Error: Macro BackLinksMenu(None) failed

compressed data is corrupt

Error: Macro TicketQuery(summary=S2S_CORE_SECURITY_R0, compact) failed

current transaction is aborted, commands ignored until end of transaction block

Analysis

^{(The purpose of the analysis is to give as much as possible of the needed information for designing and implementing the task.)}

Overview

Users and the groups they belong to, must be represented by objects. There must be a service or services that provide API to manage the users and the groups, their attributes and permissions. This API will use the persistence layer to persist the data to the database and will be used by the web services and the client and web views.

Task requirements

Object model for the security logic and services that will manage it.

Task result

User and Group classes with their required properties. Security service or services. Exceptions thrown by the security logic.

Implementation idea

The user and group classes will be simple java beans. The service will have methods like:

public User login(String username, String password) {...}
public void register(user newUser) throws SecurityException  {...}

... and etc.

Related

The service in the security logic will communicate with the daos from the persistence layer created in S2S_PERSISTENCE_COMMONS_R0.

How to demo

There will be JUnit tests for the security logic. In future the web services and the web view will use this logic.

Design

In this revision there will be two persistent objects in security layer - Users and Groups. Every User will be able to subscribe to zero or more Groups, and every Group will be able to contain zero or more Users.

The security layer in that revision will be represented by two services. One for managing the users of the system and one for managing the groups. The permission logic will be added at later revision when there are books and comments.

• The UserService:
  • Will have method for log in an User. The method will check if the User exists in the database, if the password of the user is right and only then will log in the user by it's user name and password and return the persisted entry. In the other cases it will throw special SecurityException with the right message.
  • Will have method for registering of a new user. The method will receive as parameter an not persisted User object if user with the same user name already exists in the database will throw SecurityException with the right message.
  • Will have method for deleting an user account, it will take the responsibility to delete all the user subscriptions to books, comments, groups or leave them as anonymous.
  • Will have method that provides all the groups an user is subscribed to.
  • Will have method that saves the changes an user has made to it's profile.

• The GroupService:
  • Will have method for creating of a new group by given name. If a group with such name already exists in the DB will throw SecurityException with appropriate message
  • Will have method for adding an user to a group.
  • Will have method that retrieves all the users belonging to a group.
  • Will have method that deletes an existing group from the database.

Implementation

^{(Implementation results should be described and linked here (from the wiki or the repository))}

Testing

Comments

^{(Write comments for this or later revisions here.)}