1
00:00:00,180 --> 00:00:07,280
In this video, let's try to enhance our application to use the JWT tokens instead of default generator

2
00:00:07,290 --> 00:00:08,430
ones for the same.

3
00:00:08,700 --> 00:00:17,100
Firstly, we have to add these three dependencies related to Jason Webb tokens inside our Pontotoc symbol

4
00:00:17,200 --> 00:00:24,670
post that go to the project security config here we can disable the CSR of.

5
00:00:24,690 --> 00:00:34,560
The reason is JWT itself is a token that we can make sure that you're calling my back and is a valid

6
00:00:34,560 --> 00:00:40,720
person because for every request I'm going to violate the token that they are going to provide to me.

7
00:00:40,740 --> 00:00:47,120
So if you again enable CSR on top of it, it will be a redundant pass to your server.

8
00:00:47,320 --> 00:00:53,860
That's why I'm going to disable it and we are going to make sure that you're calling to my back.

9
00:00:53,880 --> 00:01:01,440
An application is the same one who initially made a request with that login operation that we can achieve

10
00:01:01,440 --> 00:01:07,900
using the JWT token that way and going to disable the SRF by calling disable.

11
00:01:08,070 --> 00:01:10,740
Now I have disable the CSR next.

12
00:01:10,890 --> 00:01:18,510
If we can recall, by default, additionality is getting created by the spring security framework and

13
00:01:18,510 --> 00:01:22,410
it is getting stored inside the EU position of myself.

14
00:01:22,590 --> 00:01:27,120
So first I have to disable the default behavior for the same.

15
00:01:27,300 --> 00:01:33,120
I'm going to write a simple configuration just before my car's configuration.

16
00:01:33,270 --> 00:01:39,510
And you can see this is the configuration that I have written where I'm trying to say to my spring security

17
00:01:39,510 --> 00:01:44,610
framework, don't create any history type situation and tokens.

18
00:01:44,820 --> 00:01:46,800
I will take care by myself.

19
00:01:47,010 --> 00:01:54,480
And for that reason, I'm just saying to the framework that I'm going to use the statelets, security

20
00:01:54,480 --> 00:02:01,110
sition, creation policy, which indicates security framework not to generate any tokens.

21
00:02:01,110 --> 00:02:05,400
And there are other values also inside this session.

22
00:02:05,400 --> 00:02:12,750
Creation policy always is the one which I always try to create a history to be sition token and never

23
00:02:12,750 --> 00:02:18,660
means it will never generate, if required, means only in the scenarios where, if required, it will

24
00:02:18,660 --> 00:02:22,260
generate and statelets means it will never generate.

25
00:02:22,440 --> 00:02:30,540
The difference between the never and statelets is never will never create a token, but it will leverages

26
00:02:30,540 --> 00:02:32,700
if it is already present inside the history.

27
00:02:33,540 --> 00:02:36,650
So that's for valid values on the side note.

28
00:02:36,960 --> 00:02:44,160
But here we are using statelets to indicate never, ever create the tokens for our application and will

29
00:02:44,160 --> 00:02:45,060
take care of it.

30
00:02:45,060 --> 00:02:53,730
By now, when we generate a JWT token, we are going to send inside the header with the authorization

31
00:02:53,730 --> 00:02:59,310
had their name and it's a value for the same inside our cards configuration.

32
00:02:59,730 --> 00:03:07,980
I have to allow that had to go to my applications, whatever is consuming my backend application services

33
00:03:07,980 --> 00:03:08,670
for the same.

34
00:03:08,850 --> 00:03:18,480
I just have to add a new line inside my card configuration, which indicates that I want to expose the

35
00:03:18,480 --> 00:03:25,050
headers from my back and to outside for internal applications or any other applications, which is consuming

36
00:03:25,050 --> 00:03:28,980
my services with the name authorization inside it.

37
00:03:28,980 --> 00:03:35,400
So this will expose our head to to the other applications that are consuming our backend application.

38
00:03:35,400 --> 00:03:39,560
So to revise, we have made total three changes here.

39
00:03:39,750 --> 00:03:46,590
One is firstly we disable the CSF since we are going to level the JWT tokens.

40
00:03:46,860 --> 00:03:54,930
And the other one is we indicated spring security framework to not generate any tokens by following

41
00:03:54,930 --> 00:03:57,180
the policy of stateless.

42
00:03:57,300 --> 00:04:04,260
And the last one, we made configurations inside our cars to make sure whatever authorization header

43
00:04:04,260 --> 00:04:08,790
that we are going to generate to get exposed to the UI application.

44
00:04:09,060 --> 00:04:16,529
Now I will write a filter so that I can configure and fit in to my spring security framework.

45
00:04:16,769 --> 00:04:25,560
So my requirement is during the initial login into my application, I have to generate a token and for

46
00:04:25,560 --> 00:04:31,830
any other scenarios where the user want to access a protected resource.

47
00:04:32,070 --> 00:04:40,170
I want to validate whether the token that got generated by my server initially is really a valid one.

48
00:04:40,290 --> 00:04:47,280
Are it got tampered or not for the same in the next video, let's try to create the filters to generate

49
00:04:47,280 --> 00:04:53,940
the JWT tokens and validate the same and eventually configuring them inside our spring security flow

50
00:04:54,090 --> 00:04:58,340
by using the methods add filter before and after that after.

51
00:04:58,560 --> 00:04:59,400
Thank you and see you.

52
00:04:59,400 --> 00:04:59,650
And then.

53
00:05:00,160 --> 00:05:00,390
By.