CarGDev/Secure-Software-Design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Secure Software Design API

A Spring Boot REST API demonstrating secure software design principles with token-based authentication and authorization.

Features

  • Token-based authentication
  • Role-based access control (RBAC)
  • BCrypt password hashing
  • HTTPS/SSL support
  • Security headers (CSP, HSTS, X-Frame-Options)
  • Input validation
  • Centralized exception handling

Prerequisites

  • Java 21
  • PostgreSQL
  • Maven

Configuration

Create a .env file based on .env.example:

DB_URL=jdbc:postgresql://localhost:5432/your_database
DB_USER=your_username
DB_PASSWORD=your_password
SSL_KEYSTORE_PASSWORD=your_keystore_password
SSL_ENABLED=true
PORT=8443

Build & Run

# Build
./mvnw clean package

# Run
./mvnw spring-boot:run

The API runs on https://localhost:8443 by default.

API Endpoints

Public

Method Endpoint Description
POST /auth/login Authenticate user
GET /health Health check

Protected

Method Endpoint Description
GET /users/me Get current user profile
POST /users/create Create new user (Admin only)
POST /users/logout Logout and invalidate tokens

Project Structure

src/main/java/com/api/main/
├── controllers/     # REST endpoints
├── services/        # Business logic
├── entities/        # JPA entities
├── repositories/    # Data access
├── security/        # Security configuration
├── dto/             # Data transfer objects
└── config/          # App configuration
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 61 KiB
Languages
Java 100%