1
00:00:00,300 --> 00:00:06,300
In the previous lecture, we have Belarus' service with the name Slash Welcome, and we made changes

2
00:00:06,540 --> 00:00:09,670
by adding spring security to our project.

3
00:00:09,840 --> 00:00:13,080
Now our welcome is protected EPA.

4
00:00:13,470 --> 00:00:20,460
So now in this lecture, I want to show one more feature of spring security, which will make our life

5
00:00:20,460 --> 00:00:25,630
easy with the help of tokens and cookies that it is going to use internally.

6
00:00:25,950 --> 00:00:32,880
As you can see, I got a response and if I try to refresh any number of times, it is not asking me

7
00:00:32,880 --> 00:00:33,720
the credentials.

8
00:00:33,720 --> 00:00:41,610
And again and again, it will only ask me very first time whenever I start accessing through a new browser

9
00:00:41,910 --> 00:00:48,330
and my spring security framework is smart enough to send a token to my UAI are any application that

10
00:00:48,330 --> 00:00:55,650
I'm invoking the Secret Service and my browsers are even more smart to send that same value for every

11
00:00:55,650 --> 00:00:57,930
request that they are going to make subsequently.

12
00:00:58,140 --> 00:01:05,340
So with that token, I'm not forcing my user to enter his credentials again and again so he can call

13
00:01:05,340 --> 00:01:08,730
any number of times like any number of times I can refresh.

14
00:01:08,730 --> 00:01:10,470
It's not asking me the credentials.

15
00:01:10,750 --> 00:01:17,630
That's because with the power of tokenized that is used by Sprint security framework in the backend.

16
00:01:17,940 --> 00:01:23,700
So in order to really show you how it's going to work, let me go to a postman application here.

17
00:01:23,820 --> 00:01:29,060
I will select the history department that I get because our welcome API supports get.

18
00:01:29,370 --> 00:01:34,620
So now I'll try to access my welcome API and this should fail the authentication.

19
00:01:34,620 --> 00:01:40,860
The reason is we are accessing through Posman very first time and there is no session before.

20
00:01:41,280 --> 00:01:42,630
So I'm just clicking send.

21
00:01:42,870 --> 00:01:47,350
You can see I got a response saying that four zero one, which is unauthorized.

22
00:01:47,610 --> 00:01:55,740
Now what I will do is I will go to the authorization tab and select basic what the user name that I

23
00:01:55,740 --> 00:01:58,230
will give is easy bytes.

24
00:01:58,530 --> 00:02:00,860
And the password is one, two, three, four, five.

25
00:02:01,080 --> 00:02:05,580
With these values, if I tried to send the request to the welcome.

26
00:02:05,730 --> 00:02:13,170
But you can see now I successfully got welcome from spring application with security response from the

27
00:02:13,410 --> 00:02:14,990
application that I have written.

28
00:02:15,270 --> 00:02:21,630
Now, what I will do is I will try to make another request by removing the authentication.

29
00:02:21,930 --> 00:02:24,510
So now I said there is no authentication.

30
00:02:24,510 --> 00:02:28,410
I'm sending in the request and if I try to click, send it.

31
00:02:28,410 --> 00:02:31,710
Still giving me a valid response without for Xeroform.

32
00:02:32,160 --> 00:02:36,900
And this is due to the power of a cookie present inside your head.

33
00:02:37,260 --> 00:02:43,590
Like you can see, there is a cookie with the name Jaisha Ninety, and this is the value generated by

34
00:02:43,590 --> 00:02:48,540
your backend springboard application with the help of spring security.

35
00:02:48,750 --> 00:02:55,920
Very first time the user tried to login and we get the same from the server in the response and you

36
00:02:55,920 --> 00:03:03,210
can see the same cookie file we do in the cookies of our response, which is being sent by my postman

37
00:03:03,210 --> 00:03:05,570
every time I make subsequent calls.

38
00:03:05,760 --> 00:03:12,120
So with this help of discussion, I am getting a proper response without passing the credentials to

39
00:03:12,120 --> 00:03:13,710
make it even more clear.

40
00:03:13,890 --> 00:03:21,000
What I will do is from the request I'll remove this token and now I do not have any alteration details

41
00:03:21,270 --> 00:03:23,490
and I do not have a cookie with the discussion.

42
00:03:23,490 --> 00:03:30,540
Only in my request, if I try to make a request, I will get a response saying that four zero one and

43
00:03:30,540 --> 00:03:31,140
addressed.

44
00:03:31,290 --> 00:03:37,920
And even in this scenario also I'll get a cookie with different value and this cookie in my back and

45
00:03:38,190 --> 00:03:41,130
is maintained as a unauthorized user.

46
00:03:41,250 --> 00:03:47,430
So if someone tried to access my application with this value, they will keep getting unauthorized like

47
00:03:47,430 --> 00:03:49,110
you can see now inside my head.

48
00:03:49,110 --> 00:03:51,660
That's how the cookie with the name to mine, too.

49
00:03:51,840 --> 00:03:57,030
If I try to keep accessing the same cookie, I'll keep getting the unauthorized.

50
00:03:57,210 --> 00:04:05,280
But the moment that I tried to add my user details to my basic authentication, I will try to invoke

51
00:04:05,280 --> 00:04:09,180
my API again and you can see my cookie will change.

52
00:04:09,180 --> 00:04:13,220
So right now it is with two nine two after making a request.

53
00:04:13,410 --> 00:04:16,950
Now my magician only value change to seven for six on top.

54
00:04:17,250 --> 00:04:25,170
And if I try to keep making the request at the same jaishankar ninety seven four six, my backend will

55
00:04:25,170 --> 00:04:31,260
keep accepting even without credentials like I can show you by removing the authentication details from

56
00:04:31,260 --> 00:04:37,380
the request and then keep sending and I'll get the same proper response without credentials.

57
00:04:37,650 --> 00:04:41,760
So that's the one more good feature supported by Spring Security Framework.

58
00:04:41,940 --> 00:04:46,590
Of course, Jason generally is the default one generated by spring security.

59
00:04:46,860 --> 00:04:55,560
You can even more optimized to your production great application by using data tokens or tokens that

60
00:04:55,560 --> 00:04:58,410
will be discussing a lot in the coming lectures.

61
00:04:58,650 --> 00:04:59,700
So I hope this is.

62
00:04:59,720 --> 00:05:06,680
Very clear on how spring security framework handles multiple requests without login and credentials,

63
00:05:07,010 --> 00:05:13,100
it will only ask very first time if the same situation and the same user try to make another call.

64
00:05:13,100 --> 00:05:14,530
It wants the credentials.

65
00:05:14,540 --> 00:05:17,960
It's only expected to talk only as long as it is valid.

66
00:05:17,960 --> 00:05:20,670
It will keep sending the proper response to the user.

67
00:05:21,020 --> 00:05:23,630
So thank you and I'll see you in the next lecture by.