Identity Services - quark-bits/identity-services GitHub Wiki

Requirements

Develop RESTful Webservice

1. Creation of new user.
2. Login an existing user with username/password.
3. Track Successful/Failure Login Events.

Assumptions

1. REST service responses will be JSON.
2. Login just returns success/failure. There is no session management.

Technical Approach

Persistence Layer

Database: Relational vs NoSQL: The requirement has fairly structured data and defined relationship can be established. Hence Relational Database is considered. ORM: Hibernate

Service Layer

Framework: Vanilla Jersey vs SpringBoot. SpringBoot has rich integration support with various components like ORMs, Security so on.

Tools/Libraries Used

• SpringBoot: Jersey(Jax-RS), Hibernate JPA(Default),
• Database: H2 DB
• RunTime: Jetty
• Encryption: Apache commons Codec

Limitations

1. Caching is not implemented. -> Use spring-boot-starter cache with JCache or any other supported provider.
2. Data Validation is currently Broken.-> Bean/Entity validation annotations not working. TODO
3. Password Encryption to be more stronger -> Add Random SALT and store.
4. Cover more test-cases.
5. Include Logging.

Improvements to extend to Full-Blown Services

1. Include NFR testing.
2. Swagger/RestAPI Documentation
3. Client Libraries - Helps in quick uptake and adoption of services.
4. Permissions is not implemented.