla observer maintains that all the rules detailed inside JWT token I just wrote and custom

102
00:07:53,210 --> 00:08:02,150
JWT authentication converter to convert all the roles present inside my token and pass on to the spring

103
00:08:02,150 --> 00:08:03,290
security framework.

104
00:08:03,560 --> 00:08:10,430
So how that happens is if you go and look at the clock roll converter, which implements a converter

105
00:08:10,730 --> 00:08:15,920
here, I'm just taking the JWT access token that I received from the D clock.

106
00:08:15,920 --> 00:08:16,370
So what?

107
00:08:16,790 --> 00:08:25,820
Inside that JSON object, I look for an key value object with the key real access inside the real access

108
00:08:25,820 --> 00:08:26,630
object.

109
00:08:26,870 --> 00:08:32,059
I will how Rawles defined for a specific user our client application.

110
00:08:32,419 --> 00:08:39,049
So I'm trying to get those roles and appen role, underscore Rolin for them here.

111
00:08:39,470 --> 00:08:47,240
This is because my spring security framework will expect the role prefix to be appended for all of my

112
00:08:47,250 --> 00:08:49,490
roles, like admin and user.

113
00:08:49,940 --> 00:08:54,830
So due to that reason, I'm doing that custom logic inside this convertor.

114
00:08:55,010 --> 00:09:02,180
And as you can see here, has any role will only expect Darroll name without the role, underscore it,

115
00:09:02,180 --> 00:09:04,400
will expect the user are admin.

116
00:09:04,610 --> 00:09:11,090
So internally it will happen, the role underscore and it will try to compare with the given role of

117
00:09:11,090 --> 00:09:13,550
an user is matching with the what configure.

118
00:09:13,940 --> 00:09:20,830
So what I'm trying to say here is my spring security framework will append role and escort to this role.

119
00:09:21,440 --> 00:09:27,470
And it will try to compare what we are getting inside the access token from the key Glock's or what.

120
00:09:27,770 --> 00:09:34,460
And since we did that kind of custom conversion like role and score role name, it will matchers and

121
00:09:34,460 --> 00:09:37,880
your authentication and authorization will happen successfully.

122
00:09:38,300 --> 00:09:43,580
So once you make these configurations inside your project security config.

123
00:09:43,790 --> 00:09:49,910
Now your project will act as an resource server that incorporate auto framework.

124
00:09:50,300 --> 00:09:58,200
And one more change that we have to do is to establish a link between your resource server and keep

125
00:09:58,210 --> 00:09:59,450
Glock's so that.

126
00:09:59,660 --> 00:10:05,660
It can validate back access, can be sued every time we knock to give a proper response to the client

127
00:10:05,660 --> 00:10:06,440
applications.

128
00:10:06,650 --> 00:10:13,520
So in order to establish that link, you don't have to do many changes inside your application.

129
00:10:13,760 --> 00:10:21,020
You just have to go to application dot properties and dimension, a property name which is bring Brinks

130
00:10:21,020 --> 00:10:28,500
security dot org to dot resource, our dot jwt dot J-W K hyphen site hyphen.

131
00:10:28,520 --> 00:10:28,980
You are.

132
00:10:29,430 --> 00:10:39,050
So here you just have to give your key clock and point to all localhost 88 and are followed by riyals.

133
00:10:39,380 --> 00:10:42,650
And this is the real name that you might have created.

134
00:10:42,830 --> 00:10:44,860
So if you go and check our geek clock.

135
00:10:44,870 --> 00:10:45,190
So.

136
00:10:45,950 --> 00:10:47,990
So this is the real that we.

137
00:10:47,990 --> 00:10:49,520
How easy bank though?

138
00:10:50,000 --> 00:10:51,590
The same value I have mentioned.

139
00:10:51,710 --> 00:10:54,960
Protocol openly connects last sites.

140
00:10:55,430 --> 00:11:01,100
So this endpoint overall is almost static, except the value real name, which is easily banked.

141
00:11:01,590 --> 00:11:07,700
So so whenever you want your resource our to connect to different real name, then you have to change

142
00:11:07,700 --> 00:11:08,810
the real name here.

143
00:11:09,260 --> 00:11:16,100
So with this with this single configuration, my resource, our know how to connect to my automation

144
00:11:16,100 --> 00:11:24,260
software, to validate the access token received from the client application and all this configuration

145
00:11:24,260 --> 00:11:31,210
that you see at the top of the file is these are internal hedge to database configurations and telling

146
00:11:31,730 --> 00:11:33,590
what is a database you are.

