Backend

Hospital Management — Spring MVC + Security

A complete patient-management web app: Spring MVC + Spring Data JPA + Thymeleaf with paginated search, form validation, and Spring Security 6 form login with remember-me and role-based authorization (USER vs ADMIN).

View Code

Spring Security 6

Security

USER / ADMIN

Roles

Thymeleaf

View engine

Bean Validation

Validation

Approach

Server-rendered MVC + JPA with method-level @PreAuthorize role guards and BCrypt form authentication

Tech Stack

Java 17Spring Boot 3.2Spring MVCSpring Security 6Spring Data JPAThymeleafBootstrap 5MySQLH2

Keywords

Spring MVCSpring SecurityThymeleafSpring Data JPARBACBCryptBootstrap

Deep Dive

A full server-rendered web app for managing hospital patients, secured end-to-end with Spring Security 6.

Features

▸📋 Paginated patient list + search by name
▸➕ Add patient with validation (@NotEmpty, @Size, @DecimalMin)
▸✏️ Edit / 🗑️ delete — restricted to admins
▸🔐 Form login, remember-me, custom "not authorized" page
▸👥 Role-based routes: /user/** → USER, /admin/** → ADMIN

Architecture

security/    → SecurityConfig (filter chain), SecurityController
web/         → PatientController (CRUD, pagination, @PreAuthorize)
repository/  → PatientRepository (JpaRepository)
entities/    → Patient (JPA + Bean Validation)
templates/   → Thymeleaf views with a shared layout (Bootstrap 5)

Auth model In-memory users with BCrypt hashing: user1/user2 (USER) and admin (USER + ADMIN). Method-level @PreAuthorize guards mutations while read views stay open to authenticated users. Runs on :8084 with a MySQL hopital schema (auto-created), H2 for tests.

Back to Projects Hire Me