In raw terms, a service refers to a modular and self-contained piece of software, which has a well-defined functionality expressed in abstract terms independent of the underlying implementation that is accessible at a network point. Basically, any implementation of Service-Oriented Architecture has three fundamental roles: Service provider, Service requester, and Service registry and three fundamental operations: Publish, Find, and Bind.The service provider publishes details pertaining to service invocation with a service registry. The service requester finds the details of a service from the service registry. The service requester then invokes (binds) the service on the service provider. The role of service registry is sometimes also referred to as the service broker because it acts as a service broker between the requesters and providers.

These are the most common security requirements for online systems

Confidentiality: The confidentiality requirement states that any piece of information should not be understood by anyone other than the person for whom it was intended. Message privacy is a key requirement here.

Data Integrity: The integrity requirement states that information should not be altered in storage or transit between a sender and the intended receiver without the alteration being detected.

Authentication: The authentication requirement states that the sender and receiver should be able to confirm each other’s identity and the origin/destination of the information.

Authorization: The authorization requirement ensures that the sender has the required authority to perform the operation. This may range from permission to perform some action to permission for viewing some content.

Non-repudiation: The nonrepudiation requirement ensures that the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information.

Privacy: The privacy requirement is more general than the confidentiality requirement above. It also deals with the question of whether to trust the personal information with a Web site.

Trust: This refers to the confidence in a person or a partner doing the transaction. This concept extends beyond trust in a person accessing an online service to even include participants in business-to-business transactions where trust may be used to refer to the adherence to the contractual agreements between the partners.

Auditing:The ability to know who did what, when and where. This is a key requirement when it comes to detection of possible security breaches.

Availability: The computing resources should be available for genuine users when they wish to access the resource. Denial of Service (DoS) attacks may cause lack of availability, and hence, there is a need to protect against such attacks.

The most common security solutions are described below

Passwords: A password refers to a unique secret series of characters which allows a user to access a computing resource. Ideally a password should be difficult to guess to prevent access to unauthorized users. It is the most common authentication mechanism in online systems.

Encryption: Encryption is the most common security technique to ensure confidentiality in online systems. Essentially it refers to the process of taking a piece of data (called cleartext) and a short seed string (a key) and producing an altered piece of data referred to as ciphertext, which is not understood by anybody who does not know the key. Decryption is the reverse process of converting the ciphertext to cleartext. Typically, encryption process relies on hard to emulate mathematical algorithms involving the key and the cleartext.

Encryption algorithms can be divided into symmetric and asymmetric encryption algorithms. In symmetric algorithms, both the encryption and decryption keys are the same. Hence, they function on the basis of shared secret. In asymmetric algorithms, the encryption and decryption keys form a key pair, in which one key is a private key (which shall be kept a secret) and the other is a public key. If a piece of data is encrypted with the public key, it needs the private key to decrypt. Asymmetric methods distribution of the keys is easy, and hence, public key infrastructure relies on asymmetric methods. Encryption of messages ensures confidentiality by making it difficult to deduce the content of the original message from the encrypted message.

Access Control Lists: These are generic formats of security information concerning permissions to access certain resources or to perform certain tasks. Most often, authorization is provided by usage of access control lists (ACL).

Hashing: Hashing is another important technique used to ensure data integrity in online systems. The idea is to take an arbitrary-sized input data (referred to as a message) and generate a fixed-size output, called a digest (or hash), such that it is nearly impossible to compute or guess the message from the hash. The hash of a piece of data can be used to verify the integrity after an online transfer by comparison with the recomputed hash of the transferred data.

Digital Signature: Digital Signature is an important technique to ensure data integrity and nonrepudiation. Typically, the hash of a message is encrypted with the private key of an entity and is termed as the signature of the data. To ensure that the message received by the receiver is actually sent by the person who signed the message, the signature after decryption with the public key of sender should match the hash.

Digital Certificate: Usage of digital signature in sending a message requires that the receiver knows a priori the sender’s public key. This is a big constraint, and hence, it becomes important to make the public key available of the sender as part of the message to achieve flexibility. However, that opens up the requirement of the trust of the public key sent by the sender, whether it is genuine or not. Hence, to overcome these problems, specialized entities termed as certification authorities are entrusted with the task of signing the public key of senders and generate a special form that can be sent along with a message. This signed form of representation of a public key is termed as a digital signature. By leveraging a third-party certification authority (CA), the problem of public keys is reduced to the receivers having to know the public key of the CA. Popular ways of broadcasting this information of public keys of CA entities include integrating them into the popular browsers or other online systems. Digital certificates are stored in standard formats like the popular X.509 Certificate format. Digital certificates are used for authentication and data integrity in public networks.

