Posts

Showing posts from 2017

Transaction Management in Spring

Transaction Management : Important aspect of transaction management is defining the right transaction boundary for e.g when should a transaction start,when should it end,when data should be committed in DB and when it should be rolled back (in the case of exception). Spring provides the facility of AOP based transaction management in which transactions can be associated to the business logic as a concern. Two types of transaction management are supported by the spring.    Declarative transaction management   Programmatic transaction management Programmatic transaction management  : This means that you have to manage the transaction with the help of programming. That gives you extreme flexibility, but it is difficult to maintain.  Declarative transaction management : This means you separate transaction management from the business code. You only use annotations or XML based configuration to manage the transactions. Choosing bet...

Spring Boot Starter Project

S pring Boot makes it easy to create stand-alone, production-grade Spring based Applications that you can “just run”. We take an opinionated view of the Spring platform and third-party libraries so you can get started with minimum fuss. Most Spring Boot applications need very little Spring configuration. You can use Spring Boot to create Java applications that can be started using  java -jar  or more traditional war deployments. We also provide a command line tool that runs “spring scripts”.  Primary goals are: Provide a radically faster and widely accessible getting started experience for all Spring development. Be opinionated out of the box, but get out of the way quickly as requirements start to diverge from the defaults. Provide a range of non-functional features that are common to large classes of projects (e.g. embedded servers, security, metrics, health checks, externalized configuration). Absolutely no code generation and no requirement for XML config...

Authentication using One Time Password (OTP)

Image
The point of two-factor authentication is to prevent attackers from getting access to your account. Two-factor authentication requires that two tokens be provided for proof of ownership of the account. The first token is something that we're all familiar with- a username and a password. The second token is a bit more elusive, however. It should be something you have, and only you. No one else should be able to come into possession with the same token. The same should be true for usernames and passwords, but we've seen how easily broken a single-factor authentication system is.  The traditional way of just memorizing the password to validate one’s identity is not enough and web sites and applications are now expecting one to possess email Id or a smartphone to communicate with another short-lived randomized password, One Time Password (OTP) , as one more factor to the authentication. The first approach in the implementation of the two factor authenticati...

Facebook Login Integration

Image
In the good old days users logged in by using the combination of username and password. Although nowadays some people still prefer the traditional way, a growing number of users want to sign in by using their social media accounts. But  it’s getting rare and even a bit annoying when a service rolls up its own authentication mechanism instead of relying on a OAuth sign-on with our social networks.  Login via social networks means fewer passwords to remember, and stronger guarantees in terms of security because you can check and control the Authorizations of the applications you use. To Integrate Facebook Login in your application First You need to  to create a web application in Facebook. After logging in to  https://developers.facebook.com/  under Apps menu click “Create a New App” Facebook Application Settings We need to specify the application callback url in the FB settings. This will be used by the FB server on authentication to hand back control...

JIT Compiler

Image
The Just-In-Time (JIT) compiler is a component of the Java Runtime Environment that improves the performance of Java applications at run time. Java programs consists of classes, which contain platform neutral bytecode that can be interpreted by a JVM on many different computer architectures. At run time, the JVM loads the class files, determines the semantics of each individual bytecode, and performs the appropriate computation. The additional processor and memory usage during interpretation means that a Java application performs more slowly than a native application. The JIT compiler helps improve the performance of Java programs by compiling bytecode into native machine code at run time.  Nothing in the JVM affects performance more than the compiler, and choosing a compiler is one of the first decisions made when running a Java application whether you are a Java developer or an end-user. The JIT compiler is enabled by default, and is activated when a Java method ...

JWT to Secure REST API with Spring Boot

Image
JWT Working Flow T o Secure your Rest services and the way to handle users Authentication/Authorization, First Approach is sending basic HTTP auth headers (username/password) for every request, but that would require to keep those credentials in memory and the service would have to check those credentials .So this’s not the best way. This is why REST services typically use a token system. A standard token system returns a 'token' (just a long unique string of random characters, for example a GUID) on successful login. The client in turn then sends this token in every request’s Authorization header. The service, on every request, 'rehydrates' its context by looking up the context on the server side. This context can be stored in a DB, retrieved from a Redis cache or simply stored in memory in a hash table. The downside of this approach is that for every REST method you will need to do this lookup in the database or cache. And then comes JSON Web Tokens, or JWT...

Why We create Temporary User Before Actual User

I n secure web application with genuine user, we don't create direct object of User at a time of  user sign up instead of at the time  user sign up on your application we create a temporary User Object in which we store only some fields of user which  are taken at a time of sign up. (Example : name , email Id , password,contact no). We provide option of user verification through email or mobile number. When user verified himself on your application then we create the Object of User and persist in database with all fields and give his all functionality of Users. (Example : check balance , update profile ,update Information and many more). Creating a temp object of user and store in database it gives lots of benefit and these are.   S ecurity :  no unsecured or unverified user exist.   F etching Speed :  many users only sign up on application not used it so unnecessary user data not store in database.   S afety From Attackers...