1.Java
2.SpringBoot
3.MySQL
The application follows industry best practices for authentication and authorization, incorporating role-based access control, HTTP basic authentication, and stateless session management.
1. UserDetailsService Bean - The UserDetailsService bean is responsible for providing user details during the authentication process. The implementation, UserDetailsServiceImpl, typically retrieves user information from the DataBase.
2. SecurityFilterChain Bean - This bean configures the security settings for HTTP requests. It defines rules for different paths and HTTP methods, specifying required roles, permitting access, and enforcing basic authentication. The session management is set to be stateless..
PasswordEncoder Bean - The PasswordEncoder bean defines the password encoder used for hashing and verifying passwords. In this case, it utilizes the BCryptPasswordEncoder.
4. AuthenticationProvider Bean - The AuthenticationProvider bean configures an instance of DaoAuthenticationProvider. It associates the user details service and password encoder, making it responsible for authenticating users, verifying credentials, and loading user details.
Authentication Flow
When a user attempts to access a secured resource, the SecurityFilterChain intercepts the request.
The DaoAuthenticationProvider uses the configured UserDetailsService to load user details based on the provided username.
The password provided by the user is hashed using the configured PasswordEncoder, and the hashed value is compared to the stored password hash.
If the credentials match, the user is authenticated, and access is granted according to the defined roles and access rules.
##Available EndPoints
- Endpoint:
GET /api/tasks/{id} - Permission Required: ROLE_USER
- Description: Retrieve a specific task by its ID.
- Parameters:
{id}: ID of the task to retrieve.
- Returns: Task object.
- Error Response:
- 404 Not Found: If the task with the specified ID is not found.
- Endpoint:
POST /api/tasks - Permission Required: ROLE_USER
- Description: Create a new task.
- Request Body: Task object.
- Returns: Created Task object.
- Error Response:
- 400 Bad Request: If the required fields (title and description) are not provided.
- Endpoint:
PUT /api/tasks/{id} - Permission Required: ROLE_USER
- Description: Update an existing task.
- Parameters:
{id}: ID of the task to update.
- Request Body: Updated Task object.
- Returns: Updated Task object.
- Error Response:
- 404 Not Found: If the task with the specified ID is not found.
-
Endpoint:
DELETE /api/tasks/{id} -
Permission Required: ROLE_USER
-
Description: Delete a task by its ID.
-
Parameters:
{id}: ID of the task to delete.
-
Returns: No content.
-
Error Response:
- 404 Not Found: If the task with the specified ID is not found.
-
Endpoint:
GET /api/tasks/user/{userId}/tasks -
Permission Required: ROLE_ADMIN
-
Description: Retrieve a list of tasks for a specific user.
-
Parameters:
{userId}: ID of the user to retrieve tasks for.
-
Returns: List of Task objects.
-
api/tasks?page=0&size=10 - Retrieves the first page with 10 tasks.
-
api/tasks?page=1&size=5 - Retrieves the second page with 5 tasks.
- Endpoint:
POST /signup - Description: Register a new user.
- Request Body: User object.
- Returns:
201 Created: If the user is successfully created.- Body: User object.
500 Internal Server Error: If there is an error during user creation