Migrate project to a modern Spring Boot structure and improve beginner onboarding#141
Migrate project to a modern Spring Boot structure and improve beginner onboarding#141rinit18 wants to merge 3 commits intojaygajera17:masterfrom
Conversation
|
Hi team! Just a heads-up: the CI pipeline is currently failing on the actions/labeler step because the .github/labeler.yml configuration file is missing from the upstream main branch. My PR changes don't conflict with this, so the code is safe to review and merge whenever you are ready. Let me know if you need any adjustments on my end! |
There was a problem hiding this comment.
Pull request overview
Modernizes the project into a Spring Boot 3 / Spring Security / Spring Data JPA + Flyway structure, adds containerized local dev, and refreshes JSP views to improve onboarding and maintainability.
Changes:
- Migrates persistence to Spring Data JPA repositories/services and adds Flyway schema + seed migrations.
- Reworks authentication/authorization with Spring Security filter chains for user vs admin areas.
- Adds Docker-based local MySQL + app build/run flow and introduces baseline JUnit tests and test DB config.
Reviewed changes
Copilot reviewed 97 out of 107 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/resources/application.properties | Adds H2-based Spring test configuration (DDL create-drop, Flyway off). |
| src/test/java/com/jtspringproject/JtSpringProject/models/CartProductTest.java | Adds unit tests for CartProduct constructor/getters/setters. |
| src/test/java/com/jtspringproject/JtSpringProject/models/CartProductIdTest.java | Adds unit tests for CartProductId behavior (incl. equals/hashCode). |
| src/test/java/com/jtspringproject/JtSpringProject/JtSpringProjectApplicationTests.java | Adds Spring Boot context-load test. |
| src/main/webapp/views/userLogin.jsp | Adds/updates publicly accessible (non-WEB-INF) user login JSP. |
| src/main/webapp/views/updateProfile.jsp | Adds/updates publicly accessible (non-WEB-INF) profile update JSP. |
| src/main/webapp/views/test2.jsp | Adds/updates publicly accessible (non-WEB-INF) test JSP. |
| src/main/webapp/views/test.jsp | Adds/updates publicly accessible (non-WEB-INF) test JSP. |
| src/main/webapp/views/register.jsp | Adds/updates publicly accessible (non-WEB-INF) registration JSP. |
| src/main/webapp/views/displayCustomers.jsp | Adds/updates publicly accessible (non-WEB-INF) customers JSP. |
| src/main/webapp/views/adminlogin.jsp | Adds/updates publicly accessible (non-WEB-INF) admin login JSP. |
| src/main/webapp/views/403.jsp | Adds/updates publicly accessible (non-WEB-INF) 403 JSP. |
| src/main/webapp/WEB-INF/views/userLogin.jsp | Adds/updates secured user login JSP under the configured view prefix. |
| src/main/webapp/WEB-INF/views/uproduct.jsp | Adds/updates user product listing JSP. |
| src/main/webapp/WEB-INF/views/updateProfile.jsp | Adds/updates secured profile update JSP (supports optional password change). |
| src/main/webapp/WEB-INF/views/test2.jsp | Adds/updates secured test JSP. |
| src/main/webapp/WEB-INF/views/test.jsp | Adds/updates secured test JSP. |
| src/main/webapp/WEB-INF/views/register.jsp | Adds/updates secured registration JSP. |
| src/main/webapp/WEB-INF/views/productsUpdate.jsp | Adds/updates admin product-edit JSP. |
| src/main/webapp/WEB-INF/views/displayCustomers.jsp | Adds/updates admin customers listing JSP. |
| src/main/webapp/WEB-INF/views/categories.jsp | Adds/updates admin categories management JSP. |
| src/main/webapp/WEB-INF/views/cartproduct.jsp | Adds/updates cart view JSP. |
| src/main/webapp/WEB-INF/views/adminlogin.jsp | Adds/updates admin login JSP under WEB-INF. |
| src/main/webapp/WEB-INF/views/adminHome.jsp | Adds/updates admin dashboard JSP. |
| src/main/webapp/WEB-INF/views/403.jsp | Adds/updates secured 403 JSP under WEB-INF. |
| src/main/resources/db/migration/V1__custom_setup.sql | Introduces Flyway schema creation + initial category/customer/product tables. |
| src/main/resources/db/migration/V2__seed_product.sql | Seeds initial product(s) via Flyway. |
| src/main/resources/db/migration/V3__seed_product_varieties.sql | Seeds additional products via Flyway. |
| src/main/resources/application.properties | Adds Spring Boot app config (JSP resolver, MySQL, JPA, Flyway). |
| src/main/java/com/jtspringproject/JtSpringProject/services/UserService.java | Adds/updates user CRUD + registration + profile update logic with password encoding. |
| src/main/java/com/jtspringproject/JtSpringProject/services/ProductService.java | Adds/updates product CRUD service using Spring Data JPA. |
| src/main/java/com/jtspringproject/JtSpringProject/services/CategoryService.java | Adds/updates category CRUD service using Spring Data JPA. |
| src/main/java/com/jtspringproject/JtSpringProject/services/CartService.java | Adds/updates cart persistence service using Spring Data JPA. |
| src/main/java/com/jtspringproject/JtSpringProject/repository/UserRepository.java | Adds Spring Data JPA repository for users. |
| src/main/java/com/jtspringproject/JtSpringProject/repository/ProductRepository.java | Adds Spring Data JPA repository for products. |
| src/main/java/com/jtspringproject/JtSpringProject/repository/CategoryRepository.java | Adds Spring Data JPA repository for categories. |
| src/main/java/com/jtspringproject/JtSpringProject/repository/CartRepository.java | Adds Spring Data JPA repository for carts. |
| src/main/java/com/jtspringproject/JtSpringProject/repository/CartProductRepository.java | Extends cart-product repository with query method and @Repository annotation. |
| src/main/java/com/jtspringproject/JtSpringProject/models/User.java | Adds/updates User entity (Jakarta persistence + Lombok). |
| src/main/java/com/jtspringproject/JtSpringProject/models/Product.java | Adds/updates Product entity (relations to Category/User). |
