November 30, 2012 | Posted in:Uncategorized

Web development with Java is a breeze, at least for me :) but no doubt its a challenge for a first timer even if he is an accomplished Java developer. The complexity of a web app is possibly easily highlighted when you try and develop a login and authorization module for a web app.

With this series I intend to highlight and document the intricacies and details involved in designing, developing and testing such a module. I am going to use plain breeze Servlets / JSPs / HTML and my favorite GWT ( Google Web toolkit ) etc. As a first step let us look at the various aspects and needs of such a feature in a modern webapp context. A simple looking feature such as this can turn into a nightmare and finding information on the web about all aspects of coding a login was hard to find, at least for me.
Teams without experience in such areas tend to iterate through the development process again and again fixing and improving the same feature throughout thus wasting considerable efforts , time on the same feature and resulting in significant increase in cost and affecting schedules along with losing motivation.
We use agile extensively so I will attempt to describe the feature using an epic and a set of stories. Lets assume we are going to engineer a startup project and thus the first step is to enable users to signup and than access the app. Silomen is an enterprise grade CRM application to be used by all types of users throughout the world.
As a Silomen product manager and architect I define an epic to start with … namely – User Signup and Authorization
Story 1 – User should be able to register / sign up on our website using a simple combination of a valid email id, name and a password.
Story 2 – We need a remember me feature along with browser auto save feature
Story 3 – User can reset or recover a lost password or user account
Story 4 – User authorization and access process should be most secured and protect the user and the application from all varieties of known vulnerabilities
Story 5 – We want to allow user to signin using popular OAuth service providers
Story 6 – The user authorization and access mechanism needs to centralized and user can sign in to multiple services to be developed by us after logging in once.
Story 7 – We need statistics of signup and signIn success / failure rates and reasons
Story 8 – Anything missing above / suggestions / corrections … do post a query in the comments of this blog post.
Thus we are all set to venture into the next phase i.e. to begin with our agile sprint.
email