Backend Features

The JAngular backend is built on Spring Boot 3.x and provides a robust, enterprise-ready foundation for full-stack applications. It includes comprehensive authentication, database integration, and security features out of the box.

Authentication & Authorization

The backend implements a complete JWT-based authentication system with enterprise-grade security features:

Token Management

• JWT Access Tokens - Short-lived tokens for API authentication (15 minutes default)
• Refresh Tokens - Long-lived tokens for seamless session renewal (7 days default)
• Token Blacklisting - Immediate token invalidation on logout
• Automatic Refresh - Transparent token renewal before expiration

Password Security

• BCrypt Hashing - Industry-standard password encryption with configurable rounds
• Password History - Prevents reuse of last 12 passwords
• Complexity Requirements - Configurable policy enforcement (length, special chars, etc.)
• Password Expiration - Optional password aging with configurable intervals

Account Protection

• Account Lockout - Automatic lockout after 5 failed attempts (configurable)
• Progressive Delays - Increasing delays between failed attempts
• IP-based Restrictions - Optional IP whitelisting/blacklisting
• Session Management - Concurrent session limits per user

Database Integration

JAngular supports multiple database systems with automatic configuration and migration management:

Supported Databases

• MySQL 8.0+ - Optimized for performance with proper charset handling
• PostgreSQL 13+ - Advanced features with JSON support
• Microsoft SQL Server 2019+ - Enterprise integration capabilities

Database Features

• Flyway Migrations - Versioned schema management with rollback support
• Connection Pooling - HikariCP for optimal performance
• Transaction Management - Declarative transactions with Spring @Transactional
• Database Health Checks - Built-in monitoring and diagnostics
• Read/Write Splitting - Support for master-slave configurations

Migration Structure

Security Features

Comprehensive security implementation following OWASP best practices:

Spring Security Configuration

• Method-level Security - Fine-grained access control with @PreAuthorize
• CSRF Protection - Configurable for stateless APIs
• CORS Configuration - Flexible cross-origin resource sharing
• Security Headers - Automatic injection of security headers

API Protection

• Rate Limiting - Configurable request throttling per endpoint
• Input Validation - Bean validation with custom validators
• SQL Injection Prevention - Parameterized queries and JPA protection
• XSS Protection - Output encoding and sanitization

Audit & Monitoring

• Login History - Detailed tracking of authentication attempts
• API Access Logs - Request/response logging with correlation IDs
• Security Events - Failed logins, privilege escalations, etc.
• Performance Metrics - Built-in actuator endpoints

REST API Endpoints

Comprehensive RESTful API following OpenAPI 3.0 specification:

Authentication Endpoints

• POST /auth/login - User authentication with credentials
• POST /auth/register - New user registration
• POST /auth/refresh - Token refresh using refresh token
• POST /auth/logout - Secure logout with token blacklisting
• POST /auth/forgot-password - Password reset initiation
• POST /auth/reset-password - Password reset completion

User Management Endpoints

• GET /api/users - List users with pagination and filtering
• GET /api/users/{id} - Get user details
• PUT /api/users/{id} - Update user information
• DELETE /api/users/{id} - Deactivate user account
• POST /api/users/{id}/roles - Assign roles to user
• GET /api/users/{id}/sessions - View active user sessions

Profile Management

• GET /api/profile - Get current user profile
• PUT /api/profile - Update profile information
• POST /api/profile/change-password - Change password
• GET /api/profile/login-history - View login history

Configuration Management

Flexible configuration system supporting multiple environments and deployment scenarios:

Configuration Files

• application.properties - Base configuration with JWT and security settings
• application-mysql.properties - MySQL-specific database configuration
• application-postgresql.properties - PostgreSQL-specific database configuration
• application-mssql.properties - SQL Server-specific database configuration
• application-dev.properties - Development environment overrides
• application-prod.properties - Production environment optimizations

Key Configuration Properties

User Management System

Complete user lifecycle management with role-based access control:

User Roles & Permissions

• ROLE_USER - Standard user with basic access permissions
• ROLE_MODERATOR - Enhanced permissions for content moderation
• ROLE_ADMIN - Full administrative access to all features
• Custom Roles - Support for application-specific role definitions

User Lifecycle

• Registration - Self-registration with email verification
• Activation - Email-based account activation workflow
• Profile Management - User-controlled profile updates
• Deactivation - Soft delete preserving audit trails

Session Management

• Active Sessions - Track concurrent user sessions
• Session Limits - Configurable maximum concurrent sessions
• Remote Logout - Administrative session termination
• Session Monitoring - Real-time session analytics

Backend Project Structure

Well-organized Maven project following Spring Boot best practices: