Cost control and accounting system of telecom services allows controlling the telecommunication costs of the company.
The system is a group of applications:
The web application for clients provides a single entry point for obtaining information about all customer accounts (mobile, fixed, RAS, data) and acts as a reporting service of the organization at all levels: corporate, regional, national, local (company management level) and user level. This application allows the client to manage information about the organization, delimit the rights within the company among employees, organize the structure of the company hierarchy, cost control for a specific period, etc.
The web application for administrators manages various aspects of the system: user management, system status monitoring, system events viewing, viewing and deleting customer accounts, managing email templates, adding localization, adding reference data to the system, etc.
The server component for event processing is a multithreaded java application that is responsible for handling various events that were initiated by other applications.
The main events of this application are:
These applications, with the help of analytics and diverse detailed reports, provide a complete picture of the costs, which helps to analyze and make decisions about optimizing the company’s expenses for telecommunications.
Another important element of the reporting service is the ability to provide employees with access to the service, which significantly increases their awareness of their costs for communication services and enables employees to take responsibility for telecommunication costs by dividing calls to business communications and calls for personal use.
The system is a multi-module Maven application. An automated build of projects with profiling configuration is implemented using Maven.
Web applications are implemented on the basis of the MVC pattern, which separates the model (business logic), view (HTML pages) and the controller (responsible for transferring data from model to view and vice versa).
The server side of the applications is implemented in Java, using well-known Struts2 and Spring frameworks.
To process non-standard cases, we created our own jsp-tags (for example, a multi-level menu with automatic data loading depending on the selected category).
To support user roles and manage them, Spring Security was used.
The system provides different users with different access levels to ensure the maximum security.
The connection between two web applications is organized through Single Sign On technology, which allows the administrator to switch to another application without reauthentication.
The application protection against various vulnerabilities and hacker attacks (for example: CSRF, XSS) was implemented with cross-browser compatibility support using CSP2.0 for newer browsers versions and our own solution by applying MutationObserverAPI for older versions of browsers. Tomcat was used as a web application server.
The server component for event processing is a multi-threaded console application. This application allows processing and downloading files of several formats (CSV, PDF, XML), and also receiving reference data from XLS and JSON files. Communication with other applications of the system is organized via the complex event model. The number of threads for event processing is defined by user. Flow management is organized using the standard package java.util.concurrent.
To perform complex operations with data in the database, stored procedures in PL/SQL language are used, this increases performance, expands programming capabilities and supports data security functions.
Interaction with the database is implemented with the help of Hibernate and JPA. JDBC Connection is used to achieve better performance for some cases.
Stack: Java, Maven, JPA (Hibernate), JDBC Connection, Servlet API, TagLib, JSTL, Jaxb, SuperCSV, JAX-WS, Apache commons, Apache POI.
Infrastructure: Jenkins, SVN.
Frameworks: Struts2, Spring, Spring security.
Test Automation libraries: Mockito, JUnit.
DB: Oracle, PL/SQL.
Other libraries: Ehcache, Achartengine.
Our team carried out the following works:
While we were working together on this project, the customer was in the process of obtaining ISO certification. To confirm its compliance with the necessary requirements and standards, the system of accounting and control of the costs of telecommunications services had to be audited by an authorized company.
The results of the audit, which was conducted in accordance with the OWASP Top 10 list of the most common security problems, came as an unpleasant surprise to the customer. It turned out that the project had a significant number of information security problems and risks. Since we were responsible for supporting their product, the customer assigned our team the task of fixing the identified defects.
In practice, the task turned out to be non-trivial and labor-intensive. In order to make the necessary changes to the relatively large code base, we had to dive into the product’s specifics and the nuances of each of the auditors’ comments. JazzTeam specialists not only made these changes, but also manually tested each fix. The systematic organization of the manual testing process played a major role in the success of this task.
As we worked to improve the product, the interaction with the audit firm was also fully transferred to JazzTeam. Our role was to negotiate and agree on the nuances of each issue. Some issues were very complex and not directly related to information security, or were advisory in nature. However, our team was able to fully process the audit firm’s comments and make the necessary improvements. As a result, the customer’s product successfully passed the certification and received confirmation of its compliance with the ISO standard.
JazzTeam delves deep into the specifics of the standards required to pass IT product certification. Not only do we effectively address the issues, we also manage the technological communication with the auditing companies and conduct comprehensive testing of the implemented changes.