In earlier J2ee Web Projects, we have made some standards, which may be followed in future projects with required modifications and alterations in approach.
We are pointing those as below -
General Points -
- The underlying technical architecture will follow N-tier Architecture.
- The System will be designed with Windows web application interface. (Modern Projects should be designed with responsiveness in mind. (For Smartphone, Tab and Web at a minimum.)
- The System should be developed with well known J2ee framework with community support with open source data repository. (Spring as an application framework is a good choice here.)
- Source code need to be be modularized to facilitate phased development i.e. rewrite should be kept to minimum for future phases.
- Generally Social sign-on and Application Sign-on are much needed alternate ways for login now-a-days.
- Application Architecture and hosting solution should provide sufficient security to the content of the application and source files.
- The pages in the website, which expose proprietary and customer information, need to be secured enough. Also for data communication- cross-domain access through non-SSL layers may be required such as google, yahoo api access. For cross-domain access between external and intra organization applications, jsonp data communication format may be required.
- System needs to be designed with a scalable and extensible relational database model to cater to future growth and reporting requirements. The application may require data from non-traditional data repositories such as Word, Excel Files, PDF and even any real-time streaming.
- Error message handling needs to be included to the extent that descriptive information regarding the source of the error is provided to the user immediately upon occurrence. This behaviour will be valid throughout the application. End user should always see the business exception and not any technical exception – this is a must.
- Dates handling
- All dates will be based off of one base time
- Date format will be the same throughout the website independent of the location from where users access the website.
- Information log should be maintained for each record specifying who updated the record and at what time/date i.e. the time-stamp information .
- Generally Inbound Mail Server should not be configured physically with Web Application Servers.
- Internationalisation is needed to be used – when this is an absolute requirement.
Input related to Data Security and Access Privilege
- Creation and maintenance of users, groups, programs and assignment of privileges will be provided by administration module.
- A user’s access rights will be checked and fully defined at the time of login, and will not change throughout the session.
- Access control at the User Role/Group level
- User can edit the data in a row or record only if he/she has the appropriate security to modify the data.
- While moving from a secure area of the website to a non-secure area in a single session, the user will not be required to login afresh.
Input related to Client Environment and Toolset
- Application should be supported on Internet Explorer 7.0 and above, Chrome and Firefox recent.
- Whenever there is an outage, there should be some standard message informing the users about the unavailability of the systems and expected time to get the system back online
- The User Interface and navigation should be simple, intuitive, effective.
We will add more to the list as we grow further here.
Suggest any other point related to J2ee web project design in comments…