This Spring Boot application provides a role-based grade management backend for administrators, teachers, and students. It uses JWT authentication, H2 in-memory storage, and Spring Data REST to expose partial CRUD endpoints.
- Student Grades Management System (Group 12)
- Prerequisites: JDK 21 and Maven (or the included
mvnwwrapper). - Install dependencies & run tests:
cd comp0010_coursework_group12 mvn clean install - Run the application (H2 in-memory DB, port 2800):
mvn spring-boot:run
- API documentation: Once running, open
http://localhost:2800/swagger-ui.htmlfor interactive docs. - Frontend (Vite + React) dev server (port 5173):
cd cw-frontend-javascript npm install npm run dev
Open http://localhost:5173 in your browser to access the UI.
Initially, you can only and must log in as an ADMIN with the following credentials (you can change in application.properties):
ADMIN_Username:
admin
ADMIN_Password:12345678
We pre-load some modules and student items to help you quickly get started and explore our system.
You can click Batch Grades By Excel > DOWNLOAD EXCEL TEMPLATE, you can open this to add more data and click UPLOAD & PROCESS to import these data into the system quickly.
Of course, you can manually add, modify, or delete the corresponding data at any time in Modules, Students, Registrations, and Grades pages after logging in as ADMIN.
When you create a new module in modules page, a TEACHER user will be automatically created with the following credentials:
Username:
{teacherUsername}
Password:teach-{ModuleCode}
For example, if you create a module with
Module Code:COMP0010Module Name:SWETeacher Username:teacher1
the corresponding TEACHER account will have:
- Username:
teacher1 - Password:
teach-COMP0010
When you create a new student in students page, a STUDENT user will be automatically created with the following credentials:
Username:
{studentUsername}
Password:password(exactly these 8 characters)
You can click the LOG OUT button at any time and switch between different users, and you will notice that the system presents distinct content depending on the user’s role.
- Tech stack: Spring Boot 3.5, H2 for in-memory storage, JWT for stateless auth, Lombok for boilerplate reduction, Spring Data REST for quick CRUD exposure, and SpringDoc for API docs.
- Code quality: Checkstyle, SpotBugs, and JaCoCo are enforced during the Maven build; coverage must meet 90% line ratio.
- Data model: Tables for
user_account,student,module,grade, andregistrationwith relational constraints. User accounts link to students/teachers by username.
The authentication module verifies the identity of a user and issues a secure JSON Web Token (JWT) upon successful login.
- The client submits a username and password to the
/auth/loginendpoint. - The backend validates the credentials against the user database.
- A JWT is generated, containing:
- the authenticated username
- the user’s role (e.g.,
ROLE_ADMIN,ROLE_TEACHER,ROLE_STUDENT) - an expiration timestamp
- The token is returned to the frontend, which stores it locally.
- All subsequent requests to protected endpoints include the token in the
Authorization: Bearer <token>header.
- Passwords are securely hashed using industry-standard algorithms (e.g.,
BCrypt). - only verified users can interact with protected system resources. If you attempt to access the URL like
http://localhost:5173/gradesdirectly without logging in, you will be redirected to the login page.
RBAC defines what actions an authenticated user is permitted to perform. The system supports three distinct user roles:
- STUDENT:
- Only can view their own registered modules and corresponding grades.
- TEACHER:
- View the grades of students under the module the teacher is responsible for.
- Update these grades. Backend Authorization (Spring Security)
- ADMIN:
- Create STUDENT and TEACHER accounts.
- Full access to manage students, modules, registrations, and grades.
- Send emails to students informing them of their average scores.
- Users attempting to access routes not permitted by their role are blocked and redirected (e.g., When you log in as a STUDENT and attempt to access all students' grades like
localhost:2800/admin/gradesby modifying the URL or using tools like Postman, you will encounter access failures and be alerted that "you do not have permission to access those resources"). - Role-specific dashboards are displayed after login (e.g., TEACHER can only see their own
teacherDashboard).
Add multiple grades by uploading an excel, provides a template excel in a friendly format for user to download. It is exclusively used by admin
- Able to calculate the average scores for students and modules in real time
- ADMIN can send students their average scores via email (you can enter your email address, and you will actually receive it).
| GroupId / ArtifactId | Version | Purpose |
|---|---|---|
| org.springframework.boot:spring-boot-starter-web | Inherited | REST API and web starter |
| org.springframework.boot:spring-boot-starter-test | Inherited (test scope) | Testing utilities (JUnit, Mockito, etc.) |
| org.springframework.boot:spring-boot-starter-data-jpa | Inherited | JPA + Hibernate persistence |
| org.springframework.boot:spring-boot-starter-data-rest | Inherited | Auto-generated REST endpoints for repositories |
| com.h2database:h2 | Runtime | In-memory database for dev/test |
| org.springframework.boot:spring-boot-devtools | Runtime | Hot reload for development |
| org.springdoc:springdoc-openapi-starter-webmvc-ui | 2.8.14 | Swagger UI and OpenAPI documentation |
| org.springframework.boot:spring-boot-starter-security | Inherited | Security configuration and password encoding |
| org.projectlombok:lombok | Provided | Boilerplate reduction (getters/setters, logging) |
| org.springframework.boot:spring-boot-starter-mail | Inherited | Email support |
| io.jsonwebtoken:jjwt-api | 0.12.6 | JWT token generation/validation APIs |
| io.jsonwebtoken:jjwt-impl | 0.12.6 (runtime) | JWT implementation |
| io.jsonwebtoken:jjwt-jackson | 0.12.6 (runtime) | Jackson serializer for JWT payloads |
| org.springframework.security:spring-security-test | Inherited (test scope) | Security testing helpers |
| org.apache.poi:poi-ooxml | 5.2.5 | Excel parsing for grade imports |
| org.springframework.boot:spring-boot-starter-validation | Inherited | Bean validation support |
| Plugin | Version | Key configuration |
|---|---|---|
| maven-compiler-plugin | 3.14.0 | Java release 21 with Lombok annotation processor |
| spring-boot-maven-plugin | Inherited | Package and run Spring Boot app |
| maven-checkstyle-plugin | 3.4.0 | Uses google_checks.xml; fails build on violations |
| spotbugs-maven-plugin | 4.8.6.0 | Static analysis with High threshold |
| jacoco-maven-plugin | 0.8.12 | Coverage agent, reports, and 90% line coverage rule |
| maven-site-plugin | 3.20.0 | Site generation (plugin management and reporting) |
| maven-project-info-reports-plugin | 3.6.2 | Project info reports |
| maven-javadoc-plugin | 3.10.0 | Javadoc generation with doclint enabled except missing comments |