Skip to main content

User Management System API

A production-ready REST API for user management built with Java 17 and Spring Boot 3. This system provides secure authentication, role-based access control, and comprehensive user administration capabilities.

Quickstart

Get up and running in minutes with our step-by-step guide

API Reference

Explore all available endpoints and their schemas

Authentication

Learn how JWT authentication works in this system

Configuration

Configure database, security, and environment settings

Key Features

This API is designed with modern best practices and enterprise-grade security:
  • Clean REST Architecture - Modular design with clear separation of concerns across controllers, services, repositories, and DTOs
  • JWT Authentication - Stateless authentication using JSON Web Tokens with Auth0 library
  • Role-Based Access Control - Two-tier authorization with ROLE_USER and ROLE_ADMIN roles
  • Input Validation - Comprehensive field validation using Jakarta Validation annotations
  • Dual Database Support - H2 in-memory database for development, MySQL for production
  • Security First - BCrypt password encryption, CSRF protection, and stateless session management
  • Code Quality - Lombok for reduced boilerplate, JUnit/Mockito tests, and JaCoCo coverage reporting

Technology Stack

Built with industry-standard technologies:
ComponentVersionPurpose
Java17Core language with modern features
Spring Boot3.5.4Application framework
Spring Security6.xAuthentication & authorization
Spring Data JPA-ORM and database persistence
Auth0 JWT3.18.1JWT token generation and validation
H2 Database-In-memory database for development
MySQL-Production database
Lombok-Reduces boilerplate code
Maven-Dependency management and build
JUnit & Mockito-Unit and integration testing
JaCoCo0.8.10Code coverage analysis

Architecture Overview

The system follows a layered architecture pattern: 
userManagementSystem/
├── config/          → Security, global exception handling
├── controllers/     → AuthController, UserController
├── dto/             → Request/response data transfer objects
├── models/          → User, Role entities
├── repositories/    → Spring Data JPA repositories
├── security/        → JWT filter, JWT utilities
└── services/        → Business logic layer
The API uses Spring profiles to manage different environments: dev for development with H2, and prod for production with MySQL.

Authentication Flow

The system implements a stateless JWT-based authentication:
  1. Signup: User registers via /auth/signup with username, email, and password
  2. Login: User authenticates via /auth/login and receives a JWT token
  3. Authorization: Client includes JWT token in subsequent requests via Authorization header
  4. Access Control: Spring Security validates the token and checks role permissions
All passwords are hashed using BCrypt before storage. The system never stores plain-text passwords.

API Endpoints

The API provides four main endpoints:
MethodEndpointDescriptionRole Required
POST/auth/signupRegister a new user accountPublic
POST/auth/loginAuthenticate and receive JWT tokenPublic
GET/users/meGet current user informationROLE_USER
GET/admin/usersList all registered usersROLE_ADMIN
The /admin/users endpoint is restricted to users with ROLE_ADMIN and will return 403 Forbidden for regular users.

Next Steps

Quick Start Guide

Follow our quickstart to make your first API call

API Reference

Browse detailed endpoint documentation

Build docs developers (and LLMs) love

Get started for freeTalk to us