Skip to content

james126/mgm-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

93 Commits
.mvn/wrapper
.mvn/wrapper
 
 
readme
readme
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

mgm-server


Spring Boot Web App

Contents

Backlog

  • Add new endpoints
  • Remove redundant endpoints
  • Unit testing
  • Deploy

Description

First attempt at client server architecture - been developing it on/off since 2022.

  • Client uses Angular
    • mgm-client
  • Server uses Spring Boot
    • mgm-server
    • local postgres database
  • Previous hosted on AWS

Demo

Development user testing on localhost

  • server port 8080
  • Postgres port 5432
  • client port 80

Landing page


Error submitting contact form

Successfully submission

Server writes record to database

Signup form

Form validation

Request to check if username is taken

Unsuccessful submission

Successful submission

Record written to database

Forgot Password

Enter email to receive one-time password

Password received

Sets accounts temporary attribute true (indicates password is temporary)

Attempting to login with one-time password prompts user to change it

Resetting password sets temporary false (indicates password is not temporary)

Successfully logged into a dashboard

Spring Boot details

Application is stateless - user details stored on a database

  • Custom Authentication

    • CustomUserDetailsFilter extracts username/password from HTTP request body
    • CustomUserDetailsServer gets user details from the database
    • CustomAuthenticationProvider authenticates user and adds user authorities/priviledges

  • Login Authorization

    • Handled by Spring Security
      • Requires user authority role ADMIN
      • HTTP response contains a JWT cookie

  • Custom Authorization

    • Verifies user details extracted from JWT cookie
      • CustomJwtUtility validates the cookie and extracts user details
      • Proceeds with custom authentication

  • Custom JWT Cookies

    • Creates a JWT cookie using the username and appends it to the HTTP response
      • CustomJwtUtility creates response cookie

  • Custom Logging

    • Logs all HTTP requests to file
    • Logs successful authentication attempts
    • Logs errors sent by the Angular client to file angular.log
      • Logback

  • Injection attack mitigation

    • HTML/JavaScript injection form input is sanitised to remove HTML/JavaScript
    • SQL Injection input is inserted into the database as String parameters

  • Database

    • postgresl use to store data - contact forms, user details

  • Custom HTTP request caching

    • Caches content type application/json requests to prevent IllegalStateException: “getInputStream() has already been called for this request.

  • Custom Header Filter

    • Adds custom HTTP response headers to the http-response - required by Angular front-end

Hosting

Previously hosted on AWS ec2 - no longer
AWS Route53 routes requests for server.mrgrassmaster.com to the instance

  • ec2 details
    • instance type t3a.micro
      • ubuntu

  • Install packages
    • openjdk-17-jdk, tomcat, certbot

  • Add files
    • add Spring war file and SSL certificate files

  • tomcat configuration
    • enable ssl
    • ssl certificate and key
    • java war file

  • Configure firewall
    • enable ssh, http, https, database port

Logging

  • Uses logback
    • Spring Boot (mgm-server) to all.log
      • log exceptions, HTTP-requests, login attempts
    • Angular (mgm-client) to angular.log sent via HTTP request

HTTP request from mgm-client

Testing

  • Unit Tests

About

Back-end Spring Boot web server

Topics

jwt spring-boot maven logback postgresql spring-security junit5 openjdk17

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages