StayEase is a backend service built with Java and Spring Boot that provides REST APIs for managing hotels and room bookings in a hotel aggregator platform.
The application supports JWT-based authentication, role-based access control (RBAC), and uses MySQL for persistent storage.
- Java
- Spring Boot
- Spring Security
- JWT Authentication
- MySQL
- JPA / Hibernate
- Gradle
- User registration and login with JWT authentication
- Role-based access control (ADMIN, HOTEL_MANAGER, USER)
- Hotel listing and management APIs
- Room booking creation and cancellation
- Layered architecture (Controller β Service β Repository)
Client (Postman / Curl / Frontend)
|
v
Controller Layer β Service Layer β Repository Layer β MySQL DB
|
v
Security Layer (JWT + Roles)
src/main/java/com/takehome/stayease
β
βββ controller
β βββ AuthController.java
β βββ HotelController.java
β βββ BookingController.java
β
βββ service
β βββ UserService.java
β βββ HotelService.java
β βββ BookingService.java
β βββ Impl
β βββ UserServiceImpl.java
β βββ HotelServiceImpl.java
β βββ BookingServiceImpl.java
β
βββ repository
β βββ UserRepository.java
β βββ HotelRepository.java
β βββ BookingRepository.java
β
βββ entity
β βββ User.java
β βββ Hotel.java
β βββ Booking.java
β
βββ dto
β βββ auth
β β βββ SignupRequest.java
β β βββ LoginRequest.java
β β βββ AuthResponse.java
β β
β βββ hotel
β β βββ CreateHotelRequest.java
β β βββ UpdateHotelRequest.java
β β βββ HotelResponse.java
β β
β βββ booking
β βββ CreateBookingRequest.java
β βββ BookingResponse.java
β
βββ security
β βββ SecurityConfig.java
β βββ JwtUtil.java
β βββ JwtAuthenticationFilter.java
β βββ CustomUserDetails.java
β βββ CustomUserDetailsService.java
β
βββ exception
β βββ GlobalExceptionHandler.java
β
βββ StayEaseApplication.java
| Role | Permissions |
|---|---|
| USER | View hotels, create booking |
| HOTEL_MANAGER | Update hotels, cancel bookings |
| ADMIN | Create hotels, delete hotels |
Implemented using:
@PreAuthorize("hasRole('ADMIN')")
@PreAuthorize("hasRole('HOTEL_MANAGER')")
@PreAuthorize("hasRole('USER')")JWT token contains role information and is validated on every request.
- User registers or logs in
- Server validates credentials
- JWT token is generated
- Client sends token in header:
Authorization: Bearer <JWT_TOKEN> - JWT filter validates token and sets security context
POST /api/users/register{
"email": "user@test.com",
"password": "Test@1234",
"firstName": "John",
"lastName": "Doe",
"role": "USER"
}Response:
{ "token": "jwt-token" }POST /api/users/login{
"email": "user@test.com",
"password": "Test@1234"
}Response:
{ "token": "jwt-token" }GET /api/hotelsPOST /api/hotels
Authorization: Bearer <ADMIN_TOKEN>{
"name": "StayEase Hotel",
"location": "Pune",
"description": "Business Hotel",
"totalRooms": 10,
"availableRooms": 10
}PUT /api/hotels/{hotelId}
Authorization: Bearer <MANAGER_TOKEN>{
"availableRooms": 15
}DELETE /api/hotels/{hotelId}
Authorization: Bearer <ADMIN_TOKEN>POST /api/bookings/{hotelId}
Authorization: Bearer <USER_TOKEN>{
"checkInDate": "2026-02-20",
"checkOutDate": "2026-02-22"
}Response:
{
"bookingId": 1,
"hotelId": 2,
"checkInDate": "2026-02-20",
"checkOutDate": "2026-02-22"
}GET /api/bookings/{bookingId}
Authorization: Bearer <USER_TOKEN>DELETE /api/bookings/{bookingId}
Authorization: Bearer <MANAGER_TOKEN>- Check-in date must be future date
- Check-out date must be after check-in
- No overbooking allowed
- Customers cannot cancel bookings
- Only managers can cancel bookings
- Controller-level unit tests
- MockMvc + Mockito
- Security filters disabled during tests
- No real DB used in tests
Run tests:
./gradlew test./gradlew clean bootRunApp runs on:
http://localhost:8081
./gradlew clean bootJar
java -jar build/libs/stayease-0.0.1-SNAPSHOT.jar