Cairo University

Faculty of Graduate Studies for Statistical Research

Department of Computer and Information Sciences

Software Processes
Lec. 4 outline: You’ll find all the information you need here on
Backend Development: About the Stack, Defining Backend
Applications, The Project Coordinates, Database(H2 (DBMS),
Authentication & Authorization, Development. Testing
..., and so on..
Tarek Aly
01126182476
http://41.32.221.109:8080/DrTarekAly.htm
E-mail: tarekmmmmt@{pg.cu.edu.eg; egyptpost.org; gmail.com; yahoo.com}
 Requirements: Minimum Viable
Product (MVP)
 If we think about it, we will almost
immediately define the needed
requirements:
 It must have wheels.
 It must have a board.
 It must have some sort of mechanism that unifies
the board and the wheels together.
 It must move using the wheels attached to the
board.
 It must have a brake mechanism.
 These are indispensable requirements.
Without these our skateboard is not a
skateboard. Then you can define some
nice-to-have features, like beautiful design
of the board, ergonomics, jumping capacity,
electrical motor, whatever.
Software Processes
 Engineering: The Team Around
the Product
 Engineering: is about creativity, innovation,
technology, and processes. Even Wikipedia knows
this: Engineering is the creative application of
science, mathematical methods, and empirical
evidence to the innovation, design, construction, and
maintenance of structures, machines, materials,
devices, systems, processes, and organizations.
 That is why it is really important to have a technical
person with you. Let’s, for example, think of the
roadmap for the MVP skateboard.
 Build wheels: 2 weeks
 Build board: 1 week
 Attach wheels to the board: 3 weeks
 Attach the braking mechanism: 2 weeks
 Test: 2 weeks

Software Processes
The agenda for the kick-off
meeting
 The description of the project (10 minutes)
 Why are we doing this? (5 minutes)
 Discussion of requirements (5 minutes)
 Discussion of dependencies (e.g., technological needs or third-
parties dependencies) (10 minutes)
 Timeline and roadmap (15 minutes)
 Roles and responsibilities (10 minutes)
 Questions and answers (10 minutes)

Remember, every project is very unique and requires different

approaches to be kicked off.

Software Processes
Message’s three dots feedback when
someone is typing a message to you

Software Processes
 Agenda
 Backend Development: About the Stack
 Defining Backend Applications
 Build Automation Tool: Maven
 The Project Coordinates
 Database(H2 (DBMS)
 Authentication & Authorization
 Development
 Testing

Software Processes
Backend Development: About the
Stack
 In this chapter they are going to start our project by building our
backend application (Bootstrapping, data storage, … ) that will
support everything needed by the frontend application later. The
purpose is that in the end you get an idea on what you need in
order to build a backend application and how these pieces work
together.
 Actually, they don’t believe that there’s a “best stack”; they believe
there are a set of good stacks for what you want to do—some
better than others depending on the nature of the project (Ex:,
More comfortable with a specific programming language). They
decided to write the backend application in Java 8. Installations,
commands, etc., will be done using Ubuntu Linux version 16.04
LTS.

Software Processes
Defining Backend Applications
 When they talk about the frontend and backend, they refer to the
client-server model. This means that it is responsible for receiving
requests from the clients to provide data, so they can display. This
seems simple, but there are a lot of topics concerning the backend.
Where do they store the data? How do they access it? Who can
see what data?
 Bootstrapping the Project Implementation:
The Code starts form page 103 – It is in the form of step by step
instructions – Do and follow it. Ex:
sudo apt-get install oracle-java8-installer
Download the Community Java home: /usr/lib/jvm/java-8-oracle/jre
Default locale: en_US, platform encoding: UTF-8
version for free at OS name: "linux", version: "4.12.2-041202-generic", arch:
"amd64",
https://www.jetbrains.com/. family: "unix"
It’s called IntelliJ IDEA, and you can

Software Processes
Build Automation Tool: Maven
 Maven offers a way to bootstrap
projects or create skeletons using mkdir projects
cd projects
archetypes. They will create the mkdir courses
cd courses
project themselves by writing it from cat << EOF > pom.xml
scratch. <?xml version="1.0" encoding="UTF-8"?>
<project
 To define projects, they use pom.xml xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.
(Project Object Model) files. The w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/P
entry point of their project. First of OM/4.0.0 http://maven.
all, they create a folder to hold the apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
project, let’s call it courses, for <groupId>com.example</groupId>
<artifactId>courses</artifactId>
example. Just switch to a folder <version>1.0-SNAPSHOT</version>
where you want to keep everything, <packaging>pom</packaging>
</project>
create the courses folder, and the EOF

following pom.xml inside:

Software Processes
The Project Coordinates
The first thing you define is the project coordinates, meaning the values that
uniquely identify your project:
1. GroupId: Should be unique, usually most projects use the domain name
of the company or project if it’s the case. In our case we’ll use
com.example.
2. ArtifactId: Matching the folder that holds the module. In our case courses.
3. Version: The current version of our project.
4. Packaging: The type of module. In this case, they say it’s a pom module,
which means that it’s a module that will hold other modules.

