This repository contains an example Spring project implementing authentication and authorization using Spring Security with JWT. The project provides a set of APIs for user registration, login, and role-based access control.
- User Registration: Allows new users to sign up by providing necessary details.
- User Login: Authenticates users and provides a JWT token for subsequent requests.
- Role-Based Access Control: Access control for specific endpoints based on user roles (
MASTER
andUSER
). - Default Admin Account: A pre-configured
admin
account is available for testing.
You can use the following default admin account to test admin-specific features:
- Username:
admin
- Password:
adminpassword
Note: The password is hashed using
passwordEncoder
before storage.
The following endpoints are available:
-
User Signup
- Endpoint:
/signup
- Method:
POST
- Description: Registers a new user.
- Request Body:
SignupRequestDto
(required)
- Endpoint:
-
User Login
- Endpoint:
/sign
- Method:
POST
- Description: Authenticates a user and returns a JWT token.
- Request Body:
LoginRequestDto
(required)
- Endpoint:
-
Admin Only Access
- Endpoint:
/admin
- Method:
GET
- Description: Grants access to users with the
MASTER
role. - Authorization: Requires a Bearer Token with the
MASTER
role.
- Endpoint:
-
User Only Access
- Endpoint:
/user
- Method:
GET
- Description: Grants access to users with the
USER
role. - Authorization: Requires a Bearer Token with the
USER
role.
- Endpoint:
-
Development Environment
To run the project in a development environment, execute the following:docker-compose -f docker-compose.dev.yml up
-
Production Deployment
To deploy in production, update the.env
file with appropriate production configurations, then run:docker-compose -f docker-compose.prod.yml up
The project includes Swagger API documentation, accessible at:
/docs
- Spring Boot
- Spring Security
- JWT
- Swagger (for API documentation)