1
00:00:00,180 --> 00:00:06,570
Now, we have a custom requirement in our application saying that the first four services, which is

2
00:00:06,570 --> 00:00:13,230
my account, my balance, my loans and my card should be secured and the services related to notices

3
00:00:13,230 --> 00:00:15,060
and contact should not be sick.

4
00:00:15,300 --> 00:00:19,860
That means anyone should be able to access them without any credentials.

5
00:00:19,900 --> 00:00:24,670
Let's go and try to customize customizer called passport requirement.

6
00:00:24,840 --> 00:00:30,900
So if you see in our previous video, we have a copy paste or whatever default implementation present

7
00:00:30,900 --> 00:00:38,610
in the spring security framework and that code expect any requests that is coming has to be authenticated

8
00:00:38,610 --> 00:00:40,440
in order to process the business.

9
00:00:40,920 --> 00:00:48,870
So let's try to remove this line now inside authorize request I have in my third call.

10
00:00:48,870 --> 00:00:58,650
And demand has actually accepted part of a string thing that what is the app I want to consider in this

11
00:00:58,650 --> 00:01:01,380
configuration, in this configuration?

12
00:01:01,410 --> 00:01:09,540
First, I want to configure for my account so that providing that configuration, it is a method we

13
00:01:09,540 --> 00:01:11,590
have to call it, is authenticated.

14
00:01:11,790 --> 00:01:19,330
That means anyone calling a card which is matching my account has to be authenticated.

15
00:01:19,350 --> 00:01:28,710
Similarly, we have to mention for the remaining all the OTS here, I have my balance also should be

16
00:01:28,710 --> 00:01:36,510
authenticated and for my loans also it should be authenticated and my card could be also authenticated.

17
00:01:36,750 --> 00:01:41,430
Now make sure all this for services has to be authenticated.

18
00:01:41,440 --> 00:01:48,210
Similarly, we can go ahead and do configuration for notices as well.

19
00:01:48,420 --> 00:01:51,580
But instead of a there we should.

20
00:01:52,410 --> 00:01:54,210
It all means.

21
00:01:54,420 --> 00:01:57,270
This line indicates insecurity.

22
00:01:57,480 --> 00:02:05,670
If anyone calling my services with the potlatch notices you don't have to enforce security on the path,

23
00:02:05,670 --> 00:02:11,730
you are free to let the business logic execute without violating any credentials.

24
00:02:11,910 --> 00:02:15,310
We can copy paste the same configuration for contact also.

25
00:02:15,660 --> 00:02:20,520
Now this code works as per custom requirements.

26
00:02:20,520 --> 00:02:27,510
So if you see clearly I have configured first of all, services has to be authenticated and they have

27
00:02:27,510 --> 00:02:34,860
to be secure, whereas remaining last two seconds services, which is notices and slash contact, are

28
00:02:34,870 --> 00:02:38,240
free to be called by anyone without any credentials.

29
00:02:38,610 --> 00:02:40,990
So this is what we have implemented in the code.

30
00:02:41,310 --> 00:02:44,310
Let's go and test this code using Postma.

31
00:02:44,520 --> 00:02:53,130
Firstly, let me start the server by going to the main class and as a application, this will start

32
00:02:53,160 --> 00:02:56,140
our application in the 88 code.

33
00:02:56,220 --> 00:02:58,970
Now I will go to Postman here.

34
00:02:59,220 --> 00:03:01,470
I don't have any authentication details.

35
00:03:01,590 --> 00:03:03,830
I'm trying to call my account.

36
00:03:03,840 --> 00:03:09,210
We should get four zero one unauthorized response, which is correct.

37
00:03:09,360 --> 00:03:17,820
But now I will go and try to call contact, which is like does not have any security you can see here

38
00:03:17,970 --> 00:03:20,110
without any authorization details.

39
00:03:20,130 --> 00:03:27,450
Also, I'm getting the response from the back and similarly, the same will happen for notice as well.

40
00:03:27,600 --> 00:03:31,380
Like you can see the response here of the notice returns from the database.

41
00:03:31,380 --> 00:03:38,520
But again, if I go and try to call any of the security like Richwood customer, like my cards on my

42
00:03:38,520 --> 00:03:43,850
account, my balance on my loans, anything, we will get four zero one ever.

43
00:03:43,950 --> 00:03:50,130
But if you provide the authentication details to them that we configure, we will get the response that

44
00:03:50,130 --> 00:03:51,090
we are expecting.

45
00:03:52,220 --> 00:03:57,300
Now, with our custom configuration in the postman, and it's working perfectly.

46
00:03:57,560 --> 00:04:00,120
Let's try to see one more time what we have done.

47
00:04:00,260 --> 00:04:07,330
We have to extend all this Web security Conficker adapter, which is the base glass for intercepting

48
00:04:07,340 --> 00:04:10,680
security related stuff once I extended the class.

49
00:04:10,740 --> 00:04:17,180
I also annotated my class with Aderet configuration so that spring board will consider this while booting

50
00:04:17,180 --> 00:04:25,730
of the application once are done that I rent and read configure method which accepted strictly security

51
00:04:25,730 --> 00:04:26,790
as a parameter.

52
00:04:26,930 --> 00:04:31,110
If you see the code that we have written, we are telling every request.

53
00:04:31,110 --> 00:04:37,450
Really, you are trying to authorize check for this and match a spot which matches with this part and

54
00:04:37,460 --> 00:04:38,530
authenticate them.

55
00:04:38,540 --> 00:04:43,810
If you're seeing any matches with notices and slash contact.

56
00:04:43,830 --> 00:04:46,040
Please allow them without any security.

57
00:04:46,100 --> 00:04:52,460
Similarly, we can configure any number of parts inside matter Bozak.

58
00:04:52,460 --> 00:05:00,590
We are also telling on top of these conditions or configurations, make sure that you are also implementing

59
00:05:00,590 --> 00:05:07,130
these security restrictions to all the form logged ins and historically basic requests coming from the

60
00:05:07,250 --> 00:05:08,920
outside of this application.

61
00:05:09,030 --> 00:05:11,030
Hope this is making sense to you.

62
00:05:11,180 --> 00:05:14,320
If we have any questions, please post in Q&A.

63
00:05:14,510 --> 00:05:16,040
I'll get you in the next room.

64
00:05:16,060 --> 00:05:16,540
Thank you.

65
00:05:16,550 --> 00:05:16,820
By.