A Spring Boot-based web application for managing a bakery's operations including product inventory, customer orders, user management, and reviews.
- Project Overview
- Architecture
- Features
- Prerequisites
- Installation & Setup
- Running the Application
- Project Structure
- Configuration
- Known Issues & Limitations
- Security Considerations
- Future Improvements
- Troubleshooting
The Bakery Management System is a web-based application designed to streamline bakery operations. It provides features for:
- Managing product inventory with images
- Processing customer orders
- Handling user authentication and profiles
- Collecting product reviews and ratings
- Vendor management
Technology Stack:
- Backend: Spring Boot 3.4.5, Java 17
- Frontend: JSP with JSTL
- Data Persistence: File-based storage (text files)
- Build Tool: Maven
- Server: Embedded Tomcat (Spring Boot)
┌─────────────────────────────────┐
│ Presentation Layer │
│ (JSP Views & Controllers) │
├─────────────────────────────────┤
│ Business Logic Layer │
│ (Services with Validation) │
├─────────────────────────────────┤
│ Data Access Layer │
│ (DAO - File-based Operations) │
├─────────────────────────────────┤
│ Persistence Layer │
│ (Text Files in /data directory) │
└─────────────────────────────────┘
| Layer | Components | Responsibility |
|---|---|---|
| Controller | AuthController, ProductController, OrderController, etc. | Handle HTTP requests, manage sessions, redirect flows |
| Service | UserService, ProductService, OrderService, etc. | Business logic, validation, orchestration |
| DAO | UserDAO, ProductDAO, OrderDAO, etc. | File I/O operations, data persistence |
| Model | User, Product, Order, Review, Vendor | Data entities with getters/setters |
- User registration with validation
- Login/Logout functionality
- Role-based access control (Admin, User)
- User profile management
- Password validation (minimum 5 characters)
- Add/Edit/Delete products
- Product categories (Bread, Cake, Pastry, etc.)
- Image upload with compression
- Stock management (initial, current, available quantities)
- Product descriptions and pricing
- Place orders with delivery details
- View order history
- Order status tracking (PENDING, COMPLETED, CANCELLED)
- Payment method selection (Cash, Card, Digital Wallet, UPI)
- Order confirmation with delivery information
- Add product reviews with ratings (1-5 stars)
- View all reviews for a product
- Customer-identified reviews
- Add/Edit/Delete vendors
- Vendor information storage
- Vendor product association
- View all orders
- Manage products and vendors
- User management interface
- System overview
- Java 17 or higher installed
- Maven 3.6+ for building
- Windows, macOS, or Linux
- Minimum 2GB RAM for development
- 1GB disk space for application and data files
java -version
mvn -versioncd d:\Project\Bakery-Managementmvn clean installThis will:
- Download all dependencies
- Compile Java source files
- Package the application
mvn clean buildExpected output should show BUILD SUCCESS.
mvn spring-boot:runAfter building:
java -jar target/backery_management-0.0.1-SNAPSHOT.jar- Open project in VS Code or IntelliJ IDEA
- Run
BackeryManagementApplication.java - Click "Run" button
Once running, open your browser and navigate to:
http://localhost:8080
| Username | Password | Role |
|---|---|---|
| Admin | admin@12345 | Admin |
| User1 | User1@12345 | User |
| User2 | User2@12345 | User |
Bakery-Management/
├── src/
│ ├── main/
│ │ ├── java/
│ │ │ └── com/backery/backery_management/
│ │ │ ├── BackeryManagementApplication.java # Spring Boot entry point
│ │ │ ├── controller/ # HTTP request handlers
│ │ │ │ ├── AuthController.java # Login/Signup
│ │ │ │ ├── ProductController.java # Product management
│ │ │ │ ├── OrderController.java # Order management
│ │ │ │ ├── CustomerController.java # Customer views
│ │ │ │ ├── UserController.java # User management
│ │ │ │ ├── VendorController.java # Vendor management
│ │ │ │ ├── HomeController.java # Admin dashboard
│ │ │ │ └── LogoutController.java # Session management
│ │ │ ├── service/ # Business logic
│ │ │ │ ├── UserService.java # User operations & validation
│ │ │ │ ├── ProductService.java # Product operations
│ │ │ │ ├── OrderService.java # Order processing
│ │ │ │ ├── OrderFileService.java # Order file operations
│ │ │ │ └── VendorService.java # Vendor operations
│ │ │ ├── dao/ # Data access objects
│ │ │ │ ├── UserDAO.java # User file I/O
