docs: UPDATED

Author: AnanthaRajuC

documents/API.md

@@ -1,5 +1,53 @@
 ## API
 
+This application comes with an out-of-the-box API, which will allow you to provide an API to your users or build a mobile app from your API.
+
+### Access Data from the API
+
+In order to access data from the API a user or an application will need to pass an Access Token to the API. This access token along with the **ROLE** of the user will determine what kind of data can be accessed or returned.
+
+- You can request an Access Token with a **username** and a **password**
+
+To get an Access Token from a User Login you can do a POST request to:
+
+|                                          URL                        | Method |                    Remarks                    | Sample Valid Request Body |
+|---------------------------------------------------------------------|--------|-----------------------------------------------|---------------------------|
+|`http://localhost:8080/api/v1/auth/login`                            | POST   |Bearer Token, Refresh Token is generated       | [JSON](#login)            |
+
+You will get a response similar to the one show below.
+
+~~~json
+{
+    "authenticationToken": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huZG9lIiwiZXhwIjoxNjIxMTYwOTk4fQ.TGDRUuBP25SE4bJU2jTpbNku2ZTqDF-cP0JEI0QdMEslvfH7e9J3cxy4aGe86hqTMCcgED7CwyGHDPqsSVQfCDIJPnhkTdrguZc-4m01blg3-SedCDIDg2Xq6oIsYIIDyY92ITiLKxTclzyj289DokwOfxwSQyrNxIkdCJZ8VoKZUeDjmalXM8uDpS7Cf7-dCgCYi7lFpZH0vma6qq62KNfuRV1zhWh9OT4jRoeaNMvbxn2kRA912yDQ0Y1M4EZFqAtS4m_6hiNw9MJ6KbfgpZ5y2oNlabtCOSlSeHtKyFhnFe0S5CX3Vl03hiALGOpxQPP2ayyy9samCG4qC8l11w",
+    "refreshToken": "3d0ca7a8-04c5-4bb2-8fe4-0e26b06c6ef1",
+    "expiresAt": "2021-05-16T10:24:59.722Z",
+    "username": "johndoe"
+}
+~~~
+
+You'll see that this response includes additional fields **refreshToken** and **expiresAt**. When your application detects the **authenticationToken** has expired it will need you to request a new **authenticationToken** with the following API request:
+
+|                                          URL                        | Method |                    Remarks                    | Sample Valid Request Body |
+|---------------------------------------------------------------------|--------|-----------------------------------------------|---------------------------|
+|`http://localhost:8080/api/v1/auth/refresh/token`                    | POST   |Refresh Token from login should be passed      | [JSON](#refresh-token)    |
+
+
+##### sample refresh token request body
+
+```json
+{
+    "token":"1178cd43-21d2-45b4-8b5f-c79aa1d5b76e",
+    "username":"johndoe"
+}
+```
+
+And you will recieve a new **authenticationToken** for your application to be used. This expiration and refresh tokens are common for keeping your API secure.
+
+### Request Data with an Access Token
+
+Now, that you have an **authenticationToken** you can request data from the application using that token. Based on the permission of the current user they will be able to CREATE, READ, UPDATE, and DELETE content in your application.
+
+
 ### API Rate Limiting
 
 |     Tier   | API Request Cap |  API Key Prefix  |
@@ -24,7 +72,6 @@ If the application remains inactive for a specified period of time, the session
 
 This value **server.servlet.session.timeout** can be configured in **application.properties** file
 
-
 ## Explore Rest APIs
 
 The app defines following CRUD APIs. **If localhost doesn't work, use 192.168.99.102**
@@ -35,6 +82,11 @@ Since the SSL certificate is self signed, turn off the **SSL certificate verific
 
 <img src="images\tools\postman-ssl-certificate-verification.PNG"/>
 
+### Authentication, Person, Person Management URLs
+
+- [Authentication API's](/AUTHENTICATION.MD)  
+- [Person and Person Management API's](/USER_ROLES.MD)  
+
 ### URLs
 
 |                   URL                  | Method |          Remarks       |
@@ -67,3 +119,4 @@ To monitor and manage your application
 |`http://localhost:8080/actuator/info`      |  GET |
 |`http://localhost:8080/actuator/prometheus`|  GET |
 |`http://localhost:8080/actuator/httptrace` |  GET |
+

documents/AUTHENTICATION.MD

@@ -38,11 +38,14 @@ The simplest way to test emails in development mode is to use Mailtrap. You can
 
 If you have just installed Spring Boot Application Template you can login with the following default accounts.
 
