Skip to content

boris-ns/spring-security-boilerplate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

spring-security-boilerplate

SpringBoot application boilerplate code with Spring Security implementation and JWT authentication and authorization.
MySQL is used as a database.

How to use

First, you need to clone this repository

git clone https://github.com/boris-ns/spring-security-boilerplate.git

Then in src/main/resources/application.yml enter your database name, username and password.

After that, you can run the service

cd spring-security-boilerplate
mvn spring-boot:run

Endpoints

In current configuration every URL endpoint with /public/ in it won't be checked by JWT filter and Spring Security, so that means everyone can use it. Also, this applies to /auth/login

API documentation

Login

POST http://localhost:8080/auth/login
Request:

{
	"username":"john.doe",
	"password":"123"
}

Response:

{
    "id": 1,
    "username": "john.doe",
    "firstName": "John",
    "lastName": "Doe",
    "email": "john@doe.com",
    "enabled": true,
    "authorities": [
        "ROLE_USER"
    ],
    "token": {
        "accessToken": "JWT_TOKEN_VALUE",
        "expiresIn": 3600000
    }
}

Refresh token

POST http://localhost:8080/auth/refresh
Authentication: you must send JWT with request
All users are authorized to use this endpoint
Response:

{
    "accessToken": "JWT_TOKEN_VALUE",
    "expiresIn": 3600000
}

Change password

POST http://localhost:8080/auth/change-password
Authentication: you must send JWT with request
All users are authorized to use this endpoint
Request:

{
    "oldPassword": "12345",
    "newPassword": "asdfg"
}

Response: 200 OK or exception

Public Hello World

GET http://localhost:8080/api/public/hello-world
Everyone is authorized to use this endpoint
Response: Hello World from PUBLIC controller!

Private Hello World for registered users

GET http://localhost:8080/api/hello-world/registered-user
Only registered users can use this endpoint
Response: Hello ANY REGISTERED USER from PRIVATE controller!

Private Hello World for regular users

GET http://localhost:8080/api/hello-world/user
Only users with role ROLE_USER can use this endpoint
Response: Hello USER from PRIVATE controller!

Private Hello World for admins

GET http://localhost:8080/api/hello-world/admin
Only users with role ROLE_ADMIN can use this endpoint
Response: Hello ADMIN from PRIVATE controller!

Predefined data in the database

In the database, there are two types of users: ROLE_ADMIN and ROLE_USER.
Also, there are 2 predefined users as you can see in import.sql file.

Regular user is john.doe.
Admin is jane.doe.
All passwords are 123.

About

Spring app boilerplate with Spring Security implementation and JWT authentication & authorization

Topics

spring-boot spring-security jwt-authentication

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages