User Managment with Spring Security & JWT

[adityasarfare]

User Management back-end created with Spring Security and JWT

Overview: This pull request introduces a robust User Management back-end system built with Spring Security and JWT (JSON Web Tokens). The system includes functionality for user registration, login, token refreshing, and secure role-based access to resources. Key features include the use of JWT for authentication and authorization, password encryption using BCrypt, and role-based access control for users and admins.

Key Features Implemented: User Registration and Login:

• API endpoints for user registration (/auth/register) and login (/auth/login).

• Passwords are encrypted using BCrypt before storing in the database.

• JWT tokens are generated upon successful login and used for authenticating subsequent requests.

  JWT Token Management:

• Token-based authentication using JWT.

• Refresh token endpoint (/auth/refresh) for renewing tokens without re-authentication.

Role-Based Access Control:

Admin-only endpoints:

• Fetch all users (/admin/get-all-users).
• Fetch user details by ID (/admin/get-user/{id}).
• Update user information (/admin/update/{userId}).
• Delete a user (/admin/delete/{userId}).

User/Admin shared endpoint:

• View user profile (/adminuser/get-profile) based on the currently authenticated user.

Security:

Stateless session management with JWT tokens.

• Authorization implemented via Spring Security’s role-based access control.
• Role validation handled in the security filter chain to restrict access to certain endpoints based on user roles (e.g., ADMIN, USER).

Controller Code Overview (UserManagementController):

Endpoints:

• /auth/register: Registers a new user by accepting user data (name, email, password) and storing it in the database after encryption.
• /auth/login: Authenticates users based on their email and password, returning a JWT token for further authentication.
• /auth/refresh: Refreshes the user's JWT token without requiring re-login.
• /admin/get-all-users: Restricted to admins, fetches all registered users in the system.
• /admin/get-user/{id}: Allows admins to fetch details of a specific user by their ID.
• /admin/update/{userId}: Allows admins to update user information for the specified user ID.
• /adminuser/get-profile: Allows authenticated users (admins or regular users) to view their own profile information.
• /admin/delete/{userId}: Admins can delete a user by their user ID.

Next Steps / Future Improvements:

• Add more detailed validation and error handling for request payloads.
• Implement user activity logging and audit trails.
• Add pagination for fetching large user datasets.

Testing:

• All endpoints have been tested with Postman to ensure proper functionality and security compliance.
• JWT token-based authentication is tested for both successful and unauthorized access scenarios.

[netlify[bot]]

✅ Deploy Preview for tenant-rental-app ready!

Name	Link
🔨 Latest commit	6203898ce3090955bd49c61f1a27c0c3dbee1e11
🔍 Latest deploy log	https://app.netlify.com/sites/tenant-rental-app/deploys/66e21806f57a5d0008ac5d1e
😎 Deploy Preview	https://deploy-preview-19--tenant-rental-app.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.