Skip to main content
This guide covers everything you need to install, configure, and run the Authorization Service in development and production environments.

System Requirements

Required Software

Java Development Kit

JDK 21 or higherVerify installation:
java -version

PostgreSQL

PostgreSQL 12+ recommendedRunning on default port 5432

Maven

Maven 3.6+ (optional)Maven wrapper included in project

Git

Git for version controlClone the repository

Hardware Recommendations

  • Memory: Minimum 2GB RAM (4GB recommended)
  • Storage: 500MB free disk space
  • CPU: Any modern processor

Installation Steps

1

Install JDK 21

Download and install Java 21 from Oracle or use a package manager:
sudo apt update
sudo apt install openjdk-21-jdk
Verify the installation:
java -version
# Should show: openjdk version "21.x.x"
2

Install PostgreSQL

Install PostgreSQL database server:
sudo apt update
sudo apt install postgresql postgresql-contrib
sudo systemctl start postgresql
sudo systemctl enable postgresql
3

Clone the Repository

Clone the project from your version control system:
git clone <your-repository-url>
cd authorization-service
4

Create Database

Create a dedicated database for the service:
# Access PostgreSQL
sudo -u postgres psql

-- Create database
CREATE DATABASE autorization_db;

-- Create user (optional, for production)
CREATE USER auth_service WITH PASSWORD 'secure_password_here';

-- Grant privileges
GRANT ALL PRIVILEGES ON DATABASE autorization_db TO auth_service;

-- Exit
\q
5

Configure Application

Set up your environment variables. The service uses the following configuration from application.properties:
# Database Configuration
spring.datasource.url=jdbc:postgresql://localhost:5432/${DB_NAME}?options=-c%20TimeZone=America/Lima
spring.datasource.username=${DB_USERNAME}
spring.datasource.password=${DB_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver

# JPA/Hibernate Configuration
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true

# JWT Configuration
jwt.secret=${JWT_SECRET}
jwt.expiration-ms=${JWT_EXPIRATION_MS}

# Logging
app.logs.dir=logs
Never commit sensitive credentials to version control. Always use environment variables or external configuration.
6

Set Environment Variables

Configure the required environment variables:
export DB_NAME="autorization_db"
export DB_USERNAME="postgres"
export DB_PASSWORD="your_secure_password"
export JWT_SECRET="$(openssl rand -base64 32)"
export JWT_EXPIRATION_MS="86400000"
JWT_SECRET: Must be Base64-encoded, minimum 256 bits (32 bytes)
JWT_EXPIRATION_MS: Token lifetime in milliseconds (86400000 = 24 hours)
7

Build the Project

Compile the project using Maven:
# Using Maven wrapper (recommended)
./mvnw clean package -DskipTests

# Or with installed Maven
mvn clean package -DskipTests
This will create a JAR file in the target/ directory.
8

Run the Application

Start the Authorization Service:
./mvnw spring-boot:run
The service will start on port 8080 by default.
9

Verify Installation

Test that the service is running:
Health Check
curl http://localhost:8080/swagger-ui.html
You should see the Swagger UI documentation page.

Configuration Reference

Database Settings

The service uses Spring Data JPA with PostgreSQL:
VariableDescriptionDefaultRequired
DB_NAMEPostgreSQL database name-Yes
DB_USERNAMEDatabase user-Yes
DB_PASSWORDDatabase password-Yes
Connection URL Pattern: 
jdbc:postgresql://localhost:5432/autorization_db?options=-c%20TimeZone=America/Lima

JWT Configuration

VariableDescriptionExampleRequired
JWT_SECRETSecret key for signing tokens (Base64)See belowYes
JWT_EXPIRATION_MSToken expiration time in milliseconds86400000Yes
Generate a secure JWT secret: 
openssl rand -base64 32

Hibernate Schema Management

The spring.jpa.hibernate.ddl-auto property controls database schema handling:
  • update (Development): Automatically updates schema based on entities
  • validate (Production): Only validates schema, doesn’t modify
  • none (Production): No schema management
In production, use validate or none and manage schema with migration tools like Flyway or Liquibase.

Project Dependencies

From pom.xml, the service includes:

Core Dependencies

<!-- Spring Boot 4.0.2 -->
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>4.0.2</version>
</parent>

<!-- Java 21 -->
<properties>
    <java.version>21</java.version>
</properties>

Key Libraries

  • Spring Boot Web MVC 4.0.2: REST API framework
  • Spring Security 6: Authentication and authorization
  • Spring Data JPA: Database persistence
  • JJWT 0.12.6: JWT token generation and validation
  • SpringDoc OpenAPI 2.8.9: API documentation (Swagger UI)
  • PostgreSQL Driver: Database connectivity
  • Lombok: Reduce boilerplate code
  • Jakarta Validation: Request validation
  • Spring Dotenv 4.0.0: Environment variable management

Database Initialization

Automatic Schema Creation

With spring.jpa.hibernate.ddl-auto=update, Hibernate will automatically create tables for:
  • Users
  • Roles
  • Permissions
  • Modules
  • Activity Logs (Audit)
  • User-Role mappings
  • Role-Permission mappings

