This project is a Spring Boot application demonstrating a secure REST API with JWT (JSON Web Token) based authentication and authorization. It provides endpoints for user registration, authentication, and a protected demo resource.
- Features
- Technologies Used
- Prerequisites
- Getting Started
- API Endpoints
- Project Structure
- Contributing
- License
- User Registration: Allows new users to sign up.
- User Authentication: Authenticates existing users and issues JWTs.
- JWT-based Authorization: Secures API endpoints using JWTs.
- Role-based Access Control: Demonstrates basic role management (e.g.,
USERrole). - H2 Database: In-memory database for development and testing.
- RESTful API: Clean and well-structured API endpoints.
- Java 24+: The core programming language.
- Spring Boot 3.x: Framework for building the application.
- Spring Security: For authentication and authorization.
- JJWT (Java JWT): Library for handling JSON Web Tokens.
- Maven: Dependency management and build automation.
- H2 Database: In-memory relational database.
Before you begin, ensure you have the following installed:
git clone https://github.com/Falasefemi2/security-docker.git
cd security-dockerUse Maven to build the project:
mvn clean installYou can run the Spring Boot application using Maven:
mvn spring-boot:runThe application will start on http://localhost:8080 by default.
The application exposes the following REST endpoints:
- URL:
/api/v1/auth/register - Method:
POST - Content-Type:
application/json - Request Body Example:
{ "firstname": "John", "lastname": "Doe", "email": "john.doe@example.com", "password": "password123", "role": "USER" } - Success Response:
{ "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }
- URL:
/api/v1/auth/authenticate - Method:
POST - Content-Type:
application/json - Request Body Example:
{ "email": "john.doe@example.com", "password": "password123" } - Success Response:
{ "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }
- URL:
/api/v1/demo - Method:
GET - Headers:
Authorization: Bearer <YOUR_JWT_TOKEN>
- Success Response:
"Hello from secured endpoint" - Error Response (if token is missing or invalid):
{ "timestamp": "...", "status": 403, "error": "Forbidden", "message": "Access Denied", "path": "/api/v1/demo" }
You can use the .http files in the httprequests/ directory (e.g., authenticate.http, register.http, demo.http) with an IDE extension like "REST Client" (for VS Code) to easily test these endpoints.
security-docker/
├───.mvn/ # Maven wrapper files
├───httprequests/ # Example HTTP request files for testing
├───src/
│ ├───main/
│ │ ├───java/
│ │ │ └───com/
│ │ │ └───femi/
│ │ │ └───securitydocker/
│ │ │ ├───SecurityDockerApplication.java # Main application class
│ │ │ ├───config/ # Spring Security and JWT configuration
│ │ │ ├───controller/ # REST API controllers
│ │ │ ├───dto/ # Data Transfer Objects for requests/responses
│ │ │ ├───enumfolder/ # Enum definitions (e.g., Role)
│ │ │ ├───model/ # JPA Entities (e.g., User)
│ │ │ ├───Repository/ # Spring Data JPA repositories
│ │ │ └───service/ # Business logic and JWT service
│ │ └───resources/
│ │ ├───application.yml # Application configuration (e.g., server port, H2 console)
│ │ ├───static/ # Static web resources
│ │ └───templates/ # Thymeleaf templates (if any)
│ └───test/ # Unit and integration tests
├───pom.xml # Maven Project Object Model
└───README.md # This file
Contributions are welcome! Please feel free to fork the repository, create a new branch, and submit a pull request.
This project is open-source and available under the MIT License.