AuthService:

• Manage the user authentication - SingUp, login using Spring Security etc.

1. Entities:

• Represents a table in the database.
  • UserInfo
  • UserRole
  • User

1. Services:

• Contains (decouples) business logic and handles operations or data from the database (UserInfo)
  1. CustomUserDetails:
     • Implementation of UserDetails service (Spring Security) to manage the user Authentication
     • This component/service is used to defined custom user abstraction.
  2. JWTService:
     • Manage JWT Token
     • createToken, validateToken etc.
  3. RefreshTokenService:
     • Manages the creation and regeneration of Refresh token.
     • createRefreshToken, findByToken, verifyExpiration.
  4. UserDetailsService:
     • It is a custom implementation of UserDetailsService (Spring security) and it uses the customUserDetails component abstraction.
     • it is used to manage the user authentication i.e signup.
     • loadUserDetails by the Username.

1. Repositories:

• Spring-managed interface that abstracts database operations (like save, find, delete). It uses JPA/Hibernate internally to perform these operations without manual SQL.

• RefreshTokenRepository:

  Used to manage the database operations for RefreshTokens.

  • eg. findbytoken(token), save new token etc.

• UserRepository:

  • Used to manage the data of the UserInfo in database.
  • eg. findByUsername(username)

1. Auth:

   • Provides authentication-related Spring Security beans used during the auth process.
   • Example: Custom UserDetailsService, AuthenticationManager, SecurityFilterChain, etc.

   Request Flow:

   Request → SecurityFilterChain → JWTAuthFilter → AuthenticationManager → AuthenticationProvider → UserDetailsService → SecurityContext → Controller.

   1. SecurityConfig:
   • Defines authentication, authorization rules, and registers security-related beans in Spring.
   • userDetailsService loads user data, authenticationProvider validates credentials, authenticationManager handles auth flow, securityFilterChain defines security rules and filters.
   1. JWTFilter :
   • Provides the custom JWTFilter to filterChain (SprinSecurity).
   • Extracts JWT from header, gets username, if not authenticated: loads UserDetails, validates token, sets SecurityContextHolder, and continues the filter chain.
     • Load UserDetails
     • Validate token
     • Set SecurityContextHolder with UsernamePasswordAuthenticationToken to enable @PreAuthorize, role checks, etc.
   • Continue with filterChain.
   1. UserConfig -
   • Provides the PasswordEncoder(Spring → security → Crypto) to encrypt password. (Signup).
   1. request
   • Defines DTOs to accept API input
   • AuthRequestDTO is used for receiving username and password
   • RefreshTokenRequestDTO is used for receiving refresh token and requesting a new one.
   1. response
   • Defines DTOs for API responses
   • JWTResponseDTO is used to return access token and refresh token
   1. controllers
   • Contains API endpoints for the application
   • Handles incoming requests and delegates to relevant services
   • Uses annotations like Controller, RequestBody, PostMapping
     • AuthController
       • auth/v1/signup handles user signup and returns tokens.
     • TokenController
       • auth/v1/login handles user login and returns tokens
       • auth/v1/refreshToken regenerates tokens using the refresh token
     • Note:
       • Access Token
         • Expires in 1 minute
         • Refresh via /auth/v1/refreshtoken (don’t log in again)
       • Refresh Token
         • Expires in 10 minutes
         • If expired → user must log in again
       • Store and validate refresh tokens to prevent misuse
       • Expiry times should be adjusted after testing.

   1. Models

      • Models are used to define extra information and keep separate from JPA entities.
      • Often extends entities and used in service layers.
      • UserInforDTO extends UserInfo entity, adds more attributes and used in service layer instead of using UserEntity.

   2. Utils:

      • ValidationUtils are used to validate incoming request parameters.
      • eg. Username and Password.

   3. Kafka Producer and Serializer:

      • Kafka Producer will be used to send a kafka event with userInfo.
      • This event will be consumed by UserService.
      • Serializer will be used to serialize the UserInfo data.