A comprehensive authentication and user management service built with modern technologies. The project demonstrates the creation of a solution for secure user authentication with a comprehensive security system and convenient administrative interface.
*Technology Stack:*
*Backend:*
Java 21, Spring Boot 3.5.0
Spring Security for authentication and authorization
Spring Data JPA / Hibernate for database operations
PostgreSQL 17.5
JWT (jjwt 0.12.6) for token-based authentication
OAuth2 Client for Google integration
Bucket4j 8.10.1 for rate limiting
SMTP Mail for email notifications
SLF4J + Logback for logging
Testcontainers 2.0.2 for integration testing
*Frontend:*
React 18 with TypeScript 5.2
Vite 5 for build and dev server
Material-UI (MUI) 5 for UI components
React Router 6 for routing
Context API for state management
Axios for HTTP requests
i18next for internationalization (EN, DE, RU, UA)
Vitest and Testing Library for testing
*Infrastructure:*
Docker, Docker Compose for containerization
Multi-stage Docker builds for optimization - tests run in a separate image, test "garbage" doesn't get into the final build
*Key Features:*
*Authentication:*
JWT authentication with access tokens (15 minutes) and refresh tokens (7 days)
Email-based registration with token verification
Password reset with temporary tokens (1 hour) and protection against frequent requests
OAuth2 Google authentication
Automatic token refresh with cross-tab synchronization
*Authorization:*
Role-Based Access Control (RBAC) with USER and ADMIN roles
Whitelist/Blacklist access management with mode switching (WHITELIST/BLACKLIST)
Mode switching requires OTP + password confirmation
Endpoint-level access control
*Security:*
Account Protection: 5 failed login attempts → 5-minute temporary lock with email notification, 10 attempts → permanent account block
Rate Limiting (Bucket4j): request limits for auth/admin endpoints, 1 request/min for resend endpoints per email
Responses include `Retry-After` header and `retryAfterSeconds` field to inform clients
Password validation with regex patterns
BCrypt password hashing
Comprehensive security event logging
*Masked Login — Unique Security Feature:*
Protection against automated attacks and reconnaissance
10 pre-built templates: 404 Not Found, Site Maintenance, Cooking Recipe, Terms of Service, About Us, Cat Facts, Lorem Ipsum, Weather, Coming Soon, Database Error
Displays a fake page to unauthenticated users instead of the real login page
Configuration via admin panel (requires password confirmation)
Secret access for authenticated users and via `?secret=true` parameter
Public endpoint to check settings without authentication
*User Management:*
CRUD operations for users via admin panel
User search with pagination
Role and status management
Profile viewing and editing
User creation with immediate role assignment
*Administrative Panel:*
User management (view, create, update, delete)
Whitelist and blacklist management
Access mode switching (WHITELIST/BLACKLIST) protected by OTP
Masked Login configuration with template preview
Separate audit trail for all admin actions in a dedicated log file
Automatic admin account initialization on startup (optional)
*Additional Features:*
Full internationalization (EN, DE, RU, UA), including validation errors
Asynchronous email notifications for account locks
Structured logging
Separate log files: application, errors, admin actions
Time-based log rotation with size limits
Testing: Unit and Integration tests for backend (JUnit 5, Mockito, Testcontainers), component tests for frontend (Vitest, Testing Library)
*Role in Project:*
Full development of the full-stack solution from architecture design to implementation of all components. Responsibility for backend (Spring Boot), frontend (React/TypeScript), integration between them.