init

backend/src/test/java/com/zl/mjga/integration/cache/CacheTest.java

@@ -0,0 +1,51 @@
+package com.zl.mjga.integration.cache;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.zl.mjga.config.cache.CacheConfig;
+import com.zl.mjga.service.CacheService;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
+
+@SpringJUnitConfig(classes = {CacheConfig.class, CacheService.class})
+@EnableAutoConfiguration(exclude = {DataSourceAutoConfiguration.class})
+public class CacheTest {
+
+  @Autowired private CacheService cacheService;
+
+  @Test
+  void
+      getVerifyCodeBy_upsertVerifyCodeBy_whenSetCacheValue_subsequentGetCacheShouldReturnUpdatedValue() {
+    cacheService.upsertVerifyCodeBy("WsxOtE0d6Vc1glZ", "ej1x8T4XiluV8D216");
+    String verifyCode = cacheService.getVerifyCodeBy("WsxOtE0d6Vc1glZ");
+    assertThat(verifyCode).isEqualTo("ej1x8T4XiluV8D216");
+  }
+
+  @Test
+  void removeVerifyCodeBy_whenRemoveCacheValue_subsequentGetCacheShouldReturnNull() {
+    cacheService.upsertVerifyCodeBy("WsxOtE0d6Vc1glZ", "ej1x8T4XiluV8D216");
+    String verifyCode = cacheService.getVerifyCodeBy("WsxOtE0d6Vc1glZ");
+    cacheService.removeVerifyCodeBy("WsxOtE0d6Vc1glZ");
+    String verifyCode2 = cacheService.getVerifyCodeBy("WsxOtE0d6Vc1glZ");
+    assertThat(verifyCode).isEqualTo("ej1x8T4XiluV8D216");
+    assertThat(verifyCode2).isNull();
+  }
+
+  @Test
+  void clearAllVerifyCode_whenCleanCache_subsequentGetCacheShouldReturnNewValue() {
+    cacheService.upsertVerifyCodeBy("WsxOtE0d6Vc1glZ", "ej1x8T4XiluV8D216");
+    cacheService.upsertVerifyCodeBy("hNYcK0MDjX4197", "Ll1v93jiXwHLji");
+    String verifyCode1 = cacheService.getVerifyCodeBy("WsxOtE0d6Vc1glZ");
+    String verifyCode2 = cacheService.getVerifyCodeBy("hNYcK0MDjX4197");
+    cacheService.clearAllVerifyCode();
+    String verifyCode3 = cacheService.getVerifyCodeBy("WsxOtE0d6Vc1glZ");
+    String verifyCode4 = cacheService.getVerifyCodeBy("hNYcK0MDjX4197");
+    assertThat(verifyCode1).isEqualTo("ej1x8T4XiluV8D216");
+    assertThat(verifyCode2).isEqualTo("Ll1v93jiXwHLji");
+    assertThat(verifyCode3).isNull();
+    assertThat(verifyCode4).isNull();
+  }
+}

backend/src/test/java/com/zl/mjga/integration/e2e/SignE2ETest.java

@@ -0,0 +1,121 @@
+package com.zl.mjga.integration.e2e;
+
+import com.zl.mjga.repository.UserRepository;
+import com.zl.mjga.repository.UserRoleMapRepository;
+import java.time.Duration;
+import org.jooq.generated.mjga.tables.pojos.User;
+import org.junit.jupiter.api.*;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.test.web.reactive.server.WebTestClient;
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureWebTestClient
+@Disabled
+public class SignE2ETest {
+
+  @Value("${jwt.cookie-name}")
+  private String jwtCookieName;
+
+  @Value("${jwt.secret}")
+  private String secret;
+
+  @Value("${jwt.expiration-min}")
+  private int expirationMin;
+
+  @Autowired private WebTestClient webTestClient;
+
+  @Autowired private UserRepository userRepository;
+
+  @Autowired private UserRoleMapRepository userRoleMapRepository;
+
+  @Autowired private PasswordEncoder passwordEncoder;
+
+  @Autowired private TestRestTemplate testRestTemplate;
+
+  @AfterEach
+  void cleanUp() {
+    User user = userRepository.fetchOneByUsername("test_5fab32c22a3e");
+    userRoleMapRepository.deleteByUserId(user.getId());
+    userRepository.deleteByUsername("test_5fab32c22a3e");
+  }
+
+  @Test
+  void signUp() {
+    webTestClient
+        .post()
+        .uri("/auth/sign-up")
+        .contentType(MediaType.APPLICATION_JSON)
+        .bodyValue(
+            """
+{
+  "username": "test_5fab32c22a3e",
+  "password": "test_eab28b939ba1"
+}
+""")
+        .exchange()
+        .expectStatus()
+        .isCreated();
+  }
+
+  @Test
+  void signIn() {
+    User stubUser = new User();
+    stubUser.setUsername("test_5fab32c22a3e");
+    stubUser.setPassword(passwordEncoder.encode("test_eab28b939ba1"));
+    userRepository.insert(stubUser);
+    webTestClient
+        .post()
+        .uri("/auth/sign-in")
+        .contentType(MediaType.APPLICATION_JSON)
+        .bodyValue(
+            """
+{
+  "username": "test_5fab32c22a3e",
+  "password": "test_eab28b939ba1"
+}
+""")
+        .exchange()
+        .expectCookie()
+        .exists(jwtCookieName)
+        .expectCookie()
+        .maxAge(jwtCookieName, Duration.ofSeconds(expirationMin * 60L))
+        .expectStatus()
+        .isOk();
+  }
+
+  @Test
+  void signOut() {
+    User stubUser = new User();
+    stubUser.setUsername("test_5fab32c22a3e");
+    stubUser.setPassword(passwordEncoder.encode("test_eab28b939ba1"));
+    userRepository.insert(stubUser);
+    User loginUser = new User();
+    loginUser.setUsername("test_5fab32c22a3e");
+    loginUser.setPassword("test_eab28b939ba1");
+    HttpHeaders headers =
+        testRestTemplate.postForEntity("/auth/sign-in", loginUser, String.class).getHeaders();
+    headers
+        .get("Set-Cookie")
+        .forEach(
+            cookie -> {
+              if (cookie.startsWith(jwtCookieName)) {
+                webTestClient
+                    .post()
+                    .uri("/auth/sign-out")
+                    .header("Cookie", cookie)
+                    .exchange()
+                    .expectCookie()
+                    .maxAge(jwtCookieName, Duration.ofSeconds(0L))
+                    .expectStatus()
+                    .isOk();
+              }
+            });
+  }
+}

backend/src/test/java/com/zl/mjga/integration/mvc/JacksonAnnotationMvcTest.java

@@ -0,0 +1,78 @@
+package com.zl.mjga.integration.mvc;
+
+import static org.mockito.Mockito.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.zl.mjga.config.security.HttpFireWallConfig;
+import com.zl.mjga.controller.IdentityAccessController;
+import com.zl.mjga.dto.PageRequestDto;
+import com.zl.mjga.dto.PageResponseDto;
+import com.zl.mjga.dto.urp.UserQueryDto;
+import com.zl.mjga.dto.urp.UserRolePermissionDto;
+import com.zl.mjga.repository.PermissionRepository;
+import com.zl.mjga.repository.RoleRepository;
+import com.zl.mjga.repository.UserRepository;
+import com.zl.mjga.service.IdentityAccessService;
+import java.time.OffsetDateTime;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
+import org.springframework.http.MediaType;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.web.servlet.MockMvc;
+
+@WebMvcTest(value = {IdentityAccessController.class})
+@Import({HttpFireWallConfig.class})
+public class JacksonAnnotationMvcTest {
+
+  @MockBean private IdentityAccessService identityAccessService;
+  @Autowired private MockMvc mockMvc;
+  @MockBean private UserRepository userRepository;
+  @MockBean private RoleRepository roleRepository;
+  @MockBean private PermissionRepository permissionRepository;
+
+  @Test
+  @WithMockUser
+  void fieldWithJsonWriteOnlyAnnotation_whenResponseIncludeField_responseJsonShouldNotExist()
+      throws Exception {
+    String stubUsername = "test_04cb017e1fe6";
+    String stubPassword = "y1hxAC0V0e4B3s8sJ";
+    UserRolePermissionDto stubUserRolePermissionDto = new UserRolePermissionDto();
+    stubUserRolePermissionDto.setId(1L);
+    stubUserRolePermissionDto.setUsername(stubUsername);
+    stubUserRolePermissionDto.setPassword(stubPassword);
+    when(identityAccessService.pageQueryUser(
+            PageRequestDto.of(1, 5), new UserQueryDto(stubUsername)))
+        .thenReturn(new PageResponseDto<>(1, List.of(stubUserRolePermissionDto)));
+    mockMvc
+        .perform(
+            get(String.format("/iam/users?page=1&size=5&username=%s", stubUsername))
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$.data[0].username").value(stubUsername))
+        .andExpect(jsonPath("$.data[0].password").doesNotExist());
+  }
+
+  @Test
+  @WithMockUser
+  void dateFieldWithFormatAnnotation_whenResponseIncludeField_fieldShouldBeExpectDataFormat()
+      throws Exception {
+    OffsetDateTime stubCreateDateTime =
+        OffsetDateTime.of(2023, 12, 2, 1, 1, 1, 0, OffsetDateTime.now().getOffset());
+    UserRolePermissionDto stubUserRolePermissionDto = new UserRolePermissionDto();
+    stubUserRolePermissionDto.setCreateTime(stubCreateDateTime);
+    when(identityAccessService.pageQueryUser(any(PageRequestDto.class), any(UserQueryDto.class)))
+        .thenReturn(new PageResponseDto<>(1, List.of(stubUserRolePermissionDto)));
+    mockMvc
+        .perform(
+            get(String.format("/iam/users?page=1&size=5&username=%s", "7bF3mcNVTj6P6v2"))
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$.data[0].createTime").value("2023-12-02 01:01:01"));
+  }
+}

