스프링 시큐리티 OAuth2

Hello. I listened to the lecture on security and OAUTH2 well. I can feel that the instructor prepared the lecture a lot and is passionate. And he is also a very knowledgeable person. However, I think it would be good if the teaching method was improved a bit. 1. I feel like the explanation is a bit rushed. This is a bit awkward, but I think that calmly leading the lecture can reduce awkwardness. Sometimes, I skipped over the words without knowing what they were because of the pronunciation. 2. The lecture structure is difficult for students to learn proactively. Basically, you have no choice but to follow along. In such a situation, if the instructor and students are not properly synchronized, and the instructor and the students have different contexts, the students become very stressed. I sometimes see emotional posts expressing complaints about this in the community. I understand the feelings a little. This is because most of the students who purchase the lecture start taking the lecture with high expectations. From the instructor's perspective, something that is so obvious (the more years you have and the more knowledge you have, the stronger this tendency becomes), but from the student's perspective, it is often not the case at all. 3. For example, it was good to practice authorization requests with Postman and then move to Spring. Well, since the speed of the speech is fast without any special points, it feels like important stories are flowing by. For example, when requesting authorization for the first time, when you press the login button, the client requests /oauth2/authorization, and when the client requests a temporary code from the authorization server, it goes down to /oauth2/authorize, but since this just happens, I couldn't recognize it for a while. It was quite confusing and confusing for a long time. So I got used to it by debugging it one by one. I think it may be because the instructor is so familiar with it, but when you are teaching, you say, "This URL may be a bit confusing. The initial login is /oauth2/authorization, and the code request is /oauth2/authorize. In reality, the authorization process starts when the client requests a code, so authorize means granting permission, so /oauth2/authorize is the URL for requesting a code. In this context, it would be good to remember it." If you explain it once, it will be a very helpful point for students. 4. When proceeding with the next chapter lecture, there are many cases where you proceed with new code (from the beginning). I think it is the same reason why someone asked to maintain the code in the course review. It is definitely convenient because Younghan leaves all the code after the first lecture. The process is carried out without editing, so just watching and following it together can be a learning experience, and it is advantageous because students and instructors can be on the same page. You can start from a new branch every time like Suwon Instructor, but I think it would have been good if there had been just one guide at the beginning of the lecture. Each clip or section is managed as a branch unit, so if possible, I ask the students to do the same. There may be some beginners in Git. You only need to show it once. Since you are not going to merge PRs into master, if you just show them how to create a new branch, the students will be on the same page as you. 5. Lastly, I think it would have been better to explain Filter -> Manager -> Provider -> before the actual lecture started. They mentioned it in the latter half of the lecture. I realized that the pattern was set while listening to the lecture, but it would have been easier if I had known the pattern at the beginning. It may be less so in other lectures, but Security has so many classes and the depth is so deep that it is a bit confusing to follow the lecture, and I get lost even while following the lecture. Of course, the instructor explains the flow with class diagrams at the beginning, but when the screen is filled with classes with long names that I have never seen before... the flow is not immediately apparent. Of course it helps, but I still don't think I'm on the same page as the students. 6. Oh, and you clearly said that you would save it in the database during the final practice instead of saving it in memory, but I was a little disappointed that you forgot and ended the practice with in-memory. This is a small thing, but it would have been better if you had named the resource server as ResourceServerPhoto instead of 1, 2 during the final practice. When I was taking a C++ class in the past, the instructor said, "It might be boring or not fun because it's the same example every time (the example was written by putting the name, age, and a few other pieces of information in the Person class), but since you have a lot to learn in the future, the hurdle for newness in this area should be low so that it's easy to learn." I remember that. I like what Einstein said, that when explaining, you should make it so that even a grandmother without relevant knowledge can understand, so I wrote down a lot of thoughts about teaching methods. Nevertheless, students, Security and this lecture are great guides for understanding the in-depth inside of the security framework. I now know almost everything about where and how to set breakpoints when debugging. If the breakpoints don't go where I thought they would, I can figure out the right flow by looking around more. Security and OAUTH2 are definitely not easy lectures, but I think they are lectures that you can gain a lot from if you put in the effort. I'm learning well. Thank you.

It is definitely a really good lecture. I am listening to everything from Spring Batch > Security > OAuth2. Since everyone else has mentioned the advantages, I would like to tell you about my suggestions(?) or regrets. I thought it would be helpful to check all the source code levels of Spring in debugging mode. Of course, the instructor checks by setting breakpoints in advance, but it doesn't seem easy to follow the screen that passes by quickly. Of course, if you say that you have to know everything to use a certain technology!!, I have nothing to say, but I think the lecture would be more compact and cost-effective if the instructor explains the theory part and ends by quoting some source code. It is definitely a good lecture, but it takes a lot of time to learn everything, including the debugging process, and if you take this lecture to use it in practice right away, you might think that you should postpone applying it to practice. I am leaving a review in the hope that the instructor will continue to make better lectures in the future.

It explains it in great detail. It shows the debugging process, so it's much more memorable. I think I need to do this much to be able to say I've used OAuth 2.0.

Thank you for the great lecture :) I was trying to listen to Udemy because there were no proper security-related lectures in Korean, and it seems like the perfect lecture came out at the perfect time!! I've only listened to about 1/5 of it so far.. but it's a really informative lecture!! I'm very satisfied :)

I am glad that the long-awaited lecture has been released, so I am happily registering for the class and studying hard. I am taking the class while thinking about the understanding of the OAuth2 standard and how Spring Security implemented the code, and it is very helpful. It is actually a little difficult, but I hope that I can persevere to the end and grow personally. Thank you so much for the great lecture. Stay healthy^^