A system allowing the rental of card games and trays without the need for an existing playroom in the city, where users can either make their own rental games and rent from other users. There's support for the following features:
- Conventional email/username based registration with admin support
- Conventional Login using Spring Security and generation of JWT token
- Multiple device login and logout support
- Support for password updation once logged in
- Supports admin protected urls leveraging Spring security
- Support to Add Games, Users, Ownerships and Loan (As Admin)
- Support to Erase Games, Users, Ownerships and Loan (As Admin)
- Conventional Gets for Games, Users, Ownerships and Loan
The project has been configured with a basic Swagger docket that exposes the commonly used API's along with the expected params.
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
Spring Security and JWT Configuration
We will be configuring Spring Security and JWT for performing 2 operations-
- Generating JWT — Expose a POST API with mapping /authenticate. On passing correct username and password it will generate a JSON Web Token(JWT)
- Validating JWT — If user tries to access GET API with mapping /hello. It will allow access only if request has a valid JSON Web Token(JWT)
JSON Web Token Structure
A JWT consists of three parts separated by a dot.
header.payload.signature
The header consists of two different parts: the token type (in this case JWT), and the name of the hashing algorithm, HMAC SHA256 or RSA.
The payload contains what we call claims. Claims are entity attributes (in this case user) and metadata.
The signature verifies that the JWT sender is who they claim to be to ensure that the message has not changed during traffic. To create the signature, we use the Base64 encoded header, the Base64 encoded payload, and the algorithm specified in the header.
-
Heroku Application
You can run D20-app accessing the site -
- Please fork the project and adapt it to your use case.
- Submit a pull request.
- The project is in a nascent stage. As such any issues you find should be reported in the issues section.
- Registering a user
- Logging in a valid user
- Logging in an invalid user
- Using the token in request Your Account info