1 00:00:00,330 --> 00:00:06,000 In this lecture, let's try to create our first milestone project, which is like first I'll create 2 00:00:06,000 --> 00:00:13,000 a simple spring application, which has one reste service Expo's so that anyone can invoke it. 3 00:00:13,260 --> 00:00:20,820 So first we build the basic spring boat application and we don't put any security to our service and 4 00:00:20,820 --> 00:00:23,940 anyone can invoke it and see the response post that. 5 00:00:24,090 --> 00:00:31,800 I'll also show you how easy to put some security for that service by using default configurations with 6 00:00:31,800 --> 00:00:34,160 the help of spring security framework. 7 00:00:34,350 --> 00:00:40,110 So in order to create a springboard application, I came to the website start that spring that I wore, 8 00:00:40,110 --> 00:00:46,410 which we can use to generate a sample spring boot application based upon the dependencies that we define. 9 00:00:46,630 --> 00:00:52,280 Again, if you are not familiar with Spring but Basic Sandahl, please follow my discussion. 10 00:00:52,410 --> 00:00:55,800 You should be able to understand and follow very easily. 11 00:00:55,960 --> 00:01:02,040 I am going to cover each and every detail throughout this course, like whenever I discussed some angular 12 00:01:02,040 --> 00:01:07,320 code or UI application, backend application or any springboard configurations. 13 00:01:07,320 --> 00:01:14,010 So I'm going to spend some time explaining all those things so that you are comfortable with them along 14 00:01:14,250 --> 00:01:17,840 by putting major focus on spring security framework. 15 00:01:17,850 --> 00:01:24,480 So here I have to select the project as my project type and the language that I want to use is Java 16 00:01:24,630 --> 00:01:25,680 and Springboard version. 17 00:01:25,710 --> 00:01:32,030 I will go with the default version that is Selecter Group I just mentioned come Easybeats and artifact. 18 00:01:32,040 --> 00:01:36,540 I'll mention spring security, basic animal soil maintenance being security. 19 00:01:36,540 --> 00:01:43,100 Basic Project and Description is a demo project for spring security and the package will be populated 20 00:01:43,110 --> 00:01:45,510 automatically and the packaging will be Jatt. 21 00:01:45,630 --> 00:01:48,660 And the Java version that I want to use now is eight. 22 00:01:48,780 --> 00:01:54,050 Now, in order to generate a springboard application, I need to define what dependencies I need. 23 00:01:54,180 --> 00:02:00,330 So first, my focus is only to generate a springboard application with a reservoir is built inside it 24 00:02:00,570 --> 00:02:02,700 so we know how to implement a service. 25 00:02:02,700 --> 00:02:07,290 Inside my springboard application, I will need a dependency, which is bring them. 26 00:02:07,410 --> 00:02:09,699 So I'll just add that dependency. 27 00:02:09,750 --> 00:02:15,360 This is a starter project which will take care of providing all dependencies and just that you'll need 28 00:02:15,600 --> 00:02:17,010 inside your application. 29 00:02:17,010 --> 00:02:22,860 So I'll just click generate here and when I click generate, I'll get a Sampi Mavin skeleton project 30 00:02:22,860 --> 00:02:26,900 will be generated for my configurations that I have defined here. 31 00:02:27,000 --> 00:02:33,330 So what I'm going to do is I'm going to take this zip and extract that into a location where I want 32 00:02:33,330 --> 00:02:34,590 to save my workspace. 33 00:02:34,770 --> 00:02:40,340 So now I'm going to extract my spring security basic project into the same location. 34 00:02:40,590 --> 00:02:45,600 So once it is extracted, you can see there'll be a -- symbol inside it which indicate that 35 00:02:45,600 --> 00:02:46,730 this is Mavin project. 36 00:02:46,860 --> 00:02:51,660 Now I go to my eclipse and import this Mavin project into my workspace. 37 00:02:51,750 --> 00:02:55,470 So here I have to select import projects and type Mavin. 38 00:02:55,680 --> 00:02:58,290 So existing Mavin projects I want to import. 39 00:02:58,290 --> 00:03:03,720 So I'll click next and browse to the location where I have my project extracted. 40 00:03:03,750 --> 00:03:09,660 So you can see I just selected that folder and as soon as I selected will detect a bomb that is present 41 00:03:09,660 --> 00:03:10,290 inside it. 42 00:03:10,410 --> 00:03:16,350 And once I click finish, that entire project will be imported into my workspace. 