I'm using Seam and IceFaces to build a commercial website. Although I think I understand the basics of Seam pretty well and have been making good progress, I'm finding that I have a lot of questions on how to implement more advanced features. I'd like to start some discussions on best practices and see if anyone has any experiences, ideas, thoughts, or pitfalls, they might be willing to share.
One of the things I'm looking to implement is a paid subscription system. A user would be able to register on the website but certain functionality/pages would not be accessible unless they have an active paid subscription. I have only done some basic security/permission work so far (registered user pages, admin pages, etc.) but I'm thinking this is also the way to go with paid subscriptions. Any problems using Seam security/permissions for this? Is it possible to add/remove the persmissions in real time or are they cached somehow?
A user's subscription could expire at any time. So the first concern I have is how to detect when a subscription expires. A couple of approaches come to mind: 1) Do a check each time a user accesses a subscription-restricted page or function. 2) Run some task asynchronously that checks. Maybe Quartz or something similar would be appropriate for this? Or is it better to run something like this in a completely separate process?
The administrator would also have the ability to add/modify/remove subscriptions, so this is another thing to keep in mind.
My next concern is how to ensure that the subscription state is propogated in a timely and efficient fashion. I'm assuming that any change made to subscription state would be stored in the database...that makes enough sense. But maybe it needs to be propogated through JMS or other means as well.
A user could be logged into several sessions simultaneously, so I need to somehow ensure that the state gets to all these sessions. Furthermore, even though I'm not using clustering now, I may be using it in the future which would further complicate things...thus my thoughts that maybe a JMS solution is needed to make sure each instance is notified. I've never tried it, but I would assume that you could visit each session with the target username and update any subscription information stored in that session (set it dirty, remove it so a factory recreates it, etc.)
If I used a database only approach I could 1) load the subscription info from the database when the user logs in and store it in session scope. or 2) reload it from the database each time a subscription-required page or function is accessed.
The downside of number 1 is that it doesn't handle any of the real-time concerns and could be stale. The downside of number 2 is that it could be overtaxing the database and slow down app response.
I've been leaning towards a third approach which would be like number 1 above, but would also update all sessions where the target user is logged in when a change to the subscription info is detected. To handle a clustered environment, I would think I would need JMS or something else to let each server know that a change has occured. It looks like a lot of work but seems like the only method that will cover all the cases. I would still need to grapple with how to determine when a subscription has expired though.
In addition to the above, I would also like to be able to set up optional automated emails to warn about subscription that are about to or have expired.
Ok. I hope I got the gist of the problem down and am eager to see what other people have come up with. This is just one of the problems I'm facing in a real-world problem by the way. I'm just hoping to get some discussion going about more complex things which may be more general in nature. It seems like there is plenty of talk about easy framework issues, but I've seen very few on addressing some of the big-picture more comples issues. Thanks in advance!