Skip to content

james126/mgm-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

86 Commits
.mvn/wrapper
.mvn/wrapper
 
 
readme
readme
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

mgm-server


Spring Boot Web App

Contents

Description

My first attempt at creating an application with client server architecture as a learning project

  • Client uses Angular
  • Server uses Spring Boot
  • Both are hosted on separate ubuntu virtual instances

Demo

NB: Cookies must be enabled for JWT authentication
https://mrgrassmaster.com

  • Front-end
    • mgm-client
    • mrgrassmaster.com
  • Back-end
    • mgm-server
    • server.mrgrassmaster.com

  • The back-end has a postgres database installed locally

Spring Boot details

This application handles http requests received from mgm-client The application is stateless - user details are stored on a database

  • Custom Authentication

    • CustomUserDetailsFilter extracts username/password from HTTP request body
    • CustomUserDetailsServer gets user details from the database
    • CustomAuthenticationProvider authenticates user and adds user authorities/priviledges

  • Login Authorization

    • Handled by Spring Security
      • Requires user authority role ADMIN
      • HTTP response contains a JWT cookie

  • Custom Authorization

    • Verifies user details extracted from JWT cookie
      • CustomJwtUtility validates the cookie and extracts user details
      • Proceeds with custom authentication

  • Custom JWT Cookies

    • Creates a JWT cookie using the username and appends it to the HTTP response
      • CustomJwtUtility creates response cookie

  • Custom Logging

    • Logs all HTTP requests to file
    • Logs successful authentication attempts
    • Logs errors sent by the Angular client to file angular.log
      • Logback

  • Injection attack mitigation

    • HTML/JavaScript injection form input is sanitised to remove HTML/JavaScript
    • SQL Injection input is inserted into the database as String parameters

  • Database

    • postgresl use to store data - contact forms, user details

  • Custom HTTP request caching

    • Caches content type application/json requests to prevent IllegalStateException: “getInputStream() has already been called for this request.

  • Custom Header Filter

    • Adds custom HTTP response headers to the http-response - required by Angular front-end

Hosting details

App is served from AWS ec2 virtual instance
AWS Route53 routes requests for server.mrgrassmaster.com to the instance

  • ec2 details
    • instance type t3a.micro
      • ubuntu
      • 1BG memory
      • 8GB HDD

  • Install packages
    • openjdk-17-jdk, tomcat, certbot

  • Add files
    • add Spring war file and SSL certificate files

  • tomcat configuration
    • enable ssl
    • ssl certificate and key
    • java war file

  • Configure firewall
    • enable ssh, http, https, database port

Logging

  • Uses logback
    • Spring Boot (mgm-server) to all.log
      • logs exceptions, HTTP-requests, login attempts
    • Angular (mgm-client) to angular.log sent via client HTTP request

HTTP request from mgm-client

About

Spring Boot web server

mrgrassmaster.com

Topics

jwt spring-boot maven logback postgresql spring-security junit5 openjdk17

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages