This Spring Boot project demonstrates the implementation of role-based authentication, a common approach to managing access control in applications. In role-based authentication, users are granted access based on predefined roles such as "USER" and "ADMIN".
-
Model:
- Contains Java classes representing entities in the application, defining the structure of data stored in the database and exchanged between components.
-
Repository:
- Provides interfaces for interacting with the database, enabling CRUD operations on entities.
-
Service:
- Contains business logic and services for user authentication, token management, and user details retrieval.
-
Controller:
- Defines RESTful endpoints for user authentication and demo purposes.
-
Filter:
- Spring Security filter responsible for intercepting requests, extracting JWT tokens, and authenticating users.
-
Configuration:
- Configures Spring Security, defines authorization rules, and registers filters.
-
User Registration:
- New users can register using the
/auth/registerendpoint. The service encrypts passwords, saves user details to the database, generates JWT tokens, and returns them in the authentication response.
- New users can register using the
-
User Authentication:
- Users authenticate via the
/auth/loginendpoint. Upon successful authentication, a new JWT token is generated, replacing existing tokens associated with the user.
- Users authenticate via the
-
JWT Token Management:
- Handles JWT token generation, validation, and extraction of user details.
-
Authorization and Access Control:
- Endpoints are protected based on user roles. Access to certain endpoints is restricted to users with specific roles.
-
Token Revocation:
- When a user logs in, existing tokens are revoked, ensuring only the latest token remains valid.
-
Database Configuration:
- Configure MySQL database settings in
application.properties.
- Configure MySQL database settings in
-
Run the Application:
- Build and run the Spring Boot application.
-
Testing:
- Test user registration, authentication, and access to secured endpoints.
Before installing the application, ensure you have the following prerequisites installed:
- Java Development Kit (JDK) 11 or later
- Apache Maven
- MySQL or another compatible relational database
To run the application locally, follow these steps:
- Clone the repository:
https://github.com/Abhinav0915/RoleBasedAuthentication- Navigate to the project directory:
cd RoleBasedAuthentication- Update the application.properties file with your MySQL database configuration.
spring.datasource.url = jdbc:mysql://localhost:3306/your_database_name
spring.datasource.username = your_sql_username
spring.datasource.password = your_sql_password- Build the application:
mvn clean install-
Run the application
-
Access the application at http://localhost:9090.
- Java
- Springboot
- MySql
-
User Registration:
- URL: /auth/register
- Method: POST
- Description: Allows new users to register by providing their details.
- Request Body: JSON object containing user details (firstName, lastName, username, password, role).
- Response: Returns an AuthenticationResponse object containing a JWT token and a message indicating successful registration or an error message if the user already exists.
-
User Login:
- URL: /auth/login
- Method: POST
- Description: Allows existing users to authenticate and obtain a JWT token for accessing protected endpoints.
- Request Body: JSON object containing user credentials (username, password).
- Response: Returns an AuthenticationResponse object containing a JWT token and a message indicating successful login or an error message if authentication fails.
-
Demo Endpoint:
- URL: /demo
- Method: GET
- Description: A secured endpoint accessible to all authenticated users.
- Authorization: Requires a valid JWT token in the request header.
- Response: Returns a message confirming successful access to the secured endpoint.
-
Admin-only Endpoint:
- URL: /admin_only
- Method: GET
- Description: A secured endpoint accessible only to users with the "ADMIN" role.
- Authorization: Requires a valid JWT token with the "ADMIN" role in the request header.
- Response: Returns a message confirming successful access to the admin-only endpoint.
This project provides a comprehensive example of role-based authentication using Spring Boot, demonstrating secure access control and user management in modern web applications.