Overview

This application showcases a modern banking interface, allowing authenticated users to Create, Read, Update, and Delete (CRUD) data across core banking domains:

• Customers
• Accounts
• Transactions
• Loans

This application serves as a reference implementation to demonstrate:

• Fine-grained access control
• Runtime data protection with minimal backend changes
• Role-aware privacy enforcement
• Real-world compliance strategies

Authentication & Authorization

Authentication is handled via Keycloak. Once authenticated, a bearer token is attached to each request. The RPS Proxy uses this token to determine the user's role and apply the correct transformation policy to sensitive data.

Users with role Frontoffice

• Full CRUD access to: Customers, Accounts, Transactions, and Loans.

Users with role Support

• Limited to Read and Delete actions on the same data sets.

Security & Privacy with RPS Proxy

The application is protected by Regdata RPS, which uses a proxy to intercept and transform HTTP traffic between the frontend and backend in real-time. The RPS Proxy performs two key actions:

• Protection: Encrypts sensitive data (PII) before it is stored.
• Unprotection: Decrypts sensitive data at read-time, based on the user's role.

Behavior Based on Proxy Mode

Whether you're evaluating security mechanisms or exploring system functionality, this app provides a complete view of role-based access control and secure data handling in a banking context.

When the Proxy is Enabled:

• On data creation, sensitive fields are automatically encrypted before reaching the backend.
• On data retrieval:
  • Users with the Frontoffice role receive decrypted, original values of PII fields.
  • Users with the Support role receive anonymized values (e.g., masked or replaced).

When the Proxy is Disabled:

• No transformation is applied to requests or responses.
• PII fields are displayed in their encrypted format, exactly as stored in the database.