DEV Community: Safvan P

Java Messaging Service ( JMS )

Safvan P — Mon, 23 Oct 2023 05:56:06 +0000

In today's digital world, communication is at the heart of everything. Computers, like us, have conversations using a language of their own. This secret language is what makes digital magic happen. In the world of Java, the wizard behind these digital conversations is known as JMS (Java Messaging Service). JMS is the key to unlocking seamless digital communication, and in this article, we'll explore JMS in detail. We'll also explore the two primary types of JMS, so you can understand them better.

The Need for JMS: Simplifying Digital Conversations

Imagine two friends, Andrew and Bob, who live in different cities. They want to share news and tasks. To achieve this, they exchange letters. In the world of computers, these letters are like messages. But, unlike Andrew and Bob, computers can't simply pass messages from hand to hand. This is where JMS comes in.

Think of JMS as a trustworthy postal service for computers. It ensures that digital letters, which are actually messages, travel safely and reach their destination in the right order. Just like a postal service takes care of all the logistics, JMS takes care of the complexities of message delivery.

But let's break down JMS into simpler terms. It mainly involves two roles - the sender, also known as the producer, and the receiver, known as the consumer. The producer creates messages and places them in a virtual mailbox (think of it as an inbox for computers). The consumer retrieves these messages and handles them. This communication can be like a private chat (similar to Andrew sending a letter to Bob) or a broadcast to a group of recipients (like Andrew sending letters to multiple friends).

Two Primary Types of JMS:

Point-to-Point Communication: This is the digital equivalent of Andrew sending a letter directly to Bob. In JMS, it's called point-to-point or P2P communication. It's a straightforward, private conversation where one sender and one receiver exchange messages. Just like when you send a text or email to a specific person. Well-known technologies that excel in enabling this one-on-one JMS communication include Apache ActiveMQ, Solace, IBM MQ, and many more.
Publish-Subscribe Communication: Now, let's imagine that Andrew wants to send a message to a whole community of friends. In the digital realm, this is similar to broadcasting a message to a group of people or subscribers. JMS calls this the publish-subscribe model. It's like posting a message on a public bulletin board, and anyone interested can read it. Technologies like Apache Kafka are experts in managing this type of communication.

The Magic of Messaging Queues: Enabling Asynchronous Communication

But why do we need messaging queues, and what's the big deal about asynchronous communication?

In our daily lives, we often do multiple tasks simultaneously. For example, you might cook dinner while enjoying your favorite music and checking your phone for messages. These tasks can all happen concurrently. You don't have to wait for one task to finish before starting another. This parallelism is precisely how messaging queues work in distributed applications.

Let's say you're running an e-commerce platform, and customers from all over the world are placing orders. You want to ensure that your order processing system runs smoothly. Here's where messaging queues come into play. They allow your application to handle multiple tasks at once. When an order comes in, it's added to a queue, like people waiting in line at a ticket counter. Your system can process these orders in the order they arrive. This is the beauty of asynchronous communication. Tasks can progress independently without waiting for each other.

Famous JMS players like Apache ActiveMQ are your go-to partners for ensuring these orders get processed efficiently, no matter how many come in. These systems maintain the order, manage priorities, and guarantee safe delivery.

Spring Boot: Your Reliable Messaging Assistant

But here's the best part: Spring Boot simplifies this whole process. It's like having a super-smart assistant who takes care of all the details, so you can enjoy a seamless conversation.

Spring Boot's magic lies in its ability to seamlessly integrate with JMS. It provides an easy way to configure message queues and listeners. Just as you open your mailbox to find letters, Spring Boot helps your application fetch messages from JMS queues.

In summary, JMS is the digital postal service, and Spring Boot is your trusty assistant, making it super easy to send and receive messages. Whether it's one-on-one conversations or broadcasting messages to a community, they work together harmoniously.

