REST API Documentation using Swagger2 in Spring Boot

Spring Boot makes developing RESTful services ridiculously easy .  Using Swagger  we can makes documenting our RESTful services easily.

Building a back-end API layer introduces a whole new area of challenges that goes beyond implementing just endpoints. Clients which uses our API,need to know how to interact with our API. In SOAP-based web services, you had a WSDL to work with. This gave API developers an XML-based contract, which defined the API. However, with RESTFul web services, there is no WSDL. So Rest  API documentation becomes more critical due to those reasons .

                                                                                                                      Version -  1.0.0

PL-SQL Tips That May Usefull

1.Oracle  has a data type TIMESTAMP,
which can also represent a date (with time). If you subtract TIMESTAMP values, you get an  INTERVAL . 
To extract numeric values ,use the EXTRACT function.
 
select
    extract( day from diff ) Days,
    extract( hour from diff ) Hours,
    extract( minute from diff ) Minutes   ,
    (  extract( day from diff ) 24*60*60*60 +  extract( hour from diff )60*60*60  +
       extract( minute from diff )*60*60   )   TotalMiliSecResult
from (
          select  (  CAST( action_time as timestamp) - CAST( idle_time as timestamp)   ) diff 
          from    mwt_idle_wallet  
        );




                                                                                                                                                  Version :- 1.0.0

Array Vs Collections in Java

 Java offers two types of constructs where you can store multiple  objects of the same type: Arrays and Collections. They have following differences and features .

• Array  fixed sized and Collections is dynamic sized (Collections automatically expand in size when needed)
• Due to  above reason  Collections are preferred over Arrays with respect to memory.
• Array can contain both primitive data types as well as objects of a class depending on the definition of the array. However, Collections only supports object entries, not the primitive data types
• With respect to performance its better to use arrays but with respect to performance collection are not good to use.
  

References Used :-  array-vs-arraylist-in-java 
Version               :-  1.0.0  

HTTP vs HTTPS

What is HTTP?

HTTP is stands for Hypertext Transfer Protocol. HTTP offers set of rules and standards for web browsers & servers to communicate and  govern how any information can be transmitted on the World Wide Web.
HTTP is an application layer network protocol which is built on top of TCP. HTTP uses Hypertext structured text which establishes the logical link between nodes containing text. It is also known as "stateless protocol".

Advantages of HTTP:

• HTTP can be implemented with other protocol on the Internet, or on other networks
• HTTP pages are stored on computer and internet caches, so it is quickly accessible
• Platform independent which allows cross-platform porting
• Does not need any Run time support
• Usable over Firewalls! Global applications are possible
• Not Connection Oriented; so no network overhead to create and maintain session state and information

Limitations of HTTP

• There is no privacy as anyone can see content
• Data integrity is a big issue as someone can alter the content. That's why HTTP protocol is an insecure method as no encryption methods are used.
• Anyone who intercepts the request can get the username and password.

What is HTTPS?

HTTPS is stands for Hyper Text Transfer Protocol Secure. It is highly advanced and secure version of HTTP. It uses the port no. 443 for Data Communication. It allows the secure transactions by encrypting the entire communication with SSL. It is a combination of SSL/TLS protocol and HTTP. It provides encrypted and secure identification of a network server.
Allows you to create a secure encrypted connection between the server and the browser. It offers the bi-directional security of Data. This helps you to protect potentially sensitive information from being stolen.
In HTTPS protocol SSL transactions are negotiated with the help of key-based encryption algorithm.

Advantages of HTTPS

• In most cases, sites running over HTTPS will have a redirect in place. Therefore, even if you type in HTTP:// it will redirect to an https over a secured connection
• SSL technology protects any users and builds trust
• An independent authority verifies the identity of the certificate owner. So each SSL Certificate contains unique, authenticated information about the certificate owner.
• It allows users to perform critical transactions  such as online banking.

Limitations of HTTPS

• HTTPS protocol can't stop stealing confidential information from the pages cached on the browser
• SSL data can be encrypted only during transmission on the network. So it can't clear the text in the browser memory

• HTTPS can increase computational overhead as well as network overhead of the organization

Difference Between HTTP and HTTPS

Parameter	HTTP	HTTPS
Protocol	It is hypertext transfer protocol.	It is hypertext transfer protocol with secure.
Security	It is less secure as the data can be vulnerable to hackers.	It is designed to prevent hackers from accessing critical information. It is secure against such attacks.
Port	It uses port 80 by default	It was use port 443 by default.
Starts with	http://	https://
Used for	It's a good fit for websites designed for information consumption like blogs.	If the website needs to collect the private information such as credit card number, then it is a more secure protocol.
Scrambling	HTTP does not scramble the data to be transmitted. That's why there is a higher chance that transmitted information is available to hackers.	HTTPS scrambles the data before transmission. At the receiver end, it descrambles to recover the original data. Therefore, the transmitted information is secure which can't be hacked.
Protocol	It operates at TCP/IP level.	HTTPS does not have any separate protocol. It operates using HTTP but uses encrypted TLS/SSL connection.
Domain Name Validation	HTTP website do not need SSL.	HTTPS requires SSL certificate.
Data encryption	HTTP website doesn't use encryption.	HTTPS websites use data encryption.
Search Ranking	HTTP does not improve search rankings.	HTTPS helps to improve search ranking.
Speed	Fast	Slower than HTTP
Vulnerability	Vulnerable to hackers	It Is highly secure as the data is encrypted before it is seen across a network.

