A Spring Boot microservice for user registration, authentication, and advanced multi-role session management.
- User registration with email, name, and phone number
- Secure password authentication using BCrypt
- JWT-based authentication with role-specific tokens
- Multi-role session management - users can switch between roles
- Role-specific permissions and capabilities
- Persistent role data - continue from where you left off
- Role session tracking - track time spent and activities per role
- MongoDB integration
- Account lockout protection
- Input validation
- RESTful API design
The project follows a modular microservice architecture with clear separation of concerns:
- Main Module (
/): Core application launcher and role session management - tymelyne-auth (
/tymelyne-auth): Complete authentication and user management module - tymelyne-beans (
/tymelyne-beans): Entity classes and domain models - tymelyne-dtos (
/tymelyne-dtos): Shared Data Transfer Objects
Main Module
├── tymelyne-auth (Authentication & User Management)
│ ├── tymelyne-beans (Entities)
│ └── tymelyne-dtos (DTOs)
├── tymelyne-beans (Entities)
└── tymelyne-dtos (DTOs)
- User Registration & Login: Complete authentication flow
- JWT Token Management: Secure token generation and validation
- Password Security: BCrypt hashing with strength validation
- Account Security: Lockout protection and failed attempt tracking
- User Management: Profile management and user operations
- Role Session Management: Multi-role switching with data persistence
- Permission System: Granular role-based permissions
- Session Tracking: Time tracking and analytics per role
- Role Data Persistence: Continue from where you left off
- Java 11 or higher
- MongoDB 4.0 or higher
- Gradle 6.0 or higher
Make sure MongoDB is running on localhost:27017 or update the connection settings in application.properties.
./gradlew clean build./gradlew bootRunThe application will start on http://localhost:8080
POST /api/users/register
Content-Type: application/json
{
"email": "user@example.com",
"name": "John Doe",
"phoneNumber": "+1234567890",
"password": "SecurePass123!",
"confirmPassword": "SecurePass123!"
}
POST /api/auth/login
Content-Type: application/json
{
"email": "user@example.com",
"password": "SecurePass123!"
}
POST /api/auth/validate?token=<jwt_token>
POST /api/auth/logout
POST /api/roles/select
Content-Type: application/json
Authorization: Bearer <jwt_token>
{
"role": "TEACHER"
}
GET /api/roles/history
Authorization: Bearer <jwt_token>
GET /api/roles/available
GET /api/roles/{role}/permissions
POST /api/roles/logout
Authorization: Bearer <role_jwt_token>
PUT /api/roles/data/{dataKey}
Content-Type: application/json
Authorization: Bearer <role_jwt_token>
{
"value": "some_data"
}
GET /health
- Minimum 8 characters, maximum 128 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one digit
- At least one special character (@$!%*?&)
- BCrypt password hashing
- JWT token authentication
- Account lockout after 5 failed login attempts (30-minute lockout)
- Input validation and sanitization
- CORS protection
- SQL injection prevention (using MongoDB)
Key configuration properties in application.properties:
# MongoDB
spring.data.mongodb.host=localhost
spring.data.mongodb.port=27017
spring.data.mongodb.database=tymelyne
# JWT
jwt.secret=tymelyneSecretKeyForJWTTokenGenerationAndValidation2024
jwt.expiration=86400
jwt.issuer=tymelyne
# Server
server.port=8080- Login: User logs in and receives a basic JWT token
- Role Selection: User selects a role and receives a role-specific JWT token with permissions
- Role Sessions: Each role maintains separate data and progress
- Role Switching: Users can logout from current role and select a different one
- Data Persistence: Role-specific data is preserved between sessions
- View Courses, Submit Assignments, View Grades, Join Classes, View Attendance
- Create Courses, Manage Assignments, Grade Assignments, Take Attendance, View Student Progress
- Manage Teachers/Students, View School Reports, Manage Curriculum, Approve Courses
- View Alumni Directory, Participate in Events, Mentor Students, Make Donations
{
"_id": "ObjectId",
"email": "string (unique)",
"name": "string",
"phoneNumber": "string",
"isActive": "boolean",
"createdAt": "datetime",
"updatedAt": "datetime",
"lastLoginAt": "datetime"
}{
"_id": "ObjectId",
"userId": "string (unique)",
"passwordHash": "string",
"salt": "string",
"failedLoginAttempts": "number",
"lastFailedLoginAt": "datetime",
"isLocked": "boolean",
"lockedUntil": "datetime",
"passwordChangedAt": "datetime",
"createdAt": "datetime",
"updatedAt": "datetime"
}{
"_id": "ObjectId",
"userId": "string",
"role": "TEACHER|PRINCIPAL|STUDENT|ALUMNI",
"isCurrentSession": "boolean",
"firstAccessedAt": "datetime",
"lastAccessedAt": "datetime",
"sessionCount": "number",
"totalTimeSpentMinutes": "number",
"roleData": "object (role-specific data)",
"progressData": "object (progress tracking)",
"roleSettings": "object (role preferences)",
"createdAt": "datetime",
"updatedAt": "datetime"
}The API returns standardized error responses:
{
"success": false,
"message": "Error description",
"errors": {
"field": "Validation error message"
}
}- OTP-based authentication
- Email verification
- Password reset functionality
- Role-based permissions
- Audit logging
- Rate limiting
- API documentation with Swagger
./gradlew test./gradlew check- Follow SOLID principles
- Write unit tests for new features
- Maintain consistent code style
- Update documentation for API changes