views:

193

answers:

4

I'm building a web application (Java/Flex) that I hope to one day sell, but am aiming for a private beta to start with. I've been looking for some resources that explain the mechanics of processing a user's registration and payment, and then making the web app aware of that user's credentials and entitlement, but have yet to find anything.

I'm especially interested in the interaction between system that handles the sales and the web application itself, which needs to be aware of customers, their credentials, and their entitlements.

For example, if I buy a one-year subscription to WebAppXYZ, how does the shopping cart that took my payment tell WebAppXYZ that I exist, and that I'm entitled to this or that, and that my subscription is only valid for a year?

I'm pretty sure that I'm not googling with the right keywords, or don't recognize the solutions when I see them. Can anyone in the SO community give me a gentle push in the right direction?

A: 

"customer management"? Your question refers to "registration and payment". The former makes me think of security/authentication/authorization. There are standards like SAML and XACML that might help; OpenId; SxIP; maybe more.

The payment part might be as simple as adding a credential to a message header that your services can process. I'm not as familiar with that, but I'd begin with those security standards to see how this payment authorization might fit in.

duffymo
What I'm thinking about is the relationship between a customer, who has a subscription of a certain nature, and an application user. So, when a customer buys a subscription with a certain access level, how does that info get fed to, say, the 'user' tables in the application's database?
Mike Sickler
The customer will have to supply sufficient info to allow you to identify them when they purchase the subscription at the given access level. The service that processes the order is free to add the appropriate info to those user tables.
duffymo
Thank you for your prompt responses. This seems like such a common use case that there must be some libraries that abstract much of the nuts and bolts of managing subscriptions, creating users, etc. I'm looking for a framework.
Mike Sickler
A: 

If you're using Spring, look into ACEGI/Spring Security. It's a nice Java security framework.

duffymo
Thank you. I'm currently using Spring Security for authentication, but I'm looking for something a little different, namely account management.
Mike Sickler
Very good, sorry I'm not more helpful.
duffymo
Thanks for helping me 'think out loud' :)
Mike Sickler
A: 

There is a lot to cover. The single best resource I found is:

http://www.merchant-account-services.org/articles/

You need the following to accept payment:

  • Merchant Account
  • Payment Gateway (Authorize.net is a common one)
  • SSL Certificate

Follow that link and read up there. That will go into enough detail to get you started.

Mike
+1  A: 

The only real 'concern' for the web app here is what the user is entitled to, not how they came to have that entitlement (i'd consider the shopping/purchasing "separate" of the app itself, even if it is actually integrated).

As the other response indicates, you're going to have some form of payment gateway, they should be the ones taking care of most of this type of 'work'. They all should offer recurring payments (subscriptions) if not, find a better one. ;)

Some (such as internetsecure - not affiliated with them, I just think it is a cool idea) will allow you to provide a bunch of 'pin codes' to associate with products; your app then just needs to ask for and validate the pin.

If your chosen service doesn't do something like that, a similar approach should be fairly easy to implement.

If that's overkill, typically you'd just store the entitlement information when their payment has been processed sucessfully; it could be as easy as

UPDATE Users SET hasPaid = true WHERE customerId = @id

Cheers. I'm mainly concerned with reinventing the wheel on the integration between customer management and user management. But if there's no Java framework that abstracts this, then as you say, I can resort to writing a bunch of db updates that are kicked off by the shopping cart system.
Mike Sickler