| src/main/java/com/jtspringproject/JtSpringProject/models/Category.java | Adds/updates Category entity. |
| src/main/java/com/jtspringproject/JtSpringProject/models/CartProductId.java | Migrates to jakarta.persistence and Lombok; retains equals/hashCode overrides. |
| src/main/java/com/jtspringproject/JtSpringProject/models/CartProduct.java | Migrates to jakarta.persistence and Lombok for CartProduct join entity. |
| src/main/java/com/jtspringproject/JtSpringProject/models/Cart.java | Migrates to jakarta.persistence and Lombok for Cart entity. |
| src/main/java/com/jtspringproject/JtSpringProject/controller/UserController.java | Reworks user-facing routes (register/login/profile/cart/add-to-cart + test endpoints). |
| src/main/java/com/jtspringproject/JtSpringProject/configuration/SecurityConfiguration.java | Introduces Spring Security filter chains for /admin/** vs user area + UserDetailsService. |
| src/main/java/com/jtspringproject/JtSpringProject/configuration/PasswordConfiguration.java | Adds PasswordEncoder bean (BCrypt). |
| src/main/java/com/jtspringproject/JtSpringProject/JtSpringProjectApplication.java | Updates main app bootstrap for Spring Boot 3 (WAR support, entity/repo scanning). |
| pom.xml | Upgrades to Spring Boot 3.2.4 / Java 17, adds dependencies (security, flyway, JSP/JSTL, H2 test, Lombok), WAR packaging. |
| mvnw.cmd | Adds Maven wrapper script for Windows. |
| docker-compose.yml | Adds local MySQL + app service composition for consistent dev environment. |
| basedata.sql | Adds legacy/manual SQL setup/seed script (separate from Flyway). |
| Dockerfile | Adds container build/run flow (multi-stage Maven build). |
| .mvn/wrapper/maven-wrapper.properties | Pins Maven wrapper distribution URL. |
| .gitignore | Updates ignore rules (STS cache, local DB volumes). |
| .github/workflows/label.yml | Hardens labeler workflow (checkout base branch, config existence check, updated action version). |
| .github/labeler.yml | Adds labeler configuration for feature/config/docs patterns. |
| JtProject/src/main/webapp/views/userLogin.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/uproduct.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/updateProfile.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/register.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/productsUpdate.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/productsAdd.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/products.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/index.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/displayCustomers.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/categories.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/cartproduct.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/adminlogin.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/adminHome.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/webapp/views/403.jsp | Removes legacy nested project JSP. |
| JtProject/src/main/resources/application.properties | Removes legacy nested project configuration. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/services/userService.java | Removes legacy DAO-based service. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/services/productService.java | Removes legacy DAO-based service. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/services/categoryService.java | Removes legacy DAO-based service. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/services/cartService.java | Removes legacy DAO-based service. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/models/User.java | Removes legacy entity version. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/models/Product.java | Removes legacy entity version. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/models/Category.java | Removes legacy entity version. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/dao/userDao.java | Removes legacy Hibernate SessionFactory DAO. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/dao/productDao.java | Removes legacy Hibernate SessionFactory DAO. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/dao/categoryDao.java | Removes legacy Hibernate SessionFactory DAO. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/dao/cartProductDao.java | Removes legacy Hibernate SessionFactory DAO. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/dao/cartDao.java | Removes legacy Hibernate SessionFactory DAO. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/controller/UserController.java | Removes legacy controller implementation. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/controller/ErrorController.java | Removes legacy error controller. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/controller/AdminController.java | Removes legacy admin controller implementation. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/configuration/SecurityConfiguration.java | Removes legacy Spring Security configuration. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/JtSpringProjectApplication.java | Removes legacy application bootstrap class. |
| JtProject/src/main/java/com/jtspringproject/JtSpringProject/HibernateConfiguration.java | Removes legacy Hibernate SessionFactory configuration. |
| JtProject/.project | Removes legacy Eclipse project metadata. |
| JtProject/.classpath | Removes legacy Eclipse classpath metadata. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <div class="form-floating mb-3"> | ||
| <input type="password" name="password" id="password" | ||
| class="form-control" placeholder="Password" | ||
| value="${password}" required> | ||
| <label for="password"><i class="fas fa-lock me-2"></i>Password</label> | ||
| </div> |
There was a problem hiding this comment.
