Secure Payment API with Spring Boot & HmacSHA256 Authentication

🔐 Understanding JWT Authentication in Spring Boot When building secure APIs with Spring Boot, authentication becomes essential. One of the most popular approaches is using JSON Web Tokens (JWT). JWT allows stateless authentication, meaning the server does not need to store session data. Each request carries its own authentication proof inside a token. Efficient, scalable, and perfect for modern REST APIs. Because apparently servers already have enough problems without remembering every user session. Here’s the basic JWT flow in Spring Boot: User logs in with credentials Spring Security authenticates the user A JWT token is generated The token is returned to the client The client sends the token in the Authorization header for future requests Spring validates the token before granting access Why developers use JWT in Spring Boot: Stateless authentication Better scalability Secure API communication Easy integration with frontend frameworks Works well with microservices architecture Typical Spring Boot stack for JWT: Spring Security JWT Library (like JJWT) Authentication Filter UserDetailsService Custom Authentication Provider JWT is not just about login security. It’s about building APIs that remain lightweight, scalable, and maintainable. #SpringBoot #JWT #Java #SpringSecurity #BackendDevelopment #RESTAPI #Programming #SoftwareEngineering #JavaDeveloper

🚀 Just completed a Spring Boot project for a digital wallet system! Key features implemented using TDD: - User registration and wallet creation - Deposit, withdraw, and peer-to-peer transfers (atomic operations) - Balance inquiry - Full API documentation with Swagger Tech stack: Spring Boot, JPA, MySQL, Maven, JUnit, Mockito, and more. Ensured 100% test coverage and followed SOLID principles. Check out the code: https://lnkd.in/gQxjRqfW #SpringBoot #Microservices #Java #TDD #API

🔐 Building Secure REST APIs using Spring Boot & JWT Security is one of the most critical aspects of backend development, yet many applications still rely on basic authentication mechanisms. Recently, I implemented JWT (JSON Web Token) based authentication in a Spring Boot application, and here are some key takeaways: ✅ Stateless Authentication Unlike session-based authentication, JWT eliminates server-side session storage, making the system more scalable. ✅ Token Flow User logs in with credentials Server validates and generates JWT Token is sent in headers for every request Backend validates token before processing ✅ Why JWT? Improves scalability Works well with microservices Enhances API security ⚙️ Tech Used: Java, Spring Boot, Spring Security, JWT 💡 One challenge I faced was handling token expiration and refresh logic efficiently—but solving it improved both security and user experience. If you're working on REST APIs, I highly recommend exploring JWT-based authentication. #Java #SpringBoot #BackendDevelopment #JWT #Microservices #SoftwareEngineering

🚀 Understanding Spring Security with JWT Authentication (Complete Flow) Just built and visualized the complete authentication & authorization flow using Spring Boot + Spring Security + JWT 🔐 📌 Key Highlights from the Architecture: ✔️ Client sends login request → /api/auth/login ✔️ Authentication handled via Authentication Manager ✔️ Credentials verified using DAO Authentication Provider ✔️ User fetched from DB using UserDetailsService ✔️ On success → JWT Token generated (with roles & user info) ✔️ Token sent back to client 🔁 For every next request: ➡️ Client sends JWT in Authorization Header ➡️ JWT Filter validates token ➡️ SecurityContext is set ➡️ Role-based access control using @PreAuthorize ❌ Invalid token → 403 Forbidden ✅ Valid token → 200 OK 💡 This setup ensures: Stateless authentication Secure APIs Role-based access control (ADMIN, USER, etc.) 🔥 Currently working on building a full-stack system around this (like Airbnb-style backend). #SpringBoot #Java #BackendDevelopment #JWT #SpringSecurity #RESTAPI #FullStackDeveloper #LearningInPublic #TechJourney

dmx-fun 0.0.14 Released! Version 0.0.14 is the ecosystem release. Where previous milestones built out the core type system, this one connects dmx-fun to the frameworks and infrastructure that production Java applications actually run on: Spring, Spring Boot, Micrometer, and Resilience4J. Five new production modules ship alongside new core types, collector façades, and a full Spring Boot reference application. Here is everything that changed: https://lnkd.in/ecRis2JM

Understanding JWT( JSON Web Token) Authentication in Spring Boot Most of the time, I was just using JWT in projects without really knowing what was happening behind the scenes. So I spent some time digging into how it actually works. 🔐 What happens during login? * Backend verifies credentials * Generates a JWT token * Sends it to the client After that, the client sends this token with every request instead of credentials. 🧩 The interesting part is Spring Security: Every request passes through a filter chain before reaching the controller. 👉 I implemented a custom JWT filter: * Extract token from header * Validate signature & expiry * If valid → set authentication in Security Context Only then the request is processed. 💡 Took me time to understand this flow — especially tracing how requests move through the filter chain. * JWT = stateless (no session stored on server) * Authentication = who you are * Authorization = what you can access * Everything is decided before controller logic runs 🛠 Still figuring out: * Exact execution point of the filter * Role of SecurityContextHolder * Debugging filter chain flow 📌 Earlier JWT felt like just a library feature. Now it feels like a request validation mechanism at the filter level. Still learning, but this changed how I see backend security. #Java #SpringBoot #SpringSecurity #JWT #BackendDevelopment

One thing I’ve learned building backend systems: Audit logging always starts as a “simple requirement” …and ends up being a complex subsystem. - Who changed what? - When did it happen? - Can we query it efficiently? Most teams either: 1. Over-engineer it 2. Or build something they regret later So I decided to build it properly once. Introducing nerv-audit (now on Maven Central): A Spring Boot audit framework powered by Hibernate Envers, with: - Clean architecture - Queryable audit history - Production-ready design If you're building serious systems, this is something you’ll eventually need. Full write-up here: https://lnkd.in/g2sv9dsM Curious how others are handling audit trails in their systems 👇 #SpringBoot #Java #SoftwareEngineering #Backend #OpenSource

Understanding HTTP Status Codes Today I focused on an important concept in backend development — HTTP Status Codes While building REST APIs, it’s not just about sending data, but also about sending the right response to the client. 🔹 Learned about different categories of status codes: • 2xx (Success) – 200 OK, 201 Created • 4xx (Client Errors) – 400 Bad Request, 404 Not Found • 5xx (Server Errors) – 500 Internal Server Error 🔹 Understood when to use each status code in real APIs 🔹 Implemented status handling using "ResponseEntity" in Spring Boot This helped me realize how APIs communicate clearly with frontend applications and handle errors properly. Small concept, but very powerful in building real-world applications. Next step: Improving API structure and adding more real-world logic. #Java #SpringBoot #BackendDevelopment #RESTAPI #CodingJourney

Your @Transactional might not be working… and Spring won’t warn you. 🚨 I’ve seen this bug more than once: Code looks correct. @Transactional is there. But rollback never happens. Why? 👇 Because Spring transactions work through proxies. That means: Calling a @Transactional method from another method inside the SAME class = Transaction won’t apply. No error. No warning. Just silent failure. Other common traps 👇 → Checked exceptions don’t trigger rollback by default → Private methods won’t be proxied → Async calls break transaction boundaries What I always check 👇 ✔ Is the transactional method being called through Spring proxy? ✔ Is rollback configured for the right exception type? ✔ Are transaction boundaries placed at the service layer? @Transactional is powerful… But dangerous when assumed instead of understood. Framework annotations are not magic. They still follow rules. Have you ever debugged a transaction issue that “should have worked”? 👇 #Java #SpringBoot #Transactional #SpringFramework #BackendDevelopment #SoftwareEngineering

🚨 @Transactional doesn’t always work the way you think I assumed it works everywhere. I was wrong. 💥 Issue I faced: Transaction was NOT rolling back on failure. Root cause? Method was called internally within the same class. Spring uses proxies → internal calls bypass them. ✅ Fix: * Moved logic to separate service class 💡 Takeaway: @Transactional works only when called via Spring proxy. This is one of those bugs that wastes hours. #Java #SpringBoot #BackendDevelopment #SoftwareEngineering  #Microservices #JPA #RESTAPI  #DeveloperLife #CareerGrowth