Chapter 8. Case Study I—Integrating Spring Python with your Web Application
Throughout the earlier chapters, we have covered the building blocks of Spring Python: dependency injection, aspect oriented programming, database template, transaction management, security, and remoting. All of these pieces are like the bricks used to build a house. We looked at each brick by itself, and saw how to utilize it. In this chapter we will explore using all of them together to build a comprehensive banking application.
In this chapter we will learn how to:
Put together a simple banking application with a nicely decoupled view and controller layer
Apply simple authentication mechanisms to grant access to different types of users
Apply role-based authorization, distinguishing between different groups of users
Create custom authorization to prevent customers from seeing each other's data
Export data over a trusted network in a raw, machine-readable format
Export data to external users, going through established security protocols to only provide this data to authenticated and authorized clients
Seamlessly audit banking operations
Mark up multi-step operations as atomic transactions
Requirements for a good bank
Before we can embark on building our application, we need to establish the stories that we will implement in our coding sprint. What do we need to do to implement a good banking application?
A customer can open a new account with a balance of $0.00
A customer can close an account that has $0.00 balance
Opening and closing accounts written into a log visible to the owning customer and any manager
A customer can withdraw any amount up to the total balance of the account
A customer can deposit any amount into an existing account they own
A customer can transfer from one account they own to another account they own, up to the total balance of the source account
All withdrawals, deposits, and transfers are written into a log visible to the owning customer and any manager
Logs will be available through a secure, machine-to-machine format, requiring valid credentials
The action of a manager viewing a log will be logged separately. This log will be visible by a supervisor
This isn't everything we would want from a bank, but it's a nice start. Our sprint is focused on building some basic deposit/withdraw functionality, while logging these transactions. This demands integrity to avoid leaking money.
We also need supervision over the managers to monitor when they inspect transaction logs. Access for customers, managers, and supervisors will require some fine grained security controls to be put in our banking application.
Finally, the ability to read logs through a remote connection will nicely support integrating with other banks that our customers may work with.