backend/src/test/java/com/zl/mjga/integration/mvc/SignMvcTest.java

@@ -0,0 +1,144 @@
+package com.zl.mjga.integration.mvc;
+
+import static org.mockito.Mockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.zl.mjga.config.security.HttpFireWallConfig;
+import com.zl.mjga.config.security.Jwt;
+import com.zl.mjga.controller.SignController;
+import com.zl.mjga.dto.sign.SignInDto;
+import com.zl.mjga.service.SignService;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
+import org.springframework.http.MediaType;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.web.servlet.MockMvc;
+
+@WebMvcTest(value = {SignController.class})
+@Import({HttpFireWallConfig.class})
+class SignMvcTest {
+
+  @MockBean private SignService signService;
+
+  @MockBean private Jwt jwt;
+
+  @Autowired private MockMvc mockMvc;
+
+  @Test
+  @WithMockUser
+  void signIn_givenValidHttpRequest_shouldSucceedWith200() throws Exception {
+    String stubUsername = "test_04cb017e1fe6";
+    String stubPassword = "test_567472858b8c";
+    SignInDto signInDto = new SignInDto();
+    signInDto.setUsername(stubUsername);
+    signInDto.setPassword(stubPassword);
+
+    when(signService.signIn(signInDto)).thenReturn(1L);
+    mockMvc
+        .perform(
+            post("/auth/sign-in")
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(
+                    """
+                    {
+                      "username": "test_04cb017e1fe6",
+                      "password": "test_567472858b8c"
+                    }
+                    """)
+                .with(csrf()))
+        .andExpect(status().isOk());
+  }
+
+  @Test
+  @WithMockUser
+  void signIn_givenInValidHttpRequest_shouldFailedWith400() throws Exception {
+    String stubUsername = "test_04cb017e1fe6";
+    String stubPassword = "test_567472858b8c";
+    SignInDto signInDto = new SignInDto();
+    signInDto.setUsername(stubUsername);
+    signInDto.setPassword(stubPassword);
+
+    when(signService.signIn(signInDto)).thenReturn(1L);
+    mockMvc
+        .perform(
+            post("/auth/sign-in")
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+                .content(
+                    """
+                    {
+                      "username": "test_04cb017e1fe6",
+                      "password": "test_567472858b8c"
+                    }
+                    """)
+                .with(csrf()))
+        .andExpect(status().isBadRequest());
+
+    when(signService.signIn(signInDto)).thenReturn(1L);
+    mockMvc
+        .perform(
+            post("/auth/sign-in")
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(
+                    """
+                    {
+                      "username": "test_04cb017e1fe6"
+                    }
+                    """)
+                .with(csrf()))
+        .andExpect(status().isBadRequest());
+  }
+
+  @Test
+  @WithMockUser
+  void signUp_givenValidHttpRequest_shouldSucceedWith200() throws Exception {
+    mockMvc
+        .perform(
+            post("/auth/sign-up")
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(
+                    """
+                    {
+                      "username": "test_04cb017e1fe6",
+                      "password": "test_567472858b8c"
+                    }
+                    """)
+                .with(csrf()))
+        .andExpect(status().isCreated());
+  }
+
+  @Test
+  @WithMockUser
+  void signUp_givenInValidHttpRequest_shouldFailedWith400() throws Exception {
+    mockMvc
+        .perform(
+            post("/auth/sign-up")
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+                .content(
+                    """
+                    {
+                      "username": "test_04cb017e1fe6",
+                      "password": "test_567472858b8c"
+                    }
+                    """)
+                .with(csrf()))
+        .andExpect(status().isBadRequest());
+
+    mockMvc
+        .perform(
+            post("/auth/sign-up")
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(
+                    """
+                    {
+                      "username": "test_04cb017e1fe6"
+                    }
+                    """)
+                .with(csrf()))
+        .andExpect(status().isBadRequest());
+  }
+}

backend/src/test/java/com/zl/mjga/integration/mvc/UserRolePermissionMvcTest.java

@@ -0,0 +1,225 @@
+package com.zl.mjga.integration.mvc;
+
+import static org.mockito.Mockito.*;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.zl.mjga.config.security.HttpFireWallConfig;
+import com.zl.mjga.controller.IdentityAccessController;
+import com.zl.mjga.dto.PageRequestDto;
+import com.zl.mjga.dto.PageResponseDto;
+import com.zl.mjga.dto.urp.*;
+import com.zl.mjga.repository.PermissionRepository;
+import com.zl.mjga.repository.RoleRepository;
+import com.zl.mjga.repository.UserRepository;
+import com.zl.mjga.service.IdentityAccessService;
+import java.util.List;
+import org.jooq.generated.mjga.tables.pojos.User;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
+import org.springframework.http.MediaType;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.web.servlet.MockMvc;
+
+@WebMvcTest(value = {IdentityAccessController.class})
+@Import({HttpFireWallConfig.class})
+class UserRolePermissionMvcTest {
+
+  @MockBean private IdentityAccessService identityAccessService;
+  @Autowired private MockMvc mockMvc;
+  @MockBean private UserRepository userRepository;
+  @MockBean private RoleRepository roleRepository;
+  @MockBean private PermissionRepository permissionRepository;
+
+  @Test
+  @WithMockUser
+  void currentUser_givenValidHttpRequest_shouldSucceedWith200AndReturnJson() throws Exception {
+    String stubUsername = "test_04cb017e1fe6";
+    UserRolePermissionDto stubUserRolePermissionDto = new UserRolePermissionDto();
+    stubUserRolePermissionDto.setId(1L);
+    stubUserRolePermissionDto.setUsername(stubUsername);
+    User stubUser = new User();
+    stubUser.setId(1L);
+    when(userRepository.fetchOneByUsername(anyString())).thenReturn(stubUser);
+    when(identityAccessService.queryUniqueUserWithRolePermission(anyLong()))
+        .thenReturn(stubUserRolePermissionDto);
+    mockMvc
+        .perform(get("/iam/me"))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$.username").value(stubUsername));
+  }
+
+  @Test
+  @WithMockUser
+  void deleteUser_givenValidHttpRequest_shouldSucceedWith200() throws Exception {
+    Long stubUserId = 1L;
+    mockMvc
+        .perform(
+            delete(String.format("/iam/user?userId=%s", stubUserId))
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+                .with(csrf()))
+        .andExpect(status().isOk());
+  }
+
+  @Test
+  @WithMockUser
+  void upsertUser_givenValidHttpRequest_shouldSucceedWith200() throws Exception {
+    UserUpsertDto userUpsertDto = new UserUpsertDto();
+    userUpsertDto.setUsername("username");
+    userUpsertDto.setPassword("password");
+    userUpsertDto.setEnable(true);
+
+    ObjectMapper objectMapper = new ObjectMapper();
+    String json = objectMapper.writeValueAsString(userUpsertDto);
+
+    mockMvc
+        .perform(
+            post("/iam/user").contentType(MediaType.APPLICATION_JSON).content(json).with(csrf()))
+        .andExpect(status().isOk());
+  }
+
+  @Test
+  @WithMockUser
+  void upsertRole_givenValidHttpRequest_shouldSucceedWith200() throws Exception {
+    RoleUpsertDto roleUpsertDto = new RoleUpsertDto();
+    roleUpsertDto.setCode("roleCode");
+    roleUpsertDto.setName("name");
+
+    ObjectMapper objectMapper = new ObjectMapper();
+    String json = objectMapper.writeValueAsString(roleUpsertDto);
+
+    mockMvc
+        .perform(
+            post("/iam/role").contentType(MediaType.APPLICATION_JSON).content(json).with(csrf()))
+        .andExpect(status().isOk());
+  }
+
+  @Test
+  @WithMockUser
+  void deleteRole_givenValidHttpRequest_shouldSucceedWith200() throws Exception {
+    Long stubRoleId = 1L;
+    mockMvc
+        .perform(
+            delete(String.format("/iam/role?roleId=%s", stubRoleId))
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+                .with(csrf()))
+        .andExpect(status().isOk());
+  }
+
+  @Test
+  @WithMockUser
+  void upsertPermission_givenValidHttpRequest_shouldSucceedWith200() throws Exception {
+    PermissionUpsertDto permissionUpsertDto = new PermissionUpsertDto();
+    permissionUpsertDto.setCode("roleCode");
+    permissionUpsertDto.setName("name");
+
+    ObjectMapper objectMapper = new ObjectMapper();
+    String json = objectMapper.writeValueAsString(permissionUpsertDto);
+
+    mockMvc
+        .perform(
+            post("/iam/permission")
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(json)
+                .with(csrf()))
+        .andExpect(status().isOk());
+  }
+
+  @Test
+  @WithMockUser
+  void deletePermission_givenValidHttpRequest_shouldSucceedWith200() throws Exception {
+    Long permissionId = 1L;
+    mockMvc
+        .perform(
+            delete(String.format("/iam/permission?permissionId=%s", permissionId))
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+                .with(csrf()))
+        .andExpect(status().isOk());
+  }
+
+  @Test
+  @WithMockUser
+  void pageQueryUser_givenValidHttpRequest_shouldSucceedWith200AndReturnJson() throws Exception {
+    String stubUsername = "test_04cb017e1fe6";
+    UserRolePermissionDto stubUserRolePermissionDto = new UserRolePermissionDto();
+    stubUserRolePermissionDto.setId(1L);
+    stubUserRolePermissionDto.setUsername(stubUsername);
+    when(identityAccessService.pageQueryUser(
+            PageRequestDto.of(1, 5), new UserQueryDto(stubUsername)))
+        .thenReturn(new PageResponseDto<>(1, List.of(stubUserRolePermissionDto)));
+    mockMvc
+        .perform(
+            get(String.format("/iam/users?page=1&size=5&username=%s", stubUsername))
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$.data[0].username").value(stubUsername));
+  }
+
+  @Test
+  @WithMockUser
+  void pageQueryRole_givenValidHttpRequest_shouldSucceedWith200AndReturnJson() throws Exception {
+    Long stubUserId = 1L;
+    Long stubRoleId = 1L;
+    String stubRoleCode = "UZ1Ej9vx5y8L4";
+    String stubRoleName = "B90KM9Pw2ZH9P8OAS";
+    RoleQueryDto stubRoleQueryDto = new RoleQueryDto();
+    stubRoleQueryDto.setUserId(stubUserId);
+    stubRoleQueryDto.setRoleId(stubRoleId);
+    stubRoleQueryDto.setRoleCode(stubRoleCode);
+    stubRoleQueryDto.setRoleName(stubRoleName);
+    RoleDto stubRoleDto = new RoleDto();
+    stubRoleDto.setId(1L);
+    stubRoleDto.setName(stubRoleName);
+    stubRoleDto.setCode(stubRoleCode);
+    stubRoleDto.setPermissions(
+        List.of(new PermissionRespDto(1L, "9VWU1nmU89zEVH", "9VWU1nmU89zEVH", false)));
+    when(identityAccessService.pageQueryRole(PageRequestDto.of(1, 5), stubRoleQueryDto))
+        .thenReturn(new PageResponseDto<>(1, List.of(stubRoleDto)));
+
+    mockMvc
+        .perform(
+            get(String.format(
+                    "/iam/roles?page=1&size=5&userId=%s&roleId=%s&roleCode=%s&roleName=%s",
+                    stubUserId, stubRoleId, stubRoleCode, stubRoleName))
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$.data[0].name").value(stubRoleName));
+  }
+
+  @Test
+  @WithMockUser
+  void pageQueryPermission_givenValidHttpRequest_shouldSucceedWith200AndReturnJson()
+      throws Exception {
+    Long stubRoleId = 1L;
+    Long stubPermissionId = 1L;
+    String stubPermissionCode = "UZ1Ej9vx5y8L4";
+    String stubPermissionName = "B90KM9Pw2ZH9P8OAS";
+    PermissionQueryDto stubPermissionQueryDto = new PermissionQueryDto();
+    stubPermissionQueryDto.setRoleId(stubRoleId);
+    stubPermissionQueryDto.setPermissionId(stubPermissionId);
+    stubPermissionQueryDto.setPermissionCode(stubPermissionCode);
+    stubPermissionQueryDto.setPermissionName(stubPermissionName);
+
+    PermissionRespDto stubPermissionRespDto = new PermissionRespDto();
+    stubPermissionRespDto.setId(stubPermissionId);
+    stubPermissionRespDto.setName(stubPermissionName);
+    stubPermissionRespDto.setCode(stubPermissionCode);
+    when(identityAccessService.pageQueryPermission(PageRequestDto.of(1, 5), stubPermissionQueryDto))
+        .thenReturn(new PageResponseDto<>(1, List.of(stubPermissionRespDto)));
+
+    mockMvc
+        .perform(
+            get(String.format(
+                    "/iam/permissions?page=1&size=5&roleId=%s&permissionId=%s&permissionCode=%s&permissionName=%s",
+                    stubRoleId, stubPermissionId, stubPermissionCode, stubPermissionName))
+                .contentType(MediaType.APPLICATION_FORM_URLENCODED))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$.data[0].name").value(stubPermissionName));
+  }
+}

backend/src/test/java/com/zl/mjga/integration/persistence/AbstractDataAccessLayerTest.java

