1 00:00:00,000 --> 00:00:04,098 [SOUND] Hello there I'm Chris and 2 00:00:04,098 --> 00:00:08,199 I teach Java here at Tree House. 3 00:00:08,199 --> 00:00:09,605 During today's workshop, 4 00:00:09,605 --> 00:00:13,420 I'd like to discuss what is called User Authentication and Authorization. 5 00:00:14,550 --> 00:00:17,954 In general, authentication is the process of an application 6 00:00:17,954 --> 00:00:20,446 confirming the identification of a client. 7 00:00:20,446 --> 00:00:24,567 That client will be user in our case, but could just as easily be another 8 00:00:24,567 --> 00:00:27,189 application if what we're coding is an API. 9 00:00:27,189 --> 00:00:29,610 You've seen authentication everywhere. 10 00:00:29,610 --> 00:00:33,750 Anytime you're asked for a username and password, that's authentication. 11 00:00:33,750 --> 00:00:37,850 We'll be implementing that sign in or authentication process in Spring today. 12 00:00:39,140 --> 00:00:43,110 In addition, we'll chat a little about authorization in Spring by assigning 13 00:00:43,110 --> 00:00:45,380 users what are called Roles. 14 00:00:45,380 --> 00:00:49,010 This allows us fine grained control over which resources 15 00:00:49,010 --> 00:00:51,120 each kind of user can access. 16 00:00:51,120 --> 00:00:55,230 For example, we could have an admin user that has a high level of control over 17 00:00:55,230 --> 00:01:00,740 the application, with even the ability to add, edit, and delete other user accounts. 18 00:01:00,740 --> 00:01:03,440 In addition, we could have a standard user account 19 00:01:03,440 --> 00:01:06,880 that wouldn't be able to perform those high level functions. 20 00:01:06,880 --> 00:01:11,020 Because we'll be requiring users to authenticate with our application, we'll 21 00:01:11,020 --> 00:01:16,140 also talk about how to associate certain resources with the authenticated user. 22 00:01:16,140 --> 00:01:19,750 For example, we should show an authenticated user only his or 23 00:01:19,750 --> 00:01:24,780 her profile page when they choose to be with, not some other user's profile page. 24 00:01:24,780 --> 00:01:29,510 Or in a contact manager, we'd only want to show the current user's contact and 25 00:01:29,510 --> 00:01:30,940 not all user's contacts. 26 00:01:32,380 --> 00:01:36,680 Finally, we'll ice the cake with a couple best practices, including how to properly 27 00:01:36,680 --> 00:01:40,410 store passwords in a database, as well as how to prevent a certain type of attack. 28 00:01:41,520 --> 00:01:42,440 For the project, 29 00:01:42,440 --> 00:01:46,480 we'll be adding authentication to a simple task management application. 30 00:01:46,480 --> 00:01:51,860 One where a user can log-in, create items, and mark them as complete or incomplete. 31 00:01:51,860 --> 00:01:54,010 The application itself is pretty simple, so 32 00:01:54,010 --> 00:01:58,630 that we can more effectively focus our attention on user authentication. 33 00:01:58,630 --> 00:02:00,080 All right, let's get started.