Skip to content

Latest commit

Β 

History

History
110 lines (84 loc) Β· 3.24 KB

File metadata and controls

110 lines (84 loc) Β· 3.24 KB

πŸ§ͺ Senior Developer Test Project β€” Document Service

πŸ• Estimated Duration: 6–8 hours

πŸ› οΈ Technology Stack

  • Java 17
  • Quarkus (REST, gRPC, OIDC)
  • Maven
  • In-memory DB (H2 or equivalent)
  • Keycloak (OIDC provider)

πŸ“˜ Project Overview

Build a secured Document Service exposing both REST and gRPC APIs. The service must enforce RBAC and ABAC access control using OIDC (Keycloak). Documents are scoped to tenants, and users can only access documents associated with their own tenant.


βœ… Functional Requirements

1. πŸ” Authentication & Authorization

  • Use OIDC via Keycloak (you may use a local dockerized Keycloak).
  • Support RBAC using the following roles:
    • admin: can create and read documents
    • viewer: can only read documents
  • Support ABAC by enforcing access to documents:
    • Users can only access documents if document.tenantId == user.tenantId
    • Assume tenantId is provided as a custom claim (e.g., tenant_id) in the JWT.

2. 🌐 REST API

Expose the following endpoints:

Method Path Role Description
POST /documents admin Create a new document
GET /documents/{id} viewer Fetch document by ID (with ABAC)

Each document should have:

  • id: UUID
  • title: String
  • content: String
  • tenantId: String

Use in-memory storage (e.g., Map<UUID, Document>).


3. βš™οΈ gRPC API

Implement a simple gRPC service to simulate document processing.

Proto:

service DocumentProcessor {
  rpc Process(DocumentRequest) returns (DocumentResponse);
}
  • DocumentRequest includes documentId: string
  • DocumentResponse includes status: string (e.g., "Processed")
  • Access to this service must also validate RBAC + ABAC.

4. πŸ§ͺ Testing

  • Unit test for the document service logic
  • Integration test for REST API (e.g., using RestAssured)
  • Integration test for gRPC API (optional but preferred)

πŸ—ƒοΈ Project Structure (Suggested)

src/
β”œβ”€β”€ main/java/com/example
β”‚   β”œβ”€β”€ auth/          # ABAC logic, JWT parsing
β”‚   β”œβ”€β”€ rest/          # REST controller
β”‚   β”œβ”€β”€ grpc/          # gRPC implementation
β”‚   β”œβ”€β”€ model/         # Document DTOs
β”‚   └── service/       # DocumentService
└── resources/
    └── application.yml
test/
└── ...                # Tests for HTTP + gRPC

🐳 Keycloak Setup (Optional)

You may use a local Keycloak docker container with:

  • A realm named test-realm
  • Two users:
    • admin-user (role: admin, tenant_id: tenant-1)
    • viewer-user (role: viewer, tenant_id: tenant-1)
  • JWT should contain the tenant_id as a custom claim.

(You can mock JWTs if you don’t want to spin up Keycloak.)


πŸ“ Deliverables

  • A GitHub (or zip) project with:
    • Complete source code
    • Sample Keycloak config (or token structure)
    • Basic README with:
      • How to run the app
      • How to test it (e.g., curl commands or gRPCurl)
      • How to simulate JWTs if not using full Keycloak