@@ -0,0 +1,33 @@
+package com.zl.mjga.integration.persistence;
+
+import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase;
+import org.springframework.boot.test.autoconfigure.jooq.JooqTest;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ComponentScans;
+import org.springframework.test.context.DynamicPropertyRegistry;
+import org.springframework.test.context.DynamicPropertySource;
+import org.testcontainers.containers.PostgreSQLContainer;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+@JooqTest
+@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.NONE)
+@ComponentScans({@ComponentScan("jooq.tables.daos"), @ComponentScan("com.zl.mjga.repository")})
+@Testcontainers
+public class AbstractDataAccessLayerTest {
+
+  public static PostgreSQLContainer<?> postgres =
+      new PostgreSQLContainer<>("postgres:17.3-alpine").withDatabaseName("mjga");
+
+  @DynamicPropertySource
+  static void postgresProperties(DynamicPropertyRegistry registry) {
+    registry.add("spring.datasource.url", postgres::getJdbcUrl);
+    registry.add("spring.datasource.username", postgres::getUsername);
+    registry.add("spring.datasource.password", postgres::getPassword);
+    registry.add("spring.flyway.locations", () -> "classpath:db/migration/test");
+    registry.add("spring.flyway.default-schema", () -> "public");
+  }
+
+  static {
+    postgres.start();
+  }
+}

backend/src/test/java/com/zl/mjga/integration/persistence/JooqTutorialsTest.java

@@ -0,0 +1,160 @@
+package com.zl.mjga.integration.persistence;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.jooq.generated.mjga.tables.User.USER;
+import static org.jooq.impl.DSL.asterisk;
+
+import java.util.List;
+import org.jooq.DSLContext;
+import org.jooq.Record;
+import org.jooq.Result;
+import org.jooq.generated.mjga.tables.pojos.User;
+import org.jooq.generated.mjga.tables.records.UserRecord;
+import org.jooq.impl.DSL;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.jdbc.Sql;
+
+public class JooqTutorialsTest extends AbstractDataAccessLayerTest {
+
+  @Autowired private DSLContext dsl;
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (2, 'testUserB','lbHHwHjTzpOiRHTs')"
+      })
+  void queryWithDsl() {
+    List<User> users = dsl.selectFrom(USER).fetchInto(User.class);
+    assertThat(users.size()).isEqualTo(2);
+    assertThat(users.get(0).getUsername()).isEqualTo("testUserA");
+    assertThat(users.get(1).getUsername()).isEqualTo("testUserB");
+  }
+
+  @Test
+  void insertWithOrmFeel() {
+    UserRecord userRecord = dsl.newRecord(USER);
+    userRecord.setUsername("9hrb5Fv@gmail.com");
+    userRecord.setPassword("falr2b9nCVY5hS1o");
+    userRecord.store();
+    UserRecord fetchedOne = dsl.fetchOne(USER, USER.USERNAME.eq("9hrb5Fv@gmail.com"));
+    assertThat(fetchedOne.getPassword()).isEqualTo("falr2b9nCVY5hS1o");
+  }
+
+  @Test
+  void updateWithOrmFeel() {
+    UserRecord userRecord = dsl.newRecord(USER);
+    userRecord.setUsername("9hrb5Fv@gmail.com");
+    userRecord.setPassword("falr2b9nCVY5hS1o");
+    userRecord.store();
+
+    UserRecord fetchedOne = dsl.fetchOne(USER, USER.USERNAME.eq("9hrb5Fv@gmail.com"));
+    assertThat(fetchedOne.getPassword()).isEqualTo("falr2b9nCVY5hS1o");
+
+    userRecord.setPassword("JHMDoQPKuEcgILE6");
+    userRecord.store();
+
+    fetchedOne.refresh();
+    assertThat(fetchedOne.getPassword()).isEqualTo("JHMDoQPKuEcgILE6");
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (2, 'testUserB','lbHHwHjTzpOiRHTs')"
+      })
+  void deleteWithOrmFeel() {
+    UserRecord userRecord1 = dsl.fetchOne(USER, USER.USERNAME.eq("testUserA"));
+    assertThat(userRecord1.get(USER.USERNAME)).isEqualTo("testUserA");
+    userRecord1.delete();
+    UserRecord userRecord2 = dsl.fetchOne(USER, USER.USERNAME.eq("testUserA"));
+    assertThat(userRecord2).isNull();
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (2, 'testUserB','lbHHwHjTzpOiRHTs')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (3, 'testUserC','yF25WscLYmA8')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (4, 'testUserD','yF25WscLYmA8')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (5, 'testUserE','x60FelJjyd0B')"
+      })
+  void pagingQuery() {
+    List<User> users =
+        dsl.select(USER.USERNAME).from(USER).limit(2).offset(1).fetchInto(User.class);
+    assertThat(users.size()).isEqualTo(2);
+    assertThat(users.get(0).getUsername()).isEqualTo("testUserB");
+    assertThat(users.get(1).getUsername()).isEqualTo("testUserC");
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (2, 'testUserB','lbHHwHjTzpOiRHTs')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (3, 'testUserC','yF25WscLYmA8')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (4, 'testUserD','yF25WscLYmA8')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (5, 'testUserE','x60FelJjyd0B')"
+      })
+  void pagingSortQuery() {
+    List<User> users =
+        dsl.select(USER.USERNAME)
+            .from(USER)
+            .orderBy(USER.ID.desc())
+            .limit(3)
+            .offset(1)
+            .fetchInto(User.class);
+    assertThat(users.size()).isEqualTo(3);
+    assertThat(users.get(0).getUsername()).isEqualTo("testUserD");
+    assertThat(users.get(1).getUsername()).isEqualTo("testUserC");
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','a')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (2, 'testUserB','b')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (3, 'testUserC','c')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (4, 'testUserD','c')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (5, 'testUserE','c')"
+      })
+  void fetchAndTiesQuery() {
+    List<User> users =
+        dsl.select(USER.USERNAME)
+            .from(USER)
+            .orderBy(USER.PASSWORD.asc())
+            .limit(3)
+            .withTies()
+            .offset(0)
+            .fetchInto(User.class);
+    assertThat(users.size()).isEqualTo(5);
+    assertThat(users.get(0).getUsername()).isEqualTo("testUserA");
+    assertThat(users.get(4).getUsername()).isEqualTo("testUserE");
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','a')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (2, 'testUserB','b')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (3, 'testUserC','c')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (4, 'testUserD','e')",
+        "INSERT INTO mjga.user (id, username, password) VALUES (5, 'testUserE','f')"
+      })
+  void windowFunctionQuery() {
+    Result<Record> resultWithWindow =
+        dsl.select(asterisk(), DSL.count().over().as("total_user"))
+            .from(USER)
+            .orderBy(USER.ID.asc())
+            .limit(4)
+            .offset(0)
+            .fetch();
+    assertThat(resultWithWindow.size()).isEqualTo(4);
+    assertThat(resultWithWindow.get(0).getValue("total_user")).isEqualTo(5);
+    assertThat(resultWithWindow.get(0).getValue(USER.USERNAME)).isEqualTo("testUserA");
+    assertThat(resultWithWindow.get(1).getValue(USER.USERNAME)).isEqualTo("testUserB");
+  }
+}

backend/src/test/java/com/zl/mjga/integration/persistence/SortByDALTest.java

@@ -0,0 +1,71 @@
+package com.zl.mjga.integration.persistence;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.jooq.generated.mjga.tables.User.USER;
+
+import com.zl.mjga.dto.PageRequestDto;
+import com.zl.mjga.dto.urp.UserQueryDto;
+import com.zl.mjga.repository.*;
+import java.util.HashMap;
+import org.jooq.Record;
+import org.jooq.Result;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.jdbc.Sql;
+
+public class SortByDALTest extends AbstractDataAccessLayerTest {
+  @Autowired private UserRoleMapRepository userRoleMapRepository;
+
+  @Autowired private RolePermissionMapRepository rolePermissionMapRepository;
+
+  @Autowired private UserRepository userRepository;
+
+  @Autowired private RoleRepository roleRepository;
+
+  @Autowired private PermissionRepository permissionRepository;
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.user (id, username,password) VALUES (2, 'testB','NTjRCeUq2EqCy')",
+        "INSERT INTO mjga.user (id, username,password) VALUES (3, 'testC','qFVVFvPqs291k10')",
+      })
+  void userPageFetchWithNoSort() {
+    UserQueryDto rbacQueryDto = new UserQueryDto("test");
+    Result<Record> records = userRepository.pageFetchBy(PageRequestDto.of(1, 10), rbacQueryDto);
+    assertThat(records.get(0).get(USER.ID)).isEqualTo(1);
+    assertThat(records.get(1).get(USER.ID)).isEqualTo(2);
+    assertThat(records.get(2).get(USER.ID)).isEqualTo(3);
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testA','1')",
+        "INSERT INTO mjga.user (id, username,password) VALUES (2, 'testB','2')",
+        "INSERT INTO mjga.user (id, username,password) VALUES (3, 'testC','3')",
+        "INSERT INTO mjga.user (id, username,password) VALUES (4, 'testD','3')",
+      })
+  void userPageFetchWithSort() {
+    UserQueryDto rbacQueryDto = new UserQueryDto("test");
+    HashMap<String, PageRequestDto.Direction> sortByIdDesc = new HashMap<>();
+    sortByIdDesc.put("id", PageRequestDto.Direction.DESC);
+    Result<Record> records =
+        userRepository.pageFetchBy(PageRequestDto.of(1, 10, sortByIdDesc), rbacQueryDto);
+    assertThat(records.get(0).get(USER.ID)).isEqualTo(4);
+    assertThat(records.get(1).get(USER.ID)).isEqualTo(3);
+    assertThat(records.get(2).get(USER.ID)).isEqualTo(2);
+    assertThat(records.get(3).get(USER.ID)).isEqualTo(1);
+
+    HashMap<String, PageRequestDto.Direction> sortByPasswordAndId = new HashMap<>();
+    sortByPasswordAndId.put("password", PageRequestDto.Direction.DESC);
+    sortByIdDesc.put("id", PageRequestDto.Direction.ASC);
+    Result<Record> records2 =
+        userRepository.pageFetchBy(PageRequestDto.of(1, 10, sortByPasswordAndId), rbacQueryDto);
+    assertThat(records2.get(0).get(USER.ID)).isEqualTo(3);
+    assertThat(records2.get(1).get(USER.ID)).isEqualTo(4);
+    assertThat(records2.get(2).get(USER.ID)).isEqualTo(2);
+    assertThat(records2.get(3).get(USER.ID)).isEqualTo(1);
+  }
+}

backend/src/test/java/com/zl/mjga/integration/persistence/UserRolePermissionDALTest.java

