This project works on creating a school web application using spring boot. This project works with spring beans, spring mvc, spring security, lombok, request validations This project has step by step incremental changes in the spring boot application, which enables learning. You can look at the commit history section of the readme file to understand the incremental changes made to this project
Before you begin, ensure you have met the following requirements:
- Java Development Kit (JDK) 17 or later
- Spring framework
- Maven for building the project
Follow these steps to set up and run the Spring security Learner Microservice:
-
Clone this repository:
git clone https://github.com/yr5913/school-web-app.git cd school-web-app
-
Build the microservice:
mvn clean install
-
Run the microservice:
java -jar target/school-web-app.jar
- Start Web application which displays home.html to user with the path /home
- Changed the port number and servlet context path
- Started the web application at random port by setting the server.port value to 0
- Turned debug on for the condition evaluation report
- excluding DataSourceAutoConfiguration.class to test
- multiple paths to single controller method
- Using thymeleaf to usage templates for displaying dynamic content for the home page
- disabling thymeleaf cache using spring properties
- enabled dev tools for auto start and live reload
- Added all the home.html html, css and js code
- Added all thymeleaf templates required
- Implemented WebMvcConfigurer class for static views
- Added static view for the about page
- Added controller for the contact page and accepting the data from the form in the contact page using @Requestparam
- Changed controller method for contact page form to accept pojo instead of requestparams
- Added Holidays controller to fetch holidays from backend using thymeleaf th:each and th:item
- Made changes to use Lombok for pojos
- Used slf4j for logging
- Added request params for displaying holidays to filter holidays based on request params
- Changed the holidays filter from request params to path variables, by default display all holidays, if filter is used display holidays related to the filter
- Added server side field validations using jakarta validations
- Working with request scope by changing the contact service to RequestScope
- Working with session scope by changing the contact service to SessionScope
- Working with application scope by changing the contact service to ApplicationScope
- Implemented default spring security by adding dependency
- Changed default spring credentials using application.properties
- created custom security filter chain and permitting all web pages using permitAll
- deny all requests using denyAll
- modified security configuration for each url
- Testing default CSRF security behaviour by spring
- Disable CSRF
- Implemented in memory authentication using InMemoryUserDetailsManager
- Changed spring security logic to handle custom login configurations
- Added login and logout, dashboard pages with thymeleaf support
- Handling Global Exception using @ControllerAdvice and @ExceptionHandler
- Added CSRF configuration to prevent CSRF attack
- configured in memory h2 database
- added saveContact and display contacts
- implemented closing message functionality for admin
- implemented aop for logging exceptions and time taken for each method
- Displaying holidays from H2 Database
- Changed everything from h2 database to mysql
- add spring jpa dependency and migrated code from spring jdbc to spring data jpa
- used spring data jpa audit feature for auditing the entries in database tables
- Added changes for registering user and used custom validations to validate fields in registration
- added one to one relationship and changed code to register user into database
- configured sign in using the credentials in the database using spring security
- using password encoder for encoding passwords and storing them as hash values in database
- modified data.sql to have hashed password for admin
- disabled the javax validations in spring data jpa
- added profile link for any logged in user
- Added Profile web page and profile model for profile page
- Displayed user profile details using http session and setting authentication username to the email
- made changes to provide user a feature to update his profile
- added links and security config for admin
- added class schema and defined one to many relationship between class and person
- added backend code to display classes for admin and option to add and delete classes
- added feature for admin to view, add and delete students from classes
- Added courses schema and many to many relationship between person and courses and gave admin options to add new course
- added an admin feature to add students to the courses
- Added delete feature for deleting students from courses by admin
- Made changes to student dashboard to display his class name
- Added courses page for students
- Displaying courses ordered by name in ascending order
- Displaying courses ordered by name in descending order
- Used Dynamic sorting to display courses ordered by name in descending order
- Implemented pagination using pageable interface to display messages
- Usage of @Query for custom queries in JPA, used both JPQL Query and Native Query
- Using @Query, @Modifying and @Transactional in JPA to update data
- Using @NamedQuery
- using @NamedNativeQuery, spring doesn't support dynamic sorting if we use Named native query
- Added REST endpoints for getting contact messages using spring mvc style with the help of @ResponseBody annotation
- Get contact messages using spring mvc style rest endpoint, this time with request body using @RequestBody instead of request params
- Using @RestController for the rest endpoints instead of using spring mvc style
- Using @RequestHeader to get header value and also using ResponseEntity to populate response status, header and body in the response
- Fixed CSRF issue for Post Requests and fixed authentication methods
- Using @DeleteMapping to delete contact message and using RequestEntity object to get request details
- Used @PatchMapping to patch the contact message to change the status from open to close
- Added GlobalExceptionHandler to handle the errors in the RestController and specified order(1) to indicate priority as we have two exception handler
- Allowing cross origin from everyone
- Added support to also send response in xml format using MediaType in produces
- Ignored audit details in the response using @JsonIgnore
- Using @JsonProperty to change the variable name in response body, this works for any response type(i.e xml or json)
- Added dependencies for spring data rest and hal
- Changed bean name of Profile Controller we defined as it matches with spring data rest Profile Controller. Also changed security config to allow access to the /profile endpoint
- Removed ambiguity by changing one method name in two methods in contact repository has same name
- protecting pwd and prevent sending of unnecessary fields in json response using @JsonIgnore
- allowed contact and courseses rest apis form spring security config
- Changed the base path of the spring rest data and also for hal
- Securing the spring data rest endpoints and hal endpoint using spring security config
- Changed the spring data rest url for the courses path
- Ignoring courses repository endpoints in the spring data rest endpoints
- Revert the ignoring courses change and also logging exceptions to help to debug application