This project is a Backend REST API developed using Spring Boot and Spring Security. It incorporates JWT-based authentication, OAuth2 login with Google, email confirmation, and password recovery functionalities.
The primary goal of this project is to provide a secure and robust authentication and authorization system for backend services. It demonstrates how to integrate various security features, including:
- JWT Authentication: Enables stateless authentication for RESTful services.
- OAuth2 with Google: Allows users to log in using their Google accounts.
- Email Confirmation: Ensures that users verify their email addresses during registration.
- Forgotten Password: Provides functionality for users to reset their passwords securely again with email confirmation.
- Exception Handling: The project incorporates comprehensive exception handling to effectively manage all types of errors that may arise during interactions with the security system.
Ensure you have the following installed:
- Java 21 (I guess other versions might work as well)
- Maven
- MySQL
-
Clone the repository:
git clone https://github.com/BelisAliosmanova/SpringSecurity.git cd SpringSecurity -
Configure the database:
-
Create a MySQL database named
springSecurity. (Or use thisjdbc:mysql://localhost:3306/springSecurity?createDatabaseIfNotExist=truefor an easier approach.) -
Update the
application.yamlfile with your database credentials:datasource: url: ${MYSQL_URL} // jdbc:mysql://localhost:3306/springSecurity?createDatabaseIfNotExist=true username: ${MYSQLUSER} // root password: ${MYSQLPASSWORD} // blank driver-class-name: com.mysql.cj.jdbc.Driver
-
-
Configure email settings:
- Update the
application.yamlfile with your email SMTP server details to enable email confirmation and password reset functionalities.
mail: host: smtp.gmail.com port: 465 protocol: smtps username: ${GMAIL_USERNAME} // your email SMTP server details password: ${GMAIL_PASSWORD} // your email SMTP server details properties: mail: transport: protocol: smtps smtps: auth: true starttls: enable: true timeout: 8000 - Update the
-
Configure Google OAuth2:
-
Obtain OAuth2 credentials from the Google Developer Console.
-
Update the
application.yamlfile with your Google client ID and client secret:oauth2: resourceserver: opaquetoken: introspection-uri: https://www.googleapis.com client-id: ${GOOGLE_CLIENT_ID} // your Google client ID client-secret: ${GOOGLE_CLIENT_SECRET} // your Google client secret
-
-
Build and run the application:
mvn clean install mvn spring-boot:run
- After a user registers, they will receive a confirmation email. Clicking the link in the email enables their account in the database.
- If the user doesn't confirm their email - they can't use the profile and the created user will be deleted after 24hours. (UserCleanupScheduler makes that)
- With the proper email and password, you recieve the JTW tokens
- When a user provides their email, the system sends an email containing a link with a token to reset their password.
- Here is an example of how the link shoud look:
http://localhost:8080/api/v1/auth/registrationConfirm?token=889f5170-25b9-4bee-a49a-4e927bfe7d59
- Accessing
/api/v1/oauth2/url/googlewill generate a link that opens the Google OAuth2 window, allowing you to select the profile you wish to log in with.
- After selecting the email you want to log in with, the system generates a link containing a code that you will need to use for the
/authenticate/googleendpoint. - Example of the generated link:
http://localhost:8081/process-oauth2?code=4%2F0AanRRrsJm6RGgnffRwKEezRW_1riG-4-LszeX8qYJ0dTclo-fawM7YNtC7SoJocuVvxmxg&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=1&prompt=none
