A test Spring Boot application demonstrating authentication and authorization using Spring Security 6 with JWT (JSON Web Token) integration.
This project is a complete example of implementing Spring Security in a modern Spring Boot 4 application with JWT-based authentication. It includes user management, secure endpoints, and token-based authorization.
- Java 21 β Latest LTS version
- Spring Boot 4.0.0 β Modern Spring framework
- Spring Security 6 β Authentication & authorization
- JWT (JJWT 0.12.6) β Token-based authentication
- MapStruct 1.5.5 β DTO-to-Entity mapping
- Lombok β Boilerplate code reduction
- PostgreSQL β Relational database
- Maven β Dependency management
springsecurity-test/
βββ src/
β βββ main/java/com/project/testsecurity/
β β βββ entity/
β β β βββ User.java
β β βββ dto/
β β β βββ UserDto.java
β β βββ mapper/
β β β βββ UserMapper.java
β β βββ service/
β β β βββ impl/
β β β βββ UserServiceImpl.java
β β βββ TestSecurityApplication.java
β βββ test/
βββ pom.xml
βββ README.md
@Entity
@Table(name = "users")
@Getter
@Setter
@RequiredArgsConstructor
public class User {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
@Column(name = "user_id")
private UUID userId;
@Column(name = "first_name")
private String firstName;
@Column(name = "last_name")
private String lastName;
@Column(name = "email")
private String email;
@Column(name = "password")
private String password;
}@Data
public class UserDto {
String userId;
String firstName;
String lastName;
String email;
String password;
}MapStruct-based interface for converting between User entity and UserDto:
@Mapper(componentModel = MappingConstants.ComponentModel.SPRING,
unmappedTargetPolicy = ReportingPolicy.IGNORE)
public interface UserMapper {
UserDto toDto(User user);
User toEntity(UserDto dto);
}Key dependencies included:
spring-boot-starter-securityβ Spring Security frameworkspring-boot-starter-data-jpaβ JPA/Hibernate ORMspring-boot-starter-webmvcβ Web MVC supportjjwt-*(api, impl, jackson) β JWT token creation and validationmapstruct+mapstruct-processorβ DTO mappinglombokβ Code generationpostgresqlβ Database driver
Ensures proper annotation processing for Lombok and MapStruct:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.11.0</version>
<configuration>
<source>21</source>
<target>21</target>
<annotationProcessorPaths>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</path>
<path>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct-processor</artifactId>
<version>1.5.5.Final</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>- Java 21 or higher
- Maven 3.8+
- PostgreSQL 12+ (for production)
- Git
- Clone the repository:
git clone https://github.com/nurassul/springsecurity-test.git
cd springsecurity-test- Configure database (
application.propertiesorapplication.yml):
spring.datasource.url=jdbc:postgresql://localhost:5432/springsecurity_db
spring.datasource.username=postgres
spring.datasource.password=your_password
spring.jpa.hibernate.ddl-auto=update- Build the project:
mvn clean install- Run the application:
mvn spring-boot:runThe application will start on http://localhost:8080
- User registration with encrypted passwords
- Login endpoint returning JWT token
- Token validation for protected endpoints
- Role-based access control (RBAC)
- JWT-based stateless authentication
- Secure password encryption
Error: Parameter 1 of constructor required a bean of type 'UserMapper' that could not be found
Solution: Ensure MapStruct processor is configured correctly in pom.xml:
- Add
mapstruct-processordependency - Include it in
annotationProcessorPathsin maven-compiler-plugin - Rebuild project:
mvn clean rebuild
- Verify JJWT version compatibility with Spring Boot 4.0.0
- Check JWT secret key configuration
- Validate token expiration settings
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/auth/register |
Register new user |
| POST | /api/auth/login |
Login & get JWT token |
| GET | /api/users/{id} |
Get user by ID (requires auth) |
| PUT | /api/users/{id} |
Update user (requires auth) |
| DELETE | /api/users/{id} |
Delete user (requires auth) |
Run tests with Maven:
mvn testTests include:
- Unit tests for services
- Integration tests with Spring Security
- JWT token validation tests
Create src/main/resources/application.properties:
# Server Configuration
server.port=8080
# Database
spring.datasource.url=jdbc:postgresql://localhost:5432/springsecurity_db
spring.datasource.username=postgres
spring.datasource.password=password
spring.datasource.driver-class-name=org.postgresql.Driver
# JPA/Hibernate
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=false
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
# JWT Configuration
jwt.secret.key=your-super-secret-key-change-in-production
jwt.expiration=86400000
# Security
spring.security.user.name=admin
spring.security.user.password=admin123Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License β see the LICENSE file for details.
nurassul β GitHub: @nurassul
For issues and questions, please open an issue on the GitHub repository.
Happy Coding! π