Definitions of the domain and technical terms used across the learn-dev project. For the concrete tools and versions, see docs/tech-stacks.md; for how the pieces fit together, see ARCHITECTURE.md; for the rationale behind design decisions, see the ADRs.
- Archive — Unpublish a course or lesson so it is no longer available to students, without deleting it.
- Course — A unit of learning content owned by an instructor; contains lessons.
- Deactivate — Disable an account (for example an instructor or student) so it can no longer be used, without deleting it. See also disabled account.
- Drop a course — A student withdrawing from a course before finishing it.
- Enrollment — The relationship linking a student to a course they have joined.
- Lesson — An individual piece of content within a course.
- Role — A named set of permissions granted to a user. The seeded roles are
STUDENT,INSTRUCTOR, andADMIN;SUPERADMINis planned (see issue #65).
- Authority — In Spring Security, a single granted permission string held by an
authenticated user. Roles are represented as authorities prefixed with
ROLE_(for example theADMINrole becomes the authorityROLE_ADMIN). - BCrypt — An adaptive password-hashing function. Passwords are stored as BCrypt hashes, never in clear text.
- CSRF (Cross-Site Request Forgery) — An attack that tricks a logged-in user's
browser into submitting an unwanted request. Defended with a per-form token
(injected by Thymeleaf) and the
SameSitecookie attribute. - Disabled account — An account that exists but is not allowed to authenticate
(mapped from the
is_active = falseflag). Distinct from a locked account. - HttpOnly — A cookie attribute that hides the cookie from client-side JavaScript, mitigating session theft via XSS.
- IDOR (Insecure Direct Object Reference) — An access-control flaw where a client-supplied identifier is trusted without an authorization check. Using UUID primary keys for users mitigates enumeration (see ADR-0003).
- Locked account — An account temporarily blocked from authenticating (for
example after too many failed logins), mapped from the
is_lockedflag. Distinct from a disabled account. - Principal — The currently authenticated entity (typically the user) within a security context.
- SameSite — A cookie attribute controlling whether the browser sends the cookie
on cross-site requests. Set to
Laxhere as CSRF defense in depth. - Secure (cookie) — A cookie attribute that restricts the cookie to HTTPS. Enabled only once the app is served over TLS.
- Session (server-side) — Authentication state kept on the server and referenced
by a session cookie (
JSESSIONID), rather than a self-contained token (see ADR-0001). - XSS (Cross-Site Scripting) — Injection of malicious scripts into pages viewed
by other users. Mitigated by Thymeleaf's automatic output escaping and
HttpOnly.
- Changelog / Changeset (Liquibase) — A changelog is the ordered list of
migrations; a changeset is one atomic migration, identified by
path::id::author. - ERD (Entity-Relationship Diagram) — A diagram of entities and their relationships (rendered here with Mermaid).
- Hibernate — The JPA implementation (ORM) used to map Java entities to tables.
- JPA (Jakarta Persistence API) — The standard Java API for object-relational mapping; implemented by Hibernate.
- JSESSIONID — The default name of the servlet session cookie.
- Liquibase — The database schema migration tool. Migrations are hand-written formatted-SQL files applied at startup (see ADR-0005).
- Merise — A French data-modelling method producing three views: MCD, MLD, MPD.
- MCD (Modele Conceptuel de Donnees) — Conceptual data model; the entities and relationships independent of any database.
- MLD (Modele Logique des Donnees) — Logical data model; the relational schema (tables, keys) derived from the MCD.
- MPD (Modele Physique des Donnees) — Physical data model; the concrete schema as implemented in PostgreSQL.
- ORM (Object-Relational Mapping) — Mapping between Java objects and relational tables; provided by Hibernate/JPA.
- UUID — A 128-bit identifier used as the primary key for users to avoid sequential-id enumeration.
- ADR (Architecture Decision Record) — A short, numbered, append-only document capturing one design decision and its trade-offs, in MADR format.
- Bean Validation — The Jakarta standard for declaring constraints
(
@NotBlank,@Email,@Size) on form/DTO fields, enforced with@Valid. - DTO (Data Transfer Object) — An object carrying data across a boundary,
deliberately separate from entities. A
...FormDTO backs an HTML form. - Failsafe — The Maven plugin that runs
*ITintegration tests in theverifyphase. This project does not use it (see ADR-0009). - FIFO (named pipe) — A special file that streams data on read. The project's
.envis a FIFO filled by 1Password; shellsourcecannot read it (0-byte stat). - HikariCP — The JDBC connection pool bundled with Spring Boot.
- Integration test — A test that boots a Spring context and exercises multiple
layers together (here
@SpringBootTestagainst a real Postgres container). - Lombok — A library that generates boilerplate (getters, constructors) from annotations at compile time.
- MADR (Markdown ADR) — The lightweight ADR template format used in
docs/adr/. - Slice test — A test that loads only one layer of the context (for example
@DataJpaTestfor the persistence layer). - Smoke test — A minimal test that the application context starts at all
(
LearnDevApplicationTests). - Surefire — The Maven plugin that runs
*Test/*Testsunit and integration tests in thetestphase. All tests here run under Surefire. - Testcontainers — A library that starts throwaway Docker/Podman containers for tests; used to run a real PostgreSQL (see ADR-0006).
- Ryuk — Testcontainers' companion container that cleans up resources; disabled under Podman in this project.
- YAGNI (You Aren't Gonna Need It) — The principle of not building features
until they are actually needed (for example deferring the
SUPERADMINrole).
- Docker Compose — Declarative multi-container orchestration; here it runs
Postgres and Mongo.
dockeron the dev machine is Podman. - GitButler — The version-control tool wrapping Git; used via the
butCLI when the current branch isgitbutler/workspace. - Podman — A daemonless container engine, used as the
dockerdrop-in. - Spring profile — A named configuration set (for example
dev) selecting profile-specific properties and Liquibase contexts. - Thymeleaf — The server-side HTML template engine. Its Spring Security
dialect (
sec:namespace) exposes the authenticated user to templates.
- CCP (Certificat de Competences Professionnelles) — A competency block of a French Titre Professionnel; the DWWM has a front-end and a back-end CCP.
- DWWM (Developpeur Web et Web Mobile) — The French Titre Professionnel this capstone targets.
- REAC (Referentiel Emploi Activites Competences) — The official competency reference framework defining what the certification assesses.