SpringAuthStarter is a production-ready authentication starter kit for Spring Boot. It offers JWT-based authentication, Google & GitHub OAuth2 login, and role-based access control — all in one reusable package to secure your backend quickly.
Live Demo: https://spring-security-starter.onrender.com
- Overview
- Features
- Architecture
- Tech Stack
- Installation & Setup
- Usage
- Environment Variables
- API Documentation
- Why Use This
- Contributing
- License
SpringAuthStarter eliminates the need to write repetitive Spring Security boilerplate. It’s ideal for:
- Securing REST APIs with JWT.
- Adding social login via Google & GitHub.
- Enforcing role-based endpoint protection.
- Providing ready-to-use Swagger API docs.
Authentication:
- JWT issuance & validation for stateless auth.
- Password hashing with BCrypt.
Authorization:
- Role-based access control (
ADMIN,USER). - Secure admin-only and user-only routes.
OAuth2:
- Google & GitHub login.
- Direct OAuth login URLs in JSON responses.
Utilities:
- Rate limiting via Bucket4J.
- Default admin/user creation from environment variables.
- Swagger UI for interactive API testing.
- User sends login/registration request.
- Backend validates credentials & issues JWT.
- JWT is used for all subsequent protected requests.
- OAuth2 flow handled by Spring Security client.
- Language: Java 21
- Framework: Spring Boot 3.5
- Security: Spring Security, OAuth2 Client
- Database: MySQL/PostgreSQL
- Others: JJWT, Bucket4J, Spring Data JPA, Swagger
- Containerization: Docker
- Hosting: Render
git clone https://github.com/yourusername/SpringAuthStarter.git
cd SpringAuthStarterCreate .env (see .env.example) with DB, JWT, and OAuth credentials.
Run locally:
mvn spring-boot:runOr build & run JAR:
mvn clean package
java -jar target/spring-auth-starter.jarPOST /register
{
"email": "user@example.com",
"username": "User",
"password": "pass123",
"role": "USER"
}POST /login
{
"email": "user@example.com",
"password": "pass123"
}Use the returned JWT as Authorization: Bearer <token> for protected routes.
To help you explore the features of this app, you can use the following test accounts:
| Role | Password | |
|---|---|---|
| Admin | admin@example.com | Admin@123 |
| User | user@example.com | User@123 |
Note: These accounts are for testing purposes only. You can also register your own account if you prefer.
How to Test:
- Visit the app login page: https://spring-security-starter.onrender.com
- Use one of the above credentials to log in.
- Explore features according to your role (Admin or User).
| Variable | Description | Example |
|---|---|---|
| DB_HOST | Database host | localhost |
| DB_PORT | Database port | 5432 |
| JWT_SECRET | Secret key for JWT | change_me |
| GOOGLE_CLIENT_ID | Google OAuth client ID | abc.apps.googleusercontent.com |
| DEFAULT_ADMIN_EMAIL | Admin account email | admin@example.com |
Swagger UI is available at: /swagger-ui.html or /swagger-ui/index.html or /docs.
- Saves days of setup work.
- Works out-of-the-box with OAuth2.
- Easily extendable for custom roles/permissions.
- Production-ready security configuration.
Pull requests are welcome! For major changes, open an issue first to discuss.
MIT License – see LICENSE file for details.