The password field is pre-populated with ${password} and marked required. Rendering any password (even a hash) back into HTML is a credential exposure risk, and forcing it required prevents “update profile without changing password”. Align this page with the WEB-INF updateProfile.jsp behavior: leave password blank, not required, and treat it as optional server-side.
| public User addUser(User user) { | ||
| try { | ||
| return userRepository.save(user); | ||
| } catch (DataIntegrityViolationException e) { | ||
| throw new RuntimeException("Add user error: Username or Email already exists."); | ||
| } | ||
| } |
There was a problem hiding this comment.
The error message claims "Username or Email already exists", but the Flyway schema only enforces uniqueness on customer.username (V1__custom_setup.sql). This can mislead users and make debugging harder. Consider either enforcing a unique constraint on email as well, or narrowing the message to what’s actually constrained (and include the original exception as the cause).
| # SPRING DATA JPA & HIBERNATE 6 | ||
| # ========================================== | ||
| spring.jpa.hibernate.ddl-auto=update | ||
| spring.jpa.show-sql=true | ||
| spring.jpa.properties.hibernate.format_sql=true | ||
| spring.jpa.database-platform=org.hibernate.dialect.MySQLDialect | ||
| spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true |
There was a problem hiding this comment.
With Flyway enabled and providing schema migrations, spring.jpa.hibernate.ddl-auto=update can cause schema drift and hard-to-debug differences between environments (Hibernate may add/alter tables outside migrations). Consider switching to validate (or none) in production/dev and letting Flyway own schema changes.
| <!-- Add real remove route when implemented in controller --> | ||
| <a class="btn-remove" href="#"><i class="fas fa-trash me-1"></i>Remove</a> | ||
| </td> |
There was a problem hiding this comment.
The "Remove" action is currently a dead link (href="#") with a TODO. In the current UI this will do nothing (or just jump to top), which is confusing and can look broken. Either wire it to a real remove-from-cart endpoint (ideally POST/DELETE with CSRF protection) or hide/disable the control until implemented.
| ) | ||
| .exceptionHandling(ex -> ex.accessDeniedPage("/403")) | ||
| .csrf(AbstractHttpConfigurer::disable); | ||
|
|
There was a problem hiding this comment.
CSRF is disabled for the admin security filter chain. With session-based auth and form POSTs, disabling CSRF makes requests like profile/product updates vulnerable to CSRF. Consider re-enabling CSRF (default) and adding CSRF tokens to the JSP forms, or scope CSRF ignoring to only the specific endpoints that truly need it.
| .dispatcherTypeMatchers(DispatcherType.FORWARD, DispatcherType.ERROR).permitAll() | ||
|
|
||
| .requestMatchers("/css/**", "/js/**", "/images/**", "/views/**").permitAll() | ||
| .requestMatchers("/", "/login", "/register", "/newuserregister").permitAll() | ||
|
|
There was a problem hiding this comment.
The user filter chain permits all requests under "/views/**". Since JSPs under src/main/webapp/views are not under WEB-INF, they can often be fetched directly, bypassing controller-level flows and potentially exposing sensitive pages. If those JSPs are legacy/duplicate, remove this permit rule (and ideally the public /views directory) so JSPs are only rendered via /WEB-INF/views through controllers.
| <form action="updateuser" method="post"> | ||
| <input type="hidden" name="userid" value="${userid}"> | ||
|
|
There was a problem hiding this comment.
This form posts to a relative URL ("updateuser"). When rendered at /profileDisplay (or /admin/profileDisplay), the browser will submit to /profileDisplay/updateuser rather than /updateuser, which won't match the controller mappings. Use an absolute path (e.g., "/updateuser") or generate the action from the model like the WEB-INF version does.
|
@rinit18 can you please resolved all necessary conflicts and create PR again ? |
Overview
This PR is a full modernization pass of the project.
What I changed
Why
The previous structure was harder to navigate and setup.
This update makes the project easier to learn, maintain, and contribute to.
Outcome