A ready-to-go secure Spring backend.

This setup assumes that anybody can access your website, but only specific features are meant to be accessed for authenticated users.

If you wish to force everything to be only accessible by authenticated users, uncomment the following lines in SecurityConfiguration.java:

.authorizeRequests()
	.antMatchers(HttpMethod.POST, "/api/v1/users").permitAll()
	.anyRequest().authenticated()
	.and()

By doing so, any request to the API will redirect you to the default login page except for:

docker-compose up

• Swagger UI
• Spring Security
• Spring Session
• RESTful API
• User authentication + register
• Page with some example

A index page is included to help developers getting started. It contains the link to the application's Swagger, the link to the default login form as well as another login form that uses the login processing url with a container for the server response of said example.

Only the necessary endpoints will be listed here. A full list of endpoints can be found using the Swagger UI.

The Swagger UI is there to facilitate the development of your application, as it can allow you to easily view and interact with the backend's API.

You can view the swagger API by going at the following url: /swagger-ui.html

Initially, there is no user other than root:root, which is an admin.

By default, there's a login form at the following url: /login

Alternatively, you can use the login processing url to login from your frontend.

Due to the nature of authentication itself, you'll need to use POST in order to login using the login processing url.

By default, the username must be at least 4 characters long and the password must be at least 8 characters long. The only exception is the default root:root user, which you should remove before publishing the project in production.

• Authentication button on Swagger UI
• More tests