A secure, role-based blogging platform backend built with Spring Boot. Features include JWT authentication, user role hierarchy, and full CRUD operations for posts, comments, and likes.
-
Register & login with JWT authentication
-
Secure password hashing using BCrypt
-
Role-based access:
VIEWER,AUTHOR,MOD,ADMIN -
Users can:
- Create, update, delete their posts
- Comment on and like posts
- View posts, comments, and own data
-
Moderators can delete any post or comment
-
Admins can manage users (ban, delete, assign roles)
-
Global exception handling with descriptive error messages
-
Clean DTO ↔ Entity mapping using MapStruct
-
Interactive Swagger UI for API testing and documentation
risspecct-blog-platform-backend/
├── Controllers/
├── Entities/
├── Dtos/
├── Services/
├── Repositories/
├── Filters/
├── Security/
├── Exceptions/
├── Mappers/
├── Enums/
├── postman/
├── src/main/resources/
| Role | Permissions |
|---|---|
| VIEWER | View posts, comment, like |
| AUTHOR | All of the above + create/edit/delete own posts |
| MOD | All of the above + delete any post/comment |
| ADMIN | Full access + manage users and assign roles |
POST /register– Register new userPOST /login– Authenticate and get JWT
GET /– View own profilePUT /– Update own profileDELETE /– Delete own accountGET /comments– Get own commentsGET /all– (Admin) View all users
POST /– (Author) Add postGET /{id}– View specific postPUT /{id}– (Author) Update own postDELETE /{id}– (Author) Delete own postGET /users/me/posts– View own postsGET /users/{userId}/posts– View posts by user
POST /– Add commentGET /– Get all comments on a postGET /{id}– Get single commentPUT /{id}– Update own commentDELETE /{id}– Delete own comment
POST /like– Like a postGET /likes– Get like countDELETE /like– Remove like
PUT /users/roles/{userId}– Assign rolesPUT /users/ban/{userId}– Ban/unban userDELETE /users/delete/{userId}– Delete user
DELETE /delete/posts/{postId}– Delete any postDELETE /delete/comments/{commentId}– Delete any comment
- Stateless JWT authentication
- Role hierarchy:
ADMIN > MOD > AUTHOR > VIEWER @PreAuthorizeannotations on secured routes- Custom exception handler for clean error responses
- Java 21
- Spring Boot 3.4+
- Spring Security
- Spring Data JPA (Hibernate)
- MySQL 8+
- JWT (jjwt)
- MapStruct
- Lombok
- Swagger UI: http://localhost:8080/swagger-ui/index.html
- OpenAPI JSON: http://localhost:8080/v3/api-docs
- Shortcut: Access via
/docsredirect
Use the “Authorize” button and provide Bearer <JWT> to test secured endpoints.
- Java 21+
- Maven
- MySQL 8+
git clone https://github.com/your-username/risspecct-blog-platform-backend.git
cd risspecct-blog-platform-backend
cp src/main/resources/application.properties.example src/main/resources/application.properties
# edit DB and JWT settings in application.properties
./mvnw spring-boot:runThis project includes a comprehensive test suite for both the service and controller layers, using:
- JUnit 5
- Mockito
- Spring Security Test
All tests run against an in-memory H2 database, ensuring they are:
- Fast
- Isolated
- Do not affect your local MySQL data
@ExtendWith(MockitoExtension.class)
Used for service-layer testing to verify business logic without loading the Spring context.
@WebMvcTest
Used for controller-layer testing to verify:
- Security rules (
@PreAuthorize) - Role hierarchy
- Request validation (
@Valid) - Global exception handling
| Action | Command |
|---|---|
| Run all tests | bash<br>./mvnw test |
| Build project without tests | bash<br>./mvnw package -DskipTests |
Located at: postman/blog-platform-api.postman_collection.json
- Import into Postman
- Use
/users/loginto retrieve a JWT - JWT auto-assigned to
{{token}}for all requests
This project is licensed under the MIT License.
Pull requests are welcome. For major changes, please open an issue first to discuss what you’d like to change.