@@ -0,0 +1,219 @@
+package com.zl.mjga.integration.persistence;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.jooq.generated.mjga.tables.Permission.PERMISSION;
+import static org.jooq.generated.mjga.tables.Role.ROLE;
+import static org.jooq.generated.mjga.tables.User.USER;
+
+import com.zl.mjga.dto.PageRequestDto;
+import com.zl.mjga.dto.urp.PermissionQueryDto;
+import com.zl.mjga.dto.urp.RoleQueryDto;
+import com.zl.mjga.dto.urp.UserQueryDto;
+import com.zl.mjga.model.urp.BindState;
+import com.zl.mjga.repository.*;
+import java.util.List;
+import java.util.stream.Collectors;
+import org.jooq.Record;
+import org.jooq.Result;
+import org.jooq.generated.mjga.tables.pojos.Permission;
+import org.jooq.generated.mjga.tables.pojos.Role;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.jdbc.Sql;
+
+public class UserRolePermissionDALTest extends AbstractDataAccessLayerTest {
+
+  @Autowired private UserRoleMapRepository userRoleMapRepository;
+
+  @Autowired private RolePermissionMapRepository rolePermissionMapRepository;
+
+  @Autowired private UserRepository userRepository;
+
+  @Autowired private RoleRepository roleRepository;
+
+  @Autowired private PermissionRepository permissionRepository;
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.role (id, code, name) VALUES (1, 'testRoleA', 'testRoleA')",
+        "INSERT INTO mjga.user_role_map (user_id, role_id) VALUES (1, 1)"
+      })
+  void userRoleMap_deleteByUserId() {
+    userRoleMapRepository.deleteByUserId(1L);
+    assertThat(userRoleMapRepository.fetchByUserId(1L).isEmpty()).isTrue();
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.role (id, code, name) VALUES (1, 'testRoleA', 'testRoleA')",
+        "INSERT INTO mjga.permission (id, code, name) VALUES (1, 'testPermissionA',"
+            + " 'testPermissionA')",
+        "INSERT INTO mjga.role_permission_map (role_id, permission_id) VALUES (1, 1)",
+      })
+  void rolePermissionMap_deleteByRoleId() {
+    rolePermissionMapRepository.deleteByRoleId(1L);
+    assertThat(rolePermissionMapRepository.fetchByRoleId(1L).isEmpty()).isTrue();
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testUserA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.user (id, username,password) VALUES (2, 'testUserB','NTjRCeUq2EqCy')",
+        "INSERT INTO mjga.role (id, code, name) VALUES (1, 'testRoleA', 'testRoleA')",
+        "INSERT INTO mjga.role (id, code, name) VALUES (2, 'testRoleB', 'testRoleB')",
+        "INSERT INTO mjga.permission (id, code, name) VALUES (1, 'testPermissionA',"
+            + " 'testPermissionA')",
+        "INSERT INTO mjga.permission (id, code, name) VALUES (2, 'testPermissionB',"
+            + " 'testPermissionB')",
+        "INSERT INTO mjga.user_role_map (user_id, role_id) VALUES (1, 1)",
+        "INSERT INTO mjga.role_permission_map (role_id, permission_id) VALUES (1, 1)",
+        "INSERT INTO mjga.role_permission_map (role_id, permission_id) VALUES (1, 2)",
+        "INSERT INTO mjga.user_role_map (user_id, role_id) VALUES (2, 2)",
+        "INSERT INTO mjga.role_permission_map (role_id, permission_id) VALUES (2, 2)",
+      })
+  void user_fetchUniqueUserWithRolePermissionBy() {
+    Result<Record> records = userRepository.fetchUniqueUserWithRolePermissionBy(1L);
+    assertThat(records.size()).isEqualTo(2);
+    assertThat(records.get(0).get(USER.USERNAME)).isEqualTo("testUserA");
+    assertThat(records.get(1).get(USER.USERNAME)).isEqualTo("testUserA");
+    assertThat(records.get(0).get(ROLE.NAME)).isEqualTo("testRoleA");
+    assertThat(records.get(1).get(ROLE.NAME)).isEqualTo("testRoleA");
+
+    List<String> names =
+        records.stream().map(record -> record.get(PERMISSION.NAME)).collect(Collectors.toList());
+    assertThat(names).containsExactlyInAnyOrder("testPermissionA", "testPermissionB");
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.user (id, username, password) VALUES (1, 'testA','5EUX1AIlV09n2o')",
+        "INSERT INTO mjga.user (id, username,password) VALUES (2, 'testB','NTjRCeUq2EqCy')",
+      })
+  void user_pageFetchBy() {
+    UserQueryDto rbacQueryDto = new UserQueryDto("test");
+    Result<Record> records = userRepository.pageFetchBy(PageRequestDto.of(1, 10), rbacQueryDto);
+    assertThat(records.size()).isEqualTo(2);
+
+    assertThat(records.get(0).get(USER.ID)).isEqualTo(1);
+    assertThat(records.get(1).get(USER.ID)).isEqualTo(2);
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.role (id, code, name) VALUES (1, 'testRoleA', 'testRoleA')",
+        "INSERT INTO mjga.role (id, code, name) VALUES (2, 'testRoleB', 'testRoleB')",
+      })
+  void role_selectByRoleIdIn() {
+    List<Role> roles = roleRepository.selectByRoleIdIn(List.of(1L, 2L));
+    assertThat(roles.size()).isEqualTo(2);
+    assertThat(roles.get(0).getId()).isEqualTo(1L);
+    assertThat(roles.get(1).getId()).isEqualTo(2L);
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.role (id, code, name) VALUES (1, 'testRoleA', 'testRoleA')",
+        "INSERT INTO mjga.role (id, code, name) VALUES (2, 'testRoleB', 'testRoleB')",
+      })
+  void role_selectByRoleCodeIn() {
+    List<Role> roles = roleRepository.selectByRoleCodeIn(List.of("testRoleA", "testRoleB"));
+    assertThat(roles.size()).isEqualTo(2);
+    assertThat(roles.get(0).getId()).isEqualTo(1L);
+    assertThat(roles.get(1).getId()).isEqualTo(2L);
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.role (id, code, name) VALUES (1, 'testRoleA', 'testRoleA')",
+        "INSERT INTO mjga.role (id, code, name) VALUES (2, 'testRoleB', 'testRoleB')",
+      })
+  void role_pageFetchBy() {
+    RoleQueryDto roleQueryDto = new RoleQueryDto();
+    roleQueryDto.setRoleName("testRole");
+    roleQueryDto.setBindState(BindState.ALL);
+    Result<Record> records = roleRepository.pageFetchBy(PageRequestDto.of(1, 10), roleQueryDto);
+    assertThat(records.get(0).getValue("total_role")).isEqualTo(2);
+    assertThat(records.get(0).getValue(ROLE.NAME)).isEqualTo("testRoleA");
+    assertThat(records.get(1).getValue(ROLE.NAME)).isEqualTo("testRoleB");
+
+    roleQueryDto = new RoleQueryDto();
+    roleQueryDto.setRoleCode("testRoleA");
+    roleQueryDto.setBindState(BindState.ALL);
+    records = roleRepository.pageFetchBy(PageRequestDto.of(1, 10), roleQueryDto);
+    assertThat(records.get(0).getValue("total_role")).isEqualTo(1);
+    assertThat(records.get(0).getValue(ROLE.NAME)).isEqualTo("testRoleA");
+
+    roleQueryDto = new RoleQueryDto();
+    roleQueryDto.setRoleName("test");
+    roleQueryDto.setRoleCode("testRoleA");
+    roleQueryDto.setBindState(BindState.ALL);
+    records = roleRepository.pageFetchBy(PageRequestDto.of(1, 10), roleQueryDto);
+    assertThat(records.get(0).getValue("total_role")).isEqualTo(1);
+    assertThat(records.get(0).getValue(ROLE.NAME)).isEqualTo("testRoleA");
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.role (id, code, name) VALUES (1, 'testRoleA', 'testRoleA')",
+        "INSERT INTO mjga.role (id, code, name) VALUES (2, 'testRoleB', 'testRoleB')",
+        "INSERT INTO mjga.permission (id, code, name) VALUES (1, 'testPermissionA',"
+            + " 'testPermissionA')",
+        "INSERT INTO mjga.permission (id, code, name) VALUES (2, 'testPermissionB',"
+            + " 'testPermissionB')",
+        "INSERT INTO mjga.role_permission_map (role_id, permission_id) VALUES (1, 1)",
+        "INSERT INTO mjga.role_permission_map (role_id, permission_id) VALUES (1, 2)",
+        "INSERT INTO mjga.role_permission_map (role_id, permission_id) VALUES (2, 2)",
+      })
+  void role_fetchUniqueRoleWithPermission() {
+    Result<Record> records = roleRepository.fetchUniqueRoleWithPermission(1L);
+    assertThat(records.size()).isEqualTo(2L);
+    assertThat(records.get(0).getValue(ROLE.NAME)).isEqualTo("testRoleA");
+    assertThat(records.get(1).getValue(ROLE.NAME)).isEqualTo("testRoleA");
+    assertThat(records.get(0).getValue(PERMISSION.NAME)).isEqualTo("testPermissionA");
+    assertThat(records.get(1).getValue(PERMISSION.NAME)).isEqualTo("testPermissionB");
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.permission (id, code, name) VALUES (1, 'testPermissionA',"
+            + " 'testPermissionA')",
+        "INSERT INTO mjga.permission (id, code, name) VALUES (2, 'testPermissionB',"
+            + " 'testPermissionB')",
+      })
+  void permission_selectByPermissionIdIn() {
+    List<Permission> permissions = permissionRepository.selectByPermissionIdIn(List.of(1L));
+    assertThat(permissions.size()).isEqualTo(1);
+    assertThat(permissions.get(0).getId()).isEqualTo(1L);
+  }
+
+  @Test
+  @Sql(
+      statements = {
+        "INSERT INTO mjga.permission (id, code, name) VALUES (1, 'testPermissionA',"
+            + " 'testPermissionA')",
+        "INSERT INTO mjga.permission (id, code, name) VALUES (2, 'testPermissionB',"
+            + " 'testPermissionB')",
+      })
+  void permission_pageFetchBy() {
+    PermissionQueryDto permissionQueryDto = new PermissionQueryDto();
+    permissionQueryDto.setPermissionCode("testPermissionA");
+    permissionQueryDto.setPermissionName("test");
+    permissionQueryDto.setPermissionIdList(List.of(1L));
+
+    Result<Record> records =
+        permissionRepository.pageFetchBy(PageRequestDto.of(1, 10), permissionQueryDto);
+    assertThat(records.get(0).getValue("total_permission")).isEqualTo(1);
+    assertThat(records.get(0).getValue(PERMISSION.NAME)).isEqualTo("testPermissionA");
+  }
+}