│ │ │ │ ├── ProductDAO.java # Product file I/O
│ │ │ │ ├── OrderDAO.java # Order file I/O
│ │ │ │ ├── ReviewDAO.java # Review file I/O
│ │ │ │ └── VendorDAO.java # Vendor file I/O
│ │ │ └── model/ # Data entities
│ │ │ ├── User.java
│ │ │ ├── Product.java
│ │ │ ├── Order.java
│ │ │ ├── Review.java
│ │ │ └── Vendor.java
│ │ ├── resources/
│ │ │ └── application.properties # Configuration
│ │ └── webapp/
│ │ ├── resources/
│ │ │ └── images/products/ # Product images
│ │ └── WEB-INF/
│ │ └── views/ # JSP templates
│ │ ├── login.jsp
│ │ ├── signup.jsp
│ │ ├── index.jsp
│ │ ├── products.jsp
│ │ ├── orders.jsp
│ │ ├── single-product.jsp
│ │ ├── payment-options.jsp
│ │ ├── payment-success.jsp
│ │ └── ... (other views)
│ └── test/
│ └── java/
│ └── BackeryManagementApplicationTests.java # Unit tests
├── data/ # Data persistence
│ ├── users.txt # User data
│ ├── products.txt # Product inventory
│ ├── orders.txt # All orders
│ ├── reviews.txt # Product reviews
│ ├── vendors.txt # Vendor data
│ └── orders/
│ ├── all_orders.txt # Aggregated orders
│ └── user_*_orders.txt # User-specific orders
├── uploads/
│ └── products/ # Uploaded product images
├── pom.xml # Maven configuration
├── mvnw & mvnw.cmd # Maven wrapper
└── README.md # This file
Located in: src/main/resources/application.properties
# Application name
spring.application.name=BackeryManagement
# JSP view configuration
spring.mvc.view.prefix=/WEB-INF/views/
spring.mvc.view.suffix=.jsp
# File upload configuration
spring.servlet.multipart.max-file-size=1024MB
spring.servlet.multipart.max-request-size=1024MB- Session tracking: URL-based (via HttpSession)
- Session attributes: username, role, customerName
- Session timeout: Default Spring Boot timeout
| Data Type | Location |
|---|---|
| User data | data/users.txt |
| Products | data/products.txt |
| Orders | data/orders/all_orders.txt |
| Reviews | data/reviews.txt |
| Vendors | data/vendors.txt |
| Product Images | uploads/products/ |
id,username,password,email,role
1,Admin,admin@12345,admin@gmail.com,Admin
2,User1,User1@12345,User1@gmail.com,User
id|||name|||description|||category|||price|||quantityAvailable|||initialStock|||currentStock|||image
Order ID:1
User ID:2
Product:Cake
Quantity:5
Status:PENDING
Payment Method:Card
---
| Issue | Impact | Severity |
|---|---|---|
| No password hashing | Passwords stored in plaintext in data/users.txt |
🔴 CRITICAL |
| File-based persistence | Data corruption in concurrent access | 🔴 CRITICAL |
| No CSRF protection | Forms vulnerable to CSRF attacks | 🔴 CRITICAL |
| No input sanitization | Potential injection vulnerabilities | 🔴 CRITICAL |
-
Concurrent Access
- Multiple simultaneous users may cause data loss
- No file locking mechanism
- Manual ID generation can cause collisions
-
Scalability
- Entire dataset loaded in memory on startup
- Linear O(n) search for any lookups
- File I/O on every operation
-
Image Handling
- Image compression happens on every upload (slow)
- No image optimization or caching
- File path traversal not validated
-
Data Integrity
- No atomic transactions
- Incomplete writes not detected
- No backup/recovery mechanism
-
Order Processing
- Payment processing not implemented (selection only)
- No order confirmation emails
- No inventory reserved during checkout
- Username: Only alphanumeric, 3-20 chars (no special chars allowed)
- Password: Only length validation (minimum 5 chars)
- Email: Basic regex, doesn't validate all valid formats
- Product Stock: No warning for low inventory
-
Authentication
- ❌ Passwords not hashed (use BCrypt/Argon2)
- ❌ No session timeout configuration
- ❌ No brute force protection
-
Authorization
⚠️ Role checking exists but inconsistent⚠️ No method-level security annotations
-
Data Protection
- ❌ No HTTPS enforcement
- ❌ Sensitive data in logs
- ❌ No SQL injection prevention (if DB added)
-
Input Validation
- ❌ No XSS protection in JSP
- ❌ No input sanitization
⚠️ Partial validation in Service layer
Immediate Actions:
// Use Spring Security for password hashing
// Add BCrypt dependency:
// <dependency>
// <groupId>org.springframework.boot</groupId>
// <artifactId>spring-boot-starter-security</artifactId>
// </dependency>
// Example:
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
String hashedPassword = encoder.encode(plainPassword);For Production:
- Implement Spring Security
- Use HTTPS/TLS
- Add CSRF tokens to forms
- Implement proper exception handling
- Add security headers (CSP, X-Frame-Options, etc.)
- Use parameterized queries if switching to DB
- Implement rate limiting
- Add audit logging
-
Migrate to Database (MySQL/PostgreSQL)
- Replace file-based persistence
- Add proper transaction support
- Enable concurrent access
-
Implement Spring Security
- Password hashing (BCrypt)
- CSRF protection
- Session management
- Role-based access control (RBAC)
-
Add Comprehensive Validation
- Jakarta Validation annotations
- Custom validators
- Input sanitization
- Payment Gateway Integration (Stripe, PayPal)
- Email Notifications (Order confirmation, status updates)
- Image Optimization (Caching, CDN)
- Logging Framework (SLF4J + Logback)
- API Documentation (Swagger/OpenAPI)
- Unit Testing (JUnit 5, Mockito)
- Advanced Search & Filtering
- Dashboard Analytics (Sales, inventory reports)
- Vendor Dashboard (Separate portal)
- Mobile-friendly UI (Responsive design)
- Multi-language Support (i18n)
- REST API (For mobile apps)
- Docker Containerization
Error: Cannot find symbol: class BackeryManagementApplication
Solution:
mvn clean compile
mvn spring-boot:runSolution:
# Change port in application.properties
server.port=8081Verify:
- JSP files exist in
src/main/resources/WEB-INF/views/ - View names match file names (e.g., "login" → "login.jsp")
- Check
application.propertiesprefix/suffix settings
Solution:
# Create data directory structure
mkdir data
mkdir data/orders
mkdir uploads
mkdir uploads/productsCheck:
uploads/products/directory exists- Sufficient disk space
- File size under 1GB limit
- JPEG/PNG format
Cause: JSESSIONID cookie may not persist
Solution:
- Enable cookies in browser
- Check session timeout in
application.properties
Current Workaround: Single-user deployment only
Long-term Solution: Migrate to database with proper locking
# Full build with tests
mvn clean test package
# Skip tests for faster build
mvn clean package -DskipTests
# View dependency tree
mvn dependency:treemvn compile # Compile only
mvn test # Run tests
mvn package # Create JAR
mvn clean # Remove target directory
mvn install # Install to local repositoryVS Code:
- Install "Extension Pack for Java"
- Open project root
- Maven will auto-detect pom.xml
IntelliJ IDEA:
- Open → Select project root
- File → Project Structure → Verify Java 17 SDK
For issues or questions:
- Check the Troubleshooting section above
- Review the known issues list
- Check application logs for error messages
This project is provided as-is for educational purposes.
Current State: This is a functional learning project demonstrating Spring Boot fundamentals.
Production Readiness:
- File-based persistence (no concurrent access support)
- Security vulnerabilities (plaintext passwords, no CSRF protection)
- Limited error handling
- No testing framework
Recommended Before Production:
- Implement comprehensive security
- Migrate to relational database
- Add full test coverage
- Implement logging and monitoring
- Performance optimization and caching
Last Updated: January 27, 2026
Version: 0.0.1-SNAPSHOT