Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/psv73/account-service

Spring Boot microservice for user accounts and payroll with RBAC and security events
https://github.com/psv73/account-service

gradle h2 java rest-api spring-boot spring-security

Last synced: about 2 months ago
JSON representation

Spring Boot microservice for user accounts and payroll with RBAC and security events

Awesome Lists containing this project

README 

          
# 🧾 Account Service – Payroll & User Management (Java, Spring Boot)

![Build](https://github.com/psv73/Account-Service/actions/workflows/ci.yml/badge.svg)

![Java](https://img.shields.io/badge/Java-21-blue.svg)

![License](https://img.shields.io/badge/License-MIT-green.svg)



A Spring Boot microservice for user account and payroll management with **role‑based access control (RBAC)**, authentication/authorization, and **security event logging**.



> Port used in examples: **28852**. H2 console is enabled for local development.



---



## πŸš€ Features

- **User management** β†’ sign up, change password, list users (admin scope)

- **Payroll** β†’ add payments, list payments (per user & accountant views)

- **Security** β†’ RBAC (Administrator, User, Accountant, Auditor) + security events

- **Validation & error handling** with clear JSON responses

- **H2 console** (`/h2-console`) for local development; **Actuator shutdown** for tests



---



## 🧱 Tech Stack

- Java 21 (compatible 17+)

- Spring Boot 3.x: Web, Security, Data JPA

- H2 (dev)

- Gradle Wrapper, Git/GitHub

- Docker (optional for deployment)



---



## ▢️ Getting Started



**Prerequisites**: JDK 17+ (21 recommended), Git. No Gradle installation needed (wrapper included).



```bash

git clone https://github.com/psv73/Account-Service.git

cd Account-Service



# build & run

./gradlew clean bootRun



# choose a custom port if needed

./gradlew bootRun --args='--server.port=28852'

```



**H2 console**: `http://localhost:28852/h2-console` (FrameOptions configured as `sameOrigin`).



---



## πŸ“š Endpoints Overview (centralized in `AppPath`)



```

/api/auth/signup

/api/auth/changepass

/api/empl/payment

/api/acct/payments

/api/security/events

/api/admin/user

/api/admin/user/role

/api/admin/user/access

/h2-console/**

/actuator/shutdown

```



---



## πŸ” Access Rules (Spring Security β€” RBAC)

```java

.authorizeHttpRequests(auth -> auth

    .requestMatchers(AppPath.USER + "/**").hasRole("ADMINISTRATOR")

    .requestMatchers(HttpMethod.GET,  AppPath.PAYMENT).hasAnyRole("ACCOUNTANT", "USER")

    .requestMatchers(HttpMethod.GET,  AppPath.SECURITY_EVENT).hasRole("AUDITOR")

    .requestMatchers(HttpMethod.POST, AppPath.PAYMENTS).hasRole("ACCOUNTANT")

    .requestMatchers(HttpMethod.PUT,  AppPath.PAYMENTS).hasRole("ACCOUNTANT")

    .requestMatchers(HttpMethod.POST, AppPath.CHANGE_PASS).authenticated()

    .requestMatchers(HttpMethod.POST, AppPath.SIGN_UP).permitAll()

    .requestMatchers(HttpMethod.POST, AppPath.ACTUATOR_SHUTDOWN).permitAll()

    .anyRequest().permitAll()

);

```



---



## πŸ“Œ Example Requests



### 1) Sign up

```http

POST http://localhost:28852/api/auth/signup

Content-Type: application/json



{

  "name": "John",

  "lastname": "Doe",

  "email": "john.black@acme.com",

  "password": "oMoa3VvqnLxW"

}

```



βœ… Response

```json

{

  "id": 7952,

  "name": "John",

  "lastname": "Doe",

  "email": "john.black@acme.com",

  "roles": ["ROLE_USER"]

}

```



### 2) Change password (authenticated)

```http

POST http://localhost:28852/api/auth/changepass

Content-Type: application/json

Authorization: Basic 



{ "new_password": "oMoa3VvqnLxW" }

```



βœ… Response

```json

{

  "email": "johndoe1@acme.com",

  "status": "The password has been updated successfully"

}

```



### 3) Add payment (ACCOUNTANT)

```http

POST http://localhost:28852/api/empl/payment

Content-Type: application/json

Authorization: Basic 



{ "employee": "john.black@acme.com", "period": "08-2025", "salary": 350000 }

```



βœ… Response

```json

{ "status": "Added successfully!" }

```



### 4) List payments

- **User view**

```http

GET http://localhost:28852/api/empl/payment

Authorization: Basic 

```

- **Accountant view**

```http

GET http://localhost:28852/api/acct/payments

Authorization: Basic 

```



---



## πŸ”Ž Audit & Security Events



**Endpoint**

```http

GET http://localhost:28852/api/security/events

Authorization: Basic 

```



**Response example**

```json

[

  {

    "id": 1,

    "date": "2025-08-15T10:20:54.282006",

    "action": "CREATE_USER",

    "subject": "Anonymous",

    "object": "johndoe@acme.com",

    "path": "/api/auth/signup"

  },

  {

    "id": 4,

    "date": "2025-08-15T10:22:05.260397",

    "action": "ACCESS_DENIED",

    "subject": "johndoe@acme.com",

    "object": "/api/acct/payments",

    "path": "/api/acct/payments"

  }

]

```



---



## πŸ“‚ Project Structure (high level)

- `config/` – security configuration & beans

- `controller/` – REST endpoints

- `service/` – business logic

- `repository/` – Spring Data JPA

- `model/` – entities & DTOs

- `exception/` – error handling



---



## πŸ“ˆ What this project demonstrates

- RBAC with Spring Security (Administrator/User/Accountant/Auditor)

- Clean REST API design & validation

- Consistent JSON errors and **security event** auditing

- Dev‑friendly setup (H2 console, Gradle wrapper, profiles)