backend/src/test/java/com/zl/mjga/integration/quartz/AbstractQuartzTest.java

@@ -0,0 +1,32 @@
+package com.zl.mjga.integration.quartz;
+
+import com.zl.mjga.config.QuartzConfig;
+import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase;
+import org.springframework.boot.test.autoconfigure.jooq.JooqTest;
+import org.springframework.test.context.DynamicPropertyRegistry;
+import org.springframework.test.context.DynamicPropertySource;
+import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
+import org.testcontainers.containers.PostgreSQLContainer;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+@SpringJUnitConfig(classes = QuartzConfig.class)
+@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.NONE)
+@Testcontainers
+@JooqTest
+public class AbstractQuartzTest {
+  public static PostgreSQLContainer<?> postgres =
+      new PostgreSQLContainer<>("postgres:17.2-alpine").withDatabaseName("mjga");
+
+  @DynamicPropertySource
+  static void postgresProperties(DynamicPropertyRegistry registry) {
+    registry.add("spring.datasource.url", postgres::getJdbcUrl);
+    registry.add("spring.datasource.username", postgres::getUsername);
+    registry.add("spring.datasource.password", postgres::getPassword);
+    registry.add("spring.flyway.locations", () -> "classpath:db/migration/test");
+    registry.add("spring.flyway.default-schema", () -> "public");
+  }
+
+  static {
+    postgres.start();
+  }
+}

backend/src/test/java/com/zl/mjga/integration/quartz/DataBackupJobTest.java

@@ -0,0 +1,84 @@
+package com.zl.mjga.integration.quartz;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.text.MessageFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.Objects;
+import org.junit.jupiter.api.Test;
+import org.quartz.*;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.scheduling.quartz.CronTriggerFactoryBean;
+import org.springframework.scheduling.quartz.SchedulerFactoryBean;
+
+public class DataBackupJobTest extends AbstractQuartzTest {
+  @Autowired
+  @Qualifier("dataBackupJobDetail") private JobDetail dataBackupJobDetail;
+
+  @Autowired
+  @Qualifier("dataBackupTrigger") private CronTriggerFactoryBean dataBackupTrigger;
+
+  @Autowired
+  @Qualifier("dataBackupSchedulerFactory") private SchedulerFactoryBean dataBackupSchedulerFactory;
+
+  @Test
+  public void dataBackupJobDetail_defineShouldValid_descShouldEqual() {
+    assertNotNull(dataBackupJobDetail);
+    assertEquals("data-backup-job", dataBackupJobDetail.getKey().getName());
+    assertEquals("batch-service", dataBackupJobDetail.getKey().getGroup());
+    assertTrue(dataBackupJobDetail.isDurable());
+    assertEquals("Gh2mxa", dataBackupJobDetail.getJobDataMap().getString("roleId"));
+  }
+
+  @Test
+  public void dataBackupTrigger_defineShouldValid_cronShouldBeTriggeredAtDesiredTime() {
+    assertNotNull(dataBackupTrigger);
+    CronTrigger cronTrigger = dataBackupTrigger.getObject();
+    assertNotNull(cronTrigger);
+    assertEquals("0 0/5 * * * ?", cronTrigger.getCronExpression());
+    try {
+      CronExpression cron = new CronExpression(cronTrigger.getCronExpression());
+      Date now = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2024-10-30 11:25:00");
+      Date nextValidTimeAfter = cron.getNextValidTimeAfter(now);
+
+      Calendar calendar = Calendar.getInstance();
+      calendar.setTime(now);
+      calendar.add(Calendar.MINUTE, 5);
+      calendar.set(Calendar.SECOND, 0);
+      calendar.set(Calendar.MILLISECOND, 0);
+      Date expectedNextTriggerTime = calendar.getTime();
+      assertEquals(expectedNextTriggerTime, nextValidTimeAfter);
+    } catch (ParseException e) {
+      fail(MessageFormat.format("Invalid cron expression {0}", e));
+    }
+  }
+
+  @Test
+  public void dataBackupSchedulerFactory_defineShouldValid_descShouldEqual()
+      throws SchedulerException {
+    assertNotNull(dataBackupSchedulerFactory);
+    JobKey jobKey =
+        JobKey.jobKey(
+            dataBackupJobDetail.getKey().getName(), dataBackupJobDetail.getKey().getGroup());
+    assertEquals(
+        dataBackupSchedulerFactory.getScheduler().getJobDetail(jobKey), dataBackupJobDetail);
+    TriggerKey triggerKey = Objects.requireNonNull(dataBackupTrigger.getObject()).getKey();
+    assertEquals(
+        dataBackupSchedulerFactory.getScheduler().getTrigger(triggerKey),
+        dataBackupTrigger.getObject());
+    assertEquals(
+        "data-backup-scheduler", dataBackupSchedulerFactory.getScheduler().getSchedulerName());
+  }
+
+  @Test
+  public void dataBackupScheduler_startShouldSuccess() throws SchedulerException {
+    Scheduler scheduler = dataBackupSchedulerFactory.getScheduler();
+    assertNotNull(scheduler);
+    scheduler.start();
+    assertTrue(scheduler.isStarted());
+  }
+}

backend/src/test/java/com/zl/mjga/integration/quartz/SendEmailJobTest.java

@@ -0,0 +1,72 @@
+package com.zl.mjga.integration.quartz;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.awaitility.Awaitility.await;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.quartz.DateBuilder.futureDate;
+import static org.quartz.JobBuilder.newJob;
+import static org.quartz.TriggerBuilder.newTrigger;
+
+import com.zl.mjga.job.EmailJob;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.quartz.*;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.scheduling.quartz.SchedulerFactoryBean;
+
+@Disabled
+public class SendEmailJobTest extends AbstractQuartzTest {
+  private Boolean executed;
+
+  @Autowired
+  @Qualifier("emailJobSchedulerFactory") private SchedulerFactoryBean emailJobSchedulerFactory;
+
+  @Test
+  public void emailJobScheduler_givenDynamicJobAndTrigger_shouldRunJobAtDesiredTime()
+      throws Exception {
+    Scheduler emailJobScheduler = emailJobSchedulerFactory.getScheduler();
+    assertTrue(emailJobScheduler.isStarted());
+    JobDataMap jobDataMap = new JobDataMap();
+    jobDataMap.put("userEmail", "Gh273@gmail.com");
+
+    JobDetail jobDetail =
+        newJob(EmailJob.class)
+            .withIdentity("email-job", "customer-service")
+            .usingJobData(jobDataMap)
+            .build();
+
+    Trigger trigger =
+        newTrigger()
+            .withIdentity("email-trigger", "customer-service")
+            .startAt(futureDate(1, DateBuilder.IntervalUnit.SECOND))
+            .build();
+
+    emailJobScheduler
+        .getListenerManager()
+        .addJobListener(
+            new JobListener() {
+              @Override
+              public String getName() {
+                return "TestJobListener";
+              }
+
+              @Override
+              public void jobToBeExecuted(JobExecutionContext context) {}
+
+              @Override
+              public void jobExecutionVetoed(JobExecutionContext context) {}
+
+              @Override
+              public void jobWasExecuted(
+                  JobExecutionContext context, JobExecutionException jobException) {
+                executed = Boolean.TRUE;
+              }
+            });
+    emailJobScheduler.scheduleJob(jobDetail, trigger);
+    assertTrue(emailJobScheduler.isStarted());
+    await()
+        .atMost(3, java.util.concurrent.TimeUnit.SECONDS)
+        .untilAsserted(() -> assertThat(executed).isTrue());
+  }
+}

backend/src/test/java/com/zl/mjga/integration/quartz/TaskManagementTest.java

@@ -0,0 +1,92 @@
+package com.zl.mjga.integration.quartz;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.quartz.DateBuilder.futureDate;
+import static org.quartz.JobBuilder.newJob;
+import static org.quartz.TriggerBuilder.newTrigger;
+
+import com.zl.mjga.job.EmailJob;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import org.junit.jupiter.api.Test;
+import org.quartz.*;
+import org.quartz.impl.matchers.GroupMatcher;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.scheduling.quartz.CronTriggerFactoryBean;
+import org.springframework.scheduling.quartz.JobDetailFactoryBean;
+import org.springframework.scheduling.quartz.SchedulerFactoryBean;
+
+public class TaskManagementTest extends AbstractQuartzTest {
+
+  @Autowired
+  @Qualifier("emailJobSchedulerFactory") private SchedulerFactoryBean emailJobSchedulerFactory;
+
+  @Autowired
+  @Qualifier("dataBackupSchedulerFactory") private SchedulerFactoryBean dataBackupSchedulerFactory;
+
+  @Autowired
+  @Qualifier("dataBackupTrigger") private CronTriggerFactoryBean dataBackupTrigger;
+
+  @Autowired
+  @Qualifier("dataBackupJobDetail") private JobDetailFactoryBean dataBackupJobDetail;
+
+  @Test
+  void crudTask_interactWithScheduler_shouldManipulateAllTask() throws SchedulerException {
+    Scheduler dataBackupScheduler = dataBackupSchedulerFactory.getScheduler();
+    JobDataMap jobDataMap = new JobDataMap();
+    jobDataMap.put("userEmail", "Gh273@gmail.com");
+
+    // trigger job
+    JobDetail jobDetail =
+        newJob(EmailJob.class)
+            .withIdentity("email-job", "customer-service")
+            .usingJobData(jobDataMap)
+            .build();
+    Trigger dayLaterTrigger =
+        newTrigger()
+            .withIdentity("email-trigger", "customer-service")
+            .startAt(futureDate(1, DateBuilder.IntervalUnit.DAY))
+            .build();
+    Scheduler emailJobScheduler = emailJobSchedulerFactory.getScheduler();
+    emailJobScheduler.scheduleJob(jobDetail, dayLaterTrigger);
+
+    // list all jobs with k(name):v(group)
+    Set<JobKey> emailJobKeys = emailJobScheduler.getJobKeys(GroupMatcher.anyJobGroup());
+    Set<JobKey> dataBackupJobKeys = dataBackupScheduler.getJobKeys(GroupMatcher.anyJobGroup());
+
+    assertEquals(emailJobKeys.size(), 1);
+    assertEquals(dataBackupJobKeys.size(), 1);
+
+    // get job's trigger details
+    JobKey firstEmailJobKey = emailJobKeys.iterator().next();
+    JobDetail existJobDetail = emailJobScheduler.getJobDetail(firstEmailJobKey);
+    assertEquals(existJobDetail.getJobClass(), EmailJob.class);
+    List<? extends Trigger> triggersOfJob = emailJobScheduler.getTriggersOfJob(firstEmailJobKey);
+    Trigger firstTrigger = triggersOfJob.get(0);
+    assertNotNull(firstTrigger.getNextFireTime());
+    assertNotNull(firstTrigger.getStartTime());
+    JobDataMap jobDataMap1 = firstTrigger.getJobDataMap();
+    // pause & resume job
+    JobKey firstDataBackupJobKey = dataBackupJobKeys.iterator().next();
+    assertDoesNotThrow(
+        () -> {
+          dataBackupScheduler.pauseJob(firstDataBackupJobKey);
+          dataBackupScheduler.resumeJob(firstDataBackupJobKey);
+        });
+
+    // update job
+    TriggerKey oldDataBackupTriggerKey =
+        Objects.requireNonNull(dataBackupTrigger.getObject()).getKey();
+    Trigger newTrigger =
+        TriggerBuilder.newTrigger()
+            .withIdentity(oldDataBackupTriggerKey)
+            .withSchedule(CronScheduleBuilder.cronSchedule("0 0/6 * * * ?"))
+            .build();
+    dataBackupScheduler.rescheduleJob(oldDataBackupTriggerKey, newTrigger);
+    assertEquals(
+        dataBackupScheduler.getTriggersOfJob(firstDataBackupJobKey).get(0).getKey(),
+        newTrigger.getKey());
+  }
+}

