1
00:00:00,180 --> 00:00:06,900
We have discussed security, architecture and its internal flaw previously in the Section one, we have

2
00:00:06,900 --> 00:00:13,080
seen how ring security handles the request that comes in terms of authorizing and authenticating.

3
00:00:13,260 --> 00:00:20,280
During that discussion, we came to know user detail service and password encoder are the important

4
00:00:20,280 --> 00:00:26,220
interfaces that helps in maintaining the user details and validating them.

5
00:00:26,250 --> 00:00:33,000
That means if someone provides some credentials, these two user detail services and password and take

6
00:00:33,000 --> 00:00:39,500
the responsibility of validating whether the username and password entered by user is correct or not.

7
00:00:39,660 --> 00:00:47,790
So in this section, let's try to explore more on user user details of password encoders and how to

8
00:00:47,790 --> 00:00:50,670
create multiple users for our application.

9
00:00:50,850 --> 00:00:56,340
The problem with the current application that we have developed in the previous section is it has only

10
00:00:56,340 --> 00:01:03,690
a single user that we configured in the application that is ideally most of our application conservate

11
00:01:03,690 --> 00:01:04,950
with a single user.

12
00:01:04,980 --> 00:01:12,930
Your application should support as many users as we want, along with the rules authorities to achieve

13
00:01:12,930 --> 00:01:13,320
that.

14
00:01:13,440 --> 00:01:20,910
Let's go to our project security config class where we previously customized our bot level security

15
00:01:20,910 --> 00:01:22,280
using matches.

16
00:01:22,350 --> 00:01:30,120
So since here we want to customize our user details and user detail services users and password and

17
00:01:30,120 --> 00:01:37,570
coders, we have to override another method provided by spring security framework under this class Web

18
00:01:37,620 --> 00:01:41,110
security Conficker adapter with the same name Conficker.

19
00:01:41,220 --> 00:01:45,850
But the difference between the operation and this one is the input argument.

20
00:01:46,080 --> 00:01:53,190
The upper one will accept extra security and the lawyer will accept authentication manageable.

21
00:01:53,580 --> 00:02:01,770
So this is a matter where if we want to customize your user user detailed password encoders along with

22
00:02:01,770 --> 00:02:03,360
authentication providers.

23
00:02:03,570 --> 00:02:09,870
So this is a matter where we have to customize, let's try to configure multiple users.

24
00:02:10,150 --> 00:02:12,600
So this is the code that we have to write.

25
00:02:12,600 --> 00:02:20,760
If you want to configure your own users and multiple users, as you will see here, for now, we are

26
00:02:20,760 --> 00:02:23,340
going to use in-memory authentication.

27
00:02:23,400 --> 00:02:31,950
That means all these users that we want to maintain will be stored inside memory of its print container,

28
00:02:32,070 --> 00:02:39,610
which will be leveraged by spring security while performing authentication and authorization details.

29
00:02:39,640 --> 00:02:46,740
First, we have to select in-memory authentication, and whenever we want to add and user, we have

30
00:02:46,740 --> 00:02:49,050
to call the method with user.

31
00:02:49,050 --> 00:02:55,950
And what is a user name followed by DOT Password and the user password along with the authorities that

32
00:02:55,950 --> 00:02:57,520
the user want to maintain.

33
00:02:57,570 --> 00:03:04,080
Like in this scenario, we have an admin user who should have admin authorities and at the same time,

34
00:03:04,380 --> 00:03:11,280
if you want to configure multiple users, you can also configure by using an end operator, followed

35
00:03:11,280 --> 00:03:19,350
by same code like with user password and authorities where I have configured another user called normal

36
00:03:19,470 --> 00:03:21,210
user with the same password.

37
00:03:21,370 --> 00:03:24,380
But his authorities are the level of target.

38
00:03:24,600 --> 00:03:32,010
And at the same time, whenever we are using user details and whenever we are trying to customize the

39
00:03:32,010 --> 00:03:37,890
user details by default, definitely we should pass the password in order.

40
00:03:38,070 --> 00:03:43,370
If you are not passing the password and code, spring security will throw an error.

