A Spring Boot WebFlux application demonstrating basic security operations:
- Encoding/Decoding (Base64)
- Hashing (SHA-256)
- AES Encryption/Decryption (session-based keys with Redis)
The project is reactive, using Project Reactor and Redis for managing AES session keys.
- Encoding – Convert a plaintext message into Base64 format. Use when you need to safely send binary data (like images or files) as text in APIs or over the internet.
- Decoding – Convert a Base64 encoded message back to the original plaintext. Use when you receive Base64 data and need to convert it back to its original form.
- Hashing – Generate a SHA-256 hash of a message. Use to store passwords securely, verify data integrity, or generate digital signatures.
- AES Encryption – Encrypt messages using a session-specific AES key stored in Redis. Use to keep sensitive messages private during transmission or storage.
- AES Decryption – Decrypt messages using the session-specific AES key retrieved from Redis. Use to read messages that were encrypted with AES, ensuring only authorized users can access them.
Clone the repository:
git clone <your-repo-url>
cd java-security-rndBuild the project:
./gradlew clean build- Java 21
- Gradle 8+
- Redis server running locally or remotely
Optional: Run Redis via Docker:
docker run --name redis -p 6379:6379 -d redisStart the Spring Boot application:
./gradlew bootRunThe server runs on http://localhost:8080 by default.
Convert a message to Base64:
POST /security/encode
Content-Type: application/json
{
"message": "Hello World"
}Response:
{
"encodedMessage": "SGVsbG8gV29ybGQ="
}Decode a Base64 message:
POST /security/decode
Content-Type: application/json
{
"encodedMessage": "SGVsbG8gV29ybGQ="
}Response:
{
"originalMessage": "Hello World"
}Generate a SHA-256 hash of a message:
POST /security/hashing
Content-Type: application/json
{
"message": "Hello World"
}Response:
{
"sha256ConvertedMessage": "a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b..."
}Generate an AES session key for the client:
GET /session/secret-key?sessionId=<client-session-id>Response:
BASE64_ENCODED_AES_KEY
sessionIdis a unique identifier for the client session.- The server stores the AES key in Redis mapped to this session ID.
Encrypt a message using the session AES key:
POST /security/aesEncryption
Content-Type: application/json
{
"sessionId": "client123",
"message": "Hello World"
}Response:
{
"encryptedMessage": "BASE64_ENCRYPTED_STRING"
}Decrypt a message using the session AES key:
POST /security/aesDecryption
Content-Type: application/json
{
"sessionId": "client123",
"encryptedMessage": "BASE64_ENCRYPTED_STRING"
}Response:
{
"originalMessage": "Hello World"
}- Client requests a session key via
/session/secret-key. - Server generates a random AES key and stores it in Redis with
sessionId. - Client sends messages to
/aesEncryptionalong withsessionId. - Server fetches the key from Redis and encrypts the message.
- For decryption, client sends
sessionIdand ciphertext to/aesDecryption. - Server retrieves the AES key and decrypts the message.
sequenceDiagram
participant Client
participant Server
participant Redis
Client->>Server: GET /session/secret-key?sessionId=<id>
Server->>Redis: Generate & store AES key with sessionId
Redis-->>Server: Confirm key stored
Server-->>Client: "Secret key has been generated"
Client->>Server: POST /security/aesEncryption {sessionId, message}
Server->>Redis: Retrieve AES key using sessionId
Redis-->>Server: Return AES key
Server-->>Client: Return encrypted message
Client->>Server: POST /security/aesDecryption {sessionId, encryptedMessage}
Server->>Redis: Retrieve AES key using sessionId
Redis-->>Server: Return AES key
Server-->>Client: Return decrypted message
Security Note: AES keys are never sent repeatedly. HTTPS should always be used for the initial key delivery.