- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Spring Boot Mastery #14: Spring Security Introduction | Public vs Private APIs
Welcome to Spring Boot Mastery #14 by Hosiyar.com.
In the previous videos, we built a Course Management System project with REST APIs, database integration, DTOs, validation, exception handling, HTTP status codes, ResponseEntity, and even added a simple UI using HTML, CSS, and JavaScript.
Now we are starting one of the most important topics in real-world backend development:
Spring Security.
In real applications, not every API should be open for everyone.
Some APIs can be public, like viewing general course details, landing pages, login pages, or public information.
But some APIs should be private, like creating a course, updating course details, deleting records, managing users, or accessing sensitive data.
This is why security is required in applications.
In this video, we start Spring Security from the absolute basics. We do not jump directly into filter chains, JWT, OAuth, or deep internal architecture. First, we understand the basic problem:
What happens when there is no security?
To understand this, we created a simple Lesson Management System project.
Inside that project, we created:
✅ One public endpoint
✅ One private endpoint
Initially, we only marked them using comments as public and private.
But without Spring Security, both endpoints were accessible. There was no checking, no authentication, and no validation. Any request from the client could directly reach the server.
After that, we added the Spring Security dependency.
As soon as we added Spring Security, the behavior of the application changed.
Now, whenever we tried to access the API, Spring Security showed a default login form and asked for username and password.
This helped us understand a very important point:
Spring Security adds a security layer between the client and the server.
Now every request has to pass through this security layer before it reaches the controller.
In this video, we also discussed the default login credentials provided by Spring Security.
By default:
Username: user
Password: generated in the console
Then we saw how to configure our own username and password using application.properties.
We also discussed a very basic overview of session and session ID, so that beginners can understand how login state can be remembered after successful authentication.
But we ended the video with an important question:
After adding Spring Security, authentication is required for private APIs. That is good.
But what about public APIs?
How can we allow public APIs without authentication and protect only private APIs?
This question will be answered in the next video.
## In this video, we will cover:
✅ Why security is important in real-world applications
✅ Why applications need public and private endpoints
✅ What is a public API?
✅ What is a private API?
✅ Example of public and private endpoints
✅ Creating a sample Lesson Management System project
✅ Creating one public endpoint
✅ Creating one private endpoint
✅ Problem before adding Spring Security
✅ Why comments do not actually protect APIs
✅ Adding Spring Security dependency
✅ What changes after adding Spring Security
✅ Default login form in Spring Security
✅ Default username and generated password
✅ Finding generated password in console
✅ Configuring custom username and password
✅ Basic idea of session
✅ Basic idea of session ID
✅ Spring Security as a layer between client and server
✅ Cliffhanger for next video: How to allow public APIs without login?
## Simple Flow Before Spring Security
Client → Controller → API Response
There is no security check.
So even private APIs are accessible.
## Simple Flow After Adding Spring Security
Client → Spring Security Layer → Controller → API Response
Now the request must pass through the security layer first.
If the user is not authenticated, Spring Security asks for login.
## By the end of this video:
You will understand why Spring Security is needed, what happens when we add Spring Security dependency, how the default login form works, where the default password is generated, and how to configure your own username and password.
You will also understand the basic difference between public and private APIs.
This is the first step toward learning Spring Security properly in Spring Boot.
Видео Spring Boot Mastery #14: Spring Security Introduction | Public vs Private APIs канала hosiyar
In the previous videos, we built a Course Management System project with REST APIs, database integration, DTOs, validation, exception handling, HTTP status codes, ResponseEntity, and even added a simple UI using HTML, CSS, and JavaScript.
Now we are starting one of the most important topics in real-world backend development:
Spring Security.
In real applications, not every API should be open for everyone.
Some APIs can be public, like viewing general course details, landing pages, login pages, or public information.
But some APIs should be private, like creating a course, updating course details, deleting records, managing users, or accessing sensitive data.
This is why security is required in applications.
In this video, we start Spring Security from the absolute basics. We do not jump directly into filter chains, JWT, OAuth, or deep internal architecture. First, we understand the basic problem:
What happens when there is no security?
To understand this, we created a simple Lesson Management System project.
Inside that project, we created:
✅ One public endpoint
✅ One private endpoint
Initially, we only marked them using comments as public and private.
But without Spring Security, both endpoints were accessible. There was no checking, no authentication, and no validation. Any request from the client could directly reach the server.
After that, we added the Spring Security dependency.
As soon as we added Spring Security, the behavior of the application changed.
Now, whenever we tried to access the API, Spring Security showed a default login form and asked for username and password.
This helped us understand a very important point:
Spring Security adds a security layer between the client and the server.
Now every request has to pass through this security layer before it reaches the controller.
In this video, we also discussed the default login credentials provided by Spring Security.
By default:
Username: user
Password: generated in the console
Then we saw how to configure our own username and password using application.properties.
We also discussed a very basic overview of session and session ID, so that beginners can understand how login state can be remembered after successful authentication.
But we ended the video with an important question:
After adding Spring Security, authentication is required for private APIs. That is good.
But what about public APIs?
How can we allow public APIs without authentication and protect only private APIs?
This question will be answered in the next video.
## In this video, we will cover:
✅ Why security is important in real-world applications
✅ Why applications need public and private endpoints
✅ What is a public API?
✅ What is a private API?
✅ Example of public and private endpoints
✅ Creating a sample Lesson Management System project
✅ Creating one public endpoint
✅ Creating one private endpoint
✅ Problem before adding Spring Security
✅ Why comments do not actually protect APIs
✅ Adding Spring Security dependency
✅ What changes after adding Spring Security
✅ Default login form in Spring Security
✅ Default username and generated password
✅ Finding generated password in console
✅ Configuring custom username and password
✅ Basic idea of session
✅ Basic idea of session ID
✅ Spring Security as a layer between client and server
✅ Cliffhanger for next video: How to allow public APIs without login?
## Simple Flow Before Spring Security
Client → Controller → API Response
There is no security check.
So even private APIs are accessible.
## Simple Flow After Adding Spring Security
Client → Spring Security Layer → Controller → API Response
Now the request must pass through the security layer first.
If the user is not authenticated, Spring Security asks for login.
## By the end of this video:
You will understand why Spring Security is needed, what happens when we add Spring Security dependency, how the default login form works, where the default password is generated, and how to configure your own username and password.
You will also understand the basic difference between public and private APIs.
This is the first step toward learning Spring Security properly in Spring Boot.
Видео Spring Boot Mastery #14: Spring Security Introduction | Public vs Private APIs канала hosiyar
spring boot spring security spring security introduction spring boot security public api private api spring security default login form spring security username password spring security dependency application properties spring security session id spring security authentication spring boot secure rest api spring boot java backend development spring boot tutorial spring boot hindi hosiyar
Комментарии отсутствуют
Информация о видео
13 июня 2026 г. 8:30:06
00:45:00
Другие видео канала
Tuples in Python Explained Simply | Bootcamp #15
Pattern Programming Part 2 — Advanced Logic with Nested Loops | Python Programming Bootcamp #19
Pattern Programming Part 1 — Logic Building with Nested Loops | Python Programming Bootcamp #18
Spring Boot Mastery #4: REST API, HTTP Methods, @PathVariable, @RequestParam, @RequestBody | Postman
Spring Boot Mastery #11: Exception Handling with @RestControllerAdvice Explained | Custom Exceptions
Python Programming Bootcamp #21 | Number Manipulation Part 1 — Swap, Factorial, Sum, Fibonacci
JavaScript Data Types Explained | Dynamic Typing, null, undefined & NaN | Quirks | Coercion
JavaScript Variables Explained | var, let, const | VS Code Setup #1
What is Programming? Why Everyone Starts with Python! | Bootcamp #1
Spring Boot Mastery #1: Create Your First Project using Spring Initializr + Maven Explained
Python Programming Bootcamp #7 | Control Statements in Python — Making Your Code Think!
JavaScript Arrays Explained | Traversal, push(), pop(), shift(), unshift() | JS Mastery #10
Spring Boot Mastery #9: DTOs Explained | Entity to DTO | Java Records in Project
Master Dictionaries in Python | Bootcamp #17
Vibe Coding #0 | What Is Vibe Coding? Coding That Feels Good, Not Stressful
Sets in Python Explained Simply | Bootcamp #16
Python for Beginners #3 | Variables in Python — Storing Data Made Simple
Spring Boot Mastery #0: Course Overview, Spring vs Spring Boot & Complete Roadmap
Python Programming Bootcamp #0 | Learn Python by Logic — Not by Mugging Up Concepts!
Python for Beginners #5 | Typecasting in Python — Changing Data Made Easy
