TaskMan is a secure multi-user backend for managing tasks across teams — built with Spring Boot, focusing on real-world backend concerns like role-based access, token security, and business rule enforcement.
Controller –> Service –> Repository
- DTO-based API (without entity exposure)
- Business rules implemented in service layer
- Security implemented through JWT with filter chain
- JWT-based Authentication
- Role-based Access Control
- ADMIN
- MANAGER
- MEMBER
- Task Management
- Create
- Update
- Assign
- Team Management
- Comment System on Tasks
- Pagination & Filtering
- Token Versioning
- Global Logout
- Soft Deletion of Users
- Dockerized Application
- Flyway DB Migration
- Java 21, Spring Boot
- Spring Security (JWT)
- PostgreSQL, Hibernate/JPA
- Flyway
- Docker
- JUnit, Mockito
git clone https://github.com/Flicko75/taskman.git
cd TaskMan
mvn spring-boot:run
docker-compose up
POST /api/auth/loginPOST /api/auth/logout
GET /api/tasksGET /api/tasks/{id}POST /api/tasksPUT /api/tasks/{id}DELETE /api/tasks/{id}PUT /api/tasks/{taskId}/assign/{userId}PUT /api/tasks/{id}/unassign
GET /api/teamsGET /api/teams/{id}POST /api/teamsPUT /api/teams/{id}DELETE /api/teams/{id}
GET /api/usersGET /api/users/{id}POST /api/usersPUT /api/users/{id}PUT /api/users/{id}/roleDELETE /api/users/{id}PUT /api/users/{userId}/assign/{teamId}PUT /api/users/{userId}/unassignPOST /api/users/{id}/force-logout
GET /api/tasks/{taskId}/commentsGET /api/comments/{commentId}POST /api/tasks/{taskId}/commentsPUT /api/comments/{commentId}DELETE /api/comments/{commentId}
- Tasks must belong to a team; assignment only allowed within the same team
- Deleting a team auto-unassigns users; blocked if active tasks exist
- Token invalidated on logout or soft deletion via token versioning
- Only ADMINs can assign ADMIN roles; a user cannot demote themselves
- Last ADMIN in the system cannot be deleted
- 150+ unit tests covering service layer business rules and edge cases
- Integration tests for full request flow
- Run with: mvn test
