The component responsible for the users' authentication and authorization (called AuthLib) was initially developed by another development team that is also responsible for its maintenance/evolution. This component aims to satisfy a set of generic requirements common to several applications.
In the scope of this project, the AuthLib component must be reutilized.
For that aim, a brief overview of the component documentation is presented below.
The main concepts covered in this component are represented in the domain model presented below.
Accordingly, a "User" plays several "Role" (i.e. functions) as well as the same "Role" can also be played by several "User".
This component makes its functionalities available to other systems through a single access point (i.e. a class of software) called "AuthFacade". In this way, the internal structure of the component can be changed without affecting the applications that are using this component.
Therefore, the relevant documentation regarding the component (re)usage consists of the description of the classes "AuthFacade" and "UserSession" (cf. class diagram). The first provides the following methods:
- “boolean addUserRole(String id, String description)”: creates a new role that is of interest for the application reusing the component;
- “boolean addUser(String name, String email, String pwd)”: creates a new user that can use the application;
- “boolean addUserWithRole(String name, String email, String pwd, String roleId)”: similiar to the previous method, with the advantage of immediately setting a role (based on its id) played by such user;
- “boolean addUserWithRoles(String name, String email, String pwd, String[] rolesId)”: similiar to the previous method, but with the ability to set several roles played by such user;
- “boolean existsUser(String email)”: used to know if there is a user that is identifiable by the specified identifier/email;
- “UserSession doLogin(String email, String password)”: allows to authenticate a user to properly use the application. The result is a user session (i.e. class UserSession) instance;
- “UserSession getCurrentUserSession()”: returns current active user session;
- “void doLogout()”: ends the currently active user session, i.e. the current user is no longer authenticated.
A user session (UserSession) provides the following methods:
- “boolean isLoggedIn()”: indicates whether the session actually has a successful authenticated user or not;
- “boolean isLoggedInWithRole(String roleId)”: indicates whether the authenticated user plays (or not) the role identified by the parameter "roleId";
- “String getUserName()”: returns the name of the authenticated user;
- “Email getUserId()”: returns the identifier/email of the authenticated user;
Finally, it should be noted that the user identifier is the most appropriate way for applications that use this component to relate system users with specific classes/objects of the application domain.