Summary
The MedTrack system defines three distinct roles (Hospital, Technician, Supplier). To enforce strict access boundaries, the Spring Boot backend needs a robust Spring Security layer using JSON Web Tokens (JWT) and Role-Based Access Control (RBAC).
Proposed Changes
- Integrate spring-boot-starter-security and jjwt dependencies in pom.xml.
- Create a JwtAuthenticationFilter to validate bearer tokens on all protected routes.
- Apply method-level security (@PreAuthorize(hasRole('HOSPITAL')), etc.) to the respective controller endpoints to prevent technicians from accessing hospital-only APIs and vice versa.
This is a high-priority Level 3 security and backend feature. Let me know if I can take this up for ECSoC '26!
Summary
The MedTrack system defines three distinct roles (Hospital, Technician, Supplier). To enforce strict access boundaries, the Spring Boot backend needs a robust Spring Security layer using JSON Web Tokens (JWT) and Role-Based Access Control (RBAC).
Proposed Changes
This is a high-priority Level 3 security and backend feature. Let me know if I can take this up for ECSoC '26!