DEV Community: Pramitha Jayasooriya

Run Ballerina in Your Browser!

Pramitha Jayasooriya — Sat, 15 Nov 2025 07:58:36 +0000

⚡ Instant Access, Powerful Engine

The Ballerina Online Playground eliminates the setup barrier. With a single click, you get a secure, sandboxed environment ready to write, compile, and execute Ballerina code.

👉 Launch the Playground Here
https://ballerina-online-playground.pages.dev/

Core workflow:

Code Editor (Left Panel): Write or paste your Ballerina code
Run Code: Click Run Code or press Ctrl + Enter
Output Panel (Right Panel): View compilation and execution output in real time
Editor Tools:
- Reset → load sample code
- Clear → start fresh

🤖 The Ballerina AI Assistant: Your Intelligent Co-Pilot

What sets this Playground apart is the integrated AI Assistant, powered by Google Gemini and OpenAI.

This is more than a chatbot — it’s a real-time Ballerina expert, making learning and debugging fast and intuitive.

Quick Actions:

Explain Code: Detailed, line-by-line explanations of your Ballerina logic
Fix Errors: Suggestions to resolve compilation/runtime errors
Optimize: Professional tips for performance and best practices
Help: Ask about syntax, modules, error handling, or any Ballerina concept

You can click the quick-action buttons or ask custom questions in chat.
AI-suggested code can be inserted directly into the editor with Insert Code, providing a seamless workflow.

📌 AI is fully context-aware and trained using ballerina.io documentation.

🧹 Real-Time Code Quality with Ballerina Lint

Maintaining high code quality is crucial.
The Playground integrates a Best Practices Checker inspired by the Ballerina Lint VS Code Extension.

As you type, the linter provides real-time feedback on:

Code quality
Ballerina best practices
Recommended conventions

VS Code Extension:
👉 https://marketplace.visualstudio.com/items?itemName=Pramitha.ballerina-lint

🏗️ Comprehensive Version Support (26 Ballerina Versions!)

Unlike simple online compilers, the Playground gives you full control over your execution environment.

You can switch between 26 Ballerina versions:

From 2201.3.0 (Swan Lake Update 3)
Up to 2201.12.0 (Swan Lake Update 12)
Including the Latest Development Build

Use Cases:

Testing compatibility
Reproducing version-specific issues
Educational purposes
Trying out older or newer runtime behaviors

📝 Monaco Editor Integration

Built using the same engine as VS Code, the Monaco Editor provides:

Syntax highlighting
Auto-completion
IntelliSense
Advanced editing features

⌨️ Supported Features & Keyboard Shortcuts

The Playground supports all core language features so you can focus on learning Ballerina efficiently.

🔒 Security and Limitations

The Playground is built with strict sandboxing:

No internet access
Isolated environment
Limited resources
Read-only file system

Disabled for security reasons:

HTTP clients
WebSockets
External APIs
Database connections
File system access
Services/listeners

This ensures a safe and stable environment for execution.

🚀 Ready to Start Coding?

Experience the best way to learn and prototype with Ballerina today.

👉 Start coding with the Ballerina Online Playground
https://ballerina-online-playground.pages.dev/

~ By Pramitha Jayasooriya

📬 Contact Details

LinkedIn: Pramitha Jayasooriya
GitHub: PramithaMJ
X (Twitter): PramithaMJ
Personal Website: PramithaMJ.live
Email: lpramithamj@gmail.com

Looking forward to connecting with you!

Why do we need to use Circuit Bracker Pattern inside Microservices?

Pramitha Jayasooriya — Mon, 08 Apr 2024 03:24:39 +0000

In today’s world of distributed systems and microservices architecture, ensuring resilience and fault tolerance is crucial. As microservices communicate with each other over networks that can be unreliable, services may fail, leading to cascading failures and degraded performance. The Circuit Breaker pattern offers a solution to this problem by providing a mechanism to detect and handle failures gracefully, thereby improving the overall reliability of the system.

What is the Circuit Breaker Pattern?

The Circuit Breaker Pattern, inspired by its electrical counterpart, is a design pattern used in software development to handle faults and failures in distributed systems. It is implemented as a state machine that monitors the health of a service or resource. When the number of failures exceeds a predefined threshold, the circuit breaker trips and prevents further calls to the failing service for a specified period. During this time, the circuit breaker redirects calls to a fallback mechanism, such as returning cached data or providing a default response, thus preventing the failure from propagating through the system.

Why Use the Circuit Breaker Pattern in Microservices?

In a microservices architecture, where services are independent and communicate over networks, failures are inevitable. A failure in one service can potentially impact other services that depend on it, leading to a domino effect of failures across the system. By implementing the Circuit Breaker pattern, developers can isolate and contain failures, preventing them from spreading and causing widespread outages. Additionally, the Circuit Breaker pattern helps to improve system resilience by providing mechanisms for fault tolerance, graceful degradation, and recovery.

Implementing the Circuit Breaker Pattern

Let’s illustrate the implementation of the Circuit Breaker pattern in a simple microservice scenario using Java and Spring Boot.

Dependencies:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-circuitbreaker-resilience4j</artifactId>
    </dependency>
</dependencies>

Circuit Breaker Configuration:

import io.github.resilience4j.circuitbreaker.annotation.CircuitBreaker;
import org.springframework.stereotype.Service;

@Service
public class ServiceA {
    @CircuitBreaker(name = "serviceA")
    public String callServiceB() {
        // Call to Service B
        // Return response or throw exception if failed
    }
}

Fallback Method:

import io.github.resilience4j.circuitbreaker.annotation.CircuitBreaker;
import org.springframework.stereotype.Service;

@Service
public class ServiceA {
    @CircuitBreaker(name = "serviceA", fallbackMethod = "fallback")
    public String callServiceB() {
        // Call to Service B
        // Return response or throw exception if failed
    }
    public String fallback(Exception e) {
        return "Fallback response";
    }
}

4 . Circuit Breaker Configuration (application.properties):

resilience4j.circuitbreaker.instances.serviceA.register-health-indicator=true
resilience4j.circuitbreaker.instances.serviceA.failure-rate-threshold=50
resilience4j.circuitbreaker.instances.serviceA.wait-duration-in-open-state=5000
resilience4j.circuitbreaker.instances.serviceA.sliding-window-size=5

Conclusion:

The Circuit Breaker pattern is a valuable tool for ensuring resilience in microservices architectures. By implementing this pattern, developers can mitigate the impact of failures, prevent cascading failures, and improve the overall reliability of their systems. Through proper configuration and integration with frameworks like Spring Boot and Resilience4j, developers can build robust and fault-tolerant microservices that can withstand the challenges of distributed computing.

~ By Pramitha Jayasooriya

Contact Details
For further information or to discuss potential opportunities, please feel free to connect with me on my professional and social platforms:

LinkedIn: Pramitha-Jayasooriya
GitHub: PramithaMJ
Personal Website: PramithaMJ.me
Email : lpramithamj@gmail.com
Looking forward to connecting with you!

[Solved] Cross-Site Request Forgery (CSRF) Attacks with Spring Security.

Pramitha Jayasooriya — Fri, 05 Apr 2024 02:19:05 +0000

A typical Cross-Site Request Forgery (CSRF or XSRF) attack aims to perform an operation in a web application on behalf of a user without their explicit consent. In general, it doesn’t directly steal the user’s identity, but it exploits the user to carry out an action without their will.

Consider you are using the website nextflix.com and the attacker’s website evil.com.

Step 1: The Netflix user login to Nextflix.com and the backend server of Nextflix will provide a cookie that will be stored in the browser against the domain name Nextflix.com

Step 2: The same Nexflix user opens an evil.com website in another tab of the browser

Step 3 : The user was tempted and clicked on the malicious link which makes a request to Nextflix.com. And since the login cookie is already present in the same browser and the request change email is being made to the same domain Nextflix.com, The backend server of Nextflix.com can’t differentiate from where the request came. So here the evil.com forged the request as if it is coming from a Nextflix.com UI page.

<form action="https://nextflix.com/changeEmail"
method= "POST" id = "form">
<input type= "hidden" name="email" value="user@evil.com">
</form>
<script>
doucment.getElementById('form').submit()
</script>

Solution to CSRF attack

To defeat an SCRF attack, the application needs a way to determine if the HTTP request is legitimately generated via the application’s user interface. the best way to achieve this is through a CSRF token. A CSRF token is a secure random token that is used to prevent CSRF attacks. The token needs to be unique per user session and should be of large random value to make it difficult to guess.

Let’s see how the CSRF attacks by taking the previous Netflix example again.

Step 1: The Netflix user logs in to Nextflix.com and the backend server of Nextflix will provide a cookie that will be stored in the browser against the domain name Nextflix. com along with a randomly generated unique CSRF token for this particular user session. CSRF token is inserted within hidden parameters of HTML forms to avoid exposure to session cookies.

Step 2: The same Nextflix user opens the evils.com website in another tab of the browser.

Step 3: User tempted and clicked on the malicious link which make a request to Nextflix.com. Since the login cookie is already present in the same browser and the request to change email is being made to the same domain Netflix.com. This time the nextfllix.com backend server except for the CSRF token along with the cookie. the CSRF token must be the same as the initial value generated during the operation.

The CSRF token will be used by the application server to verify the legitimacy of the end-user request if it is coming from the same App UI or not. the application server rejects the request if the CSRF token fails to match the test.

TIPS

By default, Spring Security enables CSRF fixes for all the HTTP methods that result in data changes like POST, DELETE, etc. But not for GET.

Using Spring Security configurations we can disable the CSRF protection for complete applications or only a few paths based on our requirements like below.

http.csrf().disable()
http.csrf().ignoring RequestMatchers("/saveMsg")

Thymeleaf has great integration & support with Spring Security to generate a CSRF token. We just need to add the below code in the login HTML form code and Thymeleaf will automatically append the CSRF token for the remaining pages/forms inside the web application,

<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />

Enhancements and Best Practices

1. CSRF Token Storage:
Ensure that the CSRF token is securely stored in the user’s session. Spring Security automatically handles this for you, but it’s crucial to emphasize the importance of secure session management.

2. Token Expiry and Regeneration:
Implement mechanisms to expire and regenerate CSRF tokens to prevent token reuse and enhance security. Spring Security offers built-in features for token expiration.

3. Custom CSRF Header:
Consider using a custom header for CSRF tokens, especially if your application involves multiple technologies or if you want to add an extra layer of security. Spring Security allows customization of the header name.

http.csrf().headerName("X-CSRF-TOKEN");

4. Strict Content Security Policy (CSP):
Enforce strict Content Security Policy headers on your web pages to mitigate the risk of XSS attacks. This will further secure your application by limiting the sources from which resources can be loaded.

http.headers().contentSecurityPolicy("default-src 'self'");

5. CSRF Token in AJAX Requests:
If your application makes AJAX requests, ensure that the CSRF token is included and validated in those requests. Modify your Thymeleaf code accordingly to handle AJAX scenarios.

$.ajax({
    url: '/changeEmail',
    type: 'POST',
    data: {
        email: 'user@evil.com',
        _csrf: /* CSRF Token value */
    },
    success: function(response) {
        // Handle success
    }
});

6. Educate Users:
Educate your users about the importance of not clicking on suspicious links and being cautious while interacting with websites. User awareness is a crucial component in preventing CSRF attacks.

7. Logging and Monitoring:
Implement comprehensive logging and monitoring to keep track of suspicious activities and potential CSRF attacks. This will help in identifying and mitigating threats in real time.

Summary

Incorporating CSRF protection is a fundamental step in securing your Spring Boot applications. By following best practices and leveraging the capabilities of Spring Security, you can significantly reduce the risk of CSRF attacks. Remember that security is an ongoing process, and staying informed about the latest security developments is essential to maintaining a robust defense against evolving threats.

By implementing these additional measures and best practices, you can fortify your application’s security posture and provide a safer online experience for your users. Stay vigilant, keep your dependencies up-to-date, and regularly review and enhance your security practices to adapt to emerging threats.

~By Pramitha Jayasooriya

Contact Details
For further information or to discuss potential opportunities, please feel free to connect with me on my professional and social platforms:

LinkedIn: Pramitha Jayasooriya
GitHub: PramithaMJ
Personal Website: Pramithamj.me
Looking forward to connecting with you!