A comprehensive academic management system built with Spring Boot 3.5.6, featuring JWT authentication, role-based access control, and RESTful APIs for managing users, courses, attendance, and marks.
- JWT Authentication with secure cookie-based sessions
- Role-Based Access Control (ADMIN, TEACHER, STUDENT, PARENT)
- User Management with password encryption
- Course Management with teacher assignments
- Attendance Tracking with date-based queries
- Marks/Grades Management with validation
- Comprehensive Error Handling and validation
- MySQL Database with JPA/Hibernate
- Java 21
- MySQL 8.0+
- Maven 3.6+
Create a MySQL database:
CREATE DATABASE academictracker;Update src/main/resources/application.properties with your MySQL credentials:
spring.datasource.url=jdbc:mysql://localhost:3306/academictracker?useSSL=false&allowPublicKeyRetrieval=true
spring.datasource.username=your_username
spring.datasource.password=your_password# Clean and build
./mvnw clean install
# Run the application
./mvnw spring-boot:runThe application will start on http://localhost:8080
POST /api/auth/register
Content-Type: application/json
{
"name": "John Doe",
"email": "john@example.com",
"password": "password123",
"role": "STUDENT"
}POST /api/auth/login
Content-Type: application/json
{
"email": "john@example.com",
"password": "password123"
}Response includes JWT token in cookie and user details in body.
POST /api/auth/logoutGET /api/users/allGET /api/users/{id}GET /api/users/email/{email}DELETE /api/users/{id}GET /api/courses/allGET /api/courses/{id}POST /api/courses/add
Content-Type: application/json
{
"name": "Mathematics",
"section": "A",
"teacher": {
"id": 1
}
}DELETE /api/courses/{id}POST /api/attendance/mark
Content-Type: application/json
{
"studentId": 1,
"courseId": 1,
"date": "2025-10-08",
"present": true,
"remarks": "On time"
}GET /api/attendance/student/{studentId}Accessible by: STUDENT, TEACHER, PARENT
GET /api/attendance/course/{courseId}GET /api/attendance/date/{date}Example: /api/attendance/date/2025-10-08
POST /api/marks/add
Content-Type: application/json
{
"student": {
"id": 1
},
"course": {
"id": 1
},
"score": 85.5
}GET /api/marks/student/{studentId}Accessible by: STUDENT, TEACHER, PARENT
GET /api/marks/course/{courseId}- ADMIN: Full system access, user management, course deletion
- TEACHER: Course creation, attendance marking, marks entry, view all course data
- STUDENT: View own attendance and marks
- PARENT: View child's attendance and marks
JWT tokens are:
- Stored in HTTP-only cookies
- Valid for 24 hours (configurable in
application.properties) - Signed with HS512 algorithm
- Automatically validated on each request
src/main/java/com/example/academictracker/
βββ controller/ # REST API endpoints
β βββ AuthController.java
β βββ UserController.java
β βββ CourseController.java
β βββ AttendanceController.java
β βββ MarksController.java
βββ service/ # Business logic
β βββ UserService.java
β βββ CourseService.java
β βββ AttendanceService.java
β βββ MarksService.java
βββ repository/ # Data access layer
β βββ UserRepository.java
β βββ CourseRepository.java
β βββ AttendanceRepository.java
β βββ MarksRepository.java
βββ model/ # Entity classes
β βββ User.java
β βββ Course.java
β βββ Attendance.java
β βββ Marks.java
β βββ Role.java
βββ dto/ # Data transfer objects
β βββ LoginRequest.java
β βββ AttendanceDTO.java
βββ security/ # Security configuration
β βββ SecurityConfig.java
β βββ JwtUtil.java
β βββ JwtAuthenticationFilter.java
β βββ CustomUserDetailsService.java
βββ AcademictrackerApplication.java
Key configuration properties in application.properties:
# Database
spring.datasource.url=jdbc:mysql://localhost:3306/academictracker
spring.jpa.hibernate.ddl-auto=update
# JWT
jwt.secret=yourSecretKey123456789yourSecretKey123456789
jwt.expiration=86400000
# CORS (update for production)
# Configured in SecurityConfig.java- Centralized Password Encoding: Moved to
UserServicefor consistency - Proper Validation: Added
@Validannotations and comprehensive validation - Error Handling: Try-catch blocks with meaningful error messages
- Entity Relationships: Fixed lazy loading and JSON serialization issues
- Security: Proper JWT configuration from properties file
- Service Layer: Added ID-based query methods for better performance
- API Consistency: Standardized response formats and error handling
- Code Organization: Removed duplicate classes and unused code
- Register a user:
curl -X POST http://localhost:8080/api/auth/register \
-H "Content-Type: application/json" \
-d '{"name":"Test User","email":"test@example.com","password":"password123","role":"STUDENT"}'- Login:
curl -X POST http://localhost:8080/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"password123"}' \
-c cookies.txt- Access protected endpoint:
curl -X GET http://localhost:8080/api/courses/all \
-b cookies.txt- Default role for new users is
STUDENT - Passwords are encrypted using BCrypt
- All timestamps use system timezone
- Database schema is auto-created/updated on startup
- CORS is configured for
http://localhost:3000(update for production)
-
Database Connection Failed
- Verify MySQL is running
- Check credentials in
application.properties - Ensure database exists
-
JWT Token Invalid
- Check if token has expired (24h default)
- Verify secret key is consistent
- Clear cookies and login again
-
Access Denied
- Verify user has correct role
- Check
@PreAuthorizeannotations - Ensure JWT token is being sent
This project is for educational purposes.
Academic Tracker Development Team