43 00:03:16,350 --> 00:03:22,440 And at the same time, all the Mavin dependencies that are needed for this bring security basic project 44 00:03:22,560 --> 00:03:25,470 will be imported by the Mavin framework. 45 00:03:25,470 --> 00:03:31,440 So if you don't have Mavin, I would request you to install Mavin inside your system so that it can 46 00:03:31,440 --> 00:03:35,930 detect the bomb that XML dependencies and download all the dependencies that you need. 47 00:03:36,120 --> 00:03:39,000 So if we go and absorb the Pontotoc symbol. 48 00:03:39,180 --> 00:03:45,360 So here I just mentioned that dependency, which is Dr. Vep and by default every spring board application 49 00:03:45,360 --> 00:03:48,570 will get a spring, would start a test dependency as well. 50 00:03:48,720 --> 00:03:56,160 So with this single starter project dependency, I'm able to get all the dependencies that are needed, 51 00:03:56,160 --> 00:04:05,190 like springboard logging and there'll be no tonkatsu, spring core libraries and unit related. 52 00:04:05,640 --> 00:04:12,180 So everything and getting through the help of this project, that's the power of starter projects inside 53 00:04:12,180 --> 00:04:13,920 springboard applications. 54 00:04:13,930 --> 00:04:18,990 If you don't follow Springboard applications development, if you follow traditional way of building 55 00:04:18,990 --> 00:04:26,040 spring applications, you have to define all those jobs dependencies inside your mavin, pondered XML. 56 00:04:26,220 --> 00:04:31,350 But here, with the help of Starter Project, my springboard will take care of getting all those dependencies 57 00:04:31,350 --> 00:04:31,770 for me. 58 00:04:31,920 --> 00:04:35,670 So now let me show you the sample package that got generated. 59 00:04:35,850 --> 00:04:37,500 So this is the package name. 60 00:04:37,500 --> 00:04:43,050 Like, I'm not easy, but it starts being security basic and inside that we have a main springboard 61 00:04:43,050 --> 00:04:48,140 application class and you can identify by seeing the annotations bring good application. 62 00:04:48,150 --> 00:04:50,940 So this does not have any business logic. 63 00:04:51,090 --> 00:04:53,730 So this just a skeleton project. 64 00:04:53,730 --> 00:04:57,300 If I tried to start this project, also, nothing will happen. 65 00:04:57,300 --> 00:04:58,410 It will just start. 66 00:04:58,410 --> 00:04:59,640 But there is no business. 67 00:04:59,990 --> 00:05:06,200 To invoke so far the same, I'll just try to create a new reservists so that we can start this over 68 00:05:06,200 --> 00:05:08,770 and test our reservists that we have created. 69 00:05:08,990 --> 00:05:17,480 So for the same, I am going to create a separate package with the name com dot easybeats dot controller. 70 00:05:17,810 --> 00:05:22,260 And inside that, I'll create a class with the name Welcome Controller. 71 00:05:22,520 --> 00:05:28,850 So inside this welcome controller, I'm going to make some chord changes, which I have already done. 72 00:05:29,000 --> 00:05:32,350 So I just pasted those chord changes to save some time for us. 73 00:05:32,510 --> 00:05:34,650 So but I'll explain to you what changes have done. 74 00:05:34,760 --> 00:05:41,570 So first, I have put an annotation on the controller to indicate to my springboard application that 75 00:05:41,570 --> 00:05:46,970 whatever happens that I'm mentioning inside this class, they will act as error steps. 76 00:05:47,300 --> 00:05:53,220 Inside this I have written a method, say will come with the annotation, get mapping and the parts 77 00:05:53,540 --> 00:06:01,850 will come, which means anyone can invoke my recipe part with the name Slashfilm and the heterotopia 78 00:06:01,850 --> 00:06:05,160 method call that I want to support is get to type. 79 00:06:05,300 --> 00:06:07,970 If we want to support post, you can use post mapping. 80 00:06:08,150 --> 00:06:12,920 But here, since I want to invoke through browser, I just get to mapping. 81 00:06:13,040 --> 00:06:21,410 And what this will come Eppy supports is it will just return a sample Maciste to the user saying welcome 82 00:06:21,410 --> 00:06:24,200 from spring application without security. 83 00:06:24,440 --> 00:06:27,050 So I have my service right now. 84 00:06:27,060 --> 00:06:30,590 What I will do is inside my main springboard application. 