Skip to main content

Part 1: How Automation Boosts API Quality – Spring Boot + JWT + Full Test Strategy

In this first installment of our two‑part series, you'll learn how to design and secure a REST API using Spring Boot. We'll cover:

  • Building a REST API with Spring Boot and an H2 in‑memory database
  • Implementing JWT‑based authentication and role‑based access control
  • Generating interactive API documentation with Swagger UI (OpenAPI)
  • Performing comprehensive manual testing using curl and Postman

By the end, you'll have a documented, secure API that you can explore and test by hand—laying the groundwork for automated tests in Part 2.

Use Case: Student Management

The API supports the following endpoints:

Method Endpoint Description Secured
POST/auth/registerRegister a new user❌ No
POST/auth/loginLogin and receive JWT token❌ No
GET/studentsList all students✅ Yes
POST/studentsCreate a student✅ Yes
GET/students/{id}Get student by ID✅ Yes
PUT/students/{id}Update student details✅ Yes
DELETE/students/{id}Delete a student✅ Yes

Project Setup

To get started, create a new Spring Boot project and add the necessary dependencies, configuration, and folder structure.


1. Initialize the Project

spring init \
  --name=student-management-api \
  --dependencies=web,security,data-jpa,h2,validation \
  --build=maven \
  com.cb:student-management-api:0.0.1-SNAPSHOT

2. Maven Dependencies


3. Configuration (application.yml)


4. Model


5. DTOs


6. Repository



7. Service


8. Controller


9. Security Config


API Documentation with Swagger UI (OpenAPI)

To provide self‑updating, interactive documentation for your Student Management API, you'll integrate springdoc‑openapi. This gives you both a JSON/YAML OpenAPI spec and a live Swagger UI.


1. Add the Dependency

<dependency>
    <groupId>org.springdoc</groupId>
    <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
    <version>2.8.8</version>
</dependency>

2. Customize API Metadata (Optional)


3. Default Endpoints

OpenAPI JSON: GET http://localhost:8080/v3/api-docs (API schema in JSON)

Swagger UI: GET http://localhost:8080/swagger-ui.html (UI to explore and test your endpoints)


Panch Prayag


4. Annotate Your Controllers, Models & DTOs


5. Enable JWT "Authorize" in Swagger UI


Panch Prayag

Now Swagger UI shows an Authorize button. Paste Bearer <your-token> there, and all secured endpoints become testable from the browser.

With these steps, you’ll have live, accurate documentation that both developers and automated tools can rely on.


Manual testing using curl

Below are example curl commands to manually test each endpoint of your Student Management API. Replace <TOKEN> with the JWT you obtain from the login step.


1. Register a New User

curl -i -X POST http://localhost:8080/auth/register \
  -H "Content-Type: application/json" \
  -d '{
        "username": "admin",
        "password": "admin123",
        "role": "ADMIN"
      }'

Expected: HTTP/1.1 200 OK (or 201 Created) with body "User registered successfully".


2. Login and Obtain JWT

curl -i -X POST http://localhost:8080/auth/login \
  -H "Content-Type: application/json" \
  -d '{
        "username": "admin",
        "password": "admin123"
      }'

Expected: HTTP/1.1 200 OK and response body containing the JWT...


3. Create a New Student (Secured)

curl -i -X POST http://localhost:8080/students \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -d '{
        "name": "Rahul",
        "email": "rahul@mail.com",
        "course": "Physics"
      }'

Expected: HTTP/1.1 201 Created with JSON body of the created student, including its id.


4. List All Students (Secured)

curl -i -X GET http://localhost:8080/students \
  -H "Authorization: Bearer <TOKEN>"

Expected: HTTP/1.1 200 OK with a JSON array of student objects.


5. Get Student by ID (Secured)

curl -i -X GET http://localhost:8080/students/1 \
  -H "Authorization: Bearer <TOKEN>"

Expected: HTTP/1.1 200 OK with JSON of the student whose id is 1.


6. Update a Student (Secured)

curl -i -X PUT http://localhost:8080/students/1 \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -d '{
        "name": "Rahul Verma",
        "email": "rahul.verma@mail.com",
        "course": "Mathematics"
      }'

Expected: HTTP/1.1 200 OK with JSON of the updated student record.


7. Delete a Student (Secured)

curl -i -X DELETE http://localhost:8080/students/1 \
  -H "Authorization: Bearer <TOKEN>"

Expected: HTTP/1.1 204 No Content and an empty body.

Conclusion

In this first part, you’ve successfully built a secure, documented, and fully functional REST API using Spring Boot with JWT authentication, role-based access control, and live API documentation via Swagger UI. You’ve also manually tested all endpoints using curl and verified the core flows.

This sets a solid foundation for the next phase, where we'll automate these flows with unit, integration, contract, E2E, functional, and security tests for complete confidence. Stay tuned for Part 2!

🔗 View the complete project on GitHub: student-management-api

Labels:

Comments

Post a Comment

Popular posts from this blog

Deploying Spring Boot microservices on Kubernetes Cluster

This article guides you through the deployment of two Spring Boot microservices, namely "order-service" and "inventory-service," on Kubernetes using "MiniKube" . We will establish communication between them, with "order-service" making calls to an endpoint in "inventory-service." Additionally, we will configure "order-service" to be accessible from the local machine's browser . 1) Create Spring Boot microservices The Spring Boot microservices, "order-service" and "inventory-service," have been developed and can be found in this GitHub repository. If you are interested in learning more about creating Spring Boot REST microservices, please refer to this or this (Reactive) link. 2) Build Docker Images The Docker images for both "order-service" and "inventory-service" have already been generated and deployed on DockerHub, as shown below. codeburps/order-service cod...
Post a Comment
Read more

Circuit Breaker Pattern with Resilience4J in a Spring Boot Application

Read Also: Spring Cloud Circuit Breaker + Resilience4j Resilience4j is a lightweight fault tolerance library that draws inspiration from Netflix Hystrix but is specifically crafted for functional programming. The library offers higher-order functions, known as decorators , designed to augment any functional interface, lambda expression, or method reference with features such as Circuit Breaker, Rate Limiter, Retry, or Bulkhead . These functionalities can be seamlessly integrated within a project, class, or even applied to a single method. It's possible to layer multiple decorators on any functional interface, lambda expression, or method reference, allowing for versatile and customizable fault tolerance. While numerous annotation-based implementations exist online, this article focuses solely on the reactive approach using router predicates and router functions . How Circuit Breaker Pattern works? In general, a circuit breaker functions as an automatic electrical s...
Post a Comment
Read more

How to create a basic Spring 6 project using Maven

Below is a step-by-step guide to creating a basic Spring project using Maven. 1) Create a Maven Project Use the following Maven command to create a new Maven project. mvn archetype:generate -DgroupId=com.tb -DartifactId=spring-demo -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false 2) Import in IntelliJ IDEA If you haven't already, open IntelliJ IDEA on your system. Go to "File" > "New" > "Project from Existing Sources..." . In the file dialog, navigate to the directory where your Maven project is located. Select the pom.xml file within the project directory and click "Open." 3) Update pom.xml In total, the application requires the below-mentioned dependencies: 4) Create Spring Configuration Create a Java configuration class that uses annotations to define your Spring beans and their dependencies. This class should be annotated with @Configuration . 5) Create the Main Application C...
Post a Comment
Read more