LIGHT

  • News
  • Docs
  • Community
  • Reddit
  • GitHub
Star
  • About Light Platform
    • Overview
    • Testimonials
    • What is Light
    • Features
    • Principles
    • Benefits
    • Roadmap
    • Community
    • Articles
    • Videos
    • License
  • Getting Started
    • Get Started Overview
    • Environment
    • Light Codegen Tool
    • Light Rest 4j
    • Light Tram 4j
    • Light Graphql 4j
    • Light Hybrid 4j
    • Light Eventuate 4j
    • Light Oauth2
    • Light Portal Service
    • Light Proxy Server
    • Light Router Server
    • Light Config Server
    • Light Saga 4j
    • Light Session 4j
    • Webserver
    • Websocket
    • Spring Boot Servlet
  • Architecture
    • Architecture Overview
    • API Category
    • API Gateway
    • Architecture Patterns
    • CQRS
    • Eco System
    • Event Sourcing
    • Fail Fast vs Fail Slow
    • Integration Patterns
    • JavaEE declining
    • Key Distribution
    • Microservices Architecture
    • Microservices Monitoring
    • Microservices Security
    • Microservices Traceability
    • Modular Monolith
    • Platform Ecosystem
    • Plugin Architecture
    • SOA
    • Scalability and Performance
    • Serverless
    • Service Collaboration
    • Service Mesh
    • Spring is bloated
    • Stages of API Adoption
    • Transaction Management
    • Microservices Cross-cutting Concerns Options
    • Service Mesh Plus
    • Service Discovery
  • Design
    • Design Overview
    • Design First vs Code First
    • Desgin Pattern
    • Service Evolution
    • Consumer Contract and Consumer Driven Contract
    • Handling Partial Failure
    • Idempotency
    • Environment Segregation
    • Multi-Tenancy
    • Why check token expiration
    • WebServices to Microservices
  • Cross-Cutting Concerns
    • Concerns Overview
  • API Styles
    • Light-4j for absolute performance
    • Style Overview
    • Distributed session on IMDG
    • Eventuate - Event Sourcing and CQRS
    • Hybrid - Modularized Monolithic
    • REST - Representational state transfer
    • Saga - Distributed Transactions
    • Tram - Transactional Messaging
    • Web Server with Light Platform
    • Websocket with light platform
    • Spring Boot Integration
    • Single Page Application
    • GraphQL - A query language for your API
  • Infrastructure Services
    • Service Overview
    • Light Proxy
    • Light Router
    • Introduction
    • Architecture
    • Light Portal
    • Messaging Infrastructure
    • Centralized Logging
    • Light OAuth2
    • Services
    • Metrics and Alerts
    • Reference
    • Config Server
    • Tokenization
  • Tool Chain
    • Tool Chain Overview
  • Utility Library
  • Service Consumer
    • Service Consumer
  • Development
    • Development Overview
    • Best Practices
    • Development Flow
    • Platform Developer
    • Develop Build
    • Application
    • Service Provider Developer
    • Service Consumer Developer
  • Deployment
    • Deployment Overview
    • Frontend Backend
    • Linux Service
    • Windows Service
    • Install Eventuate on Windows
    • Secure API
    • Client vs light-router
    • Memory Limit
    • Deploy to Kubernetes
  • Benchmark
    • Benchmark Overview
  • Tutorial
    • Tutorial Overview
  • Troubleshooting
    • Troubleshoot
  • FAQ
    • FAQ Overview
  • Milestones
  • Contribute
    • Contribute to Light
    • Development
    • Documentation
    • Example
    • Tutorial

User Management

This portal service can be found at https://github.com/networknt/light-portal

This service is part of light-portal, and it is used for managing users for the light-4j platform. And users can get the service to run separately for user management for their own project.

Scope

User Management Service only manages user create, confirm, update, delete and log in. The user role and authorization will be implemented in light-oauth2. And the session management will be implemented in light-session-4j framework.

Non-functional requirements

User stories usually don’t define non-functional requirements, such as security, development principles, technology stack, etc. So let’s list them here separately.

The domain model is implemented in pure Java using Domain-driven design principles and its independent of the underlying technology stack.

When users log in, a JWT token is generated for them, which is valid for 15 minutes. Also, a refresh token will be issued with 24 hours expiration. By providing the JWT access token for subsequent requests they can perform operations which require authentication for 15 minutes. Before the access token is about to be expired, a new access token will be retrieved by sending the refresh token to the token service.

Password reset tokens are valid for 10 minutes and email address confirmation tokens for a day.

Passwords are encrypted with a cryptographically strong algorithm (Bcrypt) with a per-user salt.

GDPR(General Data Protection Regulation) compliance. That means we cannot use event sourcing with Kafka only but need a database so that user info can be deleted if necessary. For the current implementation, we are using light-eventuate-4j, so the aggregation is in a MySQL database. Of course, users can have their implementation if they want some extra features.

Basic requirement & use case:

As a user, I want to register, so that I can get access to content which requires registration

As a user, I want to confirm my email address after registration

As a user, I want to login and log out

As a user, I want to change my password

As a user, I want to change my email address

As a user, I want to be able to reset my password, so that I can login after I lost my password

As a user, I want to update my profile, so that I can provide my correct contact data

As a user, I want to close my account, so that I can close my relationship with that service I signed up for

As an admin, I want to manage (create/delete/update) users manually, so that staff members wouldn’t have to go over the registration process

As an admin, I want to create users manually, so that staff members wouldn’t have to go over the registration process

As an admin, I want to list all users, even those once who closed their account

As an admin, I want to be able to see users’ activity (login, logout, password reset, confirmation, profile update), so that I can comply with external audit requirements

Workflow

User_registration_workflow

Service Rest Api

GET /user/{user_id}

Finds a user with the given ID.

GET /user

List all users in the system

POST /user

Registers a new user

DELETE /user/{user_id}

Deletes the given user.

PUT /user/{user_id}

Updates the profile of a given user.

GET /user/tokens/{user_id}?token={token_id}

Uses the token of the given user and performs the action related to the token�s type.

GET /user/email?email={email}

Finds a user with the Email Address.

GET /user/name?name={name}

Finds a user with the login name.

PUT /user/login

Login user with given login form

Project modules

Common module:

common module includes all common objects for the service:

Entities – Entities have got a clear identify and lifecycle which needs to be managed

User, ConfirmationToken

Value Objects:

In contrast to entities, value objects don’t have a clear identity, that is, they are just grouping a set of attributes and if these attributes are the same as the attributes of another value object of the same type, then we can treat them the same

AddressData, AuditData, ContactData, Password, UserDto

Event – handle event and process it by light-eventuate-4j framework

UserSignUpEvent, UserSignUpSuccessEvent, UserSignUpFailEvent, UserUpdateEvent, UserDeleteEvent, UserActionEvent

Util – help and util classes

IdGenerator (generate unique Id), LocalDateTimeUtil (time util class). Validator (validate user input email, password etc), EmailSender (send confirm email for new signup user or email change)

auth module:

auth module includes the service class for user authentication, and command side component for eventuate system.

command – Aggregates and command class for light-eventuate-4j framework to handle events.

service – java service POJO class for user signup and user authentication

We provide two types of services:

Normal microservice:

It can be run local to and persist the user info to local database only.

Module:

usermanagement-service

Event sourcing microservice:

Integrate the service with light-eventuate-4j framework to process user management with event sourcing. It include command side service and query side service.

Module:

rest-coomand – command side service

rest-query – query side service

  • News
  • Docs
  • Community
  • Reddit
  • GitHub
  • About Light Platform
  • Getting Started
  • Architecture
  • Design
  • Cross-Cutting Concerns
  • API Styles
  • Infrastructure Services
  • Tool Chain
  • Utility Library
  • Service Consumer
  • Development
  • Deployment
  • Benchmark
  • Tutorial
  • Troubleshooting
  • FAQ
  • Milestones
  • Contribute