Returns paginated audit events from the audit_event table.
GET /audit?page=0&size=20&action=LOGIN_FAILED&user=alice&from=2024-01-01T00:00:00Z&to=2024-12-31T23:59:59Z
Authorization: Bearer <jwt>
All query params optional. Requires authentication (any role).
{
"content": [
{
"id": 42,
"userName": "alice",
"action": "LOGIN_FAILED",
"detail": "Bad credentials",
"ipAddress": "192.168.1.10",
"createdAt": "2024-06-15T10:32:00Z"
}
],
"page": 0,
"size": 20,
"totalElements": 157,
"totalPages": 8
}LOGIN_SUCCESS, LOGIN_FAILED, LOGIN_BLOCKED, CUSTOMER_CREATED, CUSTOMER_UPDATED, CUSTOMER_DELETED, TOKEN_REFRESH, API_KEY_AUTH
Server-Sent Events stream of newly created customers.
GET /customers/stream
Accept: text/event-stream
Authorization: Bearer <jwt>
event: customer
data: {"id":123,"name":"Alice","email":"alice@example.com","createdAt":"2024-06-15T10:32:00Z"}
event: ping
data: {}
Ping sent every 30s to keep connection alive.
Returns current ShedLock entries (last execution state per job).
GET /scheduled/jobs
Authorization: Bearer <jwt>
[
{
"name": "customerStats",
"lockUntil": "2024-06-15T10:32:25Z",
"lockedAt": "2024-06-15T10:32:00Z",
"lockedBy": "customer-service-1"
}
]These are called directly by the frontend — no new backend work needed.
-
GET /demo/security/sqli-vulnerable?name=...
Returns{ query, vulnerability, results, exploit } -
GET /demo/security/sqli-safe?name=...
Returns{ query, fix, results } -
GET /demo/security/xss-vulnerable?name=...
Returnstext/htmlwith unescaped input -
GET /demo/security/xss-safe?name=...
Returnstext/htmlwith HTML-encoded input -
GET /demo/security/cors-info
Returns{ currentOriginPolicy, dangerousConfig, risk, attack, fix, yourOrigin }
All endpoints are permit-all (no auth required).
AuditServicealready exists and writes toaudit_eventtable — add read methods + newAuditController- SSE: bridge the existing WebSocket
/topic/customersbroadcast to SSE, or publish directly fromCustomerServiceto anSseEmitterregistry - ShedLock table is
shedlock(name, lock_until, locked_at, locked_by)— query it via JDBC