Looking for a Jersey Java developer for the following project (container is apache tomcat 7):
I need a simple website with 4 pages: login (accessed by any non logged in user), main landing page (accessed only by logged in users), change password (logged in only), reset password (any user). Two roles should exist: admin and user.
Change password should be available to logged in users only and should ask for current password. Reset password should be available only to non logged in users and should send reset link over email only if email was used in system. On submit of reset password form there should be no indication if the email address corresponds to a valid user of the system. It should simply say 'Instructions sent to X.'
Authentication should be sound: salted and encrypted passwords in DB, form data sent securely over HTTPS (self signed certificate for dev purposes).
If user is not logged in, it gets displayed 'Login Page'. If user is logged in they get to:
a. main user landing if they are user role
b. admin user landing page if they are admin role
User role can not access admin role page. Admin role can access their own user page if they want to (but this part is optional).
User role has one model class User with (String name, String email, nullable String crtNumber, List<String> previousNumbers).
User landing page details user information (name, address, crtNumber, previousNumbers). Next to the crtNumber information there are two buttons: Revoke, Generate. When Revoke is pressed, call to some endpoint is made which moves crtNumber to previousNumbers and sets crtNumber to null. When generate is pressed it generates random number for crtNumber. These two endpoints reload main user landing page. Revoke is enabled whenever crtNumber is not null, Generate is enabled whenever crtNumber is null. Endpoints should only be available to logged in user. One user can not call Revoke / Generate endpoint for another user by sending in id.
Admin landing page should have possibility of creating a new user, deleting a user. When a user is deleted it can no longer log in and it is not removed from database. Creation procedure uses client name, email address. A link is sent over to client email address similar to reset password (this allows client to set up their initial account by accessing link in email).
It's simple functionality but it needs to look pretty and be securely implemented. I can provide wireframe diagrams for layout and general support should there be any inquiries.