A secure and containerized backend for an e-commerce platform built with Spring Boot, PostgreSQL, Flyway, Docker Compose, and Gradle.
This project includes JWT authentication, role-based authorization, Swagger/OpenAPI documentation, and core e-commerce features such as product management, cart handling, and order workflows.
- User registration and login
- JWT-based authentication
- Role-based authorization
- Product management APIs
- Cart management
- Order and checkout workflows
- Pagination support
- Database migrations with Flyway
- Swagger/OpenAPI API documentation
- Fully containerized setup with Docker Compose
- Java
- Spring Boot
- Spring Security
- PostgreSQL
- Flyway
- Gradle
- Docker Compose
- Swagger / OpenAPI
- JWT Authentication
src/
└── main/
├── java/com/example/ecommerceplatform/
│ ├── auth/
│ ├── config/
│ ├── product/
│ ├── cart/
│ ├── order/
│ ├── user/
│ └── common/
└── resources/
├── db/migration/
└── application.yml
Make sure you have installed:
- Docker Desktop
- Java 17+
- Gradle (optional if using
./gradlew)
This project is fully containerized using Docker Compose.
git clone <your-repo-url>
cd ecommerce-platform
docker compose up --build
This starts:
- PostgreSQL database
- Spring Boot application
- App:
http://localhost:8080 - Swagger UI:
http://localhost:8080/swagger-ui/index.html
The Docker Compose setup includes:
postgresservice for PostgreSQLappservice for the Spring Boot backend
Flyway migrations run automatically when the application starts.
This project uses JWT authentication for securing protected endpoints.
- User registers or logs in
- Server validates credentials
- JWT token is returned
- Client sends the token in the
Authorizationheader for protected requests
Example:
Authorization: Bearer <your-jwt-token>
Swagger/OpenAPI is integrated for interactive API testing.
Once the app is running, open:
http://localhost:8080/swagger-ui/index.html
With Swagger, you can:
- View available endpoints
- Test requests directly in the browser
- Inspect request and response models
- Authenticate and test protected APIs
The application uses environment variables for configuration.
Example values:
DB_URL=jdbc:postgresql://postgres:5432/ecommerce
DB_USERNAME=catalog
DB_PASSWORD=catalog
JWT_SECRET=your-secret-key
JWT_EXPIRATION_MS=86400000
If you want to run the application manually instead of through Docker:
Make sure a PostgreSQL instance is running and create the required database.
Set database and JWT values in your local environment or application.properties.
./gradlew bootRun
- Register a new user
- Log in to receive a JWT token
- Authorize in Swagger using the token
- Access protected endpoints
- Create or manage products
- Add items to cart
- Place an order
- Passwords are securely hashed
- Protected endpoints require JWT authentication
- Authorization can restrict access by role
- Sensitive configuration is handled through environment variables
This project is planned to evolve toward a more production-ready e-commerce system. Future improvements include:
- Frontend application for customer and admin workflows
- Refresh token support and stronger auth/session handling
- Payment integration
- Inventory and stock management
- Search and filtering
- Elastisearch
- Order history and user dashboard
- Admin analytics and reporting
- Redis caching
- Message queues/event-driven workflows
- CI/CD pipeline
- Cloud deployment
- Monitoring and logging
- Better test coverage for production-quality reliability
This project was built to practice production-style backend engineering concepts, including:
- Secure authentication and authorization
- REST API design
- Transaction handling
- Pagination
- Database migrations with Flyway
- Containerized development with Docker
- API documentation with Swagger
- Designing backend systems with future production scaling in mind
Gourav Bhardwaj