Skip to main content

Overview

The Authentication Service (jea-auth) handles user authentication, authorization, and role-based access control (RBAC) for the Sistema de Ventas platform. It uses JWT tokens for secure authentication and manages users, roles, and access permissions. Database: MySQL (auth-jea) Port: Dynamic (configured via Eureka)

Core Entities

AuthUser

Basic authentication credentials. Location: jea-auth/src/main/java/com/example/jeaauth/entity/AuthUser.java:10 Fields:
  • id (Integer) - Primary key
  • userName (String) - Unique username
  • password (String) - Encrypted password
Table: auth_user

Usuario

Extended user profile information. Location: jea-auth/src/main/java/com/example/jeaauth/entity/Usuario.java:9 Fields:
  • id (Long) - Primary key
  • nombres (String) - First name(s)
  • apellidoPaterno (String) - Paternal surname
  • apellidoMaterno (String) - Maternal surname
  • dni (String) - National identification number
  • direccion (String) - Address
  • telefono (String) - Phone number
  • estado (Boolean) - Active status
  • authUser (AuthUser) - One-to-one relationship with AuthUser
Table: usuario Relationships:
  • One-to-one with AuthUser via auth_user_id

Rol

User role definitions. Location: jea-auth/src/main/java/com/example/jeaauth/entity/Rol.java:9 Fields:
  • idRol (Long) - Primary key
  • nombre (RolNombre enum) - Role name (ADMIN, USER, ALMACENERO)
  • descripcion (String) - Role description
Table: roles Enums: 
ADMIN, USER, ALMACENERO

Acceso

Application access/menu items. Location: jea-auth/src/main/java/com/example/jeaauth/entity/Acceso.java:7 Fields:
  • idAcceso (Long) - Primary key
  • nombre (String) - Access name
  • url (String) - Route URL
  • icono (String) - Icon identifier
  • orden (Long) - Display order
Table: accesos

UsuarioRol

Many-to-many relationship between users and roles. Table: usuario_rol Composite Key: usuario_id, rol_id

AccesoRol

Many-to-many relationship between roles and access permissions. Table: acceso_rol Composite Key: acceso_id, rol_id

Key Components

Controllers

AuthUserController

Location: jea-auth/src/main/java/com/example/jeaauth/controller/AuthUserController.java:14 Endpoints:
  • POST /auth/login - User login, returns JWT token
  • POST /auth/validate - Validate JWT token
  • POST /auth/create - Create new auth user

UsuarioController

Location: jea-auth/src/main/java/com/example/jeaauth/controller/UsuarioController.java:18 Endpoints:
  • POST /usuario/crear - Create new user with profile
  • POST /usuario/asignar-rol - Assign role to user
  • PUT /usuario/{id}/estado - Change user active status
  • GET /usuario/estado - List users by status
  • PUT /usuario/{id} - Update user information

RolController

Location: jea-auth/src/main/java/com/example/jeaauth/controller/RolController.java Manages role operations.

AccesoController

Location: jea-auth/src/main/java/com/example/jeaauth/controller/AccesoController.java Manages access permissions.

Services

AuthUserService

Location: jea-auth/src/main/java/com/example/jeaauth/service/AuthUserService.java Implementation: AuthUserServiceImpl.java:12 Handles authentication logic, JWT generation, and token validation.

UsuarioService

Location: jea-auth/src/main/java/com/example/jeaauth/service/UsuarioService.java Implementation: UsuarioServiceImpl.java Manages user CRUD operations and role assignments.

AccesoService

Location: jea-auth/src/main/java/com/example/jeaauth/service/AccesoService.java Implementation: AccesoServiceImpl.java Manages access permissions and menu items.

Repositories

  • AuthUserRepository - AuthUser data access
  • UsuarioRepository - Usuario data access
  • RolRepository - Rol data access
  • AccesoRepository - Acceso data access
  • UsuarioRolRepository - User-role relationships
  • AccesoRolRepository - Access-role relationships

Security Components

JwtProvider

Location: jea-auth/src/main/java/com/example/jeaauth/security/JwtProvider.java Generates and validates JWT tokens.

SecurityConfig

Location: jea-auth/src/main/java/com/example/jeaauth/security/SecurityConfig.java Spring Security configuration.

PasswordEncoderConfig

Location: jea-auth/src/main/java/com/example/jeaauth/security/PasswordEncoderConfig.java BCrypt password encoder configuration.

DTOs

  • AuthUserDto - Authentication request
  • AuthResponseDto - Authentication response with token
  • TokenDto - Token validation response
  • UsuarioDto - User creation/update
  • UsuarioListadoDto - User listing with roles
  • UsuarioRolDto - Role assignment
  • AccesoDto - Access permission data

Dependencies

Spring Boot Version: 2.5.4 Spring Cloud Version: 2020.0.3 Key Dependencies:
  • spring-boot-starter-data-jpa - JPA/Hibernate
  • spring-boot-starter-web - REST API
  • spring-boot-starter-security - Security framework
  • spring-cloud-starter-netflix-eureka-client - Service discovery
  • spring-cloud-starter-config - Centralized configuration
  • io.jsonwebtoken:jjwt:0.9.1 - JWT token handling
  • mysql-connector-j:8.0.31 - MySQL driver
  • lombok - Code generation

Configuration

Config File: config-data/jea-auth-service.yml Key Settings: 
server:
  port: ${PORT:${SERVERS_PORT:0}}

spring:
  application:
    name: jea-auth-service
  datasource:
    url: jdbc:mysql://localhost:3306/auth-jea
    username: root
    password:
  jpa:
    hibernate.ddl-auto: update
    show-sql: true

eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8090/eureka

jwt:
  secret: secret

Database Schema

Main Tables:
  • auth_user - Authentication credentials
  • usuario - User profiles
  • roles - Role definitions
  • accesos - Access permissions/menu items
  • usuario_rol - User-role mapping
  • acceso_rol - Role-access mapping

Authentication Flow

  1. User submits credentials to /auth/login
  2. Service validates credentials against auth_user table
  3. JWT token generated with user information and roles
  4. Token returned in AuthResponseDto
  5. Client includes token in subsequent requests
  6. Gateway validates token via /auth/validate

Key Features

  • JWT-based stateless authentication
  • Role-based access control (RBAC)
  • User profile management
  • Dynamic access permissions
  • Password encryption with BCrypt
  • User activation/deactivation
  • Eureka service discovery integration
  • Centralized configuration via Config Server

Build docs developers (and LLMs) love

Get started for freeTalk to us