Authorization Service Enterprise-grade Identity and Access Management API built with Spring Boot 4.0, Java 21, and JWT authentication. Implement secure, scalable authorization in your applications.
Quick Start Get your authorization service running in minutes
Set up PostgreSQL database
Create a PostgreSQL database and configure your connection: $env :SPRING_DATASOURCE_URL = 'jdbc:postgresql://localhost:5432/autorization_db' $env :SPRING_DATASOURCE_USERNAME = 'postgres' $env :SPRING_DATASOURCE_PASSWORD = 'your_password' $env :JWT_SECRET = 'your_base64_encoded_secret_key'
Build and run the service
Compile and start the Spring Boot application: ./mvnw clean package -DskipTests ./mvnw spring-boot:run
The service will start on http://localhost:8080
Create your first user and authenticate
Create a user and obtain a JWT token: curl -X POST http://localhost:8080/api/users \ -H "Content-Type: application/json" \ -d '{ "email": "admin@example.com", "password": "SecurePassword123", "firstName": "Admin", "lastName": "User" }' curl -X POST http://localhost:8080/api/auth/login \ -H "Content-Type: application/json" \ -d '{ "email": "admin@example.com", "password": "SecurePassword123" }'
{ "token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." , "type" : "Bearer" , "expiresIn" : 3600 , "user" : { "id" : "123e4567-e89b-12d3-a456-426614174000" , "email" : "admin@example.com" , "roles" : [ "ADMIN" ], "permissions" : [ "READ_PRIVILEGES" , "WRITE_PRIVILEGES" ] } }
Make authenticated requests
Use the JWT token to access protected endpoints: curl -X GET http://localhost:8080/api/users \ -H "Authorization: Bearer YOUR_JWT_TOKEN"
See the API Reference for all available endpoints. Explore by topic Learn about the core capabilities of the Authorization Service
Architecture Understand the hexagonal architecture and clean separation of concerns
JWT Authentication Learn how JWT tokens work with role and permission claims
RBAC System Implement role-based access control with dynamic permissions
Audit Logging Track all system operations with AOP-based audit logging
Key features Everything you need to build secure, enterprise-ready applications
JWT Authentication Stateless authentication with JWT tokens containing role and permission claims for fast authorization decisions
Dynamic RBAC Flexible role-based access control with dynamic permissions stored in PostgreSQL, no code changes required
Hexagonal Architecture Clean architecture with ports and adapters pattern, complete separation between domain, application, and infrastructure layers
Comprehensive Audit Logging AOP-based audit logging captures all operations with user, IP, arguments, and outcome for complete traceability
API resources Comprehensive REST API for managing users, roles, permissions, and more
Users Create and manage user accounts with activation controls
Roles Define roles and assign permissions dynamically
Permissions Granular permission management for fine-grained access control
Modules Organize permissions into logical modules
Audit Logs Query activity logs with filtering and pagination
Authentication Obtain JWT tokens for API authentication
Ready to secure your application? Get started with the Authorization Service in minutes and implement enterprise-grade access control.