Description of short terms 

Secure Sockets Layer  (SSL)       : is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Transport layer security (TLS)   : is a protocol that provides communication security between client/server applications that communicate with each other over the Internet.
Stateless Protocol                         : each command is executed separately, without using reference of previous executions .

References Used :-  difference-http-vs-https.html 
Version               :-   1.0.0 

Technology Stack ,What We Love

Actually most of us not gets to work with the technology stack we love. Even if the opportunities have not been presented yet, it is mighty important to keep learning and practicing the things you love. Because, we never know when the opportunity will come knocking on your door. Mastering a language or a technology could prove to be difficult, if  we do not back our self and predict the future developments based on the current context. The struggle could prove to be immense, if we lose our direction in an industry that changes everyday. Trust your instincts, take a leap of faith and let our effort determine our  success!


References Used :-   Blog.zone24x7 > The-challenges-and-struggles-software-engineers-face-today

Basic Security Threats , Technologies and Tools Used for Security and control

   Computer crimes reported by most of the organizations may be related to different types of security problems such as

   Hacking   ,  Viruses , Worm, Trojan Horses , Spyware

  Malicious software (malware) is used to disrupt computer operation, gather sensitive information, or gain access to private   computer systems.
 'Malware' includes

•    Computer Viruses - computer programs that can spread across computers and networks by making copies of itself without the user's knowledge.

•    Worms  - similar to viruses but do not need a carrier program or document. create exact copies of themselves  and use a network to spread.

•    Trojan Horses -  programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.

•    Spyware -  includes methods to collect information about the use of the computer on which the software is installed.

Spoofing and Sniffing
 
    In simple words,
   
    Sniffing   means to illegally listen into another's conversation
    Spoofing means to pretend to be someone else.

    Sniffing and spoofing are security threats that target the lower layers of the networking infrastructure supporting
    applications that use the Internet.

    Sniffing is a  passive security attack in which a machine separate from the intended destination reads data on a network.
    Spoofing is an active  security attack in which one machine on the network masquerades as a different machine.

    This masquerade aims to fool other machines on the network into accepting the impostor as an original, either to lure
    the other machines into sending it data or to allow it to alter data.


Identity theft is a form of stealing someone's identity.

    Someone pretends to be someone else in identity theft, by assuming that person's identity, usually as
    a method  to    gain  access to  resources or obtain credit and other benefits in that person's name.

Phishing 

   is the act of attempting to acquire information such as usernames, passwords, and credit card details by 

   masquerading as a trustworthy entity in an electronic communication.

  E.g.s

  an e-mail can be sent to the victim luring the victim to enter a site and when entered, information

  such as usernames, passwords and credit card information may be collected by the criminal posing as the victim’s bank site.

  Technologies and Tools Used for Security and control

These tools and techniques address how to:

• Authentication - Verify that users are who they say they are .
• Authorization   - Control access to data and functions .
• Data Privacy and Integrity  -  Protect the privacy and integrity of information assets.
• Non-Repudiation   - Ensure non-repudiation, so parties can't deny their actions .

In addition to cryptography, information assets can be protected by using tools such as
Virus scanners, firewalls and Intrusion Detection   Systems (IDS) .

These techniques and tools cannot alone provide information  security. Limiting physical access to servers, routers and other systems is required. By physically reorganizing or consolidating information assets, we can simplify the management of those assets while increasing their security. These servers and the other computer infrastructures should be physically protected as well. Security Audits    The information security status of critical IT environments should be subject to thorough, independent and regular security audits/reviews. In principle, security audits/reviews should be: defined in scope, and documented performed by qualified individuals who have sufficient technical skills and knowledge of information security conducted sufficiently frequently and thoroughly (in terms of scope, extent) to provide assurance that security controls function as required focused on ensuring that controls are effective enough to reduce risks to acceptable levels checked by competent staff complemented by reviews conducted by independent third parties.

References Used :-  BIT  UCSC Notes 
                                What-is-the-difference-between-spoofing-and-sniffing

Useful ways to working with Strings in Java

•  When  we want to  print a  array  , We can use this  way

             String text  = "abcaada";
             System.out.println( Arrays.toString(  text .split("a") )  );

             The string you give  split  defines a regular expression, so any characters special in regular 
             expressions have to be   escaped:

       String[] parts = string.split("\\$@");

• When we want to convert   List <String>   stringListValues    , to  string value  . We can use following way
  

            String commaSeperatedStringListValues    =  String.join(  "','"    ,    stringListValues    ) ;

• When we have string  values set such as   String   names  =  "Saman , Kumara , Ramanayaka "   ;     and  we  want 

            to  separate that  string values from " , " and put into  a  array , we  can use

           String[]  nameArray  =   names.split( " , " ); 

• String newStringValue = String.join(  "-> ", "Wake up", "Eat", "Play", "Sleep", "Wake up"  );

           System.out.println(  newStringValue );
   
         Output will be :   Wake up-> Eat-> Play-> Sleep-> Wake up

• To reverse a string
  
  String  stringObj=  "Hiiiiii  Kamlal";
  StringBuffer  stringBufferObj =  new  StringBuffer( stringObj );
  
  stringBufferObj.reverse();

 Version : - 1.1.0