REST API Documentation using Swagger2 in Spring Boot

Spring Boot makes developing RESTful services ridiculously easy .  Using Swagger  we can makes documenting our RESTful services easily.

Building a back-end API layer introduces a whole new area of challenges that goes beyond implementing just endpoints. Clients which uses our API,need to know how to interact with our API. In SOAP-based web services, you had a WSDL to work with. This gave API developers an XML-based contract, which defined the API. However, with RESTFul web services, there is no WSDL. So Rest  API documentation becomes more critical due to those reasons .

                                                                                                                      Version -  1.0.0

PL-SQL Tips That May Usefull

1.Oracle  has a data type TIMESTAMP,
which can also represent a date (with time). If you subtract TIMESTAMP values, you get an  INTERVAL . 
To extract numeric values ,use the EXTRACT function.
 
select
    extract( day from diff ) Days,
    extract( hour from diff ) Hours,
    extract( minute from diff ) Minutes   ,
    (  extract( day from diff ) 24*60*60*60 +  extract( hour from diff )60*60*60  +
       extract( minute from diff )*60*60   )   TotalMiliSecResult
from (
          select  (  CAST( action_time as timestamp) - CAST( idle_time as timestamp)   ) diff 
          from    mwt_idle_wallet  
        );




                                                                                                                                                  Version :- 1.0.0

Array Vs Collections in Java

 Java offers two types of constructs where you can store multiple  objects of the same type: Arrays and Collections. They have following differences and features .

• Array  fixed sized and Collections is dynamic sized (Collections automatically expand in size when needed)
• Due to  above reason  Collections are preferred over Arrays with respect to memory.
• Array can contain both primitive data types as well as objects of a class depending on the definition of the array. However, Collections only supports object entries, not the primitive data types
• With respect to performance its better to use arrays but with respect to performance collection are not good to use.
  

References Used :-  array-vs-arraylist-in-java 
Version               :-  1.0.0  

HTTP vs HTTPS

What is HTTP?

HTTP is stands for Hypertext Transfer Protocol. HTTP offers set of rules and standards for web browsers & servers to communicate and  govern how any information can be transmitted on the World Wide Web.
HTTP is an application layer network protocol which is built on top of TCP. HTTP uses Hypertext structured text which establishes the logical link between nodes containing text. It is also known as "stateless protocol".

Advantages of HTTP:

• HTTP can be implemented with other protocol on the Internet, or on other networks
• HTTP pages are stored on computer and internet caches, so it is quickly accessible
• Platform independent which allows cross-platform porting
• Does not need any Run time support
• Usable over Firewalls! Global applications are possible
• Not Connection Oriented; so no network overhead to create and maintain session state and information

Limitations of HTTP

• There is no privacy as anyone can see content
• Data integrity is a big issue as someone can alter the content. That's why HTTP protocol is an insecure method as no encryption methods are used.
• Anyone who intercepts the request can get the username and password.

What is HTTPS?

HTTPS is stands for Hyper Text Transfer Protocol Secure. It is highly advanced and secure version of HTTP. It uses the port no. 443 for Data Communication. It allows the secure transactions by encrypting the entire communication with SSL. It is a combination of SSL/TLS protocol and HTTP. It provides encrypted and secure identification of a network server.
Allows you to create a secure encrypted connection between the server and the browser. It offers the bi-directional security of Data. This helps you to protect potentially sensitive information from being stolen.
In HTTPS protocol SSL transactions are negotiated with the help of key-based encryption algorithm.

Advantages of HTTPS

• In most cases, sites running over HTTPS will have a redirect in place. Therefore, even if you type in HTTP:// it will redirect to an https over a secured connection
• SSL technology protects any users and builds trust
• An independent authority verifies the identity of the certificate owner. So each SSL Certificate contains unique, authenticated information about the certificate owner.
• It allows users to perform critical transactions  such as online banking.

