finds.dev← search

// the find

Fernanda-Kipper/auth-api

★ 319 · Java · updated Jun 2023

This repository contains a simple Java Spring project that implements authentication and authorization using Spring Security

A tutorial companion project showing how to wire Spring Security with JWT in a Spring Boot app. It covers the basics: user registration, login, role-based access control (USER/ADMIN), and Flyway migrations against Postgres. This is squarely aimed at developers learning Spring Security for the first time.

Flyway handles schema migrations instead of letting Hibernate auto-create tables, which is the right habit to build. The security filter chain is separated cleanly into its own infra package rather than scattered across controllers. JWT token generation and validation live in a dedicated TokenService, not stuffed into the auth controller. Using DTOs at the API boundary instead of exposing JPA entities directly is good practice that beginners often skip.

Last pushed June 2023 and targets an older Spring Boot version — Spring Security's lambda DSL changed significantly in 3.x, so following this verbatim on a current project will produce deprecation warnings or break. No refresh token support means every JWT is effectively a long-lived credential with no revocation path. The test directory contains only the empty generated stub; there are zero tests for the security configuration, which is exactly the code you most want tested. Registration is open to anyone, so anyone can call /auth/register and create a USER account — there's no invite or admin-creates-user flow, which is fine for a tutorial but would be a problem in a real app.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →