Security operations carried out in the project:
- Register
- Login (authenticate)
- Refresh Token
- Logout
- Authorization
In the project, PostgreSQL DB is using. You can install locally or use docker. For docker, run the commands:
docker pull postgres
docker run --name postgresql -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres123 -p 5432:5432 -d postgres
Then, connect to teh database and create new database with name 'jwt_security'.
Users are saved in the '_user' table.
Admin and Manager are created automatically.
By using refresh token, get access token and new refresh token.
By using access token, send request.
All user tokens are stored to token table.
When users logout or refresh token, then the token revoked.
When the application runs, an admin and a manager users are generated. Their tokens are logged.
By using these tokens, you can send request to admin and management controllers.
The admin has all authorities.
The manager only has the authority to send requests to the management controller.
Bouali Ali Youtube Channel. Videos: