This is an important job for me, as I don't have time to write this, but will take the solution into production code....
I want enough of a basic client server project to demonstrate a json web token (jwt) working.
This will be simple for someone who knows what they are doing, and I estimate it would take a solid day.
Assumptions: That there is an encrypted https connection. You do not need to provide a public/private key pair, and a self signed certificate to get started, along with instructions for the keystore, but if you can, this will be considered as a big bonus.
1) You must write the server in java. Preferably spring-boot, with 1 RestController.
2) The web client may be written in Angular, or Ajax, and use Bootstrap and css3.
3) The secret key will be stored in a .properties file on the server
4) There must be two users, one will be allowed to access accounts, the other allowed to access credit.
5) The server will expose the following endpoints:
4) Your code solution should be able to demonstrate the following
a) Bad username/password -> invalid login.
b) On successful login, the user will get a jwt, containing his role information.
c) A valid credit role can access the credit endpoint but not the account endpoint
d) A valid account role can access the accounts endpoint but not the credit endpoint
e) Both roles can access the logout endpoint
f) The token MUST BE STATELESS. I.e the token MUST NOT be held in a java.util.Map
g) After calling the logout endpoint, calling the /credit endpoint with the same token will be invalid (return a Http 403), but the client code will say make this "pretty".
h) Tokens will have an expiry, and this will be demonstrated by a unit test.
g) work must be placed in a github repo
h) There must be a README file containing enough information to run the application and any installation of public/private keys.
The JWT stuff will be in the http headers. Just to say the obvious.
i) The project must be able to be built with Maven 3.1+ and run on the localhost