// the find
Fernanda-Kipper/auth-api
This repository contains a simple Java Spring project that implements authentication and authorization using Spring Security
A tutorial companion project showing how to wire Spring Security with JWT in a Spring Boot app. It covers the basics: user registration, login, role-based access control (USER/ADMIN), and Flyway migrations against Postgres. This is squarely aimed at developers learning Spring Security for the first time.
Flyway handles schema migrations instead of letting Hibernate auto-create tables, which is the right habit to build. The security filter chain is separated cleanly into its own infra package rather than scattered across controllers. JWT token generation and validation live in a dedicated TokenService, not stuffed into the auth controller. Using DTOs at the API boundary instead of exposing JPA entities directly is good practice that beginners often skip.
Last pushed June 2023 and targets an older Spring Boot version — Spring Security's lambda DSL changed significantly in 3.x, so following this verbatim on a current project will produce deprecation warnings or break. No refresh token support means every JWT is effectively a long-lived credential with no revocation path. The test directory contains only the empty generated stub; there are zero tests for the security configuration, which is exactly the code you most want tested. Registration is open to anyone, so anyone can call /auth/register and create a USER account — there's no invite or admin-creates-user flow, which is fine for a tutorial but would be a problem in a real app.