Skip to content

ttpgowda/crm-backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Readme.md
Readme.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 
project-structure.txt
project-structure.txt
 
 

Repository files navigation

Chat Reference

https://chatgpt.com/c/67f6890f-7da4-8013-ae9c-2f997e50f28e

File Structure need to maintain

com.yourcompany.yourapp
│
├── config/                 # General application-level configuration
│   ├── AppConfig.java
│   ├── JpaAuditConfig.java
│   └── SecurityConfig.java
│
├── common/                 # Shared utilities and base classes
│   ├── entity/
│   │   ├── BaseEntity.java          # For auditing
│   │   └── TenantAwareEntity.java   # If tenant needs to be part of base
│   ├── dto/
│   ├── constants/
│   ├── exceptions/
│   └── utils/
│
├── security/               # JWT, filters, auth providers
│   ├── JwtAuthenticationFilter.java
│   ├── JwtTokenProvider.java
│   ├── CustomUserDetails.java
│   └── SecurityUtils.java
│
├── tenant/                 # Multi-tenancy setup
│   ├── TenantContext.java
│   ├── CurrentTenantIdentifierResolverImpl.java
│   ├── TenantEntity.java
│   └── TenantService.java
│
├── user/                   # Auth system - users, roles, login
│   ├── entity/
│   │   ├── User.java
│   │   └── Role.java
│   ├── dto/
│   ├── controller/
│   ├── repository/
│   ├── service/
│   └── security/
│       └── UserDetailsServiceImpl.java
│
├── module1/                # Business domain (e.g., CRM)
│   ├── entity/
│   ├── dto/
│   ├── controller/
│   ├── repository/
│   └── service/
│
├── module2/                # Another domain (e.g., Projects)
│   ├── entity/
│   ├── controller/
│   ├── service/
│   └── repository/
│
└── Application.java        # Main class

For getting the File Structure

/F /A > project-structure.txt

Security Flow Summary Flow (Step-by-Step)

[1] Login Request (email, password, tenantId)
    ↓
[2] Authenticate user (email + tenant filter)
    ↓
[3] Generate JWT with tenantId + role
    ↓
[4] Return JWT to client
    ↓
[5] Client sends JWT in Authorization header for all requests
    ↓
[6] JWT Filter:
    - Validates token
    - Sets Authentication
    - Sets current tenant
    ↓
[7] Access Secured Endpoint (Service auto-scopes tenant using @TenantId)

Security Stages

Step	Feature	Required?	Notes
1️⃣	Basic Spring Security	        ✅	Enable SecurityFilterChain
2️⃣	CORS	                        ✅	Allow frontend access
3️⃣	CSRF	                        ✅	Disable for APIs
4️⃣	Custom UserDetailsService	    ✅	Load user from DB
5️⃣	BCrypt Password Encoder	        ✅	Secure passwords
6️⃣	JWT Provider	                ✅	Generate/validate tokens
7️⃣	JWT Filter	                    ✅	Authenticate on every request
8️⃣	AuthController	                ✅	Login endpoint
9️⃣	Role-Based Authorization	    ✅	Restrict API access
🔟	Session Stateless	            ✅	Required for JWT
1️⃣1️⃣	Global Exception Handler	✅	Handle 403/401 gracefully
1️⃣2️⃣	OAuth2	Optional	        ✅   Only if using Google, GitHub, etc.

Skipping the tenantFilter when needed

Skip filter using EntityManager.unwrap(Session.class).disableFilter("tenantFilter")

About

Backend module for CRM application

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages