Java Full Stack Course Material | Spectrum Technologies

Chapter 1: Program Roadmap and Setup

Start from zero: understand full-stack architecture, development lifecycle, and how each layer communicates in a real application.

Pre-requisite needed: Java Programming, HTML, CSS, JavaScript

1.1 Theory: What is Java Full Stack?

Frontend: UI built with React.
Backend: APIs built with Spring Boot.
Database: MySQL/PostgreSQL for persistent data.
Deployment: CI/CD + cloud runtime.

1.2 Setup Syntax and Practical Example

# Verify tools
java -version
mvn -version
node -v
npm -v

# Create backend project
mvn archetype:generate ...

# Create frontend project
npm create vite@latest ui -- --template react

Practical: initialize backend/frontend repos, commit baseline setup, and define API contract draft in README.

Lab: Create two folders (`backend`, `frontend`), run both locally, and document startup commands.

Assessment

Explain request flow from React to DB in your own words.
List minimum tools required for Java Full Stack development.

Chapter 2: Java Core Refresh

Strengthen the Java concepts that are mandatory for building scalable backend services. This chapter goes from language fundamentals to production-ready coding patterns.

2.1 Java Type System and Object Model

Primitive vs wrapper types and autoboxing behavior.
Reference semantics and mutability side effects.
`equals()` vs `==` and why it matters in collections.

Integer a = 127;
Integer b = 127;
Integer c = 200;
Integer d = 200;

System.out.println(a == b);      // true (cached)
System.out.println(c == d);      // false
System.out.println(c.equals(d)); // true

2.2 OOP Core Required for Enterprise Java

Encapsulation: protect invariants through methods.
Abstraction: interfaces for service contracts.
Polymorphism: plug in implementations without changing caller.

interface PaymentService {
  void pay(double amount);
}

class UpiPaymentService implements PaymentService {
  public void pay(double amount) { System.out.println("UPI: " + amount); }
}

2.3 Collections, Generics, Streams, and Optional

Use generics to enforce type safety at compile time.
Prefer stream pipelines for readable transformations.
Use Optional for explicit null-handling in return types.

record UserSummary(Long id, String name, String email) {}

List<UserSummary> summaries = users.stream()
  .filter(User::isActive)
  .sorted(Comparator.comparing(User::getName))
  .map(u -> new UserSummary(u.getId(), u.getName(), u.getEmail()))
  .toList();

Optional<User> user = userRepo.findByEmail(email);

2.4 Exception Handling, Resource Safety, and Custom Exceptions

Checked vs unchecked exception strategy in layered apps.
Try-with-resources for safe cleanup.
Custom domain exceptions mapped to API error responses.

class UserNotFoundException extends RuntimeException {
  UserNotFoundException(String email) {
    super("User not found for email: " + email);
  }
}

try (BufferedReader br = Files.newBufferedReader(path)) {
  return br.readLine();
}

2.5 JVM Memory and Concurrency Basics

Request Thread | Stack Frames (method locals) | Heap Objects (entities, DTOs) | GC reclaims unreachable objects

Stack vs heap understanding to avoid memory leaks.
Thread safety and immutable data design.
ExecutorService and CompletableFuture for async operations.

CompletableFuture<User> u1 = CompletableFuture.supplyAsync(() -> userService.get(id));
CompletableFuture<List<Order>> u2 = CompletableFuture.supplyAsync(() -> orderService.byUser(id));

CompletableFuture.allOf(u1, u2).join();

Lab: Build a `UserProfileService` that uses DTO mapping, Optional-based lookup, custom exceptions, and one async operation with CompletableFuture.

Assessment

When should you use `RuntimeException` for business logic errors?
Explain with example why `equals()` is safer than `==` for objects.
Write a stream pipeline with `filter`, `map`, and `sorted`.
Differentiate stack memory and heap memory with one backend example.

Chapter 3: OOP and Design Principles

Design maintainable modules by applying layered architecture and SOLID principles.

