Skip to content

bavlymo1/Secure-Employee-System

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

🛡️ Secure Employee Management System

A robust Spring Boot application demonstrating enterprise-grade security practices. This project moves beyond standard authentication to implement Defense in Depth strategies including OAuth2 Single Sign-On, Database Encryption (AES), and DoS Protection.

🚀 Key Security Features

This application actively defends against the OWASP Top 10 vulnerabilities:

1. 🔐 Authentication & SSO

  • Hybrid Login System: Supports both Standard Login (Username/Password) and Google OAuth2 Single Sign-On (SSO).
  • BCrypt Hashing: Passwords are never stored in plain text.
  • Session Management: Uses HttpOnly and Secure cookies to prevent session hijacking.

2. 🛡️ Data Protection (Encryption at Rest)

  • AES-256 Encryption: Sensitive employee data (e. g., Emails) is automatically encrypted before saving to the database and decrypted only when viewed by authorized admins.
  • Transparent Converter: Implements a JPA AttributeConverter so the database administrator sees only ciphertext (e.g., kL9#mP2... ).

3. 🚦 Infrastructure Security

  • Rate Limiting (DoS Protection): Implements Bucket4j token-bucket algorithm to limit requests per IP address, preventing Denial of Service attacks.
  • TLS/HTTPS: Enforces end-to-end encryption for data in transit using a self-signed SSL certificate (Port 8443).

4. 📝 Audit & Compliance

  • Role-Based Access Control (RBAC):
    • ADMIN: Can Delete employees.
    • MANAGER: Can Add/Update employees.
    • EMPLOYEE: Read-only access.
  • Audit Logging: Tracks critical actions (Create, Update, Delete) with user identity timestamps for accountability.

5. 💉 Vulnerability Prevention

  • SQL Injection: Uses Spring Data JPA (Parameterized Queries) to sanitize all database inputs.
  • XSS Protection: Implements strict input validation (@Email, @Size, @NotBlank) to reject malicious scripts before processing.

🛠️ Tech Stack

  • Backend: Java 17, Spring Boot 3, Spring Security 6
  • Database: MySQL 8.0
  • Security: OAuth2 Client, Bucket4j, BCrypt, AES
  • Frontend: HTML5, CSS3 (Material Design), JavaScript (Fetch API)
  • Build Tool: Maven

⚙️ Installation & Setup

Prerequisites

  • Java 17+
  • MySQL Server
  • Maven

1. Database Setup

Create a MySQL database named security_app. The application will automatically create the tables (users, employee, authorities) on first run.

2. Configure Environment

Update src/main/resources/application. properties:

# Database Credentials
spring.datasource. username=YOUR_DB_USERNAME
spring.datasource.password=YOUR_DB_PASSWORD

# Google OAuth2 Credentials (Get these from Google Cloud Console)
spring.security.oauth2.client.registration. google.client-id=YOUR_CLIENT_ID
spring.security. oauth2.client.registration.google.client-secret=YOUR_CLIENT_SECRET

3. Run the Application

./mvnw spring-boot:run

4. Access the App

Go to: https://localhost:8443/Login/index.html (Note: You must accept the self-signed certificate warning in the browser since this is a local development environment.)

📸 Usage Guide

  • Register: Create a new local account.
  • SSO: Click "Continue with Google" to auto-register via OAuth.
  • Dashboard:
    • Admins: View decrypted emails and delete records.
    • Auditing: Check the application console logs to see the audit trail of your actions.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages