CRUD (Create, Read, Update, Delete), JWT Authentication and Authorization Maven Project!
Table of Contents
This is a sample CRUD application built using Spring Boot 3 and secured with Spring Security 6. The project's main goal is to demonstrate how to create a web application that allows users to perform CRUD operations on a set of entities (e.g., "Tasks," "Products," "Customers") while ensuring proper authentication and authorization through Spring Security.
- User Registration and Authentication: Users can register for accounts, log in, and log out. Passwords are securely hashed and stored in the database.
- Role-Based Access Control: The application supports two user roles, "User" and "Admin." Users have limited access, while Admins have full control over CRUD operations.
- CRUD Operations: Users with appropriate permissions can perform Create, Read, Update, and Delete operations on the entities in the system.
- Database Storage: Data is stored in a relational database (e.g., MySQL, PostgreSQL, H2) using Spring Data JPA.
- RESTful API: The application exposes a RESTful API for interacting with the entities, making it easy to integrate with other systems or build front-end interfaces.
- Spring Boot
- Spring Security
- Spring Data JPA
- Java 17
- Database (e.g., MySQL, PostgreSQL, H2)
- RESTful API
- Maven or Gradle for dependency management
- Angular, React, or other front-end technologies (if using web-based views)
Creating a Maven project involves a few prerequisite steps to set up your development environment correctly. Here are the key steps you should follow before creating a Maven project.
- Maven is a Java-based build tool, so you need to have Java installed on your system. You can download and install the latest version of the Java Development Kit (JDK) from the Oracle website or use an open-source alternative like OpenJDK.
- Ensure that the JAVA_HOME environment variable is set to your JDK installation directory.
- Add the bin directory of the JDK to your system's PATH variable.
- Mmost developers prefer to use an Integrated Development Environment (IDE) like Eclipse, IntelliJ IDEA, or NetBeans for Java development.
- If you're using an IDE, make sure to install the necessary plugins or extensions for Maven support.
Below is an example of how you can instruct your audience on installing and setting up your app. This template doesn't rely on any external dependencies or services.
- Clone the repo
git clone https://github.com/saronila/springboot3-springsecurity6-rsk.git
- Enable/disable header validation settings in
Application.propertiesby default falseapp.request.header.validation=false;
- Signup url like this http://localhost:xxxx/api/v1/auth/signup
- Add Header "Authorization-Owner" value is "myrequest" optional
- Method type is POST
{
"firstName":"Saravanakumar",
"lastName":"Ramasamy",
"email":"[email protected]",
"password":"12345",
"role": "ADMIN"
}{
"status": 1,
"message": "success",
"data": {
"payload": {
"id": 1,
"firstName": "Saravanakumar",
"lastName": "Ramasamy",
"email": "[email protected]",
"password": "$2a$10$9hXBsQh14kz7MadXYhr1qeaUfDT9hevG54Pf1DZulvlcURCl80U7a",
"role": "ADMIN",
"enabled": true,
"accountNonLocked": true,
"authorities": [
{
"authority": "ADMIN"
}
],
"username": "[email protected]",
"accountNonExpired": true,
"credentialsNonExpired": true
}
},
"responseTime": "11-10-2023 06:11:46"
}- Signup url like this http://localhost:xxxx/api/v1/auth/signin
- Add Header "Authorization-Owner" value is "myrequest" optional
- Method type is POST
{
"email":"[email protected]",
"password":"12345"
}{
"status": 1,
"message": "success",
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJyc2t6b25pYWNAZ21haWwuY29tIiwiaWF0IjoxNjk3MDA0Nzg1LCJleHAiOjE2OTcwOTExODV9.7WI4cKU8qHnjNhDDM5Ze8f7k_hf_0za3HoswJEKylXs",
"refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJyc2t6b25pYWNAZ21haWwuY29tIiwiaWF0IjoxNjk3MDA0Nzg1LCJleHAiOjE2OTc2MDk1ODV9.oKnNkSgqrgvVJYENWxSP9yoX27DLXuB68HKPAf6uOLw"
},
"responseTime": "11-10-2023 06:13:05"
}- get all url like this "http://localhost:xxxx/api/v1/users"
- Add Header "Authorization-Owner" value is "myrequest" optional
- Method type is GET
- Add Header "Authorization" value is "bearer #ACCESSTOKEN#" and replace your accessToken here
{
"status": 1,
"message": "success",
"data": {
"list": [
{
"id": 1,
"firstName": "Saravanakumar",
"lastName": "Ramasamy",
"email": "[email protected]",
"password": "$2a$10$9hXBsQh14kz7MadXYhr1qeaUfDT9hevG54Pf1DZulvlcURCl80U7a",
"role": "ADMIN",
"enabled": true,
"accountNonLocked": true,
"authorities": [
{
"authority": "ADMIN"
}
],
"username": "[email protected]",
"accountNonExpired": true,
"credentialsNonExpired": true
},
{
"id": 2,
"firstName": "user",
"lastName": "G",
"email": "[email protected]",
"password": "$2a$10$HbjngbUVFRc4urQfkTKSvuyE7nhO6vJMo8pzSopXyE4px8e/OjYXi",
"role": "USER",
"enabled": true,
"accountNonLocked": true,
"authorities": [
{
"authority": "USER"
}
],
"username": "[email protected]",
"accountNonExpired": true,
"credentialsNonExpired": true
}
]
},
"responseTime": "11-10-2023 06:32:34"
}- get url like this "http://localhost:xxxx/api/v1/users/#ACCESSTOKEN#" and replace your primary key
- Add Header "Authorization-Owner" value is "myrequest" optional
- Method type is GET
- Add Header "Authorization" value is "bearer #ACCESSTOKEN#" and replace your accessToken here
{
"status": 1,
"message": "success",
"data": {
"payload": {
"id": 1,
"firstName": "Saravanakumar",
"lastName": "Ramasamy",
"email": "[email protected]",
"password": "$2a$10$9hXBsQh14kz7MadXYhr1qeaUfDT9hevG54Pf1DZulvlcURCl80U7a",
"role": "ADMIN",
"enabled": true,
"accountNonExpired": true,
"credentialsNonExpired": true,
"authorities": [
{
"authority": "ADMIN"
}
],
"username": "[email protected]",
"accountNonLocked": true
}
},
"responseTime": "11-10-2023 09:54:20"
}- update url like this "http://localhost:xxxx/api/v1/users/#ACCESSTOKEN#" and replace your primary key
- Add Header "Authorization-Owner" value is "myrequest" optional
- Method type is PUT
- Add Header "Authorization" value is "bearer #ACCESSTOKEN#" and replace your accessToken here
{
"firstName":"Saravanakumar",
"lastName":"R"
}{
"status": 1,
"message": "success",
"data": {
"payload": {
"id": 1,
"firstName": "Saravanakumar",
"lastName": "R",
"email": "[email protected]",
"password": "$2a$10$9hXBsQh14kz7MadXYhr1qeaUfDT9hevG54Pf1DZulvlcURCl80U7a",
"role": "ADMIN",
"enabled": true,
"accountNonExpired": true,
"credentialsNonExpired": true,
"authorities": [
{
"authority": "ADMIN"
}
],
"username": "[email protected]",
"accountNonLocked": true
}
},
"responseTime": "11-10-2023 09:55:03"
}- delete url like this "http://localhost:xxxx/api/v1/users/#ACCESSTOKEN#" and replace your primary key
- Add Header "Authorization-Owner" value is "myrequest" optional
- Method type is DELETE
- Add Header "Authorization" value is "bearer #ACCESSTOKEN#" and replace your accessToken here
{
"status": 1,
"message": "User successfully deleted!",
"data": {
"payload": true
},
"responseTime": "11-10-2023 09:52:02"
}- refresh-token url like this "http://localhost:xxxx/api/v1/auth/refresh-token"
- Add Header "Authorization-Owner" value is "myrequest" optional
- Method type is POST
- Add Header "Authorization" value is "bearer #ACCESSTOKEN#" and replace your accessToken here
{
"status": 1,
"message": "success",
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJyc2t6b25pYWNAZ21haWwuY29tIiwiaWF0IjoxNjk3MDE3OTg2LCJleHAiOjE2OTcxMDQzODZ9.oyZCoaL4qcIUSvOy_w_WLW22jSEb2GIh2BLy1rIxhdY",
"refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJyc2t6b25pYWNAZ21haWwuY29tIiwiaWF0IjoxNjk3MDA0Nzg1LCJleHAiOjE2OTcwOTExODV9.7WI4cKU8qHnjNhDDM5Ze8f7k_hf_0za3HoswJEKylXs"
},
"responseTime": "11-10-2023 09:53:06"
}- if received the internal server error response
{
"apierror": {
"errorCode": "Expired JWT token",
"status": 500,
"message": "Expired JWT token",
"data": null,
"responseTime": "11-10-2023 06:33:11"
}
}Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
My Name - Saravanakumar Ramasamy
Project : springboot3-springsecurity6-rsk