In the next part of our journey, we'll go deeper into one-on-one communication using JMS and Spring Boot. You'll learn how to set up a messaging queue to ensure your digital letters reach their destination safely. So, stay tuned !

🛡️The Ultimate Defense: Introduction to Spring Security 🔐

Safvan P — Wed, 30 Aug 2023 02:56:53 +0000

Last time, we expolored Servlet security and higlighted limitations. Now, let's take a step further and discover how Spring Security emerges as the ultimate solution to overcome these challenges.

In today's digital age, keeping our web applications secure is crucial. Even if companies have strong security measures for their servers, the safety of our web apps remains highly important. This is especially true when our apps are accessible online to everyone, which exposes them to potential risks. 👨‍💻Hackers work tirelessly every day to attempt breaches.

This is where Spring Security comes in. It offers a robust framework with a lot of features. By simply integrating Spring Security, we're automatically protected against common vulnerabilities like CSRF. Therefore, understanding and implementing Spring Security is of utmost importance. 🌐🔒

Spring Security: What's the Big Deal?

If you are aleardy familoar with web development, especially with the Spring framework, you'd know that securing your applications is crucial. And Spring Security is the tool for this job. It’s like having a digital watchman, always alert, ensuring everything's in order. 🕵️‍♂️🔒

Now, let's understand the important features of Spring Security:

1. Authentication: Are You Who You Say You Are?
When someone tries to access your application, the first thing you'd want to know is if they're really who they claim to be. This process of confirming someone's identity is called authentication. It's like the guard at the entrance of a gated community, asking for an ID card. If you show it, you get in; otherwise, you stay out.

Spring Security offers tools to do just this. Whether you're developing using Servlet or WebFlux, Spring Security has your back. 🕶️🔑

2. Defense Against Dark Arts: Stopping the Bad Guys
It's not just about who's coming in; it's also about stopping bad things from happening. Just as a good guard checks for any mischief, Spring Security checks for any sneaky attacks on your application.

Spring Security offers multiple layers of protection:

CSRF (Cross-Site Request Forgery): Stops attackers from tricking your users into performing actions without their knowledge.
HTTP Headers: Ensures that the communication between your user's browser and your server is secure.
HTTP Requests: Checks that incoming requests are genuine and not from someone trying to harm your app. 🛡️🚫

3. Making Friends: Integration with Other Tools
Spring Security isn't a lone ranger. It works great with other tools and technologies, enhancing its capabilities. Think of it as a member of a cricket team, where every player has their own specialty but they play best when together.

Here's a glimpse of its partnerships:

Cryptography: Secures data by transforming it into a code to prevent unauthorized access.
Spring Data: Works hand in hand with databases, ensuring only the right data is accessed.
Java’s Concurrency APIs: Manages multiple tasks at once efficiently.
Jackson: Helps in data binding and converting Java objects to JSON and vice-versa.
Localization: Adapts the application for different regions or languages. 🤝🌍

A Peek into the Digital World

Now that we've understood the nuts and bolts of Spring Security, it's evident how invaluable it is in the digital realm. With hackers and cyber threats looming around, tools like Spring Security act as our knights in shining armor. They might seem complex on the outside, but at their heart, they're simple tools designed to keep the bad guys out and let the good guys in.

Keep exploring, keep learning, and always ensure that your digital treasures are well-guarded. After all, as they say, it's better to be safe than sorry! 🌟🔐🚀

Simplifying Servlet Security: Keeping Your Web Apps Safe

Safvan P — Sat, 26 Aug 2023 05:04:17 +0000

Introduction

In our digital world, safeguarding web applications is of paramount importance. Imagine your application as a secure vault, and servlet security as the lock that guards it. In this blog post, we'll delve into servlet security step by step and explore the power of various authentication methods that ensure the safety of both our applications and users.

Getting Started with Servlet Security

Imagine having created an impressive web application. Now, how can you ensure that only authorized individuals access it? This is where authentication comes into play – think of it as a secret passphrase granting you access to an exclusive club. Your application wants to confirm your identity before granting you entry.

To implement the first three authentication methods, you'll need to add the following to your tomcat-users.xml file, usually found in Tomcat's conf directory:

this will act as security realm (authentication pprovider)

<role rolename="ADMIN"/>
<role rolename="CUSTOMER"/>
<role rolename="CLERK"/>

<user username="safvan" password="123" roles="CUSTOMER"/>
<user username="user1" password="123" roles="CLERK"/>
<user username="admin" password="^*&^*&hghsd" roles="ADMIN,CUSTOMER"/>

Different Approaches to Verification

1. BASIC Authentication: Simplicity at Its Best

Consider BASIC authentication as a friendly doorman who asks for your name and password. It's like saying, "Hey, I recognize you! Come on in." However, bear in mind that this method is suitable for non-sensitive information.

In BASIC Authentication, the client sends a request containing the username and password in plain text. The server responds with the requested information or an error. The syntax for BASIC Authentication is as follows:

Authorization: Basic <base64-encoded(username:password)>

Since the username and password are base64 encoded, this method is not recommended for real-world applications due to security concerns.

2. DIGEST Authentication: A Secure Puzzle

Next, we have DIGEST authentication. Imagine sending a secret message that gets scrambled before being sent. The recipient deciphers it and verifies your identity. It's like a puzzle only you and the server can solve, ensuring your secrets remain secure.

DIGEST Authentication is a more intricate form of authentication. The client initiates a request to the server, which responds with a nonce (a one-time-use number) and requests the client's authentication. The client then responds with the nonce and an encrypted version of the username, password, and realm (a hash). The server validates the client hash against its own hash, and either provides the requested information or returns an error if the hashes don't match.

To configure DIGEST Authentication in a Java Servlet application, add the following to your web.xml file:

<security-constraint>
    <web-resource-collection>
        <!-- Define your secure URLs here -->
        <url-pattern>/secure-path/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ROLE_MANAGER</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>myrealm</realm-name>
</login-config>

Keep in mind that DIGEST Authentication should be used over a secure connection due to its vulnerabilities.

3. FORM Authentication: Your Personalized Access Card

Now, envision FORM authentication as a personalized invitation to an exclusive event. You fill in your details on the invitation card, and the app welcomes you stylishly. Developers have the flexibility to craft an appealing login page and manage errors gracefully.

FORM Authentication involves sending user credentials within the body of a POST request. This method is widely used for web applications:

<h1 style="color:red;text-align:center;">Login Page</h1>
<form action="j_security_check" method="POST">
    <table border="1" bgcolor="cyan" align="center">
        <tr>
            <td>Username:</td>
            <td><input type="text" name="j_username"></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type="password" name="j_password"></td>
        </tr>
        <tr>
            <td colspan="2"><input type="submit" value="Login"></td>
        </tr>
    </table>
</form>

4. CLIENT-CERT Authentication: The Digital Passport

Have you heard of CLIENT-CERT authentication? It's like having a digital passport. Instead of a password, you present your digital certificate – a unique ID only you possess. The server verifies it, and upon confirmation, grants you access. This method is ideal for confidential transactions, such as sharing credit card information.

CLIENT-CERT Authentication involves the client providing a digital certificate for authentication. The server then validates this certificate to ensure its legitimacy.

To create Digital certificate using JDK supplied tool (key tool)

To configure CLIENT-CERT Authentication, use the keytool tool provided by the JDK to generate a digital certificate using the RSA algorithm. Here's a sample of how to set it up in the server.xml configuration file:

<Connector
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    port="8443"
    maxThreads="150"
    SSLEnabled="true">
    <SSLHostConfig>
        <Certificate
            certificateKeystoreFile="/path/to/mykeystore.keystore"  <!-- Default: {user.home}/.keystore -->
            certificateKeystorePassword="keystore_password"
            type="RSA"/>
    </SSLHostConfig>
</Connector>

Blending Modes for Enhanced Security

The exciting news is that you don't have to stick to just one authentication method. With servlet security, you can combine and match these authentication methods, similar to adding various toppings to a pizza. By using BASIC, DIGEST, FORM, and CLIENT-CERT methods in harmony, you can create a robust shield for your application.

