User Auth App is a full-stack authentication system built using Java Spring Boot (backend), ReactJS (frontend), and PostgreSQL (database). This practice project focuses on implementing a secure JWT-based Authentication system, including access tokens, refresh tokens, role-based access control, and user profile management.
It provides a foundational structure for any application requiring user login, registration, token refresh, profile management, and admin-based user operations.
- ๐ JWT Authentication: Implements secure access and refresh token strategy.
- ๐ User Registration & Login: Register new users and authenticate existing ones.
- โป๏ธ Token Refresh: Renew access token using refresh token seamlessly.
- ๐ค User Profile Management: Get, update profile info (only for logged-in users).
- ๐งโ๐ผ Admin Operations: Admins can manage all users (CRUD).
- ๐ Role-based Routing: Conditional rendering and routing based on roles.
- โ 404 Page: User-friendly error page for invalid routes.
- โ 403 Page: Unauthorized page shown when access is forbidden.
- ๐ Java Spring Boot
- Spring Security + JWT
- Spring Data JPA
- PostgreSQL
- Swagger UI for API testing
- Maven for dependency management
- ๐ ReactJS
- Axios for HTTP requests
- React Router DOM
- Context API (Auth state)
- TailwindCSS for styling
- React Toastify for alerts
- ๐ข๏ธ PostgreSQL
-
All APIs Overview
-
Login with user
mahmud(get Access & Refresh Tokens)
-
Authorize Swagger with Token
-
Access Protected
/profileEndpoint
-
Admin Endpoint: All Users with Pagination (Page 1, 2 Users)
-
Admin Dashboard
-
User Profile Page
-
Edit Profile Modal
-
Login Page
-
403 Forbidden Page
-
404 Not Found Page
spring-boot-userauth/
โโโ src/
โ โโโ main/
โ โ โโโ java/com/mahmudalam/userauth/
โ โ โ โโโ controller/
โ โ โ โโโ service/
โ โ โ โโโ repository/
โ โ โ โโโ model/
โ โ โ โโโ dto/
โ โ โ โโโ security/
โ โ โ โโโ UserAuthApplication.java
โ โ โโโ resources/
โ โ โโโ application.properties
โ โโโ test/
โโโ pom.xml
user-auth-frontend/
โโโ public/
โโโ src/
โ โโโ api/
โ โโโ pages/
โ โโโ components/
โ โโโ routes/
โ โโโ contexts/
โ โโโ App.jsx
โ โโโ main.jsx
โโโ package.json
- Java 21 LTS
- Node.js & npm
- PostgreSQL installed locally
git clone https://github.com/Mahmud-Alam/spring-boot-userauth.git
cd spring-boot-userauthEdit application.properties:
spring.application.name=userauth
server.port=8082
# PostgreSQL DB settings
spring.datasource.driver-class-name=org.postgresql.Driver
spring.datasource.url=jdbc:postgresql://localhost:5432/bmudb
spring.datasource.username=postgres
spring.datasource.password=1234
# Hibernate / JPA settings
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
# Spring Security
spring.security.user.name=mahmud
spring.security.user.password=mahmud
# Access/Refresh Token Secret
# Base64 encoded
# base64AccessSecretKeyMahmudAlamMahmudAlamMahmudAlam
# base64RefreshSecretKeyMahmudAlamMahmudAlamMahmudAlam
jwt.access.secret=YmFzZTY0QWNjZXNzU2VjcmV0S2V5TWFobXVkQWxhbU1haG11ZEFsYW1NYWhtdWRBbGFt
jwt.refresh.secret=YmFzZTY0UmVmcmVzaFNlY3JldEtleU1haG11ZEFsYW1NYWhtdWRBbGFtTWFobXVkQWxhbQ==
jwt.access.expiry=600000
jwt.refresh.expiry=1209600000# Using Maven
mvn spring-boot:run- App runs on: http://localhost:8082
- Swagger UI: http://localhost:8082/swagger-ui.html
cd frontend
npm install
npm run devApp runs on: http://localhost:5173
Create .env file:
VITE_API_BASE = "http://localhost:8082"| Method | Endpoint | Description |
|---|---|---|
| POST | /register |
Register new user |
| POST | /login |
Login user, returns tokens |
| POST | /refresh-token |
Refresh access token |
| Method | Endpoint | Access Role | Description |
|---|---|---|---|
| GET | /users |
ADMIN | Get all users |
| GET | /users/{id} |
ADMIN | Get user by ID |
| POST | /users |
ADMIN | Create new user |
| PUT | /users/{id} |
ADMIN | Full update |
| PATCH | /users/{id} |
ADMIN | Partial update |
| GET | /users/profile |
USER / ADMIN | Get current user's profile |
| PUT | /users/profile |
USER / ADMIN | Full profile update |
| PATCH | /users/profile |
USER / ADMIN | Partial profile update |
- ๐ Passwords are hashed securely using Spring Security.
- ๐งพ Role-based access control (ADMIN / USER).
- โ JWT refresh & access token handling via HTTP-only headers/localStorage.
- โ 401 & 403 responses handled gracefully on frontend.
mvn test- Add account verification via email
- Add password reset functionality
- Rate limiting for login attempts
- OAuth2 or social login support
- Deploy to Render / Vercel / Railway
- Fork the project
- Create a new branch:
git checkout -b feature/AmazingFeature - Commit your changes:
git commit -m 'Add some feature' - Push to the branch:
git push origin feature/AmazingFeature - Open a Pull Request
Mahmud Alam
- ๐ Portfolio: Mahmud Alam
- ๐ง Email: [email protected]
- ๐ป GitHub: Mahmud-Alam
- ๐ผ LinkedIn: @mahmudalamofficial
- Thanks to the Spring Security and JWT communities
- Inspired by modern authentication best practices