147
00:11:34,280 --> 00:11:41,090
Since I'm using the hedge to internal memory database, I just have to use these values like you can

148
00:11:41,090 --> 00:11:41,630
see here.

149
00:11:41,960 --> 00:11:43,370
What is a driver class name?

150
00:11:43,580 --> 00:11:50,900
And by default, the internal Hedstrom database user name is Asgeir password is blank, followed by

151
00:11:51,020 --> 00:11:57,980
a how to argue configurations related to what is the dialect that my GPA has to use, which is has to

152
00:11:57,980 --> 00:11:58,520
dialect.

153
00:11:59,090 --> 00:12:06,440
And if needed, we can also have an webcams all enabled for our internal memory database that I'm enabling

154
00:12:07,070 --> 00:12:14,130
and server Barford and mentioning here as and the reason is already the default port, which is 880,

155
00:12:14,330 --> 00:12:16,700
is taken by the key club server.

156
00:12:16,850 --> 00:12:22,370
So the this resource server has to run in a different port due to that is and I have mentioned somewhere

157
00:12:22,370 --> 00:12:30,650
that port and remaining two configurations is just to show you are escuela statements inside your logs

158
00:12:30,650 --> 00:12:31,520
and controls.

159
00:12:31,910 --> 00:12:39,560
So once we make all these configurations related to internal Hedstrom database, we should be good and

160
00:12:39,560 --> 00:12:42,500
we can go ahead and start our resource application.

161
00:12:42,740 --> 00:12:48,830
So let me try to start my resource application by clicking debuggers, Java application.

162
00:12:49,550 --> 00:12:53,840
So now my resource server started successfully at the Port 881.

163
00:12:54,170 --> 00:13:00,140
So let's try to validate whether our configurations working properly or not by trying to invoke one

164
00:13:00,140 --> 00:13:03,230
of the security API without passing any current shools.

165
00:13:03,770 --> 00:13:05,110
So I came to the postman.

166
00:13:05,480 --> 00:13:11,570
I'm trying to invoke the IP in my account by passing the email value of the user.

167
00:13:11,990 --> 00:13:18,170
And if I click send, you can see I'm getting four zero one unauthorized user.

168
00:13:18,710 --> 00:13:22,010
So which means my resource server setup is successfully.

169
00:13:22,670 --> 00:13:27,800
And it is protecting the EPA is based upon the configurations that we have done.

170
00:13:28,010 --> 00:13:31,670
And since I have not passed any authorization details.

171
00:13:31,910 --> 00:13:36,020
So my EPA is giving an error for zero one.

172
00:13:36,680 --> 00:13:42,470
And I forgot to highlight about the data, not a will present inside resource somewhat.

173
00:13:43,040 --> 00:13:46,190
As you know, since we are using internal Hedstrom database.

174
00:13:46,340 --> 00:13:53,690
So every time we restart this resource, so we have to make sure the data and the tables are setting

175
00:13:53,690 --> 00:13:54,440
up properly.

176
00:13:54,680 --> 00:14:00,410
So all of those table details and data details that you want to create now, a server is restarted.

177
00:14:00,680 --> 00:14:07,370
You have to mention inside data that escuela present inside the resources folder.

178
00:14:07,520 --> 00:14:10,880
So the name of the file should be data that is lonely.

179
00:14:10,930 --> 00:14:13,430
So make sure you're following the same naming convention.

180
00:14:13,700 --> 00:14:20,390
So here you can see I was dropping any tables exist for the time, creating all the tables and inserting

181
00:14:20,390 --> 00:14:22,190
that data for those tables.

182
00:14:22,220 --> 00:14:25,490
So this way, I set up my resource server successfully.

183
00:14:26,030 --> 00:14:31,850
I'm making sure that data tables are also created inside my internal Hedstrom database.

184
00:14:32,240 --> 00:14:39,860
I also to start by invoking my account without passing any greenshields or without passing any authentication

185
00:14:39,860 --> 00:14:41,270
and authorization details.

186
00:14:41,450 --> 00:14:43,610
And I got four two zero one error.

187
00:14:44,030 --> 00:14:52,700
So in the next lecture, let's try to explore and how to get the access token from the key blocks over

188
00:14:52,700 --> 00:14:54,410
and pass to resource our.

189
00:14:54,530 --> 00:14:56,990
So that I'll get a proper response from it.

190
00:14:57,290 --> 00:14:57,770
Thank you.

191
00:14:57,770 --> 00:14:59,520
And I'll see you in the next lecture by.