Essential Considerations

While these authentication methods provide trustworthy protection, they do have limitations. For instance, CLIENT-CERT requires server support for HTTPS. Therefore, ensure your digital fortress possesses the necessary tools.

Drawbacks of Manual Authentication and Authorization

When it comes to manually securing a servlet, there are certain downsides to be aware of:

Limited Protection: Manual methods might lack advanced security features offered by specialized security frameworks.
Complexity: Implementing manual security can be intricate and prone to errors, especially when managing multiple user roles and permissions.
Maintenance Challenges: Manual security can lead to tightly coupled code, complicating maintenance and updates.
Inconsistent Implementation: Manual approaches can result in inconsistent security measures across different parts of the application.
Human Errors: Mistakes during implementation can introduce vulnerabilities.
Lack of Centralized Management: Managing user accounts, roles, and permissions manually becomes complex as the application scales.
Limited Auditing: Manual methods might lack comprehensive auditing and logging features.
Scalability Issues: As the application grows, manual management becomes more complex and can impact performance.
Expertise Dependence: Manual security relies on developer expertise, which can vary.
Compliance Challenges: Meeting regulatory requirements can be tough without dedicated security frameworks.
Integration Limitations: Manual methods might not integrate

How JDBC Paved the Way for Java Frameworks! 🛤️

Safvan P — Sat, 26 Aug 2023 04:10:58 +0000

Let's talk about JDBC and its magic in the Java world.

So, what's JDBC? It's like a messenger. It helps our Java programs talk to databases. It's been around for a long time and has done a lot of good work.

Because of JDBC:

Starting Point: JDBC was one of the first tools for Java to connect with databases. It made a clear path for others to follow.
Building Blocks: Many of our favorite Java tools and frameworks are built on top of JDBC. Think of JDBC as the foundation stone of a big building.
Inspiration: By showing how Java can talk to databases, JDBC inspired many to create new and better tools. It's like the first person who made a wheel, and then others made cars and bikes using that idea.
Flexibility: With JDBC, we have the freedom to connect to many different databases. This freedom helped others to think big and design flexible tools.

In short, JDBC has been like a guiding light. Because of it, many smart people created great tools for us to work with databases more easily in Java.

So, even with all the new tools around, it's good to remember and thank JDBC for starting it all!

Demystifying BDD: A Game-Changer for Software Testing 🎮

Safvan P — Mon, 21 Aug 2023 16:53:29 +0000

In the world of programming, sometimes we get lost in tech talk, leaving our buddies who aren't tech wizards scratching their heads. So, let's unpack a cool concept called Behavior Driven Development (BDD) in plain English. Think of it like explaining your favorite game to a friend!

What's BDD All About? 🤔
Imagine you're teaching your friend how to play a video game. Before diving into the action, you lay down the game rules:

What's the objective?
What should happen at different stages?
What's the winning move?

BDD is a bit like this. Instead of coding blindly (not literally, of course!), you define precisely how a piece of code should behave.

Breaking It Down: The Game Analogy 🎮

**Given** - Picture it as the starting point of your game. Your character is loaded, and you're ready to roll.

**When** - This is when the game is in full swing. You're making moves, battling foes, and collecting points.

**Then** - The end goal of the game. You've reached the final level, maybe defeated the boss, and celebrated your victory.

Now, translate this to coding, especially with tools like Mockito:

Given - We set up the initial game conditions.
When - A specific action or event happens in the game.
Then - We expect a particular outcome, just like reaching a winning stage.

A Real-Life Example: The Food Delivery App 🍔

Imagine you're building a food delivery app. A key feature is applying discounts during a food festival.

Given - The app displays regular prices of items.
When - The food festival starts.
Then - Items on the app should show their festival discounts.

Using Mockito's BDD features, it's like saying:

given(menuService.getAllItems()).willReturn(allItems);
In simple words, you're telling the app that if someone wants to see all the items, it should show the list of items we've set up.
Summing It Up 🎮

For folks who know programming but are new to Mockito and fancy testing tools, I hope this made BDD crystal clear. It's all about setting the rules for your code, much like explaining the rules of a game. This ensures smooth sailing without any unexpected glitches!

Exploring the Enchantment of Software Testing: An Easy Guide

Safvan P — Sun, 20 Aug 2023 11:16:46 +0000

Have you ever watched a movie and wondered how those high-flying stunts are performed? Well, testing in software development is a bit like having stunt doubles for your code. Let's dive into this exciting world of testing and unveil the mystery behind it.

What's this "Testing" Thing, Anyway?

Imagine you're baking a cake. You wouldn't just throw the ingredients together and hope for the best, right? You'd taste a bit of the batter before baking it to make sure it's turning out delicious. That's testing in the software world – making sure your code works as expected before sharing it with the world.

> Introducing Test Doubles: Your Secret Actors

In movies, stunt doubles step in for actors during risky scenes. Similarly, in software testing, we have "test doubles" that replace real parts of our code when things get complicated. Just like a stunt double keeps actors safe, test doubles keep our code safe by letting us test it in controlled environments.

Different Types of Test Doubles

1) Fake:

Stunt doubles in movies for dangerous scenes instead of the main actors. For instance, you might replace a real database with an in-memory database to make your tests faster and simpler.

2)Dummy:

Picture having extras on a movie set who don't say anything. Dummies are objects we put in our tests that don't really matter but keep the scene realistic.

3)Stub:

Think of an actor delivering lines as scripted in a play. A stubbed method is like giving our code hardcoded answers during testing. It helps us see how our code reacts to different situations.

4) Spy:

Ever seen a detective gathering evidence undercover? That's a spy. In testing, a spy watches and records interactions between parts of our code. It's like being the detective of our software.

5) Mock: Think of a play director guiding actors to perform perfectly. Mocks let us set up expectations for how our code should behave. They help us ensure that our code does what it's supposed to do.

Why Do We Need Test Doubles?

Imagine a recipe that needs an ingredient from the moon – not easy, right? Similarly, some parts of our code depend on things that are hard to use in tests, like real databases or networks. Test doubles step in and make our tests achievable, just like stunt doubles make action scenes achievable.

If you're interested in delving further into software testing and related topics, feel free to follow me or stay tuned for more insightful content.

Navigating Code Testing Waters with Mockito: Your Testing Crew for Smooth Sailing

Safvan P — Sat, 19 Aug 2023 08:17:41 +0000

Imagine you're the captain of a ship, and you need to make sure it sails smoothly in any weather. This ship is like your code, and you want to test it to be sure it works well. That's where Mockito comes in – it's like having a helpful crew that makes testing easier.

The Captain's Worry:

When you're testing, you want to focus on your code's behavior, not on outside systems it relies on. But what if those outside systems are not ready or behaving strangely? It's like trying to sail your ship without a working compass or wind!

Enter Mockito, Your Crew:

Mockito is like having a team of crew members who create pretend versions of those outside systems. These pretend versions, or "mocks," act just like the real systems, even when the real ones are not ready or misbehaving.

The Ship Sails Smoothly:

With Mockito, you can test your code as if everything is working perfectly, even when it's not. Just like your crew can simulate a working compass and wind to help your ship sail smoothly, Mockito's mocks simulate those outside systems for your code.

