Skip to content

lebronjamesuit/social-media-platforms

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
src
src
 
 
OauthNotes.txt
OauthNotes.txt
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
notes.txt
notes.txt
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Social-media-platforms

Deployment:

  • AWS Elastic Beanstalk currently does not offer built-in HTTPS support. To address this, I've configured an AWS Load Balancer (Application Load Balancer) to seamlessly route incoming requests to the EC2 Beanstalk environment, handling both HTTPS traffic on port 443 and HTTP on port 80.

  • I decided for the backend system, I've implemented SSL/TLS decryption using a self-signed certificate.

    https://lbconfessionapis-2012569758.eu-west-2.elb.amazonaws.com/swagger-ui/index.html

Amazon RDS

Instance: db.t3.micro
PostgreSQL 15.3-R2
image

Features

  • LRU (Least Recently Used) cache implementation on access O(1), modify O(n)
  • User registration and login with JWT authentication
  • Asymmetric keysRSA 2048, private key and public key
  • Password encryption using BCrypt
  • Role-based authorization with Spring Security
  • Customized access denied handling
  • Logout mechanism revoke tokens
  • Refresh token.
  • Swagger-UI and Open API 3.0
  • Async mail service
  • Cross-Origin Resource Sharing (CORS) basic configure

Technologies

  • Java 11+
  • Spring Boot 3.0
  • Spring Security 6.0
  • JSON Web Tokens (JWT) - nimbusds jwt
  • Mapstruct, Lombok
  • Postgresql

Spring Security + Oauth 2 Client combination flow chart.

Screenshot 2023-07-09 at 20 42 26

Token management

  • JSON Web Tokens format in this project
image
  • Access tokens remain valid for a short period, usually less than 15 minutes, in order to maintain security.
  • Refresh tokens, on the other hand, stay active for a longer duration, typically around one month.
  • The front-end application (angular web app) automatically initiates a request for a new access token as soon as the current one expires.

refresh tokn

Authorization

  1. So it starts with the Client sending a login request to the server.
  2. The server checks the credentials provided by the user, if the credentials are right, it creates a JSON Web Token (JWT).
  3. It responds with a success message (HTTP Status 200) and the JWT.
  4. The client uses this JWT in all the subsequent requests to the user, it provides this JWT as an Authorization header with Bearer authentication scheme.
  5. When the server, receives a request against a secured endpoint, it checks the JWT and validates whether the token is generated and signed by the server or not.
  6. If the validation is successful, the server responds accordingly to the client.

About

Build an backend app social media, secure my API using Spring Security 6 and Auth0. Deployed AWS.

lbconfessionapis-2012569758.eu-west-2.elb.amazonaws.com/swagger-ui/index.html

Topics

aws spring spring-oauth2 refresh-token spring-boot-3 springframework6

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages