Developer Documentation

Last updated: January 2025

1. Overview

Seesam NFC is a universal NFC access control platform designed for modern buildings. Our system provides a secure, mobile-first solution that works with existing access control hardware through an adapter-based architecture.

Key Features

• Multi-vendor hardware support via Adapter Pattern (HotSec implemented, others pluggable)
• DESFire EV1-EV3 NFC chip compatibility
• GPS-based validation with circle and polygon geo-fencing
• Multi-tenancy ready with AWS CDK-based infrastructure
• Comprehensive audit logging with metadata tracking

2. Technical Architecture

Backend Stack

• Framework: Spring Boot 3.2.0 (Java 17+)
• Database: PostgreSQL 15+ with Liquibase migrations
• Authentication: JWT tokens + Estonian ID (Mobile-ID, Smart-ID)
• Security: OAuth 2.0 device flow, BCrypt password hashing
• API: RESTful endpoints with Spring Security

Frontend Stack

• Framework: Vue 3 with Composition API
• UI Components: PrimeVue component library
• State Management: Pinia stores
• Build Tool: Vite for fast development and optimized production builds

Infrastructure

• Container Orchestration: Kubernetes on AWS EKS
• CI/CD: GitLab CI/CD pipeline
• Cloud Services: AWS S3 (app distribution), DynamoDB (tenant registry)
• Deployment: Docker containers, Helm charts

3. Hardware Adapter Pattern

Our adapter-based architecture allows seamless integration with different access control hardware vendors without changing core business logic.

Why Adapter Pattern?

The Hardware Adapter Pattern decouples the system from vendor-specific APIs, enabling:

• Easy switching between hardware vendors
• Adding new vendor support without modifying existing code
• Consistent internal API regardless of hardware provider
• Simplified testing with mock adapters

Architecture Overview

Application Layer (DoorService, UserSyncService)
         │
         ▼
Hardware Provider Interface
         │
         ▼
Adapter Layer (HotSecAdapter, YourAdapter)
         │
         ▼
External Hardware APIs
                

Vendor-Agnostic Domain Models

All hardware interactions use standardized domain models:

• HardwareUser - User representation across all vendors
• HardwareDoor - Door model with universal attributes
• DoorAccessCommand - Unified door control commands (UNLOCK, LOCK, PULSE, HOLD_OPEN)
• DoorAccessResult - Standardized operation results

Implementing Your Own Adapter

To integrate a new hardware vendor, implement these interfaces:

1. HardwareAuthenticationProvider - Handles vendor API authentication and token management
2. HardwareUserProvider - Manages user synchronization with hardware system
3. HardwareDoorProvider - Controls door access operations
4. HardwareProvider - Main facade that combines all sub-providers

Example: Basic Adapter Structure

@Service
@ConditionalOnProperty(name="hardware.adapter", havingValue="yourvendor")
public class YourVendorHardwareProvider implements HardwareProvider {

    @Override
    public HardwareAuthenticationProvider getAuthenticationProvider() {
        return new YourVendorAuthAdapter();
    }

    @Override
    public HardwareUserProvider getUserProvider() {
        return new YourVendorUserAdapter();
    }

    @Override
    public HardwareDoorProvider getDoorProvider() {
        return new YourVendorDoorAdapter();
    }
}
                

Configuration

Activate your adapter in application.yml:

hardware:
  adapter: yourvendor  # Options: hotsec, yourvendor
  api:
    server: https://api.yourvendor.com
    username: ${HARDWARE_API_USERNAME}
    password: ${HARDWARE_API_PASSWORD}
                

4. Deployment Options

Standalone Server

Run as a Java application on Windows, Linux, or macOS servers. Ideal for traditional IT infrastructure with straightforward setup and management.

Docker Container

Deploy using our multi-stage Dockerfile for consistent environments across development, staging, and production. Includes:

• Alpine Linux for minimal image size
• Non-root user for security
• JRE-only runtime image
• Health check endpoints

Kubernetes

Production-grade deployment with:

• Horizontal pod autoscaling (HPA)
• Rolling updates with zero downtime
• Liveness and readiness probes
• ConfigMaps and Secrets management
• Ingress controller for TLS termination

Managed Cloud (SaaS)

We host and manage everything on AWS EKS. Each customer receives:

• Custom subdomain (e.g., yourcompany.seesamnfc.com)
• Dedicated PostgreSQL RDS database
• Isolated data with shared infrastructure
• Automatic backups and updates
• 24/7 monitoring and support

5. Getting Started

For Developers

Clone the repository and set up your local environment:

# Prerequisites
- Docker Desktop (required for PostgreSQL)
- Node.js 18+
- Java 17+

# Start development stack
docker-compose up -d

# Run backend
cd backend
./mvnw spring-boot:run

# Run frontend
cd frontend
npm install
npm run dev
                

For Hardware Integrators

To integrate your access control hardware:

1. Review the Hardware Adapter Pattern section above
2. Implement the required provider interfaces
3. Map your vendor API to our domain models
4. Configure activation via @ConditionalOnProperty
5. Write comprehensive unit tests
6. Submit for code review and integration

For System Administrators

Deploy using your preferred method from our deployment options. All methods require:

• PostgreSQL 15+ database
• Environment variables for configuration
• Hardware API credentials
• HTTPS/TLS certificates for production

6. Security

Authentication

• JWT Tokens: Short-lived access tokens with refresh capability
• Estonian ID: Mobile-ID and Smart-ID integration for strong authentication
• OAuth 2.0: Device flow for mobile app authentication
• Password Security: BCrypt hashing with strong password requirements

Data Protection

• Encryption: AES-256 for NFC chip data, TLS for network communication
• Database: Encrypted at rest, connection pooling with SSL
• Audit Logging: Comprehensive tracking of all user actions
• Role-Based Access: USER, OPERATOR, ADMIN role hierarchy

Compliance

• GDPR-compliant data handling
• Audit trail for compliance reporting
• Data retention policies
• Right to be forgotten support

7. Support & Resources

Getting Help

• Technical Support: Contact us for technical assistance
• Integration Support: Dedicated help for hardware adapter development
• Status Page: Monitor system status and planned maintenance

Additional Documentation

• Privacy Policy - Data handling and privacy
• Terms of Service - Service agreement
• Security - Security practices and compliance
• GDPR - GDPR compliance information

Ready to integrate? Schedule a demo to discuss your specific requirements and get started with Seesam NFC.