Limitations of HTTPS

• HTTPS protocol can't stop stealing confidential information from the pages cached on the browser
• SSL data can be encrypted only during transmission on the network. So it can't clear the text in the browser memory

• HTTPS can increase computational overhead as well as network overhead of the organization

Difference Between HTTP and HTTPS

Parameter	HTTP	HTTPS
Protocol	It is hypertext transfer protocol.	It is hypertext transfer protocol with secure.
Security	It is less secure as the data can be vulnerable to hackers.	It is designed to prevent hackers from accessing critical information. It is secure against such attacks.
Port	It uses port 80 by default	It was use port 443 by default.
Starts with	http://	https://
Used for	It's a good fit for websites designed for information consumption like blogs.	If the website needs to collect the private information such as credit card number, then it is a more secure protocol.
Scrambling	HTTP does not scramble the data to be transmitted. That's why there is a higher chance that transmitted information is available to hackers.	HTTPS scrambles the data before transmission. At the receiver end, it descrambles to recover the original data. Therefore, the transmitted information is secure which can't be hacked.
Protocol	It operates at TCP/IP level.	HTTPS does not have any separate protocol. It operates using HTTP but uses encrypted TLS/SSL connection.
Domain Name Validation	HTTP website do not need SSL.	HTTPS requires SSL certificate.
Data encryption	HTTP website doesn't use encryption.	HTTPS websites use data encryption.
Search Ranking	HTTP does not improve search rankings.	HTTPS helps to improve search ranking.
Speed	Fast	Slower than HTTP
Vulnerability	Vulnerable to hackers	It Is highly secure as the data is encrypted before it is seen across a network.

Description of short terms 

Secure Sockets Layer  (SSL)       : is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Transport layer security (TLS)   : is a protocol that provides communication security between client/server applications that communicate with each other over the Internet.
Stateless Protocol                         : each command is executed separately, without using reference of previous executions .

References Used :-  difference-http-vs-https.html 
Version               :-   1.0.0 

Technology Stack ,What We Love

Actually most of us not gets to work with the technology stack we love. Even if the opportunities have not been presented yet, it is mighty important to keep learning and practicing the things you love. Because, we never know when the opportunity will come knocking on your door. Mastering a language or a technology could prove to be difficult, if  we do not back our self and predict the future developments based on the current context. The struggle could prove to be immense, if we lose our direction in an industry that changes everyday. Trust your instincts, take a leap of faith and let our effort determine our  success!


References Used :-   Blog.zone24x7 > The-challenges-and-struggles-software-engineers-face-today

Basic Security Threats , Technologies and Tools Used for Security and control

   Computer crimes reported by most of the organizations may be related to different types of security problems such as

   Hacking   ,  Viruses , Worm, Trojan Horses , Spyware

  Malicious software (malware) is used to disrupt computer operation, gather sensitive information, or gain access to private   computer systems.
 'Malware' includes

•    Computer Viruses - computer programs that can spread across computers and networks by making copies of itself without the user's knowledge.

•    Worms  - similar to viruses but do not need a carrier program or document. create exact copies of themselves  and use a network to spread.

•    Trojan Horses -  programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.

•    Spyware -  includes methods to collect information about the use of the computer on which the software is installed.

Spoofing and Sniffing
 
    In simple words,
   
    Sniffing   means to illegally listen into another's conversation
    Spoofing means to pretend to be someone else.

    Sniffing and spoofing are security threats that target the lower layers of the networking infrastructure supporting
    applications that use the Internet.

    Sniffing is a  passive security attack in which a machine separate from the intended destination reads data on a network.
    Spoofing is an active  security attack in which one machine on the network masquerades as a different machine.

    This masquerade aims to fool other machines on the network into accepting the impostor as an original, either to lure
    the other machines into sending it data or to allow it to alter data.


Identity theft is a form of stealing someone's identity.

    Someone pretends to be someone else in identity theft, by assuming that person's identity, usually as
    a method  to    gain  access to  resources or obtain credit and other benefits in that person's name.

Phishing 

   is the act of attempting to acquire information such as usernames, passwords, and credit card details by 

   masquerading as a trustworthy entity in an electronic communication.

  E.g.s

  an e-mail can be sent to the victim luring the victim to enter a site and when entered, information

  such as usernames, passwords and credit card information may be collected by the criminal posing as the victim’s bank site.

