Life ConnectLife Connect
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
  • Backend (Java / Spring Boot)

    • adb
    • adb-persons
    • adb-parts
    • adb-contracts
    • adb-accounting
    • adb-files
    • adb-utilities
    • adb-aggregates
    • adb-views
    • adb-reports
  • Frontend

    • adb-ui
    • adb-web
  • Infrastructure & tooling

    • adb-charts
    • adb-infrastructure
    • adb-tests-artillery
    • adb-doc
  • External services (out-of-monorepo)

    • adb-tickets
    • adb-notes
    • adb-graph
Last updated 2026-06-01

adb-persons

AI-generated content

This document was generated by an AI assistant. Verify accuracy before relying on the details.

Role

Service responsible for every person handled by the platform: owners, tenants, suppliers, guarantees, etc. It also manages organizations (companies), user invitations, and Keycloak provisioning.

It is the only service that writes to Keycloak to create and update user accounts.

It also serves as the identity source for all other services: the /persons/me endpoint resolves the currently authenticated user from the JWT and returns their full person record. Every service that needs to identify the caller (accounting, contracts, views, etc.) calls this endpoint.

Tech stack

ItemValue
Spring Boot3.1.3
Java18
Port8081
DatabaseMongoDB Atlas — database adb-persons
AuthKeycloak (resource server + admin client)
Reactive stackSpring WebFlux + Reactive MongoDB
Version0.29.0-SNAPSHOT
Main classfr.lifeconnect.adb.person.AdbPersonApplication

Depends on the shared modules: adb-common, adb-model, adb-messaging, adb-actions, adb-action-logs.

Internal architecture

flowchart TB
    subgraph Controllers
        PC[PersonController]
        OC[OrganizationController]
        TC[TenantController]
        IC[InvitationController]
        UC[UserController]
        CSC[CompanySettingsController]
    end

    subgraph Services
        PS[PersonService]
        OS[OrganizationService]
        IS[InvitationService]
        US[UserService]
    end

    subgraph External
        Mongo[(adb-persons<br/>Mongo)]
        KC[Keycloak Admin API]
        AtlasTrigger[Atlas Trigger]
        EB[EventBridge]
        SQS[SQS queues]
        Files[adb-files]
    end

    PC --> PS
    OC --> OS
    TC --> PS
    IC --> IS
    UC --> US

    PS --> Mongo
    OS --> Mongo
    IS --> Mongo
    US -->|admin credentials| KC

    PS -.HTTP.-> Files
    Mongo -.entity change.-> AtlasTrigger
    AtlasTrigger -.-> EB
    EB -.-> SQS

Endpoints

ControllerBase pathRole
PersonController/personsPerson CRUD + /persons/me
OrganizationController/persons/organizationsOrganization CRUD
TenantController/persons/tenantsTenant management
InvitationController/persons/invitationsUser invitations
UserController/persons/{personId}/usersKeycloak user accounts
CompanySettingsController/persons/companySettingsCompany settings
ErrorDebugController/persons/errorsDebug

OpenAPI / Swagger available at /persons/api-docs.

Data model

erDiagram
    PersonEntity ||--o{ OrganizationEntity : "belongs to"
    PersonEntity ||--o{ InvitationEntity : "receives"
    PersonEntity ||--o{ DelegationEntity : "delegator / delegatee"
    OrganizationEntity ||--|| CompanySettingEntity : "configures"

    PersonEntity {
        string _id
        string firstName
        string lastName
        string email
        string type "natural / legal / unknown"
        string organizationId
    }
    OrganizationEntity {
        string _id
        string name
        string vatNumber
    }
    InvitationEntity {
        string _id
        string personId
        string status
        date expiresAt
    }
    CompanySettingEntity {
        string _id
        string organizationId
        object settings
    }
    DelegationEntity {
        string _id
        TargetObject delegatedResource
        TargetObject delegator
        TargetObject delegatee
        Set~String~ delegatedScopes
        date startDate
        date endDate
    }
CollectionEntity
personsPersonEntity
organizationOrganizationEntity
invitationsInvitationEntity
company_settingsCompanySettingEntity
delegationsDelegationEntity

Delegation

DelegationAdapterPersonImpl implements the DelegationPort interface (from adb-security) and persists delegation records in the delegations collection. A delegation links a delegator (e.g. an owner) to a delegatee (e.g. a manager), scoped to a specific resource and a set of delegatedScopes, optionally bounded by startDate / endDate.

The adapter is consumed by security infrastructure to resolve effective permissions for a principal acting on behalf of another — it is not exposed directly via an HTTP controller in this service.

Events

Emitted (MongoDB Atlas Trigger → EventBridge → SQS)

Events are not published by the Spring service directly. MongoDB Atlas triggers fire on entity changes and push notifications through AWS EventBridge, which delivers them to the relevant SQS queues:

  • onPersonModified — fired when a persons document is written
  • onOrganizationModified — fired when an organization document is written

Consumed by adb-contracts, adb-accounting, adb-views.

Consumed

No SQS listeners — adb-persons is purely an event producer.

Dead-letter

No SNS usage — no SQS consumers means no DLQ producer.

Inter-service dependencies

flowchart LR
    persons[adb-persons]
    files[adb-files]
    keycloak[Keycloak]

    persons -->|GET /files/...| files
    persons -->|admin API<br/>user creation| keycloak

    contracts[adb-contracts] -->|GET /persons| persons
    parts[adb-parts] -->|GET /persons| persons
    accounting[adb-accounting] -->|GET /persons| persons
    aggregates[adb-aggregates] -->|GET /persons| persons
    views[adb-views] -->|GET /persons| persons
    web[adb-web/bff] --> persons
    ui[adb-ui] --> persons

Configuration / deployment

Environment variables

VariableRole
MONGO_DB_URIMongoDB connection string
SECURITY_ISSUER_URIKeycloak issuer (JWT validation)
SECURITY_TOKEN_URIToken endpoint (Client Credentials)
CLIENT_ID / CLIENT_SECRETService credentials
ADMIN_CLIENT_ID / ADMIN_CLIENT_SECRETKeycloak admin credentials (user creation)
INVITATION_URIInvitation URL sent by email

Helm chart

Deprecated — Helm charts are no longer maintained. Infrastructure is managed via Pulumi (infra/).

adb-charts/charts/services/templates/adb-persons.yaml — deploys a Kubernetes Deployment + Service. Docker image: lifeconnect/adb-persons.

CI/CD pipeline

Bitbucket Pipelines (legacy) — migration to GitHub Actions is ongoing as part of the move to a monorepo.

Links

  • Code: adb-persons/
  • Application: adb-persons/src/main/java/fr/lifeconnect/adb/person/AdbPersonApplication.java
  • Configuration: adb-persons/src/main/resources/application.yml
Edit this page
Last Updated:
Contributors: Yevhenii Khudolii
Prev
adb
Next
adb-parts