SSL: SSL (Secure Sockets Layer) is a Web-based protocol that enables a secure connection between the client and the server. It is based on a series of exchange of keys (and the server digital certificate) between the server and the client to generate a session key that is used to encrypt all the following messages in the session. Typically as part of the protocol, the server certificate is requested by the client allowing the client to ensure communication with the right Web server. Thus, SSL enables channel encryption between the client and the server.

Client-side SSL uses digital certificates of clients enabling them to prove their identity to the Web server. This personal certification attribute, or the client identification, is not very common at the moment due to the cumbersome process involved in maintenance of huge numbers of client certificates.

PKI: Public Key Infrastructure (PKI) refers to a collection of authorities and a system for exchange of digital certificates to entities. A PKI set up typically includes a CA for generating, revoking, or maintaining the digital certificates. It also includes a registration authority (RA) for physically verifying the identity of a certificate requester using physical means like checking against an identity card before directing the CA to issue a certificate. CA uses the concept of Certificate Revocation Lists (CRL) for revoking inactive certificates.

Firewalls: Firewalls are specialized security tools designed to protect an enterprise typically against attacks from the external network. All network traffic between the internal and external network is channeled through it, and the firewall allows only desired traffic as configured. Traffic from internal network to external network can also be filtered in the firewall. The conventional firewalls are typically based on the concept of packet filtering, and they operate on the network layer of the stack.

Code Signing: A popular concept for ensuring security of downloadable code on the network is code signing. Any piece of code including Applets, Jar files, ActiveX controls, and so forth are signed before download is allowed. Thus, digitally signed code after download guarantees that the code really comes from the publisher who signs it and ensures that the content has not been corrupted or altered, so it is safe to run.

Sandbox model: An alternative to code signing, the sandbox model, also applies to downloaded code on the network. Unlike the requirement of signing of every piece of code, it places restrictions on the capabilities of the downloaded code to limit the harm it can do on the client machine. Thus, the sandbox model ensures safety to the client machine by restricting the capabilities of the untrusted code; for example, it is not allowed to look at the file system on the client machine.

Refrences : Securing Web Services: Practical Usage of Standards and Specifications by Panos Periorellis (ed) IGI Publishing © 2008

Java Application Performance Management is not performance tuning but a software process which is applied throughout the development of a product. The benefit of this approach is simply “saving dollars”. The cost and time required to fix a performance issue in production will be a lot more than in development. There is always the human element as well developers will be able to solve issues faster and more effectively in development when nothing is on fire yet.

The best way of doing this is integrating SLA’s into requirements. The SLA as important it is must be a realistic figure based on the nature of the product , the load , the size of the data and the effect of various parameters.

There are standard development methodologies too which can help in determining issues faster.

• Code Profiling
• Code Coverage.

It is very important to know why certain areas in the code are not exercised. Profiling will help understand memory leaks and in general how well the application behaves under load.

The SLA’s should also extend into QA. The QA team should know the response time in advance and they should fail a test if the response times do not match. This in terms requires a QA environment which is similar to production or there should be at least some decent formulae can relate production response times to QA response times.

Another important factor is the behavior of the system under load. If 1000 users is the projected user load then the application should be tested at least with 1500 users. If the system barely handles 1000 users then that should be a huge case for concern

Performance tuning is invaluable but only if it was performed against load that reflects real-world usage patterns. Predicting exactly what your users will do and how they will use your application before you present it to them is impossible, but detailed analysis of use cases can increase your predictions’ accuracy.

The most common and relevant performance metrics are end-user response time, request throughput, resource utilization, and application availability.

Memory Management

This is the most important aspect so I am focusing on this more and it is an art by itself. Unlike C++, Java handles Garbage collection implicitly. The Sun JVM heap is divided into two parts

• Old generation ( tenured space)
• New generation ( young space)

The New generation is further divided into Eden space and two survivor spaces “to” and “from”.

There are two types of garbage collection minor and major. Minor GC’s are not bad for the application but major GC’s are bad as they cause the JVM to freeze.

All temporary objects are created in the Eden space and when it gets full a minor garbage collection happens which removes items with no references and moves referenced items from Eden space to the From space . This way the short-lived items are removed without a exhaustive GC cycle .When the Eden space gets full then the items are moved from the “From space” to the “To Space.”. At any point in time only one survivor space has data. The next time Eden space gets full the items in the “To space” are moved to the tenured space and items with references in the Eden space are moved to the “From space”. This works very well to remove temporary objects without a major GC.

When the Eden space becomes full again a full GC happens which does a complete GC by doing reachability test. The reachability test results in the marking of live objects in the heap that is followed by a sweep of dead objects and an optional compaction to defray the heap. The JVM accomplishes this by doing a heavy processor intensive mark and sweep. It scans through the complete JVM and marks all items without a reference and then in the second scan removes all items marked for deletion.

