ReadWorld.io backend project using spring boot java using spring-security, spring-data-jpa

• 우아한형제들 기술 불로그 | Todo list 만들기는 이제 그만
• 우아한형제들 기술 블로그 | Gradle 프로젝트에 JaCoCo 설정하기
• 우아한형제들 기술 블로그 | 우린 Git-flow를 사용하고 있어요
• Github | Realworld.io

$ ./gradlew build bootRun

$ docker run --rm -p 8080:8080 raeperd/realworld-spring-boot-java

• Dockerhub registry is here
• Container tags are simply branch name of this repository following git-flow strategy

After run application, you can try one of followings

$ ./doc/run-api-tests.sh

Import ./doc/Conduit.postman_collection.json in your postman application

And also, pure gradle test covers almost every lines of code.

More details can be found in ./doc/README.md and original source

• Always final whenever possible
• Always pacakage private class whenever possible
• Always test every package, class, method, insturction in codes
  • Except for some boilerplate equals and hashcode method
  • This is validated by jacoco-gradle-plugin.
  • Coverage verification in ./test.gradle
• Try to avoid including additional dependencies as much as possbile
  • Implements JWT generation / validation logic without 3rd party library #3
• Try to maintiain codes in domain package to keep POJO
  • Except for special spring annotations like @Service, @Repository
  • Not to use lombok in domain pacakge classes

• You can open full diagram file in realworld.drawio using draw.io

• Separate interface for JWTGenerator and JWTParser
• Try to do everything in UserService

• Try not to use 3rd party library
• Context from JWT token can be retrieved using UserContextHolder implemtation
• HS256JWTService do core logic
  • Symmetric JWT token signing using HS256 (includes Base64URL, SHA256)
  • Validate given token

• Separate @Entity with ArticleView class
• Favorite of articles is another @Entity
• ArticleView contains run-time information about Article

• Profile as sperate service since it is used widely

• Result of ./doc/run-api-tests.sh

• More strict validation in application layer
• Profile view logic can be imporved.
• JWT Token can be improved
  • JWTToken should not contains userid.
  • Current version of JWT authentication is somewhat imperfact.
  • More details in Stop using JWT for sessions

You can contact me with email or issue in this project

MIT License

• JSON Web Token Introduction - jwt.io

• Symmetric vs Asymmetric JWTs. What is JWT? | by Swayam Raina | Noteworthy - The Journal Blog

• presentations/auth.md at master · alex996/presentations · GitHub