So, they just created a module called commons that inherits all the
configuration from the main root module, as they stated in the parent section.

Software Processes
Database: RDBMS - Pros
In software engineering, most of the time when they refer to databases, they
are referring to relational databases (RDBMS), but any form of organized
data can be called a database.
1. Structured data leading to no duplications.
2. Constraints on the data, leading to less faulty data from the applications
3. Relations between the data can have constraints, making it safe to build
relations by making sure they actually exist.
4. Transactional support, meaning that they can create a session, do a set
of operations, and if something goes wrong all of them are reverted, and
they end up in the previous state.
5. Isolation from other sessions; no changes are seen by them until the
session that introduces the changes is closed by a commit (this actually
depends on the isolation level, which is out of the scope of this
explanation).

Software Processes
Database: RDBMS - Cons
1. Not easy to scale horizontally - That’s why NoSQL databases were
developed—to address that problem. The Aurora RDBMS from Amazon
AWS provides an in-between solution, where it is possible to build a
cluster where the read workload is distributed. I must say, better than
nothing!
2. Data is normalized, which means that sometimes in order to collect some
simple information, they need to create complex queries or joins that pose
drawbacks in performance
3. No complex objects, as they mostly work with simple types such as
numbers, strings, dates, etc.
4. In our case and for development purposes, they will use a database that
they won’t need to install and configure. It’s called H2 and they can use it
as embedded, meaning that it will run inside our application. Of course,
for production scenarios, this is not an option, but it’s quite a good
solution for developing,

Software Processes
Database: RDBMS - H2 (DBMS)
 H2 is a relational database management system written in Java. It can be
embedded in Java applications or run in client-server mode (started in
May 2004). The software is available as open source software Mozilla
Public License 2.0 or the original Eclipse Public License.
One of you give us a rapid an overview
 If we later decide to change the database, there is no problem since they
will be using an Object Relational Mapping (ORM) library that abstracts
and translates all the instructions to the database vendor that they want.
This is possible, mainly due to SQL (Structured Query Language), special
language that is used to “talk” to databases in order to store, modify, and
retrieve data) being a standard and that most of the vendors follow that
standard.
 When designing a database schema, they often use Entity Relation (ER)
diagrams where they state the entities (tables) and their relations.

Software Processes
Entity Relation diagram of the user
and course tables
1. Table columns and rows: Table is a structure that holds data in a column
and row fashion. Data gets into the table using the rows, while the
columns dictate what data is there (Very similar to an excel sheet).
2. Primary key: A key that uniquely identifies a single row in the table.
3. Foreign key: A key that identifies a row on another table.
4. Relation: Defines how the tables relate to each other. (N-to-N relations) .
 There are two main types of SQL statements: Data Definition Language
(DDL) and Data Modification Language (DML). They are quite
explanatory; the former is used to create or define (schema) how our data
gets stored and organized. The latter is used to interact with the schema
they define—insert, update, and delete data. They will not get into detail
about them, as they have a nice tool that will do this for us. It is called
liquibase, and it is an open source library that helps us define database
schemas and keep track of their changes.
We need to see this tool (liquibase)
Software Processes
Entity Relation diagram of the
user and course tables

Software Processes
Entity Relation diagram of the user
and course tables Cont.
 They start by defining a table named users with an id, username,
password, etc. Then they define a table, courses, that for now only holds
the id and some other metadata such as creation time and update time
(especially useful to keep track of changes). They then define a relation
table called user_course, where they say that it relates to the user table
and the course table. Pay attention to the primary key—here, they could
perfectly say that the primary key could be user_id and course_id
together, but they want for people to be able to enroll more than one time
in the same course, but not at the same time. It seems perfectly valid that
you enroll in one course, finish it, and later you want to start it again—a
complete new instance of the course with everything empty (quizzes,
answers, etc.).

Software Processes
Authentication & Authorization
 They start by defining a table named users with an id, username,
password, etc. Then they define a table, courses, that for now only holds
the id and some other metadata such as creation time and update time
(especially useful to keep track of changes). They then define a relation
table called user course, where they say that it relates to the user table
and the course table. Pay attention to the primary key—here, they could
perfectly say that the primary key could be user_id and course_id
together, but they want for people to be able to enroll more than one time
in the same course, but not at the same time. It seems perfectly valid that
you enroll in one course, finish it, and later you want to start it again—a
complete new instance of the course with everything empty (quizzes,
answers, etc.).

Software Processes
Authentication & Authorization
Cont.
 Authentication is the way of proving to some entity that you are, in fact,
who you say you are. For this to be possible, an authority comes into play.
A good example is the following: when going to another country, you take
your passport with you. Once you arrive at your destination, you will have
to hand your passport to the officer in charge. In this example, you are the
entity trying to authenticate, the passport is your token of authentication,
and the officer is the authenticator, meaning the one that will or will not
give you access based on the fact that he trusts the authority that issued
your passport.
 Authentication (AuthN) is a process that verifies that someone or
something is who they say they are. Technology systems typically use
some form of authentication to secure access to an application or its data.
 Authorization is the security process that determines a user or service's
level of access. In technology, they use authorization to give users or
services permission to access some data or perform a particular action.

