Demo application make use of security and DevOps concept.
-
demo - this package contains the main method which runs the application
-
model.persistence - this package contains the data models that Hibernate persists to H2. There are 4 models: Cart, for holding a User's items; Item , for defining new items; User, to hold user account information; and UserOrder, to hold information about submitted orders. Looking back at the application “demo” class, you'll see the
@EntityScanannotation, telling Spring that this package contains our data models -
model.persistence.repositories - these contain a
JpaRepositoryinterface for each of our models. This allows Hibernate to connect them with our database so we can access data in the code, as well as define certain convenience methods. Look through them and see the methods that have been declared. Looking at the application “demo” class, you’ll see the@EnableJpaRepositoriesannotation, telling Spring that this package contains our data repositories. -
model.requests - this package contains the request models. The request models will be transformed by Jackson from JSON to these models as requests are made. Note the
Jsonannotations, telling Jackson to include and ignore certain fields of the requests. You can also see these annotations on the models themselves. -
controllers - these contain the api endpoints for our app, 1 per model. Note they all have the
@RestControllerannotation to allow Spring to understand that they are a part of a REST API
Some examples are as below: To create a new user for example, you would send a POST request to: http://localhost:8080/api/user/create with an example body like
{
"username": "test"
}
and this would return
{
"id" 1,
"username": "test"
}
Exercise:
Once you've created a user, try to add items to cart (see the ModifyCartRequest class) and submit an order.
Proper authentication and authorization controls so users can only access their data, and that data can only be accessed in a secure way. We will do this using a combination of usernames and passwords for authentication, as well as JSON Web Tokens (JWT) to handle the authorization.
POST /login
{
"username": "test",
"password": "somepassword"
}
and that should, if those are valid credentials, return a 200 OK with an Authorization header which looks like "Bearer " this "Bearer " is a JWT and must be sent as a Authorization header for all other rqeuests. If it's not present, endpoints should return 401 Unauthorized. If it's present and valid, the endpoints should function as normal.
Implement unit tests demonstrating at least 80% code coverage.