1
00:00:00,150 --> 00:00:04,470
In the previous videos, we have seen two types of customizations that we have done.

2
00:00:04,620 --> 00:00:10,970
One is going with whatever springs security is provided by default, where the spring security expert,

3
00:00:10,980 --> 00:00:16,610
each and every request coming towards it has to be checked for security credentials.

4
00:00:16,680 --> 00:00:24,210
Later on, we customized it for the Aspell custom requirements by making four parts as a code and remaining

5
00:00:24,210 --> 00:00:25,710
two parts as nonsecular.

6
00:00:25,740 --> 00:00:32,790
Now think of a scenario where we may have to be denying all the requests coming to our back and for

7
00:00:32,790 --> 00:00:33,630
whatever reason.

8
00:00:33,660 --> 00:00:39,270
So one of the reasons that I can think of is like you may have some peculiar business requirements that

9
00:00:39,270 --> 00:00:44,570
my server should not accept any requests, even though they have proper credentials as associated said

10
00:00:44,570 --> 00:00:48,540
to them during some midnight time or some particular timeframe.

11
00:00:48,570 --> 00:00:54,870
So in such scenarios, Spring Security also provided a feature of denying all the requests.

12
00:00:54,870 --> 00:01:01,110
Whether they have a proper authentication details or not, it will still deny all the subsequent request

13
00:01:01,110 --> 00:01:02,650
that is coming towards the.

14
00:01:02,680 --> 00:01:04,780
Let's try to see how to do that.

15
00:01:04,950 --> 00:01:11,760
For reference, I just put the first default configuration here with the default configurations, which

16
00:01:11,760 --> 00:01:13,300
will secure all the request.

17
00:01:13,320 --> 00:01:20,610
So here, if you see we are seeing any request has to be authenticated for all the form login and based

18
00:01:20,980 --> 00:01:30,450
later on, what we have done is we customize that accord by using and matches associated for each part,

19
00:01:30,450 --> 00:01:37,440
like my account, my balance, my loans, my cards with all this for has to be authenticated, followed

20
00:01:37,440 --> 00:01:43,730
by notices and contact bot astrobee nonsecure where everyone can access it.

21
00:01:44,250 --> 00:01:51,210
Now, as I was saying, we should deny all the requests that is coming towards our back backend in such

22
00:01:51,210 --> 00:01:51,890
scenarios.

23
00:01:52,260 --> 00:01:59,610
What we have to do is let me try to copy paste the same quote from the default framework for now, instead

24
00:01:59,610 --> 00:02:09,539
of authenticated, we should deny all that means this scenario, a request that comes towards my spring

25
00:02:09,539 --> 00:02:11,910
security backend services.

26
00:02:11,910 --> 00:02:17,480
It will deny all of them, regardless whether they are authenticated, user or not.

27
00:02:17,850 --> 00:02:22,800
I'm saving this or starting this over using on the job application.

28
00:02:23,430 --> 00:02:25,040
The server is already started.

29
00:02:25,060 --> 00:02:27,000
Let me go and kill the previous one.

30
00:02:27,180 --> 00:02:29,970
No, I'm starting again this time my service.

31
00:02:30,630 --> 00:02:31,530
Eighty, eighty.

32
00:02:31,680 --> 00:02:34,380
Let's try to go and test in the basement.

33
00:02:35,900 --> 00:02:42,100
Now, we have done the configurations to deny all the request that comes towards Bakan application,

34
00:02:42,290 --> 00:02:44,970
let's try to test the same in this Posman.

35
00:02:45,350 --> 00:02:49,280
So now I'm trying to call my cards with get to type.

36
00:02:49,280 --> 00:02:52,630
And I also provided authorization details.

37
00:02:52,670 --> 00:02:58,080
And if you try to send the request now, we should get four billion error.

38
00:02:58,130 --> 00:03:02,380
That means whatever you're trying to pawn, it is denying.

39
00:03:02,390 --> 00:03:09,920
The reason is we Ausdance bring security specifically not to process any requests, deny everything

40
00:03:09,920 --> 00:03:10,660
that comes.

41
00:03:10,670 --> 00:03:17,690
So that's why in this scenario, we get forward and think of a scenario where we want to try without

42
00:03:17,690 --> 00:03:18,650
credentials.

43
00:03:18,680 --> 00:03:22,850
And if I try to call again, even I get the forbidden error.

44
00:03:22,910 --> 00:03:30,510
That means spring security framework is not violating or not looking at my credentials at all.

45
00:03:30,560 --> 00:03:38,690
It's always giving a forbidden error, saying that this part is not allowed to call and that's why we

46
00:03:38,690 --> 00:03:40,280
are getting it for zero three.

47
00:03:40,610 --> 00:03:44,510
So this is the way how we should deny all the requests.

48
00:03:44,600 --> 00:03:51,350
In the next video, we'll try to see how to accept every request without authorization.

49
00:03:51,500 --> 00:03:58,240
So that will also be comfortable doing the changes in our application whenever a situation occurs.

50
00:03:58,310 --> 00:03:59,330
Thank you by.