This repository was archived by the owner on Nov 23, 2025. It is now read-only.
Conversation
…ptions Defines three system roles: ADMIN, EMPLOYEE, CUSTOMER
- Add/restore dependencies:
* spring-boot-starter-{web,data-jpa,security,validation}
* org.postgresql:postgresql (runtime) + com.h2database:h2 (runtime)
* io.jsonwebtoken:jjwt-{api,impl,jackson} 0.11.5
* org.projectlombok:lombok 1.18.32
* springdoc-openapi-starter-webmvc-ui 2.8.13
* test deps: spring-boot-starter-test, spring-security-test
- Replace mixed/dev settings with a single, clean Postgres config - Keep server.port=8081 - Use jwt.expiration=86400000 (fix incorrect key 'jwt.expiration.time') - Explicit Postgres driver and Hibernate dialect - Enable SQL logging and pretty formatting - JWT secret pulled from env with secure default placeholder
- New RegisterRequest DTO for user signup - Fields: username, email, password, roles
Overview of Changes: Public Registration: Only allows CUSTOMER role Admin-only Employee Creation: Only admins can create employee accounts Data Seeder: Creates default admin account Enhanced Security: Proper role-based access control
This commit addresses a series of critical build and runtime errors that occurred after upgrading dependencies and refactoring the security configuration. The application now compiles, starts, and runs successfully on Spring Boot 3. The primary issues and their resolutions include: - **Compilation Failures in SecurityConfig:** The project failed to compile due to the use of deprecated and removed APIs from Spring Security 6 (e.g., `WebSecurityConfigurerAdapter`, `.and()` chains). - **Fix:** Refactored `SecurityConfig` to use the modern, component-based Lambda DSL for defining the `SecurityFilterChain` bean. - **JWT Library Mismatches:** The `JwtUtil` class was using methods incompatible with the `jjwt` library version specified in the `pom.xml`, causing both `cannot find symbol` errors and deprecation warnings. - **Fix:** Updated `JwtUtil` to use the modern builder patterns from the `jjwt:0.12.x` API for both token generation and parsing. - **Circular Dependency at Runtime:** The application failed to start due to a circular dependency between `SecurityConfig` (which provides the `PasswordEncoder`) and `UserService` (which needs it). - **Fix:** Resolved the cycle by applying the `@Lazy` annotation to the `PasswordEncoder` injection within the `UserService` constructor, deferring its initialization. - **Configuration Property Error:** The application failed to start because it could not find the `jwt.expiration` property. - **Fix:** Corrected a typo in `application.properties` by renaming the key from `jwt.expiration.time` to `jwt.expiration`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduce a comprehensive role management system with defined roles (ADMIN, EMPLOYEE, CUSTOMER) and permissions. Enhance user registration and login processes, ensuring unique emails and role assignments. Update dependencies and configurations for PostgreSQL and JWT handling, resolving critical build issues.