Skip to content

[ECSoC_2026] Security: Implement Spring Security JWT Authentication and Role-Based Access Control (RBAC) #130

Description

@Diwakar-odds

Summary

The MedTrack system defines three distinct roles (Hospital, Technician, Supplier). To enforce strict access boundaries, the Spring Boot backend needs a robust Spring Security layer using JSON Web Tokens (JWT) and Role-Based Access Control (RBAC).

Proposed Changes

  1. Integrate spring-boot-starter-security and jjwt dependencies in pom.xml.
  2. Create a JwtAuthenticationFilter to validate bearer tokens on all protected routes.
  3. Apply method-level security (@PreAuthorize(hasRole('HOSPITAL')), etc.) to the respective controller endpoints to prevent technicians from accessing hospital-only APIs and vice versa.

This is a high-priority Level 3 security and backend feature. Let me know if I can take this up for ECSoC '26!

Metadata

Metadata

Assignees

Labels

ECSoc26Required for ECSOC SentinelL3Hard (Advanced)good first issueGood for newcomersgood-issueGood issue

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions