1. JWT Signup and/or Login Process & Diagram Explanation (0.95)
The diagram shows a web application security architecture where:
Frontend Components: Users interact with the login page and user dashboard.
User Authentication: Users submit their credentials via the login page.
Backend Components: Credentials are validated by Spring Security.
JWT Tokens: Upon successful login, JWT tokens are generated for session management.
User Database: Stores hashed passwords and user roles, ensuring secure access.
2. POJO and Changes to a POJO (0.9 although not including)
A POJO is a simple Java object no extending of class and cant implement anything and no outside annotation. It's primarily used to hold data and is easily manipulated due to its simplicity.
A class used on its own
When you change a POJO, remember it might affect other parts of my program, like database operations if the POJO is linked to a database table.
public class User {
private String name;
private String email;
// Constructor, getters, and setters, although does not need to be a pojo, needs it to be a java bean though
public User(String name, String email) {
this.name = name;
this.email = email;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
}
3. Security Configuration Rules for Access (0.92)
Image for proof of work:
Line 71, permit all
Extra(HTTPS on deployed backend):
Security configuration rules are like the bouncers of an application; they control who gets in and to what parts. In a Spring application, these rules are set up in a security configuration class where you define patterns like:
URL Protections: Certain URLs can be restricted to users who are logged in or have specific roles, such as "ROLE_ADMIN".
Method Security: You can also protect specific methods in your code, allowing only certain roles to execute them.
Public and Private Access: Some parts of your application can be open to all users, while others are locked behind authentication.
These rules help ensure that users can only access what they're supposed to.
4. Docker and Update Process (0.9)
EC2 Console:
steps (EC2 Console for deployed):
docker-compose down - Take down docker server so nothing breaks and it can recompile
git pull - Fetch Latest Data
./mvnw clean - Clean Maven (optional but recommended)
docker-compose up -d --build - Rebuild docker
IF no changes are shown, run service nginx restart
I think of Docker as a virtual shipping container for your application. It packages up an application and all the parts it needs to run. This makes it easy to move around and run consistently in different environments.
Updating: When you have a new version of your application, you create a new Docker image with the updated code. Then you stop the old container running the previous version and start a new container with the updated image.
This process minimizes downtime and ensures that everyone is using the same version of your application.
5. Route 53 and Domain Setup Process (Extra Indicator)
Amazon Route 53 is a service that manages domain names and routes users to where your application is hosted. Setting up a domain is like telling the internet where to find your house.
Domain Registration: You either get a new domain name through Route 53 or tell Route 53 to manage an existing one.
Configure DNS: Set up rules for how traffic to your domain should be handled and directed to the right servers.
With Route 53, users can find your application using a friendly domain name instead of a complicated IP address.
6. API Access Code and Error Handling (0.9)
Implementation of error handling on frontend for my signup page:
Interacting with an API involves sending a request to a server and getting back a response. Your code should be prepared to handle both successful responses and errors.
Error Handling: If the server says you're not allowed to do something (like a "403 Forbidden" error), your code should know what to do next, such as sending the user back to the login page or showing a message that they don't have permission.
Example of error handling format(extra)
// A simple AJAX request using jQuery to an API:
$.ajax({
url: 'https://api.example.com/data',
type: 'GET',
success: function(response) {
console.log('Data retrieved:', response);
},
error: function(xhr, status, error) {
if (xhr.status === 403) {
window.location.href = '/login'; // Redirect to login on a 403 error
} else {
console.error('An error occurred:', error);
}
}
});
7. Managing CORS Policies(extra)
nginx file for my deployed site:
Securityconfig file:
CORS is a security feature that lets you define how your web application can interact with other websites.
Nginx: You can set up rules in your server configuration to control which websites can share your web application's resources.
Java: If you're using Java, particularly with Spring, you can annotate your code or set up a configuration to manage these rules.
CORS ensures that your application only shares information with trusted sources.
Extra Key Indicators for questions shown below
1. JWT Signup and/or Login Process & Diagram Explanation (0.95)
The diagram shows a web application security architecture where:
2. POJO and Changes to a POJO (0.9 although not including)
A POJO is a simple Java object no extending of class and cant implement anything and no outside annotation. It's primarily used to hold data and is easily manipulated due to its simplicity.
A class used on its own
When you change a POJO, remember it might affect other parts of my program, like database operations if the POJO is linked to a database table.
3. Security Configuration Rules for Access (0.92)
Image for proof of work:
Line 71, permit all
Extra(HTTPS on deployed backend):![Screenshot 2024-01-30 at 11 10 22 PM](https://github.com/nikhilc3/csa/assets/111464993/9c13fca6-5479-41ff-a62f-ab604b6ffed8)
Security configuration rules are like the bouncers of an application; they control who gets in and to what parts. In a Spring application, these rules are set up in a security configuration class where you define patterns like:
These rules help ensure that users can only access what they're supposed to.
4. Docker and Update Process (0.9)
EC2 Console:![Screenshot 2024-01-30 at 11 27 35 PM](https://github.com/nikhilc3/csa/assets/111464993/7a06dfba-f0df-4b21-a4e8-9af0e260c25c)
steps (EC2 Console for deployed):
My deployed server link: https://ncloginback.stu.nighthawkcodingsociety.com/
I think of Docker as a virtual shipping container for your application. It packages up an application and all the parts it needs to run. This makes it easy to move around and run consistently in different environments.
This process minimizes downtime and ensures that everyone is using the same version of your application.
5. Route 53 and Domain Setup Process (Extra Indicator)
deployed backend with route 53: https://ncloginback.stu.nighthawkcodingsociety.com/
image of route 53:![Screenshot 2024-01-30 at 11 14 36 PM](https://github.com/nikhilc3/csa/assets/111464993/2b28ba25-4b2b-41ce-bed4-f4e209c482b6)
Amazon Route 53 is a service that manages domain names and routes users to where your application is hosted. Setting up a domain is like telling the internet where to find your house.
With Route 53, users can find your application using a friendly domain name instead of a complicated IP address.
6. API Access Code and Error Handling (0.9)
Implementation of error handling on frontend for my signup page:
Interacting with an API involves sending a request to a server and getting back a response. Your code should be prepared to handle both successful responses and errors.
Example of error handling format(extra)
7. Managing CORS Policies(extra)
nginx file for my deployed site:![Screenshot 2024-01-30 at 11 21 46 PM](https://github.com/nikhilc3/csa/assets/111464993/e70fd288-12b5-4501-bdc1-1f26ac5b12bd)
Securityconfig file:![Screenshot 2024-01-30 at 11 22 29 PM](https://github.com/nikhilc3/csa/assets/111464993/3330241a-1cae-49ad-91b1-d9315a610cb1)
CORS is a security feature that lets you define how your web application can interact with other websites.
CORS ensures that your application only shares information with trusted sources.