A comprehensive, enterprise-grade authentication system built with Jakarta EE technologies. This application demonstrates secure user management, password recovery via email, and robust session handling.
- β User registration with validation
- β Secure login with BCrypt password hashing
- β Session-based authentication
- β Remember me functionality
- β Logout with session cleanup
- π Secure password hashing with BCrypt
- π§ Email-based password reset with 6-digit verification codes
- π Password change functionality
- π Password requirements enforcement
- π€ User profile management
- βοΈ Profile editing capabilities
- π Protected dashboard with authentication filter
- π¨ Responsive, modern UI design
- π‘οΈ CSRF protection considerations
- π« Input validation and sanitization
- π Session timeout management (15 minutes for password reset)
- π Security constraints configuration
- π Secure cookie configuration (HTTP-only)
- Jakarta EE 10 - Enterprise Java framework
- Servlet API 6.0 - Web component development
- JSP 3.1 - Dynamic web pages
- JSTL - JSP Standard Tag Library
- Hibernate 6.4 - ORM for database operations
- PostgreSQL - Primary database
- Redis - Session storage and caching
- JavaMail - Email functionality
- HTML5/CSS3 - Modern responsive design
- Vanilla JavaScript - Client-side interactions
- JSP Templates - Server-side rendering
- Apache Maven - Dependency management and build automation
- Docker & Docker Compose - Containerization
- Apache Tomcat 10.1 - Application server
- C3P0 - Database connection pooling
- Lombok - Code generation
- SLF4J - Logging framework
- JUnit - Testing framework
- Java 17 or higher
- Maven 3.6+
- Docker & Docker Compose
- PostgreSQL (or use the provided Docker setup)
- Redis (or use the provided Docker setup)
- Gmail account with App Password (for email functionality)
git clone <repository-url>
cd authapp2Create a .env file with your Gmail credentials:
# Generate App Password at: https://myaccount.google.com/apppasswords
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-16-digit-app-password
FROM_EMAIL=your-email@gmail.comdocker-compose up -d- Application: http://localhost:8080
- Login: http://localhost:8080/login
- Register: http://localhost:8080/register
- Forgot Password: http://localhost:8080/forgot-password
authapp2/
βββ src/main/
β βββ java/com/auth/
β β βββ dao/ # Data Access Objects
β β βββ model/ # Entity classes
β β βββ servlet/ # HTTP request handlers
β β βββ filter/ # Security filters
β β βββ service/ # Business logic
β β βββ util/ # Utility classes (Password, Email)
β βββ webapp/
β β βββ WEB-INF/
β β β βββ views/ # JSP pages
β β β βββ web.xml # Deployment descriptor
β β βββ css/ # Stylesheets
β βββ resources/
β βββ META-INF/ # JPA configuration
β βββ email.properties # Email settings template
βββ docker/
β βββ Dockerfile # Application container
βββ docker-compose.yml # Multi-container setup
βββ pom.xml # Maven configuration
βββ .env.example # Environment variables template
βββ README.md # This file
The application uses PostgreSQL with connection pooling. Database settings are configured in:
src/main/resources/META-INF/persistence.xml- JPA configurationdocker-compose.yml- Docker database setup
Email functionality uses Gmail SMTP. Configure in:
.envfile (recommended) orsrc/main/java/com/auth/util/EmailUtil.java
Security settings are in src/main/webapp/WEB-INF/web.xml:
- Session timeout: 30 minutes
- Password reset timeout: 15 minutes
- Transport guarantee: Configurable (HTTP/HTTPS)
- Enable 2-Step Verification on your Gmail account
- Visit Google App Passwords
- Generate a new app password:
- Select app: "Mail"
- Select device: "Other" β "AuthApp"
- Use the 16-character password in your
.envfile
Update EmailUtil.java with your SMTP provider settings:
SMTP_HOST = "smtp.your-provider.com"
SMTP_PORT = "587" // or appropriate portThe application is fully containerized with:
- tomcat: Application server (port 8080)
- postgres: PostgreSQL database (port 5432)
- redis: Redis cache (port 6379)
# Start all services
docker-compose up -d
# View logs
docker-compose logs -f tomcat
# Stop services
docker-compose down
# Rebuild after changes
mvn clean package && docker-compose up -d --build- Registration: Create a new user account
- Login: Test authentication functionality
- Password Reset: Test email verification flow
- Profile Management: Edit user profile
- Session Management: Test session timeout
# Run all tests
mvn test
# Run specific test class
mvn test -Dtest=UserServiceTest- β Password hashing with BCrypt
- β Session timeout management
- β Input validation
- β SQL injection protection via JPA/Hibernate
- β XSS protection via JSP escaping
- β Email verification for password reset
- π Enable HTTPS (change transport-guarantee to CONFIDENTIAL)
- π Use environment variables for sensitive data
- π‘οΈ Implement rate limiting
- π Add comprehensive logging and monitoring
- π Set up CSP headers
- π Configure reverse proxy (Nginx/Apache)
CREATE TABLE users (
id SERIAL PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
email VARCHAR(100) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
full_name VARCHAR(50),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);GET /- Welcome pageGET /login- Login formPOST /login- Process loginGET /register- Registration formPOST /register- Process registrationGET /forgot-password- Forgot password formPOST /forgot-password- Send reset codeGET /reset-password- Reset password formPOST /reset-password- Process password reset
GET /dashboard- User dashboardGET /profile- View profileGET /edit-profile- Edit profile formPOST /edit-profile- Update profileGET /change-password- Change password formPOST /change-password- Update passwordPOST /logout- Logout
- Check Gmail app password configuration
- Ensure 2-Step Verification is enabled
- Verify SMTP settings in
.envfile
- Verify PostgreSQL is running:
docker ps | grep postgres - Check database credentials in docker-compose.yml
- Review persistence.xml configuration
- Check Docker logs:
docker logs auth-tomcat - Verify WAR file exists in target/ directory
- Check for port conflicts (8080)
- Clear browser cookies and session data
- Check Redis connection if using external session storage
- Review session timeout configuration
- Create/update servlets in
src/main/java/com/auth/servlet/ - Add JSP views in
src/main/webapp/WEB-INF/views/ - Update security filters if needed
- Add DAO methods for database operations
- Follow Java naming conventions
- Use Lombok for boilerplate code reduction
- Maintain separation of concerns (DAO β Service β Servlet)
- Add proper logging and error handling
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-feature - Commit changes:
git commit -m 'Add new feature' - Push to branch:
git push origin feature/new-feature - Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- Jakarta EE community for the enterprise framework
- Spring Security inspiration for authentication patterns
- BCrypt library for secure password hashing
- Docker community for containerization tools
- Bootstrap and modern CSS frameworks for UI inspiration
Note: This is an educational project demonstrating enterprise Java patterns. For production deployment, ensure all security configurations are properly hardened.