3.1 Theory

Controller -> Service -> Repository separation.
Single Responsibility and Dependency Inversion.
Interface-driven services for easier testing.

3.2 Syntax + Example

public interface UserService {
  UserDto create(CreateUserRequest req);
}

@Service
class UserServiceImpl implements UserService { ... }

3.3 Required Design Patterns in Java Full Stack

Factory: central object creation for configurable dependencies.
Strategy: swap algorithms (payment, discount, notification) without `if-else` chains.
Builder: create immutable request objects with optional fields.

interface DiscountStrategy { double apply(double amount); }

class FestivalDiscount implements DiscountStrategy {
  public double apply(double amount) { return amount * 0.9; }
}

double finalAmount = strategy.apply(cartTotal);

Controller | Service (Business Rules) | Repository (Data Access)

Lab: Refactor one God-class into layered classes (controller/service/repository).

Assessment

What problem does dependency inversion solve?
Where should validation/business rules live and why?

Chapter 4: SQL, JDBC, and JPA Basics

Build robust persistence with relational modeling, JPA mapping, and transaction handling.

4.1 Subtopics

Schema design, keys, constraints, indexing.
Entity mapping (`@Entity`, `@OneToMany`, `@ManyToOne`).
Custom queries and pagination.

@Entity
class Order {
  @Id @GeneratedValue
  private Long id;

  @ManyToOne(fetch = FetchType.LAZY)
  private User user;
}

Request -> Service -> Transaction Start | JPA Repository | Commit / Rollback

Lab: Implement users/orders modules with proper entity relationships and paged endpoint.

Assessment

When do you choose LAZY vs EAGER loading?
Why are DB indexes critical for list APIs?

Chapter 5: Spring and Spring Boot Fundamentals

Use Spring Boot to accelerate backend development with production-ready conventions.

5.1 Theory + Syntax

@SpringBootApplication
public class App {
  public static void main(String[] args) {
    SpringApplication.run(App.class, args);
  }
}

Auto-configuration and component scanning.
Profiles for dev/test/prod environments.
Configuration via `application.yml`.

5.2 Deep Theory: IoC, Bean Lifecycle, and Scopes

Inversion of Control (IoC): Spring creates and wires objects.
Bean lifecycle phases: instantiate -> inject -> post-process -> ready.
Scopes: singleton, prototype, request, session (web apps).

@Component
@Scope("prototype")
class TokenGenerator {
  String generate() { return UUID.randomUUID().toString(); }
}

Spring Startup | Scan Components + Config | Create Beans + Inject Dependencies | Application Ready

Config Files + Beans | Spring Container Startup | Ready REST Application

Lab: Configure three profiles and expose one profile-specific property endpoint.

Assessment

What does `@SpringBootApplication` combine internally?
Why should production configs be separated from dev?

Chapter 6: REST API Design and Validation

Design predictable APIs with standards, validation, and error contracts.

6.1 Syntax and Practical API

@PostMapping("/users")
public ResponseEntity<ApiResponse<UserDto>> create(
    @Valid @RequestBody CreateUserRequest request) {
  UserDto created = userService.create(request);
  return ResponseEntity.status(HttpStatus.CREATED)
      .body(ApiResponse.success(created));
}

Resource naming and status code semantics.
Validation using Jakarta Bean Validation.
Global exception handler for consistent responses.

6.2 Advanced API Theory and Syntax

Idempotency for PUT/DELETE and retry-safe operations.
Versioning (`/v1`, `/v2`) and backward compatibility strategy.
Standardized envelope for success and error payloads.

@GetMapping("/v1/users")
public ApiPage<UserDto> list(
    @RequestParam(defaultValue = "0") int page,
    @RequestParam(defaultValue = "20") int size) {
  return userService.list(page, size);
}

Client Request | Controller + @Valid | Service -> DB | Success/Error Response Contract

Lab: Build CRUD + search endpoint with validation and structured error JSON.

Assessment

When should API return 400, 404, and 409?
Write one validation rule for email or password.

Chapter 7: Authentication and Authorization

Secure your backend and frontend with token-based flows and role permissions.