  Technologies and Tools Used for Security and control

These tools and techniques address how to:

• Authentication - Verify that users are who they say they are .
• Authorization   - Control access to data and functions .
• Data Privacy and Integrity  -  Protect the privacy and integrity of information assets.
• Non-Repudiation   - Ensure non-repudiation, so parties can't deny their actions .

In addition to cryptography, information assets can be protected by using tools such as
Virus scanners, firewalls and Intrusion Detection   Systems (IDS) .

These techniques and tools cannot alone provide information  security. Limiting physical access to servers, routers and other systems is required. By physically reorganizing or consolidating information assets, we can simplify the management of those assets while increasing their security. These servers and the other computer infrastructures should be physically protected as well. Security Audits    The information security status of critical IT environments should be subject to thorough, independent and regular security audits/reviews. In principle, security audits/reviews should be: defined in scope, and documented performed by qualified individuals who have sufficient technical skills and knowledge of information security conducted sufficiently frequently and thoroughly (in terms of scope, extent) to provide assurance that security controls function as required focused on ensuring that controls are effective enough to reduce risks to acceptable levels checked by competent staff complemented by reviews conducted by independent third parties.

References Used :-  BIT  UCSC Notes 
                                What-is-the-difference-between-spoofing-and-sniffing

Useful ways to working with Strings in Java

•  When  we want to  print a  array  , We can use this  way

             String text  = "abcaada";
             System.out.println( Arrays.toString(  text .split("a") )  );

             The string you give  split  defines a regular expression, so any characters special in regular 
             expressions have to be   escaped:

       String[] parts = string.split("\\$@");

• When we want to convert   List <String>   stringListValues    , to  string value  . We can use following way
  

            String commaSeperatedStringListValues    =  String.join(  "','"    ,    stringListValues    ) ;

• When we have string  values set such as   String   names  =  "Saman , Kumara , Ramanayaka "   ;     and  we  want 

            to  separate that  string values from " , " and put into  a  array , we  can use

           String[]  nameArray  =   names.split( " , " ); 

• String newStringValue = String.join(  "-> ", "Wake up", "Eat", "Play", "Sleep", "Wake up"  );

           System.out.println(  newStringValue );
   
         Output will be :   Wake up-> Eat-> Play-> Sleep-> Wake up

• To reverse a string
  
  String  stringObj=  "Hiiiiii  Kamlal";
  StringBuffer  stringBufferObj =  new  StringBuffer( stringObj );
  
  stringBufferObj.reverse();

 Version : - 1.1.0

Singleton Class in Java

In object-oriented programming, a singleton class is a class that can have only one object (an instance of the class) at a time.
After first time, if we try to instantiate the Singleton class, the new variable also points to the first instance created. So whatever modifications we do to any variable inside the class through any instance, it affects the variable of the single instance created and is visible if we access that variable through any variable of that class type defined.
To design a singleton class:

1. Make constructor as private.
2. Write a static method that has return type object of this singleton class. Here, the concept of Lazy initialization in used to write this static method

public class Singleton {
    private static final Singleton instance = new Singleton();

    private Singleton() {}

    public static Singleton getInstance() {
        return instance;
    }
}

In terms of practical use Singleton patterns are used in logging, caches, thread pools, configuration settings, device driver objects.
 
Configuration File: This is another  usage of Singleton pattern because this has a performance benefit as it prevents multiple users to repeatedly access and read the configuration file or properties file. It creates a single instance of the configuration file which can be accessed by multiple calls concurrently as it will provide static config data loaded into in-memory objects. The application only reads from the configuration file at the first time and there after from second call onwards the client applications read the data from in-memory objects

We can use the cache as a singleton object as it can have a global point of reference and for all future calls to the cache object the client application will use the in-memory object

Why can’t we use a static class instead of singleton?

