A secure authentication & authorization system built with Java Spring Boot using JWT (token-based authentication). Implements Role-Based Access Control (RBAC) for Admin and User roles and supports a Flutter mobile app frontend via REST APIs.
- ✅ Register & Login (JWT token-based)
- ✅ Stateless authentication (no server session)
- ✅ Role-based authorization (ADMIN / USER)
- ✅ Secure endpoints (Admin-only vs User-only)
- ✅ REST API integration for Flutter mobile app
- ✅ Clean structure (Controller / Service / Repository)
Backend
- Java + Spring Boot
- Spring Security
- JWT Authentication
- JPA/Hibernate (if used)
- MySQL/PostgreSQL/H2 (update based on your DB)
Frontend
- Flutter (Mobile App)
- HTTP client for REST calls
- Secure token storage (recommended: flutter_secure_storage)
Update package names if needed.
controller/- API endpointsservice/- Business logicrepository/- Database accesssecurity/- JWT filters, configs, utilitiesmodel/- Entities / DTOsconfig/- App configs
POST /auth/register→ register userPOST /auth/login→ login and receive JWT token
GET /admin/**→ ADMIN onlyGET /user/**→ USER onlyGET /common/**→ public or authenticated (based on your config)
If your actual endpoints differ, replace these with your real paths.
- User logs in with credentials
- Server returns a JWT token
- Flutter app stores token securely
- Token is sent in headers for protected calls:
Authorization: Bearer <token> - Spring Security validates token and grants role-based access
- Java (recommended: 17)
- Maven/Gradle
- Database (if applicable)
# clone
git clone https://github.com/shamail-kais/SpringBoot-Security-Role-Based.git
cd SpringBoot-Security-Role-Based
# run
./mvnw spring-boot:run
# or
mvn spring-boot:run