The best configuration for heap size from my experience should be

• Young space should be slightly less than 1/2 of the total heap space
• The survivor spaces should be 1/8 of the Young space

So for a 2GB heap space the best configuration for an application with heavy load will be

-Xmx2048m -Xms2048m -XX:MaxNewSize=896m -XX:NewSize=896m -XX:SurvivorRatio=6

–XmxNNNm Maximum size of the heap, where NNN represents the size of the heap, and m represents the units (m=megabytes, g=gigabytes)
–XmsNNNm Minimum size of the heap, which I suggest should be equal to the maximum size
–XX:MaxNewSize=NNN m Maximum size of the young (or new) generation
–XX:NewSize=NNN Minimum size of the young (or new) generation
–XX:SurvivorRatio=n Size of the survivor spaces as a ratio of its relationship to the size of Eden

The behavior of the heap can be found better by enabling verbose garbage collections

–verbose:gc => Enables verbose garbage collection
–Xloggc:filename => Prints garbage collection information to a log file
–XX:+PrintGCDetails => Prints garbage collection details, such as the size of the young and old generations before and after the garbage collection, the size of the total heap, the time length of the garbage collection in both generations, and the size of objects promoted at every garbage collection
–XX:+PrintGCTimeStamps => Adds timestamp information to garbage collection details
–XX:+PrintHeapAtGC => Prints detailed garbage collection information, including heap occupancy before and after garbage collection
–XX:+PrintTenuringDistribution => Prints object aging or tenuring information, which helps you tune the sizes of the generations, Eden, and the two survivor spaces
–XX:+PrintHeapUsageOverTime => Prints heap usage and capacity with timestamps
–XX:+PrintTLAB => Print thread local allocation buffers (TLAB) information

Any developer using eclipse would have seen the “out of memory” exception . The immediate resolution that might come to mind is to increase the heap size . Something like

-vmargs -Xmx512m

But that does not really solve the issue as even with these settings there is a very good chance of getting the out of memory error. The perm space is the key.The VM’s permSpace is the area of the VM that is used to store data structures and class information (not instances, but the class definitions themselves). In the case of a large enough Java application that may contain 10s of thousands of class files that must be loaded you start to see how the VM can physically run out of space storing all of that information into the default permspace.

There are two ways to handle this . You can make the changes in eclipse.ini or you can change the shortcut for eclipse. For e.g. I use myeclipse 5.5

C:\programs\eclipse\eclipse.exe -product com.genuitec.myeclipse.product.ide -vmargs -Xms512m -Xmx512m -XX:PermSize=128m -XX:MaxPermSize=128m

I have 2GB RAM . But it is a good idea to test eclipse using diffrent memory models.

I hope i am not alone when i had issues copying .classpath and .project files on the windows environment. I was trying to import my old non-eclipse java projects into eclipse. Eclipse did not allow me to create the project since it did not have these files in the project. So i sent an email from work to my personal account with some sample .classpath and .project files . Windows did not let me copy the .classpth  no matter what i tried . I finally created a new project and copied the .classpath and .project files . Then i dowloaded the original files from my mail server and overwrote the sample files.It is weird that i had to do this much work but I am sure i am not alone here.

I am tired of .classpath and .project files. Everytime someone checked in .classpath and .project files into SVN it messed up my local environment. I know the developers can use .svnignore or .cvsignore but as we all know humans can make mistakes under stress. If .classpath and .project files are not checked in then the whole project has to be recreated by every developer who has to work on the project so it really made sense for me to check in the files.

I really don’t have a perfect solution to this problem as this was the way eclipse was built. The only option seem to teach every developer to be more organized and not check in the files.

Plain Old Java Object’s does make my job easier.

When i started programming DCOM and CORBA were very popular and powerful. I was part of a team in HP which had strong programmers in these technologies. As a junior programmer it was tough to understand and implement solutions with these technologies . More than being a good programmer these technologies required lot of experience to become an expert.  I can compare these technologies to COBOL. A developer had to master the syntax of all those *@@# divisions before trying to solve the given problem.

Then came EJB. It made life worse !. It gave programmer lot of power but at the same time opened up a new set of problems. The specifications of EJB used to drive me insane. Why on earth should i implement methods that a application container has to use ? I wanted to deal with application specific issues and not worry about the container. Luckily for the programming community lot of projects began to fail because new programmers were not able to write production level code due to the complexity. Maintenance was an issue as well. The java community came together to find a solution to this mess and  POJO’s were the answer !.

POJO is not a new technology. It is more of going back to the basics. The programmer has to deal with only the application logic. The framework “wires” application services to the POJOs by intercepting the execution context or injecting service objects to the POJO at runtime. EJB3 and Spring use POJO’s . EJB3 uses annotations whereas Spring uses XML files to define POJO’s. Both technologies use Dependency Injection .

Either way POJO’s have made life easier for the developer. Lot of complex projects have been successfully implemented using frameworks like Spring , Hibernate etc .