Scribd
Upload
5 views3 pages

Experiment

The document outlines a project for a Role-Based To-Do App utilizing JWT authentication, detailing user and admin functionalities. Key improvements include explicit role storage, JWT enhancements, and a soft delete approach for users. The implementation involves setting up a Spring Boot project, defining a database schema, and applying role-based authorization with Spring Security.

Uploaded by

SATYAM SINGH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views3 pages

Experiment

The document outlines a project for a Role-Based To-Do App utilizing JWT authentication, detailing user and admin functionalities. Key improvements include explicit role storage, JWT enhancements, and a soft delete approach for users. The implementation involves setting up a Spring Boot project, defining a database schema, and applying role-based authorization with Spring Security.

Uploaded by

SATYAM SINGH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Role-Based To-Do App with JWT Authentication

Project Overview
Project Idea

Your project idea is well-structured, but I will refine and elaborate on some key points to
ensure completeness and clarity while keeping it aligned with best practices.

Roles
Functionalities
User (role=user)

• Can sign up
log in (JWT token will be issued).

• Can add, update, view, and delete their own to-dos.

Admin (role=admin)

• Can view all users


their to-dos.
• Can delete any user (soft delete, marking user as inactive).
• Can delete any user’s to-do.

Corrections
Enhancements to Your Plan
Key Improvements

• Explicit Role Storage: Store roles in the ‘User‘ table, not just in the JWT.
• JWT Enhancements: Include ‘id‘, ‘email‘, and ‘role‘ in JWT. Set expiration time.
• Database Schema Update: Create ‘User‘ and ‘Todo‘ tables with a foreign key
(‘useri d‘).Security Middleware:RestrictAP IsusingJW T M iddlewareand‘@P reAuthorize‘.

• Soft Delete Approach: Mark users as inactive instead of permanently deleting.

1
Database Schema
User Table

Column Type Description


id Long (PK) Auto-generated primary key
email String (Unique) User’s email (login ID)
password String (Hashed) Encrypted password
role Enum (USER/ADMIN) User role
isActive Boolean (Default: true) Soft delete flag

To-Do Table

Column Type Description


id Long (PK) Auto-generated primary key
useri d Long (FK) References ‘User‘ table
title String To-do task title
description String Task details
completed Boolean (Default: false) Task completion status
createdAt Timestamp Task creation date

Step-by-Step Breakdown
Step 1: Setup Spring Boot Project

Use Spring Initializr with dependencies: Spring Web, Spring Security, Spring Data JPA,
MySQL Driver, Lombok.

Step 2: Define Database Schema

Create ‘User‘ and ‘Todo‘ tables with proper foreign key relationships.

Step 3: Implement Authentication

Users log in with ‘email‘ and ‘password‘. If authentication is successful:

• A JWT token is issued storing ‘userId‘, ‘email‘, and ‘role‘.


• The user includes this token in headers for all future requests.
• JWT Middleware verifies and extracts user details from the token.

Step 4: Role-Based Authorization

• Apply Spring Security to restrict access based on roles.


• Users can only manage their own to-dos.

• Admins can delete users and their to-dos.

2
Final Project Flow Summary
1 Setup
Configuration

Initialize Spring Boot project with required dependencies. Configure database


JWT settings.

2 Database Design

Create ‘User‘
‘Todo‘ tables with foreign key relationships.

3 Authentication
Authorization
Implement JWT-based authentication. Apply role-based access control using Spring Security.

4 APIs

• Signup, login, fetch profile, and delete user (admin only).


• CRUD operations for to-dos (Users manage their own, Admin has full access).

5 Middleware for Logging

Track
log all API requests.

6 Testing
Deployment

Test using Postman


deploy with Docker.

You might also like