Challenge Overview

In this challenge series we’ll be developing a SSO solution that will be a reverse proxy to a target application. It will authenticate users via LDAP, then authorise logged in user to perform requested action. Authorization will use a set of rules and policies, and will set additional HTTP headers to the proxied request. Application will have a separate management interface to manage policies, rules, headers and users.

 

This challenge will implement the basic CRUD services for entities. We’ll use Spring as the application framework, and will use with SpringBoot to bootstrap the application. MongoDb will be used as a database and Spring Data to access the database. All configuration can be done using annotations (xml,JPA configurations aren’t required).

Swagger spec for the API, sample postman collection for verification and unit tests are required.

 

For each of the entities you should implement annotated POJO class, spring-data repository, CRUD service and API controller. For services and controllers make sure to use BaseService and BaseController to refactor common operations and reduce code duplication

 

There will be 3 supported roles:

  • RO - Read Only (Possible to access the application only with READ permission, not allowed to make any changes)

  • R/W - Read / Write ( Possible to access the application with R/W permission on policies, but not allowed to for User Management module)

  • Admin - Full Access

 

Permissions should be checked at controller level and requests should be passed through to the namesake services.

 

Here is a starting schema diagram

 

Attached in the forums is Functional Requirements document that explains all the features and use cases the end system will have. The API you create here should support all the actions in the use cases 3-7 and 9-10, detailed in the document. Changes to the above starting schema are expected, and you should ask questions in the forums for any clarifications.
 

Your solution should include instructions for local and Heroku deployment.



Final Submission Guidelines

Submit the full source code for the app
Deployment guide (environment, configuration, build, run - local and heroku)
Swagger spec for the API
Postman collection for testing the api
Sample data for testing the services

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30058655