Misc Learnings

 ok Whenever an ORG is trying to build an Auth servere there are 2 options custom product : keycloak (open src) , okta  , there are many on cloud as well (aws cognito) https://www.keycloak.org/  can be used for SSO Identity Broker & Social Login User Federation + more  What is a Keycloak : Realm ? A Keycloak realm is an isolated management space, akin to a tenant, that manages a logical collection of users, credentials, roles, and groups Convert Sprint Boot Application to a Resource Server https://github.com/eazybytes/spring-security/blob/4.x.x/section_15/springsecsection_15/pom.xml first : add dependency like below ( line number 43 )  < dependency >             < groupId > org.springframework.boot < / groupId >             < artifactId > spring-boot-starter-security-oauth2-resource-server < / artifactId > < / dependency > second : delete all authentication clas...

  some website alow browser to store and refresh the token so that even if you open website after days , no re-auth needed Two Probs that oAuth2 allows you to solve is it stands for O pen Auth orization , created for "delegated authorization".  single auth mechanism encapsulated separately (may be in authn server) than the business logic you authorize one app to access your data without giving password delegated authn / authz (like PhotoApp wants to access google photos) There are different types of tokens access token : enables reading data of end user ID token refresh token  Grant Types : 5 types 1) Authorization Code if end user involved, non javascript framework front end  example SLACK and google integration , sign into github using stackoverflow and xxx integration 2) PKCE : if end user involved with javascript framework front end (like react , angular) 3) Client Credentials  no end user involved , API to API  4) Device Code no end user involved ...

 Till now we have used DAOAuthenticationProvider only Till now we learnt DAOAuthProvider (default) => UserDetailsService there maybe requirement for custom provider 1) age above 18 2) certain country only there maybe different types : all 3 are diff authentication provider username & passwd oAuth2 JAAS (legacy , java in built )  The AuthenticationProvider in Spring Security takes care of the authentication logic.  The default implementation of the AuthenticationProvider is to delegate the responsibility of finding the user in the system to a UserDetailsService implementation & PasswordEncoder for password validation. But if we have a custom authentication requirement that is not fulfilled by Spring Security framework, then we can build our own authentication logic by implementing the AuthenticationProvider interface. It is the responsibility of the ProviderManager which is an implementation of AuthenticationManager, to check with all the implementations of A...

Setup mySQL DB using docker JdbcUserDetailsManager setup "docker desktop" in local https://www.warp.dev/ : AI console  docker run -p 3306 : 3306 - - name springsecurity -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE = appname -d mysql you should see downloaded image and running container in docker desktop https://sqlectron.github.io/  : Lightweight SQL Client https://medium.com/@CodeWithTech/spring-security-with-jdbcuserdetailsmanager-and-custom-userdetailsservice-a-complete-guide-248ddce0196c https://stackoverflow.com/questions/57288983/how-can-i-set-up-jdbcuserdetailsmanager-to-use-my-table https://www.youtube.com/watch?v=3Q2unvE-3Hg LEFT ok

https://github.com/eazybytes/spring-security/blob/4.x.x/section3/springsecsection3/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java @Configuration public class ProjectSecurityConfig { @Bean SecurityFilterChain defaultSecurityFilterChain (HttpSecurity http) throws Exception { http.authorizeHttpRequests((requests) -> requests .requestMatchers( "/myAccount" , "/myBalance" , "/myLoans" , "/myCards" ).authenticated() .requestMatchers( "/notices" , "/contact" , "/error" ).permitAll()); http.formLogin(withDefaults()); http.httpBasic(withDefaults()); return http.build(); } @Bean public UserDetailsService userDetailsService () { UserDetails user = User.withUsername( "user" ).password( "{noop}EazyBytes@12345" ).authorities( "read" ).build(); UserDetails admin = User....