41
00:03:43,650 --> 00:03:46,350
I don't know how to validate your password.

42
00:03:46,470 --> 00:03:54,420
Use your password is stored as a normal text, or is it encoded or encrypted inside the memory of the

43
00:03:54,420 --> 00:03:55,350
shipping container?

44
00:03:55,440 --> 00:03:56,100
It does not.

45
00:03:56,430 --> 00:04:00,890
That's why we should always pass the password encoder.

46
00:04:01,020 --> 00:04:02,220
Along with Vannatter.

47
00:04:02,220 --> 00:04:04,410
We try to customize the user details.

48
00:04:04,620 --> 00:04:11,550
So previously we have not provided and we didn't try to customize this entire method that way.

49
00:04:11,850 --> 00:04:21,180
Spring security went ahead and use the users password present in this property file and it also considers

50
00:04:21,329 --> 00:04:23,970
default password encoded here.

51
00:04:24,090 --> 00:04:32,850
I'm saying I will be using password encoder, which is of no password and that means I don't want to

52
00:04:32,850 --> 00:04:38,880
have any passwords and codes will show as a deep because this is not recommended.

53
00:04:38,880 --> 00:04:46,470
But since we are enhancing our application by step by step final, I'm just configuring password and

54
00:04:46,470 --> 00:04:50,900
code as no Ostrower and I don't know that.

55
00:04:51,300 --> 00:04:57,480
Let's try to add our application by going to the main springboard application.

56
00:04:57,720 --> 00:04:59,610
I'll change the class name and the.

57
00:04:59,960 --> 00:05:06,140
His name compared to our previous section, so that we can maintain the same consistent last name for

58
00:05:06,140 --> 00:05:07,700
all the for the sections.

59
00:05:07,730 --> 00:05:13,790
So what I will do is I click on and select one as our application.

60
00:05:13,970 --> 00:05:16,210
So now I have my service started.

61
00:05:16,520 --> 00:05:21,950
So this time it's go to end browser and try to validate on our parts.

62
00:05:22,250 --> 00:05:26,610
So we send our notices but should be executed.

63
00:05:27,080 --> 00:05:30,500
So obviously it wouldn't hurt us any correction.

64
00:05:30,680 --> 00:05:35,490
But if I want to access my account, I will ask the correction.

65
00:05:35,540 --> 00:05:42,620
I'll type first the corrections that we mentioned in the application properties and it will not accept

66
00:05:42,620 --> 00:05:52,190
because now we have provided our own users inside the security configuration glass here I can type at

67
00:05:52,910 --> 00:06:03,860
one two for free as a password which will allow or I can also enter other normal user that I have configured

68
00:06:03,860 --> 00:06:05,400
with this user.

69
00:06:05,450 --> 00:06:06,790
One, two, three, four, five.

70
00:06:07,040 --> 00:06:16,340
Did you see now we came from where we maintained single static user to your position where we can maintain

71
00:06:16,340 --> 00:06:21,830
any number of users that we want inside a security configuration.

72
00:06:21,980 --> 00:06:25,780
But this is not the production ready application.

73
00:06:25,790 --> 00:06:30,080
But I just wanted to show you inside the memory of our application.

74
00:06:30,080 --> 00:06:33,840
Also, we can maintain the user's details daily.

75
00:06:33,920 --> 00:06:35,860
In any production environment.

76
00:06:36,470 --> 00:06:42,650
We maintain all sorts of details inside database or OLAP or any other conflicts.

77
00:06:42,770 --> 00:06:48,050
But in this scenario, since the application that we are trying to enhance step by step, I have I want

78
00:06:48,050 --> 00:06:54,840
to show first that we can also maintain the memory of that Springbrook application with that.

79
00:06:55,010 --> 00:07:03,920
Now we know how to configure multiple users and how to pass a password encoder associated to my user

80
00:07:03,920 --> 00:07:04,650
details.

81
00:07:04,670 --> 00:07:05,270
Thank you.

82
00:07:05,420 --> 00:07:07,600
And you in the next release by.