-|     Username     | Password |
-|------------------|----------|
-|`johndoe`         |`password`|
-|`AdminUser`       |`password`|
-|`AdminTraineeUser`|`password`|
+|     Username     | Password |     Role     |
+|------------------|----------|--------------|
+|`johndoe`         |`password`|`PERSON`      |
+|`janedoe`         |`password`|`PERSON`      |
+|`Admin1`          |`password`|`ADMIN`       |
+|`Admin2`          |`password`|`ADMIN`       |
+|`AdminTrainee1`   |`password`|`ADMINTRAINEE`|
+|`AdminTrainee1`   |`password`|`ADMINTRAINEE`|
 
 |                                          URL                        | Method |                    Remarks                    | Sample Valid Request Body |
 |---------------------------------------------------------------------|--------|-----------------------------------------------|---------------------------|

documents/USER_ROLES.MD

@@ -5,12 +5,15 @@ Each user in the app will have a primary role and every role has permissions to
 |     Username     | Password |     Role     |                      Permission                       |         Resource          |
 |------------------|----------|--------------|-------------------------------------------------------|---------------------------|
 |`johndoe`         |`password`|`PERSON`      |                                                       |`/api/v1/person`           |
-|`AdminUser`       |`password`|`ADMIN`       |`PERSON_CREATE,PERSON_READ,PERSON_UPDATE,PERSON_DELETE`|`/management/api/v1/person`|
-|`AdminTraineeUser`|`password`|`ADMINTRAINEE`|`PERSON_READ`                                          |`/management/api/v1/person`|
+|`janedoe`         |`password`|`PERSON`      |                                                       |`/api/v1/person`           |
+|`Admin1`          |`password`|`ADMIN`       |`PERSON_CREATE,PERSON_READ,PERSON_UPDATE,PERSON_DELETE`|`/management/api/v1/person`|
+|`Admin2`          |`password`|`ADMIN`       |`PERSON_CREATE,PERSON_READ,PERSON_UPDATE,PERSON_DELETE`|`/management/api/v1/person`|
+|`AdminTrainee1`   |`password`|`ADMINTRAINEE`|`PERSON_READ`                                          |`/management/api/v1/person`|
+|`AdminTrainee2`   |`password`|`ADMINTRAINEE`|`PERSON_READ`                                          |`/management/api/v1/person`|
 
 ### Person URLs
 
-#### Accessible to **johndoe** user only
+#### Accessible to user's with **PERSON** role only
 
 |                           URL                            |  Method |                                         Remarks                                     | Sample Valid Request Body |
 |----------------------------------------------------------|---------|-------------------------------------------------------------------------------------|---------------------------|
@@ -23,7 +26,7 @@ Each user in the app will have a primary role and every role has permissions to
 
 ### Person Management URLs
 
-#### Role and Permission based secure access to **AdminUser** and **AdminTrainee** users
+#### Role and Permission based secure access to user's with **ADMIN** role. 
 
 |                          URL                             |  Method |                                       Remarks                                       | Sample Valid Request Body |
 |----------------------------------------------------------|---------|-------------------------------------------------------------------------------------|---------------------------|
@@ -34,6 +37,11 @@ Each user in the app will have a primary role and every role has permissions to
 |`http://localhost:8080/management/api/v1/person/{id}`     | PUT     | Update a person                                                                     |   [JSON](#personcreate)   |
 |`http://localhost:8080/management/api/v1/person/{id}`     | DELETE  | Delete a person                                                                     |                           |
 
+#### Role and Permission based secure access to user's with **ADMINTRAINEE** role. 
+
+|                          URL                             |  Method |                                       Remarks                                       | Sample Valid Request Body |
+|----------------------------------------------------------|---------|-------------------------------------------------------------------------------------|---------------------------|
+|`http://localhost:8080/management/api/v1/person`          | GET     | Header `Accept:application/json` or `Accept:application/xml` for content negotiation|                           |
 
 #### Sample Valid JSON Request Bodys