7.1 Theory

Authentication vs authorization.
JWT lifecycle: issue, validate, expire, refresh.
Role-based endpoint restrictions.

7.2 Syntax

http
  .csrf(csrf -> csrf.disable())
  .authorizeHttpRequests(auth -> auth
    .requestMatchers("/auth/**").permitAll()
    .requestMatchers("/admin/**").hasRole("ADMIN")
    .anyRequest().authenticated());

7.3 Token Lifecycle and Security Hardening

Access token + refresh token model for better session security.
Password hashing (BCrypt) and credential rotation policy.
Rate limiting and lockout policies for login endpoints.

@Bean
PasswordEncoder passwordEncoder() {
  return new BCryptPasswordEncoder();
}

String hashed = passwordEncoder().encode(rawPassword);

Login -> JWT Issued | Token in Request Header | JWT Filter -> Security Context | Role Check -> Access / Denied

Lab: Implement login/register + role-based access for admin and student routes.

Assessment

Why should JWT expiry be short-lived?
How do you protect frontend routes after login?

Chapter 8: React Essentials

Master frontend foundations needed for enterprise full-stack applications: component architecture, data flow, form handling, and performance-aware rendering.

8.1 React Theory You Must Know

Unidirectional data flow and predictable UI updates.
Component-driven design for reusable features.
When to lift state up vs keep local state.
Presentational vs container component split.

8.2 Syntax Walkthrough: Controlled Form + Validation

function UserForm({ onSubmit }) {
  const [form, setForm] = useState({ name: "", email: "" });
  const [errors, setErrors] = useState({});

  function validate() {
    const next = {};
    if (!form.name.trim()) next.name = "Name is required";
    if (!form.email.includes("@")) next.email = "Valid email required";
    setErrors(next);
    return Object.keys(next).length === 0;
  }

  return (
    <form onSubmit={(e) => { e.preventDefault(); if (validate()) onSubmit(form); }}>
      <input value={form.name} onChange={(e)=>setForm({ ...form, name: e.target.value })} />
      <input value={form.email} onChange={(e)=>setForm({ ...form, email: e.target.value })} />
      <button>Save</button>
    </form>
  );
}

8.3 Practical Case Study: Student List UI

Build list, filter, and detail view using reusable cards.
Implement loading, empty, and error states.
Memoize expensive filtering using `useMemo`.

User Input | Component State Update | Derived UI (filter/sort) | Render + API Interaction

Lab: Create a dashboard module with reusable card, table, modal, and validated form components.

Assessment

Controlled vs uncontrolled forms: compare with one real use case.
When should you use `useMemo` and `useCallback`?
How do you design component props to remain reusable?

Chapter 9: State, Routing, and API Integration

Integrate frontend and backend with robust state strategy, route guards, API retry/error handling, and cache-aware patterns.

9.1 Theory and Subtopics

Local state vs global state selection strategy.
Protected routing with role-aware navigation.
API client architecture with interceptors and retries.
Avoiding race conditions in parallel async calls.

9.2 Integration Syntax

const api = axios.create({ baseURL: import.meta.env.VITE_API_URL });

api.interceptors.request.use((config) => {
  const token = localStorage.getItem("token");
  if (token) config.headers.Authorization = `Bearer ${token}`;
  return config;
});

api.interceptors.response.use(
  (res) => res,
  (err) => {
    if (err.response?.status === 401) window.location.href = "/login";
    return Promise.reject(err);
  }
);

9.3 Practical Case Study: Batch Management Screen

List page with pagination, server-side filtering, and sorting.
Detail page with parallel API fetch (`batch`, `students`, `trainers`).
Graceful fallback UI for partial API failure.

Route Navigation | Guard Check (token + role) | API Client Request (interceptors) | Normalize Data + Store State | UI Render / Error Recovery

Lab: Build protected dashboard routes with paginated API list/detail pages and centralized error handler.

Assessment

Where should token injection and 401 redirect logic live?
How do you prevent duplicate fetches on rerender?
Explain one approach to cancel stale API requests.

