{"id":30048558,"url":"https://github.com/tharindu714/j2ee-security-api-with-mysql","last_synced_at":"2026-05-17T11:33:00.211Z","repository":{"id":301331224,"uuid":"1008851138","full_name":"Tharindu714/J2EE-Security-API-with-MySQL","owner":"Tharindu714","description":"Demonstrates securing a Jakarta EE application using a database-backed IdentityStore, JPA persistence, and container-managed JDBC connection pooling.","archived":false,"fork":false,"pushed_at":"2025-06-26T09:35:32.000Z","size":10,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-07T10:41:16.312Z","etag":null,"topics":["j2ee","mysql","rest-api","security-vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tharindu714.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-26T07:32:01.000Z","updated_at":"2025-06-26T09:36:44.000Z","dependencies_parsed_at":"2025-06-26T10:42:40.165Z","dependency_job_id":null,"html_url":"https://github.com/Tharindu714/J2EE-Security-API-with-MySQL","commit_stats":null,"previous_names":["tharindu714/j2ee-security-with-database"],"tags_count":1,"template":true,"template_full_name":null,"purl":"pkg:github/Tharindu714/J2EE-Security-API-with-MySQL","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tharindu714%2FJ2EE-Security-API-with-MySQL","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tharindu714%2FJ2EE-Security-API-with-MySQL/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tharindu714%2FJ2EE-Security-API-with-MySQL/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tharindu714%2FJ2EE-Security-API-with-MySQL/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tharindu714","download_url":"https://codeload.github.com/Tharindu714/J2EE-Security-API-with-MySQL/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tharindu714%2FJ2EE-Security-API-with-MySQL/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33136738,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T09:28:26.183Z","status":"ssl_error","status_checked_at":"2026-05-17T09:27:52.702Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["j2ee","mysql","rest-api","security-vulnerability"],"created_at":"2025-08-07T10:38:37.617Z","updated_at":"2026-05-17T11:33:00.206Z","avatar_url":"https://github.com/Tharindu714.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"## **README.md for J2EE Security with Database**\n\n# 🔐 J2EE Security with Database Integration\n\n\u003e Demonstrates securing a Jakarta EE application using a database-backed IdentityStore, JPA persistence, and container-managed JDBC connection pooling.\n\n---\n\n## 📑 Table of Contents\n\n1. [🚧 Prerequisites](#-prerequisites)\n2. [🛠️ Database Setup](#️-database-setup)\n3. [🔌 Configure JDBC Pool \u0026 DataSource](#-configure-jdbc-pool--datasource)\n4. [⚙️ JPA \u0026 `persistence.xml` Configuration](#-jpa--persistencexml-configuration)\n5. [🔍 Theory Behind Persistence \u0026 Security](#-theory-behind-persistence--security)\n6. [📂 Project Structure](#-project-structure)\n7. [🛡️ Security Components](#️-security-components)\n8. [🚀 Deploy \u0026 Run](#-deploy--run)\n9. [📷 Screenshots](#-screenshots)\n10. [🤝 Contributing](#-contributing)\n11. [📜 License](#-license)\n\n---\n\n## 🚧 Prerequisites\n\n* **Java 11+**, **Maven**, **WildFly/Payara/Tomcat**\n* **MySQL** (or any relational DB)\n* Basic knowledge of JPA and Jakarta Security APIs\n\n---\n\n## 🛠️ Database Setup\n\nFollow these steps to create the user and roles tables:\n\n1. **Login to MySQL**:\n\n   ```bash\n   mysql -u root -p\n   ```\n2. **Create database**:\n\n   ```sql\n   CREATE DATABASE j2ee_security_db;\n   USE j2ee_security_db;\n   ```\n\n---\n\n## 🔌 Configure JDBC Pool \u0026 DataSource\n\nConfigure your application server to expose a JNDI datasource:\n\n### WildFly (standalone.xml)\n\n```xml\n\u003cdatasources\u003e\n  \u003cdatasource jndi-name=\"java:/jdbc/SecurityDS\" pool-name=\"SecurityPool\"\u003e\n    \u003cconnection-url\u003ejdbc:mysql://localhost:3306/security_demo\u003c/connection-url\u003e\n    \u003cdriver\u003emysql\u003c/driver\u003e\n    \u003csecurity\u003e\n      \u003cuser-name\u003edbuser\u003c/user-name\u003e\n      \u003cpassword\u003edbpass\u003c/password\u003e\n    \u003c/security\u003e\n  \u003c/datasource\u003e\n\u003c/datasources\u003e\n```\n\n### Tomcat (context.xml)\n\n```xml\n\u003cResource name=\"jdbc/SecurityDS\"\n          auth=\"Container\"\n          type=\"javax.sql.DataSource\"\n          driverClassName=\"com.mysql.cj.jdbc.Driver\"\n          url=\"jdbc:mysql://localhost:3306/security_demo\"\n          username=\"dbuser\" password=\"dbpass\"\n          maxTotal=\"20\" maxIdle=\"5\"/\u003e\n```\n\n---\n\n## ⚙️ JPA \u0026 `persistence.xml` Configuration\n\nPlace under `src/main/resources/META-INF/persistence.xml`:\n\n```xml\n\u003c?xml version=\"1.0\" encoding=\"UTF-8\" ?\u003e\n\u003cpersistence xmlns=\"https://jakarta.ee/xml/ns/persistence\" version=\"3.0\"\u003e\n    \u003cpersistence-unit name=\"j2eeSecuredAppDB\" transaction-type=\"JTA\"\u003e\n        \u003cprovider\u003eorg.hibernate.jpa.HibernatePersistenceProvider\u003c/provider\u003e\n        \u003cjta-data-source\u003ej2ee_security_db\u003c/jta-data-source\u003e\n        \u003cproperties\u003e\n            \u003cproperty name=\"hibernate.dialect\" value=\"org.hibernate.dialect.MySQLDialect\"/\u003e\n            \u003cproperty name=\"hibernate.transaction.jta.platform\" value=\"org.hibernate.engine.transaction.jta.platform.internal.SunOneJtaPlatform\"/\u003e\n            \u003cproperty name=\"hibernate.hbm2ddl.auto\" value=\"update\"/\u003e\n            \u003cproperty name=\"hibernate.show_sql\" value=\"true\"/\u003e\n        \u003c/properties\u003e\n    \u003c/persistence-unit\u003e\n\u003c/persistence\u003e\n```\n\n---\n\n## 🔍 Theory Behind Persistence \u0026 Security\n\n* **Connection Pooling**: Reuses physical DB connections, reducing overhead.\n* **JTA \u0026 JPA**: Container-managed transactions ensure consistency across multiple resources.\n* **IdentityStore with JPA**: Retrieves users/roles from DB, promoting separation of concerns.\n* **BCrypt hashing**: Securely stores passwords; compare via `IdentityStore.validate()`.\n\n---\n\n## 📂 Project Structure\n\n```\nsrc/main/java/com/tharindu/security_db/\n├── config/\n├── DAO/\n├── DTO/\n├── Util/\n├── Entity/\n    └── User.java              # User Entity Class\n├── security/\n│   ├── AppIdentityStore.java  # Implements IdentityStore via JPA\n│   └── AuthMechanism.java     # HttpAuthenticationMechanism\n├── service/\n    └── UserService.java        # User Login Service handling class\n├── servlet/\n│   ├── Login.java              # Handles login POST (No Design)\n│   └── Profile.java            # Handles Profile (No Design)\n└── webapp/\n    ├── user/\n         └── index.jsp        # Users UI\n    ├── login.jsp\n    ├── home.jsp\n    ├── index.jsp\n    └── WEB-INF/\n             └── web.xml    # Security constraints\n```\n\n---\n\n## 🛡️ Security Components\n\n* **`DatabaseIdentityStore`**: Loads credentials and roles via JPA, returns `CredentialValidationResult`.\n* **`AuthMechanism`**: Calls `identityStore.validate()`, manages login and logout flows.\n* **Servlet Constraints**: `web.xml` secures URLs (e.g., `/admin/*` to ADMIN).\n* **EJB Annotations**: If present, `@RolesAllowed` on session beans.\n\n---\n\n## 🚀 Deploy \u0026 Run\n\n1. Build: `mvn clean package`\n2. Deploy WAR to your Jakarta EE container.\n3. Access:\n\n   * Login: `/login.jsp`\n   * Home: `/home.jsp`\n   * Admin area: `/admin/*`\n\n---\n\n## 📷 Screenshots\n\n```\nFrontEnd design not created -- This Repo focuses to Backend configurations\n```\n\n---\n\n## 🤝 Contributing\n\nFork → branch → PR. Please include unit/integration tests for security flows.\n\n---\n\n## 📜 License\n\nMIT © 2025 Tharindu714\n\n---\n\n\u003e Securing your app from the ground up with DB, JPA, and Jakarta Security! 🚀\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftharindu714%2Fj2ee-security-api-with-mysql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftharindu714%2Fj2ee-security-api-with-mysql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftharindu714%2Fj2ee-security-api-with-mysql/lists"}