My aim in this project is to understand servlet filters and how to manage token headers in the request and response headers. I had a chance to experience the Inversion Of Control principle and its implementation via Dependency Injection.
In this application, a simple token-based authentication and authorization method is adopted. The token contains expiration data and some unique random characters. There are a number of protected paths that require a valid token to be accessed. The existence of a valid token header is examined using two separate filters: token filter and authorization filter. token filter checks if token is not expired and exists in the database. After that, the authorization filter checks if the requested path or resources are allowed to be accessed by the requesting user. Furthermore, the application provides some other features such as CRUD for users and products.
The application has three main layers: repository for data access, service for business logic, and controller for handling restful HTTP requests. Besides these modules, it has config, filter, model, error, etc. Shortly, the application is split into modules for ease of development and separation of concerns.
So, Spring Data JPA, JdbcTemplate, Lombok, Servlet Filter are used.
The front end is developed using React. State management uses Redux Tool-Kit with asyncThunks. Axios is used for API calls. Bootstrap is used to make the design a bit attractive.
When opening user home page, if the token is expired, user is forced to log out automatically.
