Web User signup and authorization Series with Java - Part 1 Introduction

Web development with Java is a breeze, at least for me :) but no doubt its a challenge for a first timer even if he is an accomplished Java developer. The complexity of a web app is possibly easily highlighted when you try and develop a login and authorization module for a web app.

With this series I intend to highlight and document the intricacies and details involved in designing, developing and testing such a module. I am going to use plain breeze Servlets / JSPs / HTML and my favorite GWT ( Google Web toolkit ) etc. As a first step let us look at the various aspects and needs of such a feature in a modern webapp context. A simple looking feature such as this can turn into a nightmare and finding information on the web about all aspects of coding a login was hard to find, at least for me.

Teams without experience in such areas tend to iterate through the development process again and again fixing and improving the same feature throughout thus wasting considerable efforts , time on the same feature and resulting in significant increase in cost and affecting schedules along with losing motivation.

We use agile extensively so I will attempt to describe the feature using an epic and a set of stories. Lets assume we are going to engineer a startup project and thus the first step is to enable users to signup and than access the app. Silomen is an enterprise grade CRM application to be used by all types of users throughout the world.

As a Silomen product manager and architect I define an epic to start with ... namely - User Signup and Authorization

Story 1 - User should be able to register / sign up on our website using a simple combination of a valid email id, name and a password.

Story 2 - We need a remember me feature along with browser auto save feature

Story 3 - User can reset or recover a lost password or user account

Story 4 - User authorization and access process should be most secured and protect the user and the application from all varieties of known vulnerabilities

Story 5 - We want to allow user to signin using popular OAuth service providers

Story 6 - The user authorization and access mechanism needs to centralized and user can sign in to multiple services to be developed by us after logging in once.

Story 7 - We need statistics of signup and signIn success / failure rates and reasons

Story 8 - Anything missing above / suggestions / corrections ... do post a query in the comments of this blog post.

Thus we are all set to venture into the next phase i.e. to begin with our agile sprint.

A team dinner to remember

The feeling couldn't be any better. It was an interesting evening full of chaos due to that unbelievable traffic jam that took us about an hour to meet at the restaurant 500 mts away from our office.

Despite the terrible jam and a polluted wait it was nothing but good fun at Shisha cafe all evening to conclude this quarter where we found our focus areas and a promising direction to move towards.

So here are some photos to cherish on....