85 00:06:30,590 --> 00:06:37,910 Before I start my application, I'll also add an annotation aderet component can and you mentioned the 86 00:06:37,910 --> 00:06:40,980 package near where my welcome control is staying. 87 00:06:41,180 --> 00:06:43,650 So this is a standard that we need to follow. 88 00:06:43,880 --> 00:06:50,090 So whenever we use components and so I'm telling to my springboard application outside the package that 89 00:06:50,090 --> 00:06:52,970 you are sitting, there are other packages. 90 00:06:53,150 --> 00:06:57,530 Please go and scan all those packages and classers annotations. 91 00:06:57,680 --> 00:07:03,050 And whenever my springboard application sees that there is a rest controller get mapping annotation, 92 00:07:03,260 --> 00:07:06,050 it will expose the EPA with the name slash. 93 00:07:06,110 --> 00:07:06,560 Welcome. 94 00:07:06,680 --> 00:07:09,550 So with these changes, we should be good to start our application. 95 00:07:09,830 --> 00:07:14,930 So to start the springboard application, you just have to right click on the Springboard main class 96 00:07:14,930 --> 00:07:18,070 and you run as Java application. 97 00:07:18,200 --> 00:07:22,970 So as soon as I give this command, you can see my server will start. 98 00:07:22,970 --> 00:07:29,030 I didn't add my project to any server because Springwood has an embedded Tomcat server which will be 99 00:07:29,030 --> 00:07:30,980 used to start the project. 100 00:07:31,220 --> 00:07:34,220 So you can see it is started at the port. 101 00:07:35,450 --> 00:07:42,800 Now, in order to access my welcome page and go to the port localhost, obviously this is the hosting 102 00:07:42,800 --> 00:07:49,400 that we have to use and port is 88 and the part that we have for our last Web service. 103 00:07:49,400 --> 00:07:49,870 Welcome. 104 00:07:50,180 --> 00:07:54,010 So as soon as I hit this, you can see I'm getting a response. 105 00:07:54,140 --> 00:07:57,620 So this way, we have built successfully a rare service. 106 00:07:57,800 --> 00:08:04,910 But unfortunately, my Web application and this service does not have any security so anyone can invoke 107 00:08:04,910 --> 00:08:08,080 my service and they can get the response from my application. 108 00:08:08,270 --> 00:08:15,710 Now, I want to show you how easy to implement security for this service with the help of spring security 109 00:08:15,710 --> 00:08:16,280 framework. 110 00:08:16,580 --> 00:08:22,910 So for the same, let me go to the same page like Stoddart's Spring that over the dependency that we 111 00:08:22,910 --> 00:08:27,500 have to add to a springboard project is just type security. 112 00:08:27,980 --> 00:08:30,290 And when you type, you'll get a spring security. 113 00:08:30,380 --> 00:08:33,169 So that's a dependency I have I want to add. 114 00:08:33,409 --> 00:08:35,120 So I'll go and explore the bomb. 115 00:08:35,419 --> 00:08:36,740 Similar cogenitor. 116 00:08:37,039 --> 00:08:44,540 I'm just trying to take this entire on that XML and replace that into my existing Paumgarten XML. 117 00:08:44,870 --> 00:08:46,880 Before that I start my server also. 118 00:08:47,180 --> 00:08:54,380 So let me copy paste my latest on Bartek Sumell and the latest dependency that we have added is springboard 119 00:08:54,380 --> 00:08:55,790 starter security. 120 00:08:55,910 --> 00:08:58,190 I'll build my application now. 121 00:08:58,520 --> 00:08:59,570 See the magic. 122 00:08:59,570 --> 00:09:02,840 I have not added any other configurations. 123 00:09:03,170 --> 00:09:10,760 I'll just go ahead and start my application with the help of Run as Java application and server will 124 00:09:10,760 --> 00:09:18,860 start at the same Port 88 and once the server is started, I'll go to the same location like localhost 125 00:09:18,860 --> 00:09:19,710 88 slash. 126 00:09:19,800 --> 00:09:20,180 Welcome. 127 00:09:20,180 --> 00:09:22,010 I'm going to refresh the page. 128 00:09:22,290 --> 00:09:29,420 You can see here now it is asking me to enter credentials to access my resources so I didn't tell anything 129 00:09:29,420 --> 00:09:31,280 to my springboard application. 130 00:09:31,430 --> 00:09:38,860 Go ahead and protect my welcome AP By default, your spring security framework will protect all the 131 00:09:38,870 --> 00:09:40,940 apps present inside your application. 132 00:09:41,090 --> 00:09:47,810 So we'll discuss how to customize those for which you want to protect, which you want to give full 133 00:09:47,810 --> 00:09:50,300 access to the public in the coming lectures. 134 00:09:50,450 --> 00:09:54,650 For now, I want you to understand the power of spring security framework. 135 00:09:54,860 --> 00:09:57,470 I didn't call anything related to login page. 136 00:09:57,650 --> 00:09:59,450 Still, it is giving me some login. 137 00:09:59,770 --> 00:10:05,800 Which is present inside the framework, so now here it is asking me to enter credentials to access that 138 00:10:05,800 --> 00:10:06,490 resource. 139 00:10:06,640 --> 00:10:13,660 So by default, the user name is user and the password is you can see the random password generator 140 00:10:13,660 --> 00:10:14,560 in the console. 141 00:10:14,680 --> 00:10:16,210 You can use that password. 142 00:10:16,360 --> 00:10:20,230 And if you enter signing, you can see the response now. 143 00:10:20,530 --> 00:10:25,350 So this is the beauty and power of spring security framework that I want you to understand. 144 00:10:25,720 --> 00:10:29,660 And of course, this is not a production grade or production very application. 145 00:10:29,680 --> 00:10:33,460 This is the baby steps that we are taking in the spring security framework. 146 00:10:33,640 --> 00:10:38,090 Now, you may ask me, like, can we use our own user credentials? 147 00:10:38,110 --> 00:10:40,200 Of course we can do that for that. 148 00:10:40,540 --> 00:10:43,510 What I have to do is I just have to open the application. 149 00:10:43,510 --> 00:10:46,860 That property's present inside my project here. 150 00:10:47,050 --> 00:10:52,300 I had to go to properties where I can configure username and password. 151 00:10:52,510 --> 00:10:57,480 So the properties are spring security user dot name, which is easy easybeats. 152 00:10:57,730 --> 00:11:03,130 The user name that I want to use and the password that I want to use is one, two, three, four, five. 153 00:11:03,370 --> 00:11:06,780 So with these changes, I will restart my application. 154 00:11:07,240 --> 00:11:12,120 Now, if you observe in the console, there won't be any password that will be generated by Springs' 155 00:11:12,160 --> 00:11:12,890 framework. 156 00:11:13,030 --> 00:11:17,350 The reason is we have mentioned our own password inside application dot properties. 157 00:11:17,680 --> 00:11:25,390 Now, if I try to refresh the page, it will again as the login and this time I have to enter easy bytes. 158 00:11:25,600 --> 00:11:27,590 And the password is one, two, three, four, five. 159 00:11:28,030 --> 00:11:32,680 So we'll get that response will come from springs' application without security. 160 00:11:32,830 --> 00:11:34,870 Of course we implemented security. 161 00:11:35,140 --> 00:11:42,370 I can update the statements saying that welcome from spring application with security and I'll restart 162 00:11:42,370 --> 00:11:46,660 my application again so that we get the proper message this time. 163 00:11:47,110 --> 00:11:48,970 So I am going to refresh again. 164 00:11:48,970 --> 00:11:51,130 It is going to ask me what are the credentials. 165 00:11:51,130 --> 00:11:54,980 I'll tell easy bytes and password is one, two, three, four, five. 166 00:11:55,300 --> 00:11:58,960 So now you can see I'm getting a proper response this way. 167 00:11:58,960 --> 00:12:05,380 Spring security will help you to implement security inside your web applications. 168 00:12:05,530 --> 00:12:09,240 I know you might have a lot of questions like this is pretty basic. 169 00:12:09,260 --> 00:12:14,290 How do I configure so many users inside my application, their user name credentials? 170 00:12:14,590 --> 00:12:16,900 How do I encrypt decrypted passwords? 171 00:12:16,900 --> 00:12:18,460 How do I store their passwords? 172 00:12:18,610 --> 00:12:23,110 So all these questions will answer in the coming lectures one by one. 173 00:12:23,110 --> 00:12:23,770 Don't worry. 174 00:12:23,950 --> 00:12:30,670 But since I want to start with the basic springboard application with Swing's security enable, I showed 175 00:12:30,670 --> 00:12:31,200 this demo. 176 00:12:31,540 --> 00:12:33,520 I hope this is very clear to you. 177 00:12:33,520 --> 00:12:39,670 I request you to do the same exercise like create a simple springboard application at spring security 178 00:12:39,670 --> 00:12:47,380 dependency target and try playing with it and understand how this is working by doing a coding exercise. 179 00:12:47,650 --> 00:12:48,130 Thank you. 180 00:12:48,130 --> 00:12:50,170 And I'll see you in the next lecture by.