• One of the key advantages of singleton over static class is that it can implement interfaces and extend classes while the static class cannot (it can extend classes, but it does not inherit their instance members). If we consider a static class it can only be a nested static class as top level class cannot be a static class. Static means that it belongs to a class it is in and not to any instance. So it cannot be a top level class.
• Another difference is that static class will have all its member as static only unlike Singleton.
• Another advantage of Singleton is that it can be lazily loaded whereas static will be initialized whenever it is first loaded.
• Singleton object stores in Heap but, static object stores in stack.
• We can clone the object of Singleton but, we can not clone the static class object.
• Singleton can use the Object Oriented feature of polymorphism but static class cannot.

References Used :- singleton-class by geeksforgeeks 
                               dzone.com- singleton-design-pattern

 Version :- 1.1.0

May be Useful .......

• BeanPropertyRowMapper 

                In Spring 2.5, comes with a handy RowMapper implementation called ‘BeanPropertyRowMapper’, which can maps a row’s column value to 
                a property   by matching their names. Just make sure both the property and column has the same name, e.g property ‘custId’ will match
                to    column    name     ‘CUSTID’ or  with underscores ‘CUST_ID’.

        String sql = "SELECT * FROM CUSTOMER WHERE CUST_ID = ?";
 
        Customer customer = (Customer)jdbcTemplate().queryForObject(  sql, new Object[] { custId }, 
        new BeanPropertyRowMapper(Customer.class));

               References Used :- spring-jdbctemplate-querying-examples 

• log4j    vs  System.out.println()                                                                                                                                              Anything that you print to System.out will go to "standard out", and while you can redirect standard out to a file and compare it, what have you, that is very inflexible. Additionally, you cannot filter what goes to standard out if you use System.out... everything will be printed. With log4j, you can set different logging levels, so that logging messages that are below a certain severity/importance threshold are not printed (e.g. if you change the logging level to WARN, then DEBUG and INFO messages will not be displayed anymore).                                                                                                Additionally, log4j allows logging to be controlled on a class-by-class basis, whereas System.out can only be controlled at the granularity of the entire application (if you redirect System.out, you redirect it for the entire program). By contrast, each logger in log4j can be given a different appender. In addition, you can give a log4j logger multiple appenders (so that it goes the system logger, and over the network, for example). You can even have a log4j logger append to a StringBuilder, so that you can easily read what was written. And while System.out can be redirected, this redirection tends to be fairly limited; System.out can be redirected to a file or to a pipe (to another program), but you wouldn't be able to redirect it to a URL, for example; by contrast, it would be very easy to create an appender that transmits logging messages using HTTP POST.                                         References Used :- log4j-vs-system-out-println

• Difference between a Web Server, an Application Server, and a Database Server       

                                                     

1. Web Server: Web server handles web requests sent by visitors visiting your website(primarily respond to HTTP / HTTPS requests). Web server runs on Apache, Nginx, Microsoft IIS, etc.
2. Application Server: Application server is the server that works between Web server and database server and basically manages, processes the data.Application server can contain web server in them. For example :- JBoss, WAS
   Application server provides following features over web server :-  Connection pooling , Transaction management , Messaging , Clustering , Load Balancing
3. Database Server: Database server handles database queries. It runs on MySQL, PostgreSQL, MariaDB, etc

              References Used :-What-is-the-difference-between-a-web-server-an-application-server-and-a-database-server
                                         :-

• Thymeleaf  is a modern server-side Java template engine for both web and standalone environments.
  Thymeleaf's main goal is to bring elegant natural templates to your development workflow — HTML that can be correctly displayed in browsers and also work as static prototypes, allowing for stronger collaboration in development teams.
  With modules for Spring Framework, a host of integrations with your favourite tools, and the ability to plug in your own functionality, Thymeleaf is ideal for modern-day HTML5 JVM web development     

                                                                         

• WildFly Server , formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java and implements the Java Platform, Enterprise Edition specification. It runs on multiple platforms.                                                                                                                            
• JSF  Current   (10th Jan 2019)  version is . 2.3  is the designated user interface standard for Java EE 8. It went final on 17 April 2017. JSF 2.2 is the user interface standard for Java EE 7 The most recent major release of JSF is 2.2.

 Version :-  1.0.1