Application architecture

This page describes the CzechIdM application architecture.

CzechIdM consists of two major components, a backend (BE) and a frontend (FE). Backend is realized as a Java application running from within the Tomcat container. Frontend is a HTML5+JS single-page application.

Both components are usually bundled together in a WAR archive so the static content is also server from the Tomcat. However, if the need arises, FE and BE can be decoupled and run separately. Frontend then can be served e.g. by Apache HTTPD or nGinx.

Thanks to the RESTful API of a backend, other CzechIdM client applications can be used - console clients, portlets and such.

The application backend (BE) is written in Java and running in the Tomcat container. It is based on a Spring Boot project which enables us to use modules - and therefore every application component is a module:

  • CORE module - the core functionality that simply has to be there
  • ACC module - a module for managing accounts
  • OpenAM module - a module for integration with OpenAM access manager

The list of modules is maintained here.

Each module provides its own components to the application - RESTful API controllers, services, its own database tables if it needs them, its configuration. Modules are registered in the module registry and can be turned on/off in the user interface.

CzechIdM uses Hibernate as an ORM framework but not to its full potential. For example, we do not use @OneToMany(…) and similar annotations. All entity relationships are handled explicitly in services.

We also do not use automatic schema generation. The schema changes are versioned with FlywayDB framework. It brings the schema up to date on every start of the application.

For application auditing (data changes), we use Hibernate Envers. For additional security, we use JWT. There are also other components like Swagger documentation tool, which generates the REST API documentation in realtime, but those are not so important. More detailed overview of the backend can be found on this page in the developer guide.

The frontend (FE) bundled with CzechIdM is a HTML5+JS single-page application. At the bottom, there is a module loader, which loads all the modules needed. The same way as are the modules structured on backend side, they are structured on frontend side. To be exact, each module provides its own frontend and backend part to the application.

Each frontend module has services that communicate with the backend using REST API. The module state is stored in Redux on the client side. Above the Redux, there are managers and finally the visualization layer - ReactJS components. We have written custom components to suit our needs, however some of them are publicly available on GitHub in separate repos. Check out our GitHub for more info.

For building the frontend, we use Gulp. Modules and their dependencies are handled by Browserify. All those things are installed to the developer's environment with NPM. More detailed overview of the frontend can be found on this page in the developer guide.