backend/src/test/java/com/zl/mjga/security/AuthenticationAndAuthorityTest.java

@@ -0,0 +1,128 @@
+package com.zl.mjga.security;
+
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.zl.mjga.config.security.HttpFireWallConfig;
+import com.zl.mjga.config.security.Jwt;
+import com.zl.mjga.config.security.UserDetailsServiceImpl;
+import com.zl.mjga.config.security.WebSecurityConfig;
+import com.zl.mjga.controller.IdentityAccessController;
+import com.zl.mjga.controller.SignController;
+import com.zl.mjga.dto.sign.SignInDto;
+import com.zl.mjga.model.urp.EPermission;
+import com.zl.mjga.repository.RoleRepository;
+import com.zl.mjga.repository.UserRepository;
+import com.zl.mjga.service.IdentityAccessService;
+import com.zl.mjga.service.SignService;
+import jakarta.servlet.http.HttpServletRequest;
+import java.util.Collections;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.test.web.servlet.MockMvc;
+
+@WebMvcTest(value = {SignController.class, IdentityAccessController.class})
+@Import({WebSecurityConfig.class, HttpFireWallConfig.class})
+public class AuthenticationAndAuthorityTest {
+
+  @Autowired private MockMvc mockMvc;
+
+  @MockBean private SignService signService;
+
+  @MockBean private Jwt jwt;
+
+  @MockBean private UserDetailsServiceImpl userDetailsService;
+
+  @MockBean private IdentityAccessService identityAccessService;
+
+  @MockBean private UserRepository userRepository;
+  @MockBean private RoleRepository roleRepository;
+
+  @Test
+  public void givenRequestOnPublicService_shouldSucceedWith200() throws Exception {
+    when(signService.signIn(any(SignInDto.class))).thenReturn(1L);
+    mockMvc
+        .perform(
+            post("/auth/sign-in")
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(
+                    """
+                    {
+                      "username": "test_04cb017e1fe6",
+                      "password": "test_567472858b8c"
+                    }
+                    """)
+                .with(csrf()))
+        .andExpect(status().isOk());
+  }
+
+  @Test
+  public void givenUnAuthenticateRequestOnPrivateService_shouldFailedWith401() throws Exception {
+    mockMvc.perform(post("/auth/sign-out").with(csrf())).andExpect(status().isUnauthorized());
+  }
+
+  @Test
+  public void givenUnAuthorityRequestOnPrivateService_shouldFailedWith403() throws Exception {
+    // Arrange
+    User stubUserNoPermission =
+        new User("test_04cb017e1fe6", "test_567472858b8c", Collections.emptyList());
+    when(jwt.extract(any(HttpServletRequest.class))).thenReturn(("u9T05Tg3ULCgRn8ja2"));
+    when(jwt.getSubject(any(String.class))).thenReturn(("4J2HX9r5JcXg0BT"));
+    when(jwt.verify(any(String.class))).thenReturn(Boolean.TRUE);
+    when(userDetailsService.loadUserByUsername(any(String.class))).thenReturn(stubUserNoPermission);
+
+    // Act and Assert
+    mockMvc
+        .perform(
+            post("/iam/permission/bind")
+                .with(csrf())
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(
+                    """
+                    {
+                      "roleId": 1,
+                      "permissionIds": [101, 102]
+                    }
+                    """))
+        .andExpect(status().isForbidden());
+  }
+
+  @Test
+  public void givenAuthorityRequestOnPrivateService_shouldSuccessWith200() throws Exception {
+    // Arrange
+    User stubUserNoPermission =
+        new User(
+            "test_04cb017e1fe6",
+            "test_567472858b8c",
+            List.of(new SimpleGrantedAuthority(EPermission.WRITE_USER_ROLE_PERMISSION.toString())));
+    when(jwt.extract(any(HttpServletRequest.class))).thenReturn(("u9T05Tg3ULCgRn8ja2"));
+    when(jwt.getSubject(any(String.class))).thenReturn(("4J2HX9r5JcXg0BT"));
+    when(jwt.verify(any(String.class))).thenReturn(Boolean.TRUE);
+    when(userDetailsService.loadUserByUsername(any(String.class))).thenReturn(stubUserNoPermission);
+
+    // Act and Assert
+    mockMvc
+        .perform(
+            post("/iam/permission/bind")
+                .with(csrf())
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(
+                    """
+                    {
+                      "roleId": 1,
+                      "permissionIds": [101, 102]
+                    }
+                    """))
+        .andExpect(status().isOk());
+  }
+}

backend/src/test/java/com/zl/mjga/unit/JwtUnitTest.java

@@ -0,0 +1,79 @@
+package com.zl.mjga.unit;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.exceptions.JWTDecodeException;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.zl.mjga.config.security.Jwt;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.Spy;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+@ExtendWith(MockitoExtension.class)
+public class JwtUnitTest {
+
+  @Spy private Jwt jwt = new Jwt("M3pIZlfyzkJ5Hi9OL", 60);
+
+  @Mock private HttpServletRequest request;
+
+  @Mock private HttpServletResponse response;
+
+  @Test
+  void createVerifyGetSubjectJwt_givenUserIdentify_shouldReturnTrueAndGetExpectIdentify() {
+    String token = jwt.create("1");
+    assertThat(jwt.verify(token)).isTrue();
+    assertThat(jwt.getSubject(token)).isEqualTo("1");
+  }
+
+  @Test
+  void getSubject_whenTokenIsInvalid_shouldThrowJWTDecodeException() {
+    String invalidToken = "invalid.token.here";
+    assertThatThrownBy(() -> jwt.getSubject(invalidToken)).isInstanceOf(JWTDecodeException.class);
+  }
+
+  @Test
+  void getSubject_whenTokenHasDifferentSecret_shouldReturnSubject() {
+    Jwt otherJwt = new Jwt("different_secret", 60);
+    String token = otherJwt.create("user123");
+
+    assertThat(jwt.verify(token)).isFalse();
+    assertThat(jwt.getSubject(token)).isEqualTo("user123");
+  }
+
+  @Test
+  void getSubject_whenTokenIsNull_shouldThrowException() {
+    assertThatThrownBy(() -> jwt.getSubject(null)).isInstanceOf(JWTDecodeException.class);
+  }
+
+  @Test
+  void create_WithVariousUserIdentifiers_ShouldCorrectlySetSubject() {
+    String[] identifiers = {"", "user@domain.com", "12345", "!@#$%"};
+    for (String id : identifiers) {
+      String token = jwt.create(id);
+      assertThat(jwt.getSubject(token)).isEqualTo(id);
+    }
+  }
+
+  @Test
+  void create_withDifferentSecret_shouldFailVerification() {
+    Jwt otherJwt = new Jwt("different_secret", 60);
+    String token = otherJwt.create("user");
+
+    assertThat(jwt.verify(token)).isFalse();
+  }
+
+  @Test
+  void create_WhenExpirationMinIsZero_shouldExpireImmediately() {
+    Jwt zeroExpirationJwt = new Jwt("secret", 0);
+    String token = zeroExpirationJwt.create("test");
+    DecodedJWT decoded = JWT.decode(token);
+
+    assertThat(decoded.getExpiresAt()).isEqualTo(decoded.getIssuedAt());
+  }
+}

backend/src/test/java/com/zl/mjga/unit/PageRequestDtoUnitTest.java

@@ -0,0 +1,70 @@
+package com.zl.mjga.unit;
+
+import static org.assertj.core.api.Assertions.*;
+
+import com.zl.mjga.dto.PageRequestDto;
+import java.util.HashMap;
+import java.util.Map;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+@ExtendWith(MockitoExtension.class)
+public class PageRequestDtoUnitTest {
+
+  @Test
+  void setSortBy_whenSortByFieldIsExpectFormat_thenDeserializeCorrect() {
+    String sortBy1 = "id asc,name desc";
+    String sortBy2 = "id asc";
+    String sortBy3 = "id asc,";
+    String sortBy4 = ",";
+    String sortBy5 = "";
+    PageRequestDto pageRequestDto1 = new PageRequestDto();
+    PageRequestDto pageRequestDto2 = new PageRequestDto();
+    PageRequestDto pageRequestDto3 = new PageRequestDto();
+    PageRequestDto pageRequestDto4 = new PageRequestDto();
+    PageRequestDto pageRequestDto5 = new PageRequestDto();
+    pageRequestDto1.setSortBy(sortBy1);
+    pageRequestDto2.setSortBy(sortBy2);
+    pageRequestDto3.setSortBy(sortBy3);
+    pageRequestDto4.setSortBy(sortBy4);
+    pageRequestDto5.setSortBy(sortBy5);
+    assertThat(
+            pageRequestDto1
+                .getSortBy()
+                .equals(
+                    Map.of(
+                        "id", PageRequestDto.Direction.ASC, "name", PageRequestDto.Direction.DESC)))
+        .isTrue();
+    assertThat(pageRequestDto2.getSortBy().equals(Map.of("id", PageRequestDto.Direction.ASC)))
+        .isTrue();
+    assertThat(pageRequestDto3.getSortBy().equals(Map.of("id", PageRequestDto.Direction.ASC)))
+        .isTrue();
+    assertThat(pageRequestDto4.getSortBy().equals(new HashMap<>())).isTrue();
+    assertThat(pageRequestDto5.getSortBy().equals(new HashMap<>())).isTrue();
+  }
+
+  @Test
+  void setSortBy_whenSortByFieldInvalidFormat_thenRaiseError() {
+    String sortBy1 = "id bbb";
+    String sortBy2 = "2%^ asc";
+    String sortBy3 = "id asc,*&23 desc";
+    String sortBy4 = "id,name desc";
+    String sortBy5 = ",name asc";
+    PageRequestDto pageRequestDto = new PageRequestDto();
+    assertThatThrownBy(() -> pageRequestDto.setSortBy(sortBy1))
+        .isInstanceOf(IllegalArgumentException.class);
+
+    assertThatThrownBy(() -> pageRequestDto.setSortBy(sortBy2))
+        .isInstanceOf(IllegalArgumentException.class);
+
+    assertThatThrownBy(() -> pageRequestDto.setSortBy(sortBy3))
+        .isInstanceOf(IllegalArgumentException.class);
+
+    assertThatThrownBy(() -> pageRequestDto.setSortBy(sortBy4))
+        .isInstanceOf(IllegalArgumentException.class);
+
+    assertThatThrownBy(() -> pageRequestDto.setSortBy(sortBy5))
+        .isInstanceOf(IllegalArgumentException.class);
+  }
+}

backend/src/test/java/com/zl/mjga/unit/SignUnitTest.java

@@ -0,0 +1,103 @@
+package com.zl.mjga.unit;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.*;
+
+import com.zl.mjga.dto.sign.SignInDto;
+import com.zl.mjga.dto.sign.SignUpDto;
+import com.zl.mjga.exception.BusinessException;
+import com.zl.mjga.model.urp.ERole;
+import com.zl.mjga.repository.UserRepository;
+import com.zl.mjga.service.IdentityAccessService;
+import com.zl.mjga.service.SignService;
+import java.util.List;
+import org.jooq.generated.mjga.tables.pojos.User;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Spy;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@ExtendWith(MockitoExtension.class)
+public class SignUnitTest {
+  @InjectMocks @Spy private SignService signService;
+
+  @Mock private UserRepository userRepository;
+
+  @Mock private PasswordEncoder passwordEncoder;
+
+  @Mock private IdentityAccessService identityAccessService;
+
+  @Test
+  void signIn_givenValidSignInfo_shouldReturnUserId() {
+    // arrange
+    User stubUser = new User();
+    stubUser.setId(1L);
+    stubUser.setUsername("testUserName");
+    stubUser.setPassword("GjFH2fzRB2y7DDrO");
+    when(userRepository.fetchOneByUsername("testUserName")).thenReturn(stubUser);
+    when(passwordEncoder.matches("GjFH2fzRB2y7DDrO", "GjFH2fzRB2y7DDrO")).thenReturn(true);
+    // action
+    Long userId = signService.signIn(new SignInDto("testUserName", "GjFH2fzRB2y7DDrO"));
+    assertThat(userId).isEqualTo(1L);
+  }
+
+  @Test
+  void signIn_givenInvalidUserName_shouldThrowUserNotFoundException() {
+    when(userRepository.fetchOneByUsername("notFoundUserName")).thenReturn(null);
+    assertThatThrownBy(
+            () -> signService.signIn(new SignInDto("notFoundUserName", "GjFH2fzRB2y7DDrO")))
+        .isInstanceOf(BusinessException.class);
+  }
+
+  @Test
+  void signIn_givenInvalidPassword_shouldThrowBadCredentialsException() {
+    // arrange
+    User stubUser = new User();
+    stubUser.setId(1L);
+    stubUser.setUsername("testUserName");
+    stubUser.setPassword("GjFH2fzRB2y7DDrO");
+    when(userRepository.fetchOneByUsername("testUserName")).thenReturn(stubUser);
+    when(passwordEncoder.matches("InvalidPassword", "GjFH2fzRB2y7DDrO")).thenReturn(false);
+    // action
+    assertThatThrownBy(() -> signService.signIn(new SignInDto("testUserName", "InvalidPassword")))
+        .isInstanceOf(BusinessException.class);
+  }
+
+  @Test
+  void signUp_givenDuplicateUsername_shouldThrowDuplicateException() {
+    SignUpDto signUpDto = new SignUpDto();
+    signUpDto.setUsername("testUserName");
+    signUpDto.setPassword("B0pjKYnIK67hz4");
+    User stubUser = new User();
+    stubUser.setId(1L);
+    stubUser.setUsername("testUserName");
+    stubUser.setPassword("B0pjKYnIK67hz4");
+    when(identityAccessService.isUsernameDuplicate(signUpDto.getUsername())).thenReturn(true);
+    assertThatThrownBy(() -> signService.signUp(signUpDto)).isInstanceOf(BusinessException.class);
+  }
+
+  @Test
+  void signUp_givenValidUsername_shouldRunSuccess() {
+    SignUpDto signUpDto = new SignUpDto();
+    signUpDto.setUsername("newUser");
+    signUpDto.setPassword("B0pjKYnIK67hz4");
+    User stubUser = new User();
+    stubUser.setUsername("newUser");
+    stubUser.setPassword("encodedB0pjKYnIK67hz4");
+    User insertUser = new User();
+    insertUser.setId(1L);
+    insertUser.setUsername("newUser");
+    insertUser.setPassword("encodedB0pjKYnIK67hz4");
+    when(identityAccessService.isUsernameDuplicate(signUpDto.getUsername())).thenReturn(false);
+    when(userRepository.fetchOneByUsername("newUser")).thenReturn(insertUser);
+    when(passwordEncoder.encode("B0pjKYnIK67hz4")).thenReturn("encodedB0pjKYnIK67hz4");
+    signService.signUp(signUpDto);
+    verify(userRepository, times(1)).insert(stubUser);
+    verify(identityAccessService, times(1))
+        .bindRoleModuleToUser(insertUser.getId(), List.of(ERole.GENERAL));
+  }
+}