Chapter 10: Testing Strategy

Adopt a multi-layer testing strategy that gives confidence without slowing delivery: unit, integration, contract, and end-to-end tests.

10.1 Backend Testing Detail

Service tests with Mockito and clear arrange/act/assert steps.
Controller integration tests via MockMvc and JSON assertions.
Repository tests with dedicated test schema and seed data.
Contract tests for critical external integrations.

@Test
void createUser_shouldReturnDto() {
  when(repo.save(any(User.class))).thenReturn(new User(1L, "A", "a@x.com"));
  UserDto dto = service.create(req);
  assertEquals("a@x.com", dto.email());
}

10.2 Frontend Testing Detail

React component behavior tests with user events.
Route guard tests for authenticated/unauthenticated paths.
API mocking for deterministic frontend tests.
Smoke and regression suites in CI.

Unit Tests (fast) | Integration Tests (behavior) | E2E / Smoke Tests (critical flows) | Release Gate

Lab: Write one backend service test suite and one frontend route-guard test suite with mocked APIs.

Assessment

Why are unit tests alone insufficient for release quality?
What should be tested at integration level vs unit level?
Define a minimal CI testing gate for production deployments.

Chapter 11: CI/CD and Cloud Deployment

Automate build, quality checks, artifact management, and safe deployments with rollback and observability as first-class concerns.

11.1 CI/CD Pipeline Deep Dive

# Pipeline stages
1. lint + static checks
2. backend + frontend tests
3. build backend jar and frontend bundle
4. docker build + scan + push
5. deploy staging
6. smoke + synthetic checks
7. production rollout + post-deploy validation

Secrets management using secure vault or CI secret store.
Artifact versioning and immutable releases.
Blue-green/rolling strategies with rollback triggers.
Post-deploy monitoring with logs, metrics, and alerts.

11.2 Deployment Example (Spring Boot + React)

# backend Dockerfile
FROM eclipse-temurin:17-jre
COPY target/app.jar app.jar
ENTRYPOINT ["java","-jar","/app.jar"]

# frontend build artifact
npm ci && npm run build

Git Push -> CI (test/build/scan) | Container Registry | Deploy Staging -> Smoke | Gradual Production Rollout

Lab: Containerize backend/frontend, deploy to staging, run smoke checks, and simulate rollback.

Assessment

What are your exact rollback criteria?
Which values must remain externalized (never hard-coded)?
How do you verify deployment success automatically?

Chapter 12: Capstone Full Stack Project

Deliver a portfolio-ready project demonstrating full-stack engineering capability: architecture, clean code, testing, security, and deployment maturity.

12.1 Project Scope and Subtopics

Project: Training Management Platform.
Modules: auth, batch management, content tracking, reporting.
Advanced features: audit logs, pagination, search, export, dashboard metrics.

Requirement -> API Contract -> DB Schema | Backend + Frontend Sprints | Testing + Security Review | Deployment + Demo + Documentation

12.2 Deliverables

Source code (frontend + backend).
API docs / Postman collection.
Test report and deployment link.
Architecture diagram and README.

12.3 Evaluation Rubric (100 Marks)

Architecture and modularity: 20
Backend API quality and validation: 20
Frontend UX and state management: 15
Testing coverage and quality: 15
Security and access control: 10
Deployment reliability and docs: 10
Demo clarity and Q&A defense: 10

12.4 End-to-End Walkthrough Checklist

Create user -> assign role -> login -> access protected page.
Create batch -> add students -> update progress -> generate report.
Trigger validation error and show structured API response.
Show logs/metrics and explain one optimization decision.

Lab: Build and present capstone with 15-minute architecture walkthrough and live deployment demo.

Assessment

Explain one architecture tradeoff and justify its business impact.
Show one measurable performance optimization with before/after metrics.
Describe your security threat model for at least two attack vectors.

Capstone outcome: beginner-to-advanced mastery with a deployment-ready, interview-strong full stack project.