A Spring Boot microservice for user account and payroll management with role‑based access control (RBAC), authentication/authorization, and security event logging.
Port used in examples: 28852. H2 console is enabled for local development.
- User management → sign up, change password, list users (admin scope)
- Payroll → add payments, list payments (per user & accountant views)
- Security → RBAC (Administrator, User, Accountant, Auditor) + security events
- Validation & error handling with clear JSON responses
- H2 console (
/h2-console) for local development; Actuator shutdown for tests
- Java 21 (compatible 17+)
- Spring Boot 3.x: Web, Security, Data JPA
- H2 (dev)
- Gradle Wrapper, Git/GitHub
- Docker (optional for deployment)
Prerequisites: JDK 17+ (21 recommended), Git. No Gradle installation needed (wrapper included).
git clone https://github.com/psv73/Account-Service.git
cd Account-Service
# build & run
./gradlew clean bootRun
# choose a custom port if needed
./gradlew bootRun --args='--server.port=28852'H2 console: http://localhost:28852/h2-console (FrameOptions configured as sameOrigin).
/api/auth/signup
/api/auth/changepass
/api/empl/payment
/api/acct/payments
/api/security/events
/api/admin/user
/api/admin/user/role
/api/admin/user/access
/h2-console/**
/actuator/shutdown
.authorizeHttpRequests(auth -> auth
.requestMatchers(AppPath.USER + "/**").hasRole("ADMINISTRATOR")
.requestMatchers(HttpMethod.GET, AppPath.PAYMENT).hasAnyRole("ACCOUNTANT", "USER")
.requestMatchers(HttpMethod.GET, AppPath.SECURITY_EVENT).hasRole("AUDITOR")
.requestMatchers(HttpMethod.POST, AppPath.PAYMENTS).hasRole("ACCOUNTANT")
.requestMatchers(HttpMethod.PUT, AppPath.PAYMENTS).hasRole("ACCOUNTANT")
.requestMatchers(HttpMethod.POST, AppPath.CHANGE_PASS).authenticated()
.requestMatchers(HttpMethod.POST, AppPath.SIGN_UP).permitAll()
.requestMatchers(HttpMethod.POST, AppPath.ACTUATOR_SHUTDOWN).permitAll()
.anyRequest().permitAll()
);POST http://localhost:28852/api/auth/signup
Content-Type: application/json
{
"name": "John",
"lastname": "Doe",
"email": "john.black@acme.com",
"password": "oMoa3VvqnLxW"
}✅ Response
{
"id": 7952,
"name": "John",
"lastname": "Doe",
"email": "john.black@acme.com",
"roles": ["ROLE_USER"]
}POST http://localhost:28852/api/auth/changepass
Content-Type: application/json
Authorization: Basic <base64(email:password)>
{ "new_password": "oMoa3VvqnLxW" }✅ Response
{
"email": "johndoe1@acme.com",
"status": "The password has been updated successfully"
}POST http://localhost:28852/api/empl/payment
Content-Type: application/json
Authorization: Basic <base64(accountant_email:password)>
{ "employee": "john.black@acme.com", "period": "08-2025", "salary": 350000 }✅ Response
{ "status": "Added successfully!" }- User view
GET http://localhost:28852/api/empl/payment
Authorization: Basic <base64(user_email:password)>- Accountant view
GET http://localhost:28852/api/acct/payments
Authorization: Basic <base64(accountant_email:password)>Endpoint
GET http://localhost:28852/api/security/events
Authorization: Basic <base64(auditor_email:password)>Response example
[
{
"id": 1,
"date": "2025-08-15T10:20:54.282006",
"action": "CREATE_USER",
"subject": "Anonymous",
"object": "johndoe@acme.com",
"path": "/api/auth/signup"
},
{
"id": 4,
"date": "2025-08-15T10:22:05.260397",
"action": "ACCESS_DENIED",
"subject": "johndoe@acme.com",
"object": "/api/acct/payments",
"path": "/api/acct/payments"
}
]config/– security configuration & beanscontroller/– REST endpointsservice/– business logicrepository/– Spring Data JPAmodel/– entities & DTOsexception/– error handling
- RBAC with Spring Security (Administrator/User/Accountant/Auditor)
- Clean REST API design & validation
- Consistent JSON errors and security event auditing
- Dev‑friendly setup (H2 console, Gradle wrapper, profiles)