So, think of Mockito as your testing companion, making sure your code's journey is free of obstacles, just like a captain's crew ensures the ship's journey is trouble-free. It's like having your own secret weapon to conquer testing challenges!

🍽️ Enhanicing a Restaurant with Microservices Architecture! 🍽️

Safvan P — Mon, 17 Jul 2023 11:50:22 +0000

Imagine you're running a busy restaurant with different departments, each offering its own special dishes. 🏙️ Now, let's see how Microservices Architecture can totally transform the way your restaurant works:

📋 Service Registry (Restaurant Reservation System):

Just like a reservation system at the restaurant's front desk, the Service Registry keeps track of all the specialized staff members (microservices) available in your restaurant. Each staff member has a unique role, like a chef, bartender, waiter, and dessert expert. When a new staff member joins or changes their expertise, you update the reservation system, ensuring smooth coordination and excellent service.

👩‍🍳 Micro-Services (Specialized Staff):

Think of each specialized staff member in your restaurant as a microservice. The chef expertly prepares mouthwatering dishes, the bartender crafts delightful cocktails, the waiter ensures impeccable service, and the dessert expert creates delectable sweets. Each staff member focuses on their own area of expertise, just like microservices handle specific tasks in your restaurant.

🚪 API Gateway (Restaurant Host/Hostess):

The API Gateway acts as the restaurant's host/hostess and main service counter at the entrance. 🎉 Customers (clients) walk in, place their orders at the main service counter, and the host/hostess (API Gateway) greets them, arranges their seating, and guides each customer to the right specialized staff member (microservice) based on their preferences and needs.

🌟 The Magic of Microservices:🌟

With Microservices Architecture in place, your restaurant flourishes with efficiency, scalability, and seamless teamwork:

🚀 Speedy Service & Smooth Operations: Specialized staff members (microservices) work independently, reducing wait times and providing faster service to customers.
🎯 Efficient Use of Resources: Each microservice focuses on its specific job, optimizing resource usage and ensuring top-quality in every aspect.
🔁 Flexibility & Creativity: Your restaurant can easily adapt to changing trends and customer demands. New dishes, cocktails, and services can be added or modified without any hassle.
💼 Freedom for Teams & Better Collaboration: Just like each staff member excels in their role, your development teams can work independently on microservices. This autonomy boosts innovation and fosters excellent teamwork, resulting in outstanding outcomes.

So, the next time your customers enjoy a delightful dining experience at your restaurant, they'll know that you've embraced Microservices Architecture to create an amazing feast! 🍴

Microservices #SoftwareArchitecture #RestaurantAnalogy #Efficiency #Scalability #Innovation #Teamwork #TechnologyTrends #CustomerExperience #DevelopmentParadigm

Number Guessing Game using Java 🎮

Safvan P — Thu, 04 Aug 2022 05:57:00 +0000

The game contains 5 players. One Umpire, one Guesser and three Players.
The guesser guesses a number between 1 and 10 and tell it to the umpire secretly. The remaining 3 players try to predict the number guessed by the guesser.
The one who predicts the number accurately is the winner of the game.
If more than one Player predicts the right number, all of them are winners.

Class Diagram for the game:

The guessing game involves an ‘Umpire’ object , 'Guesser' object and three ‘player’ objects. All the objects are created by instantiating the above 3 classes.

Features Included in this game:

⇒ Restricted the all the players and guesser to guess a number between 1 and 10. Even if they predict/guess a number out of this range, then the program will prompt to re-enter the input until they're choosing a value with in allowed range.

⇒ added a counter to print player numbers in the console.

⇒ Print summary of the game after finding the winner. The summary includes Accuracy of prediction of players who lost the game.
Accuracy is displayed in terms of, how close number predicted by players towards the number guesser by guesser.

🖥The source code of the game is uploaded on GitHub:
https://bit.ly/3vGfAXo

🌎Connect with me on LinkedIn : https://www.linkedin.com/in/safvan-p/