Initial Data Setup

You’ll need to create initial users and roles. Here’s a sample SQL script: 
-- Insert default roles
INSERT INTO roles (id, name, description) VALUES
  (gen_random_uuid(), 'ADMIN', 'Administrator with full access'),
  (gen_random_uuid(), 'USER', 'Standard user');

-- Insert permissions
INSERT INTO permissions (id, name, description) VALUES
  (gen_random_uuid(), 'READ_PRIVILEGES', 'Can read resources'),
  (gen_random_uuid(), 'WRITE_PRIVILEGES', 'Can create/update resources');

-- Create admin user (password: password123)
INSERT INTO users (id, names, email, password, status, is_enabled) VALUES
  (gen_random_uuid(),
   'Admin User',
   '[email protected]',
   '$2a$10$...', -- BCrypt hash of 'password123'
   'ACTIVO',
   true);

-- Link admin user to ADMIN role
INSERT INTO user_roles (user_id, role_id)
SELECT u.id, r.id
FROM users u, roles r
WHERE u.email = '[email protected]'
  AND r.name = 'ADMIN';
Password hashes should be generated using BCrypt with strength 10. Use the service’s own user creation endpoint once you have an initial admin user.

API Documentation

Once running, access the interactive API documentation:
  • Swagger UI: http://localhost:8080/swagger-ui.html
  • OpenAPI JSON: http://localhost:8080/v3/api-docs

Main Endpoints

EndpointMethodDescriptionAuth Required
/api/auth/loginPOSTAuthenticate and get JWT tokenNo
/api/usersGETList all usersYes
/api/usersPOSTCreate new userYes (WRITE_PRIVILEGES)
/api/users/{id}GETGet user by IDYes (READ_PRIVILEGES)
/api/users/{id}PUTUpdate userYes (WRITE_PRIVILEGES)
/api/users/{id}/activatePATCHActivate userYes (WRITE_PRIVILEGES)
/api/users/{id}/deactivatePATCHDeactivate userYes (WRITE_PRIVILEGES)
/api/users/{id}/roles/{roleId}POSTAssign role to userYes (WRITE_PRIVILEGES)
/api/users/{id}/roles/{roleId}DELETERevoke role from userYes (WRITE_PRIVILEGES)
/api/users/searchGETSearch users (paginated)Yes (READ_PRIVILEGES)
/api/audit-logsGETQuery audit logsYes

Production Deployment

Build Production JAR

./mvnw clean package -DskipTests
This creates an executable JAR: target/autorization-0.0.1-SNAPSHOT.jar

Run as System Service

# Create service file: /etc/systemd/system/authorization.service
[Unit]
Description=Authorization Service
After=postgresql.service

[Service]
User=appuser
ExecStart=/usr/bin/java -jar /opt/authorization/autorization-0.0.1-SNAPSHOT.jar
EnvironmentFile=/opt/authorization/.env
SuccessExitStatus=143
TimeoutStopSec=10
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

# Enable and start
sudo systemctl enable authorization
sudo systemctl start authorization

Production Checklist

  • Use strong, randomly generated JWT secret
  • Configure HTTPS/TLS
  • Set up CORS policies
  • Use environment-specific database credentials
  • Enable rate limiting
  • Configure secure session management
  • Use connection pooling (HikariCP is included)
  • Set spring.jpa.hibernate.ddl-auto=validate
  • Disable spring.jpa.show-sql
  • Configure backup strategy
  • Set up read replicas (if needed)
  • Enable SSL for database connections
  • Configure centralized logging
  • Set up application monitoring (Prometheus, Grafana)
  • Enable Spring Boot Actuator endpoints
  • Configure log rotation
  • Set appropriate log levels
  • Monitor audit logs regularly
  • Configure JVM heap size: -Xmx2g -Xms2g
  • Enable GC logging
  • Configure connection pool size
  • Set up caching (if needed)
  • Load test before deployment

Troubleshooting

Common Issues

Change the port in environment variables:
export SERVER_PORT=8081
./mvnw spring-boot:run
Or add to application.properties:
server.port=8081
Verify PostgreSQL is running:
sudo systemctl status postgresql
Test connection manually:
psql -h localhost -U postgres -d autorization_db
Check firewall rules and PostgreSQL pg_hba.conf configuration.
SignatureException: JWT secret mismatch or corrupted token ExpiredJwtException: Token has expired, request a new one MalformedJwtException: Invalid token formatEnsure:
  • JWT secret is consistent across restarts
  • Secret is properly Base64-encoded
  • Token hasn’t expired (check JWT_EXPIRATION_MS)
Clean Maven cache and rebuild:
./mvnw clean install -U
Verify Java version:
java -version
javac -version
Both should show Java 21.

Logging

Application logs are written to:
  • Console output (during development)
  • logs/ directory (configurable via app.logs.dir)
Increase log verbosity for debugging: 
logging.level.com.autorization=DEBUG
logging.level.org.springframework.security=DEBUG

Next Steps

Quick Start

Get your first JWT token in minutes

API Reference

Explore all available endpoints

Architecture

Learn about the hexagonal architecture

Security

Understand authentication and authorization

Build docs developers (and LLMs) love

Get started for freeTalk to us