backend/src/test/java/com/zl/mjga/unit/UserRolePermissionUnitTest.java

@@ -0,0 +1,408 @@
+package com.zl.mjga.unit;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.jooq.generated.mjga.tables.Permission.PERMISSION;
+import static org.jooq.generated.mjga.tables.Role.ROLE;
+import static org.jooq.generated.mjga.tables.User.USER;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.verify;
+
+import com.zl.mjga.dto.PageRequestDto;
+import com.zl.mjga.dto.PageResponseDto;
+import com.zl.mjga.dto.urp.*;
+import com.zl.mjga.repository.*;
+import com.zl.mjga.service.IdentityAccessService;
+import java.sql.SQLException;
+import java.util.List;
+import org.jooq.*;
+import org.jooq.Record;
+import org.jooq.generated.mjga.tables.pojos.*;
+import org.jooq.generated.mjga.tables.pojos.Role;
+import org.jooq.generated.mjga.tables.pojos.User;
+import org.jooq.impl.DSL;
+import org.jooq.tools.jdbc.MockConnection;
+import org.jooq.tools.jdbc.MockDataProvider;
+import org.jooq.tools.jdbc.MockResult;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Spy;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.beans.BeanUtils;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@ExtendWith(MockitoExtension.class)
+class UserRolePermissionUnitTest {
+  @InjectMocks @Spy private IdentityAccessService identityAccessService;
+
+  @Mock private UserRepository userRepository;
+
+  @Mock private RoleRepository roleRepository;
+  @Mock private UserRoleMapRepository userRoleMapRepository;
+  @Mock private PermissionRepository permissionRepository;
+  @Mock private RolePermissionMapRepository rolePermissionMapRepository;
+  @Mock private PasswordEncoder passwordEncoder;
+
+  private static DSLContext dslContext;
+
+  private static MockConnection connection;
+
+  @BeforeAll
+  static void setUp() {
+    MockDataProvider provider = ctx -> new MockResult[0];
+    connection = new MockConnection(provider);
+    dslContext = DSL.using(connection, SQLDialect.POSTGRES);
+  }
+
+  @AfterAll
+  static void setDown() throws SQLException {
+    connection.close();
+  }
+
+  @Test
+  void pageQueryUser_selected2UserShouldReturnUserRolePermissionAndTotal() {
+    // arrange
+    Long stubUserId1 = 1L;
+    String stubUserName1 = "yEJVEJBC2j9PGi";
+    String stubUserPassword1 = "c21W03p1201jCz";
+
+    Long stubUserId2 = 2L;
+    String stubUserName2 = "1jpziB82YUs3Jbh";
+    String stubUserPassword2 = "c21W03p1201jCz";
+
+    Long stubRoleId = 1L;
+    String stubRoleName = "54X3UYRzx0wiy9";
+    String stubRoleCode = "mzxN6WQA3AErI";
+
+    Long stubPermissionId = 1L;
+    String stubPermissionName = "BNOz058K9EWE";
+    String stubPermissionCode = "BNOz058K9EWE";
+
+    Result<Record> mockResult =
+        dslContext.newResult(
+            List.of(
+                USER.ID,
+                USER.USERNAME,
+                USER.PASSWORD,
+                USER.ENABLE,
+                USER.CREATE_TIME,
+                DSL.field("total_user", Integer.class)));
+    mockResult.add(
+        dslContext
+            .newRecord(
+                USER.ID,
+                USER.USERNAME,
+                USER.PASSWORD,
+                USER.ENABLE,
+                USER.CREATE_TIME,
+                DSL.field("total_user", Integer.class))
+            .values(stubUserId1, stubUserName2, stubUserPassword2, true, null, 2));
+    mockResult.add(
+        dslContext
+            .newRecord(
+                USER.ID,
+                USER.USERNAME,
+                USER.PASSWORD,
+                USER.ENABLE,
+                USER.CREATE_TIME,
+                DSL.field("total_user", Integer.class))
+            .values(stubUserId2, stubUserName2, stubUserPassword2, true, null, 2));
+    UserRolePermissionDto mockUserRolePermissionDto1 = new UserRolePermissionDto();
+    RoleDto mockRoleDto = new RoleDto();
+    mockRoleDto.setId(stubRoleId);
+    mockRoleDto.setCode(stubRoleCode);
+    mockRoleDto.setName(stubRoleName);
+    PermissionRespDto permissionRespDto = new PermissionRespDto();
+    permissionRespDto.setId(stubPermissionId);
+    permissionRespDto.setCode(stubPermissionCode);
+    permissionRespDto.setName(stubPermissionName);
+    mockRoleDto.getPermissions().add(permissionRespDto);
+    mockUserRolePermissionDto1.setId(stubUserId1);
+    mockUserRolePermissionDto1.setUsername(stubUserName1);
+    mockUserRolePermissionDto1.setPassword(stubUserPassword1);
+    mockUserRolePermissionDto1.getRoles().add(mockRoleDto);
+
+    UserRolePermissionDto mockUserRolePermissionDto2 = new UserRolePermissionDto();
+    mockUserRolePermissionDto2.setId(stubUserId2);
+    mockUserRolePermissionDto2.setUsername(stubUserName2);
+    mockUserRolePermissionDto2.setPassword(stubUserPassword2);
+
+    doReturn(mockUserRolePermissionDto1)
+        .when(identityAccessService)
+        .queryUniqueUserWithRolePermission(stubUserId1);
+    doReturn(mockUserRolePermissionDto2)
+        .when(identityAccessService)
+        .queryUniqueUserWithRolePermission(stubUserId2);
+    when(userRepository.pageFetchBy(any(PageRequestDto.class), any(UserQueryDto.class)))
+        .thenReturn(mockResult);
+
+    // action
+    PageResponseDto<List<UserRolePermissionDto>> result =
+        identityAccessService.pageQueryUser(
+            PageRequestDto.of(1, 10), new UserQueryDto(stubUserName2));
+
+    // assert
+    List<UserRolePermissionDto> userRolePermissionDtoList = result.getData();
+    assertThat(result.getTotal()).isEqualTo(2L);
+    assertThat(userRolePermissionDtoList.size()).isEqualTo(2L);
+    assertThat(userRolePermissionDtoList.get(0).getRoles().size()).isEqualTo(1L);
+    assertThat(userRolePermissionDtoList.get(1).getRoles().size()).isEqualTo(0L);
+    assertThat(userRolePermissionDtoList.get(1).getUsername()).isEqualTo(stubUserName2);
+    assertThat(userRolePermissionDtoList.get(0).getRoles().get(0).getName())
+        .isEqualTo(stubRoleName);
+    assertThat(userRolePermissionDtoList.get(0).getRoles().get(0).getPermissions().get(0).getCode())
+        .isEqualTo(stubPermissionCode);
+  }
+
+  @Test
+  void queryUser_selected0Row_shouldReturnEmptyListWithPage() {
+    Result<Record> mockResult =
+        dslContext.newResult(
+            List.of(
+                USER.ID,
+                USER.USERNAME,
+                USER.PASSWORD,
+                USER.ENABLE,
+                USER.CREATE_TIME,
+                DSL.field("total_user", Integer.class)));
+    when(userRepository.pageFetchBy(any(PageRequestDto.class), any(UserQueryDto.class)))
+        .thenReturn(mockResult);
+    PageResponseDto<List<UserRolePermissionDto>> result =
+        identityAccessService.pageQueryUser(
+            PageRequestDto.of(1, 10), new UserQueryDto("agydCO1Yi99a"));
+    assertThat(result.getTotal()).isEqualTo(0);
+    assertThat(result.getData()).isNull();
+  }
+
+  @Test
+  void
+      queryUniqueUserWithRolePermission_whenUserHasBeenFound_shouldReturnUniqueUserRolePermissionDto() {
+    Long stubUserId = 1L;
+    String stubUserName = "yEJVEJBC2j9PGi";
+    String stubUserPassword = "c21W03p1201jCz";
+    Long stubRoleId = 1L;
+    String stubRoleName = "G5N6Xkjg0i9UC4Vltv";
+    String stubRoleCode = "G5N6Xkjg0i9UC4Vltv";
+
+    Long stubPermissionId = 1L;
+    String stubPermissionName = "BNOz058K9EWE";
+    String stubPermissionCode = "BNOz058K9EWE";
+
+    Long stubPermissionId2 = 2L;
+    String stubPermissionName2 = "u6igc4BctOm1ON6X";
+    String stubPermissionCode2 = "u6igc4BctOm1ON6X";
+
+    UserRolePermissionDto mockResult = new UserRolePermissionDto();
+    mockResult.setUsername(stubUserName);
+    mockResult.setPassword(stubUserPassword);
+    mockResult.setId(stubRoleId);
+    mockResult.setRoles(
+        List.of(
+            new RoleDto(
+                stubRoleId,
+                stubRoleName,
+                stubRoleCode,
+                true,
+                List.of(
+                    new PermissionRespDto(
+                        stubPermissionId, stubPermissionName, stubPermissionCode, false),
+                    new PermissionRespDto(
+                        stubPermissionId2, stubPermissionName2, stubPermissionCode2, false)))));
+
+    when(userRepository.fetchUniqueUserDtoWithNestedRolePermissionBy(stubUserId))
+        .thenReturn(mockResult);
+    UserRolePermissionDto userRolePermissionDto =
+        identityAccessService.queryUniqueUserWithRolePermission(stubUserId);
+    assertThat(userRolePermissionDto).isNotNull();
+    assertThat(userRolePermissionDto.getRoles().size()).isEqualTo(1L);
+    assertThat(userRolePermissionDto.getRoles().get(0).getPermissions().size()).isEqualTo(2L);
+    assertThat(userRolePermissionDto.getUsername()).isEqualTo(stubUserName);
+    assertThat(userRolePermissionDto.getRoles().get(0).getPermissions().get(0).getName())
+        .isEqualTo(stubPermissionName);
+    assertThat(userRolePermissionDto.getRoles().get(0).getPermissions().get(0).getCode())
+        .isEqualTo(stubPermissionCode);
+  }
+
+  @Test
+  void queryUniqueUserWithRolePermission_whenUserNotFound_shouldReturnEmpty() {
+    UserRolePermissionDto mockResult = null;
+    when(userRepository.fetchUniqueUserDtoWithNestedRolePermissionBy(anyLong()))
+        .thenReturn(mockResult);
+    UserRolePermissionDto userRolePermissionDto =
+        identityAccessService.queryUniqueUserWithRolePermission(1L);
+    assertThat(userRolePermissionDto).isNull();
+  }
+
+  @Test
+  void pageQueryRole_whenRoleNotFound_shouldReturnEmpty() {
+    Result<Record> mockRoleResult =
+        dslContext.newResult(
+            List.of(ROLE.ID, ROLE.NAME, ROLE.CODE, DSL.field("total_role", Integer.class)));
+    when(roleRepository.pageFetchBy(any(PageRequestDto.class), any(RoleQueryDto.class)))
+        .thenReturn(mockRoleResult);
+    RoleQueryDto roleQueryDto = new RoleQueryDto();
+    PageResponseDto<List<RoleDto>> pageResult =
+        identityAccessService.pageQueryRole(PageRequestDto.of(1, 5), roleQueryDto);
+    assertThat(pageResult.getTotal()).isEqualTo(0L);
+
+    roleQueryDto.setUserId(1L);
+    PageResponseDto<List<RoleDto>> pageResult2 =
+        identityAccessService.pageQueryRole(PageRequestDto.of(1, 5), roleQueryDto);
+    assertThat(pageResult2.getTotal()).isEqualTo(0L);
+  }
+
+  @Test
+  void pageQueryPermission_givenRoleId_shouldReturnPermissionDto() {
+    RolePermissionMap stubRolePermissionMap = new RolePermissionMap();
+    stubRolePermissionMap.setRoleId(1L);
+    stubRolePermissionMap.setPermissionId(1L);
+    RolePermissionMap stubRolePermissionMap2 = new RolePermissionMap();
+    stubRolePermissionMap2.setRoleId(1L);
+    stubRolePermissionMap2.setPermissionId(2L);
+
+    Result<Record> mockRoleResult =
+        dslContext.newResult(
+            List.of(
+                PERMISSION.ID,
+                PERMISSION.NAME,
+                PERMISSION.CODE,
+                DSL.field("total_permission", Integer.class)));
+    mockRoleResult.addAll(
+        List.of(
+            dslContext
+                .newRecord(
+                    PERMISSION.ID,
+                    PERMISSION.NAME,
+                    PERMISSION.CODE,
+                    DSL.field("total_permission", Integer.class))
+                .values(1L, "vP0dKiHJpMsi", "vP0dKiHJpMsi", 2),
+            dslContext
+                .newRecord(
+                    PERMISSION.ID,
+                    PERMISSION.NAME,
+                    PERMISSION.CODE,
+                    DSL.field("total_permission", Integer.class))
+                .values(2L, "NHQED41jQQ4C1IgG", "NHQED41jQQ4C1IgG", 2)));
+    when(permissionRepository.pageFetchBy(any(PageRequestDto.class), any(PermissionQueryDto.class)))
+        .thenReturn(mockRoleResult);
+    PermissionQueryDto permissionQueryDto = new PermissionQueryDto();
+    permissionQueryDto.setRoleId(1L);
+    PageResponseDto<List<PermissionRespDto>> pageResult =
+        identityAccessService.pageQueryPermission(PageRequestDto.of(1, 5), permissionQueryDto);
+    assertThat(pageResult.getTotal()).isEqualTo(2L);
+    List<PermissionRespDto> permissionResult = pageResult.getData();
+    assertThat(permissionResult.get(0).getId()).isEqualTo(1L);
+    assertThat(permissionResult.get(1).getId()).isEqualTo(2L);
+  }
+
+  @Test
+  void pageQueryPermission_permissionNotFound_shouldReturnEmpty() {
+    Result<Record> mockRoleResult =
+        dslContext.newResult(
+            List.of(
+                PERMISSION.ID,
+                PERMISSION.NAME,
+                PERMISSION.CODE,
+                DSL.field("total_permission", Integer.class)));
+    when(permissionRepository.pageFetchBy(any(PageRequestDto.class), any(PermissionQueryDto.class)))
+        .thenReturn(mockRoleResult);
+    PermissionQueryDto permissionQueryDto = new PermissionQueryDto();
+    PageResponseDto<List<PermissionRespDto>> pageResult =
+        identityAccessService.pageQueryPermission(PageRequestDto.of(1, 5), permissionQueryDto);
+
+    assertThat(pageResult.getTotal()).isEqualTo(0L);
+    permissionQueryDto.setRoleId(1L);
+    PageResponseDto<List<PermissionRespDto>> pageResult2 =
+        identityAccessService.pageQueryPermission(PageRequestDto.of(1, 5), permissionQueryDto);
+    assertThat(pageResult2.getTotal()).isEqualTo(0);
+  }
+
+  @Test
+  void upsertUser_whenGivenUserDtoWithOutId_shouldCreatUser() {
+    UserUpsertDto userUpsertDto = new UserUpsertDto();
+    userUpsertDto.setUsername("username");
+    userUpsertDto.setPassword("password");
+    userUpsertDto.setEnable(true);
+    User mockUser = new User();
+    BeanUtils.copyProperties(userUpsertDto, mockUser);
+    when(passwordEncoder.encode(anyString())).thenReturn("password");
+    identityAccessService.upsertUser(userUpsertDto);
+    verify(userRepository, times(1)).mergeWithoutNullFieldBy(mockUser);
+  }
+
+  @Test
+  void upsertUser_whenGivenUserDtoWithId_shouldUpdateUser() {
+    UserUpsertDto userUpsertDto = new UserUpsertDto();
+    userUpsertDto.setId(1L);
+    userUpsertDto.setUsername("username");
+    userUpsertDto.setPassword("password");
+    userUpsertDto.setEnable(true);
+    User mockUser = new User();
+    BeanUtils.copyProperties(userUpsertDto, mockUser);
+    when(passwordEncoder.encode(anyString())).thenReturn("password");
+    identityAccessService.upsertUser(userUpsertDto);
+    verify(userRepository, times(1)).mergeWithoutNullFieldBy(mockUser);
+  }
+
+  @Test
+  void upsertRole_whenGivenRoleDtoWithOutId_shouldCreateRole() {
+    RoleUpsertDto roleUpsertDto = new RoleUpsertDto();
+    roleUpsertDto.setCode("ROLE_ADMIN");
+    roleUpsertDto.setName("Admin Role");
+
+    Role mockRole = new Role();
+    BeanUtils.copyProperties(roleUpsertDto, mockRole);
+
+    identityAccessService.upsertRole(roleUpsertDto);
+
+    verify(roleRepository, times(1)).merge(mockRole);
+  }
+
+  @Test
+  void upsertRole_whenGivenRoleDtoWithId_shouldUpdateRole() {
+    RoleUpsertDto roleUpsertDto = new RoleUpsertDto();
+    roleUpsertDto.setId(1L);
+    roleUpsertDto.setCode("ROLE_ADMIN");
+    roleUpsertDto.setName("Admin Role");
+
+    Role mockRole = new Role();
+    BeanUtils.copyProperties(roleUpsertDto, mockRole);
+
+    identityAccessService.upsertRole(roleUpsertDto);
+
+    verify(roleRepository, times(1)).merge(mockRole);
+  }
+
+  @Test
+  void upsertPermission_whenGivenPermissionDtoWithOutId_shouldCreatePermission() {
+    PermissionUpsertDto permissionUpsertDto = new PermissionUpsertDto();
+    permissionUpsertDto.setCode("PERM_READ");
+    permissionUpsertDto.setName("Read Permission");
+
+    Permission mockPermission = new Permission();
+    BeanUtils.copyProperties(permissionUpsertDto, mockPermission);
+
+    identityAccessService.upsertPermission(permissionUpsertDto);
+
+    verify(permissionRepository, times(1)).merge(mockPermission);
+  }
+
+  @Test
+  void upsertPermission_whenGivenPermissionDtoWithId_shouldUpdatePermission() {
+    PermissionUpsertDto permissionUpsertDto = new PermissionUpsertDto();
+    permissionUpsertDto.setId(1L);
+    permissionUpsertDto.setCode("PERM_READ");
+    permissionUpsertDto.setName("Read Permission");
+
+    Permission mockPermission = new Permission();
+    BeanUtils.copyProperties(permissionUpsertDto, mockPermission);
+
+    identityAccessService.upsertPermission(permissionUpsertDto);
+
+    verify(permissionRepository, times(1)).merge(mockPermission);
+  }
+}