docker-compose up -f docker/docker-compose.yml
./gradlew bootRun
This application implements the Spring Security Basic Authentication. It has an MongoDB Docker container that pre load 2 Users, one Admin and another a common user.
A Custom UserDetailService (MongoUserDetailsService) is used to retrieve the users information from the MongoDB
More information at: https://docs.spring.io/spring-security/reference/servlet/authentication/passwords/index.html
This endpoint access any authenticated user, regardless of role (USER or ADMIN)
curl --location 'http://localhost:8080/user?username=Admin' \
--header 'Authorization: Basic QWRtaW46MTIz'
curl --location 'http://localhost:8080/user?username=Admin' \
--header 'Authorization: Basic Um9kcmlnbzoxMjM='
This endpoint can only be accessed by an user with ADMIN role
curl --location 'http://localhost:8080/user' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic QWRtaW46MTIz' \
--data '{
"username": "New User",
"password": "Pass123",
"roles": [ "USER" ]
}'
So if you try to access using the user authentication, a 401 status will be returned
curl --location 'http://localhost:8080/user' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic VXNlcjoxMjM=' \
--data '{
"username": "New User",
"password": "Pass123",
"roles": [ "USER" ]
}'