A RESTful Todo Management API built with Spring Boot, featuring JWT-based authentication, role-based access control, and comprehensive user management capabilities.
- 🔐 JWT Authentication - Secure token-based authentication
- 👥 User Management - User registration, login, and profile management
- ✅ Todo Management - Create, read, update, and delete todos
- 🔑 Role-Based Access Control - Admin and user roles with different permissions
- 📚 API Documentation - Swagger/OpenAPI documentation available
- 🗄️ MySQL Database - Persistent data storage with JPA/Hibernate
- 🛡️ Spring Security - Comprehensive security configuration
- Java 17
- Spring Boot 4.0.2
- Spring Security - Authentication and authorization
- Spring Data JPA - Database persistence
- MySQL - Relational database
- JWT (JJWT) - JSON Web Token implementation
- SpringDoc OpenAPI - API documentation
- Maven - Build and dependency management
Before running the application, ensure you have:
- Java 17 or higher
- Maven 3.6+
- MySQL 8.0+ (running on port 3307)
- A MySQL database named
tododb
- Create a MySQL database:
CREATE DATABASE tododb;- Update the database credentials in
src/main/resources/application.properties:
spring.datasource.url=jdbc:mysql://localhost:3307/tododb?serverTimezone=UTC&allowPublicKeyRetrieval=true&useSSL=false
spring.datasource.username=root
spring.datasource.password=your_passwordThe application uses the following configuration (in application.properties):
- Database: MySQL on port 3307
- JWT Secret: Configured in
spring.jwt.secret - JWT Expiration: 900000ms (15 minutes)
- Swagger UI: Available at
/docs
mvn spring-boot:runWindows:
.\mvnw.cmd spring-boot:runLinux/Mac:
./mvnw spring-boot:runThe application will start on http://localhost:8080 (default Spring Boot port).
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /api/auth/register |
Register a new user | No |
| POST | /api/auth/login |
Login and get JWT token | No |
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /api/todos |
Create a new todo | Yes |
| GET | /api/todos |
Get all todos for the authenticated user | Yes |
| PUT | /api/todos/{id} |
Toggle todo completion status | Yes |
| DELETE | /api/todos/{id} |
Delete a todo | Yes |
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| GET | /api/users/info |
Get current user information | Yes |
| PUT | /api/users/password |
Update user password | Yes |
| DELETE | /api/users |
Delete current user account | Yes |
| Method | Endpoint | Description | Auth Required | Role Required |
|---|---|---|---|---|
| GET | /api/admin |
Get all users in the system | Yes | ADMIN |
| PUT | /api/admin/{userId}/role |
Promote user to admin | Yes | ADMIN |
| DELETE | /api/admin/{userId} |
Delete a non-admin user | Yes | ADMIN |
Once the application is running, you can access the Swagger UI documentation at:
http://localhost:8080/docs
This provides an interactive interface to explore and test all API endpoints.
The application uses JWT (JSON Web Token) for authentication. After successful login:
- You will receive a JWT token in the response
- Include this token in the
Authorizationheader for protected endpoints:Authorization: Bearer <your-jwt-token>
src/main/java/com/todos/todos/
├── config/ # Security and Swagger configuration
├── controller/ # REST API controllers
├── entity/ # JPA entities (User, Todo, Authority)
├── exception/ # Exception handling
├── repository/ # JPA repositories
├── request/ # Request DTOs
├── response/ # Response DTOs
├── service/ # Business logic services
└── util/ # Utility classes
- All endpoints except
/api/auth/**and Swagger documentation require authentication - Admin endpoints (
/api/admin/**) require theADMINrole - JWT tokens are stateless and expire after 15 minutes
- Passwords are securely hashed using Spring Security's BCrypt
To build the application:
mvn clean packageThis will create a JAR file in the target directory that can be run with:
java -jar target/todos-0.0.1-SNAPSHOT.jar