Software Processes
Authentication & Authorization
Cont.
 The OAuth2 protocol, the one they’ll be using for our project, also uses
HTTP Basic Auth when asking to authenticate users, and payment service
providers (PSPs) also use Basic Auth to push notifications to the
merchant’s servers, among other examples that are outside the scope of
this section. OAuth2 is one of the most popular authentication protocols
used nowadays.
 Let’s describe what they just did here. In order to authenticate a user on the
authentication server, they need to authenticate the call to our authentication server
using the HTTP Basic Auth; hence they use the credentials “webapp” (user) and
“test” (password). Then they pass to the body of the request our user credentials
(the one they just created). As a result, they receive two tokens:
1. Access token: The token they will use to make subsequent requests. This token is
used to access the server’s resources and it is usually a short-lived token. This
increases the security, because if for some reason someone grabs a hold on this
token, it won’t have access for long.
2. Refresh token: The token they will use to get a new access token once the one
they are using expires.
Software Processes
Authentication & Authorization
Cont.
 This can be easily fixed by storing it in a persistent storage (like a
database) or use JSON Web Tokens (JWT), which are auto-contained
tokens where the token itself describes the user and their security
aspects. Now you can start using the token to make requests like the
following (remember that for you, the tokens are different!) curl -v -X GET
localhost:8080/api/v1/secured/users/me -H "Content-type:
application/json" -H "Authorization: bearer 7977c2f9-6664-4bdf-9bab-
8d8ce6f0bc44"
 This term is Authorization. People often misuse them, but they are actually very
clear. They already defined authentication as being the mechanism that verifies
someone is actually who or what they say they are, while authorization means
basically what they are authorized to access. For example, right now our online
education platform will only provide access to students, but in the future, it will
provide access to administrators and teachers. The authorization is often done by
assigning roles when the user authenticates. In our case, they assign the
STUDENT role. In the future, we might need to have some metadata in the
database, so they can inject the proper roles when the users login.
Software Processes
Development: Application stack
 Let’s start doing some coding! For this section you will
use the “courses-incomplete” project. Before they start
let us describe how our application is structured. They
split our application into logical modules where some of
them also translate to physical modules. The stack is as
follows
 The hierarchy works with self-contained blocks where
the modules on top can see all of the modules below
them, it’s easier and cleaner to reuse these modules.
 Let’s come up with a real-life example; it is very likely
that at some point they need a Customer Management
System (CMS). Since it will operate in the same
database, they could easily share the persistence layer
where they already have all the objects that map to
database entities and relations.
Software Processes
Development: Application
stack Cont.
 Database: The database module is the database engine they
chose for the project.
 Persistence Layer: The persistence layer is the set of features
they create to interact with our database. In it they define, via
Java objects, how our database looks for our applications. They
also define a set of repositories, which are no less than a set of
queries that our upper layers will use to fetch and store data.
 Service Layer: Here is where most of the logic resides. This
module is responsible for interacting with the persistence layer
to store, change, and retrieve data.
 The Service API: It is a set of interfaces that the service layer
implements so the upper modules do not have to deal with the
specifics of the actual implementation of the service layer. This
is not that obvious, but it is more kind of a way to prevent a
possible growth on the project complexity.

Software Processes
Development: Application
stack Cont.
 REST API and Transformation Layer: The REST API exposes
our application to the outside world via REST endpoints.
 It is responsible for translating the way they talk to our clients to
the way they talk to our backend application. For example, the
user object they work with on the frontend application might not
have the same structure or data as the one they use internally.
The REST API knows this and can also ask to transform data
back and forth with the help of the translation layer so that this
communication is properly done. For example, the user object
they work with on the frontend application might not have the
same structure or data as the one they use internally. The
REST API knows this and can also ask to transform data back
and forth with the help of the translation layer so that this
communication is properly done.

Software Processes
Development: Application
stack Cont.
 When designing a REST API, they rely on HTTP methods for
specific kinds of operations:
1. GET: Used to retrieve data. Clients making a GET request will
NEVER expect that data can change.
2. POST: They use this one to create new entities. This means
that if you try to create another entity that is the same—for
example, two users with the same username
3. PUT: Used to update the full entity. This means that when a
user makes such call, it is expected that the whole object is
replaced with the new one being sent.
4. PATCH: Replaces the non-null elements in the entity. It should
be used, for example, if they just want to update the name of
the user, but not the entire user. This is the most preferable
way of updating data. In general, they discourage people to
use PUT and use PATCH in its favor.
5. DELETE: Use this method to delete entities.

Software Processes
Testing
 How could they test the creation of a user? They need to cover
several things, such as creating a user with all valid data,
invalid data such as invalid username or password, and even
the case where they try to register a user that already exists.
The following is the latter case.

 but don’t worry, they already prepared that for you! Switch
inside the liquibase module and run
mvn liquibase:update –Ptest

Software Processes
Thank You

2022-09-01 Software Processes 26/112