Skip to content
/ springboot-auth-boilerplate Public

Modern Spring Boot 3.5.6 boilerplate with Java 25 & MySQL 8, featuring RBAC + Access Profile authorization and ready-to-use user/role/permission APIs for secure, scalable backend development.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star

TechxTalha/springboot-auth-boilerplate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
server
server
 
 
Boilerplate.postman_collection.json
Boilerplate.postman_collection.json
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Spring Boot Boilerplate

A full-featured Spring Boot 3.5.6 boilerplate with Java 25, MySQL 8, and a clean RBAC + Access Profile separation for enterprise-ready web applications.

This boilerplate is designed to accelerate backend development with ready-to-use authentication, authorization, and modular user management features.

Table of Contents

  1. Technology Stack
  2. Project Overview
  3. Authentication & Authorization
  4. Database
  5. How to Run
  6. Why This Boilerplate is Better

Technology Stack

Layer Technology / Version
Language Java 25
Framework Spring Boot 3.5.6
Security Spring Security with custom PermissionEvaluator
Database MySQL 8.0
ORM Spring Data JPA
Build Tool Maven
REST Testing Postman

Project Overview

This boilerplate provides:

  • User Management: Users, Roles, Permissions, Access Profiles
  • RBAC: Fine-grained role-based authorization
  • Access Profiles: Direct access/permission assignment to users
  • Method-level security using @PreAuthorize with dynamic checks
  • Admin/Super Admin bypass for full access
  • REST APIs for user, role, permission, and access profile management

The system is modular and can be extended for multi-tenant, microservices, or enterprise applications.

Authentication & Authorization

This boilerplate uses a hybrid authorization system with RBAC + Access Profiles.

RBAC (Role-Based Access Control)

  • Roles are collections of permissions.
  • Users can have one or more roles.
  • Permissions are strings like USER_CREATE, USER_UPDATE, etc.
  • Usage in code:
@PreAuthorize("hasPermission('RBAC','USER_CREATE')")
@GetMapping("/users")
public ResponseEntity<List<User>> getUsers() { ... }
  • Behavior:
    • Checks if the user has a role containing the required permission.
    • Admins (ADMIN or SUPER_ADMIN) automatically bypass RBAC.

Access Profiles

  • Access Profiles are direct user-to-module assignments.
  • Useful for temporary or granular access without creating roles.
  • Usage in code:
@PreAuthorize("hasPermission('ACCESS','MANAGE_INVENTORY')")
@GetMapping("/inventory")
public ResponseEntity<List<Inventory>> getInventory() { ... }
  • Behavior:
    • Checks if the user has been assigned this access explicitly.
    • Can coexist with RBAC: some endpoints can check either RBAC or Access Profile depending on the type.

Database

  • MySQL 8.0
  • Schema includes:
users
roles
permissions
access_profiles
user_roles
role_permissions
user_access_profiles
flyway_schema_history
  • Relationships:
    • User <-> Role <-> Permission
    • User <-> AccessProfile
  • Example:
    • User "Alice" → Roles: Manager → Permissions: USER_CREATE, USER_UPDATE
    • User "Bob" → Access Profile: USER_MANAGEMENT

How to Run

  1. Clone the repository:
git clone https://github.com/yourusername/boilerplate.git
cd boilerplate
  1. Configure database in application.properties:
spring.datasource.url=jdbc:mysql://localhost:3306/boilerplate_db
spring.datasource.username=root
spring.datasource.password=yourpassword
spring.jpa.hibernate.ddl-auto=update
  1. Build and run:
mvn clean install
mvn spring-boot:run
  1. Access API endpoints via Postman.

Why This Boilerplate is Better

Feature Previous Versions This Boilerplate
Spring Boot 2.x → outdated dependencies 3.5.6 → latest LTS with security and performance improvements
Java 17 or 19 25 → newest features, improved performance, records, pattern matching
Security Simple role checks Custom PermissionEvaluator with RBAC + Access Profiles, Admin bypass, fine-grained authorization
Method Security Limited or outdated annotations @PreAuthorize with dynamic permission checks
Database MySQL 5.x MySQL 8 → modern features and JSON support
Extensibility Hard to extend Modular structure: roles, permissions, access profiles, users
Maintainability Older dependency versions Uses latest Spring 6, clean dependency management, modern patterns

Summary:
This boilerplate is more secure, flexible, and future-proof. It separates RBAC roles and direct Access Profiles so your authorization is granular and scalable. Compatible with modern enterprise architectures and can be extended for microservices, multi-tenant systems, and API-first development.

Notes

  • Ensure eager loading or proper fetching of roles/permissions in User entity to avoid lazy initialization errors.
  • Admins and Super Admins automatically bypass all RBAC/access checks.
  • For new endpoints, simply use @PreAuthorize("hasPermission('<TYPE>','<PERMISSION>')").

Postman Collection

-  Boilerplate.postman_collection.json
  • Collection includes all CRUD operations for users, roles, permissions, and access profiles.

About

Modern Spring Boot 3.5.6 boilerplate with Java 25 & MySQL 8, featuring RBAC + Access Profile authorization and ready-to-use user/role/permission APIs for secure, scalable backend development.

Topics

mysql spring-boot postman rbac access-control java-25

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages