Authorization in Web Applications

February 22, 2017 Leave a comment

Every web application must have a strong Authentication and Authorization mechanisms. In this blog, would like to share my thoughts about separating the authorization aspect from the application.

  • Does separating the authorization from the web applications makes it easier to maintain?
  • Dealing with what to show and what not to in the web pages requires a subject matter expertise on how it was implemented then?
  • Does it make the application faster?

Here is my thought…

Including authorization in web applications depends on what kind of application it is

  • If it is primarily designed to enable the solution what an enterprise is offering on web with a large user base and the targeted users are end-users and the agents who support the end-users. It is good to maintain two different applications – one for the end-users and the other is for the agents who support back-end operations. Every time we role out a new feature, we don’t have to really worry about different authorizations that we need to support, which is very hard to maintain and require subject matter expertise.
  • If it is an enterprise based application, it is always good to include authorization in the application to support multiple roles and access to different features based on the roles. As this application is designed to target different kinds of users, including authorization will have good control on enabling the features.

Hope this helps!


Logging Vs Metrics

April 10, 2016 2 comments

We have sophisticated logging frameworks, which helps in analyzing the exceptions – only when proper logging is made. Logging only helps the development teams and do not make any sense to the executives who really care about the dashboards that shows the message counts that were flowing and gives much details about how one system is receiving the inputs and responding.

I felt it as a very interesting topic for us to explore on the open source metrics frameworks and different metrics dimensions that we can derive using that.

Will come up with more updates on this…

Categories: General

When Design Principles are applied in Real-time programming why not in Real-life?

August 9, 2015 Leave a comment

Just a thought –

Programming languages are designed to serve the real-time needs. Design principles are based on the experiences, that helps to solves the issues by following certain patterns.

Why can’t the Design principles be applied in the Real-time too? When it can solve a programming issue, it can be applied in real-life too..

With this thought I put the design principle –

Favor composition over inheritance.

I believe this can be correlated to – Be a Roman when you are in Rome.

Isn’t it interesting?

Will keep adding my thoughts on this…

Categories: General Tags:

JDeveloper installation failed on Windows 8.1

August 9, 2015 Leave a comment

Jdeveloper installation is failing on Windows 8.1 which has McAfee Antivirus installed on it.

During the Installation Progress step – It fails at the Copy step with the below error:

  • oracle.sysman.oii.oiif.oiifb.OiifbEndIterateException: Failed to transform C:\oracletest\oui\bin\ to C:\oracletest\oui\bin\ Couldn’t rename temporary file: C:\oracletest\oui\bin\fixcrlf-6500337599052744610
  • Failed to transform C:\oracletest\oui\bin\ to C:\oracletest\oui\bin\ Couldn’t rename temporary file: C:\oracletest\oui\bin\fixcrlf-6500337599052744610

To work this out:

Click on the McAfee icon from the task bar and go to Manage Security. Turn off the Firewall for 15 mins and try the installation again.

It works!

Categories: General

Finance Terminologies

August 4, 2015 Leave a comment

Here and then I come across many domain related terminologies when going through news or stocks site and always spend sometime to know what it is. I felt it is good to capture these inputs for future reference.

This is just a start, will keep updating this…

Foreign Direct Investment(FDI) –

  • Greenfield Investment
  • Brownfield Investment

Do you think Offshore Development by IT companies comes under FDI?

Most of the FDI investments in India are from Mauritius and Singapore.

Export Letter of Credit –

Import Letter of Credit –

Bill of Lading

Bid Bond

Performance Bond

Payment Bond

Credit Risk

Legal Risk

Bank Guarantee

Categories: General

Oracle SOA: All the activities in BPEL are successful, but the BPEL process shows as failed

The below writing addresses the following issues:

1. All the activities in BPEL are successful, but the BPEL process failed.

2. The invoke activity on a external service has got response, but in SOA it is recorded as failed.

In my case, Invoke activity has called an external service and it took more than the transaction time out that is specified. When it tries to update the state in SOA, it errors out as the current state already got invalidated.

Error message from logs:
The action “update action” cannot be performed on the instance “30208” because of its current state (“unknown”).
The current instance state did not allow the requested action to be performed.
Consult the product documentation for a list of all the permissible actions that can be performed on an instance when it is in the “unknown” state.
, Cikey=30208, FlowId=30025, Current Activity Key=30208-BpInv3-BpSeq6.9-3, Current Activity Label=InvokeUdsLoader, ComponentDN=<COMPOSITE_NAME>!2.0*soa_c3ac83a7-3548-46e7-a06c-7afb154b348f/<BPEL_NAME>


Change the JTA transaction timeout:

  1. Log in to Oracle WebLogic Server Administration Console.
  2. In the Domain Structure, select Services > JTA
  3. Increase the JTA transaction timeout value to some higher value like 3600

After changing the transaction time-out it worked for me.

Unable to find valid certification path to requested target

Unable to find valid certification path to requested target

You see this error when certificate to access the secured web service is not properly configured or the certificate got expired. I got this error due to expired certificate.

Here are the steps that I followed to confirm whether the certificate is expired or not.
1. Download the certificate from the browser and see the validity of the certificate.
2. Double click on the certificate, it opens a pop up. Go to the Certificate - Details tab, check the attribute - Authority Key Identifier and the value associated to it.
3. As I have got certificate already added to my trust store, run the below command to list all the certificates from the trust store:
$ ./keytool -list -v -keystore trustfile.jks
Note: keytool is an utility to work with the key store, which is available under jdk bin folder.
As this command lists all the keys in the store. Check the key identifier for the one that you are interested in and match to the one from step - 2.

Now, its time to replace the expired certificate with the latest one.

1. Delete the old certificate from the trust store.
$ ./keytool -delete -noprompt -alias <alias name for the certificate> -keystore trustfile.jks -storepass <password>
2. Copy the certificate content by opening the downloaded certificate in notepad and save that as .pem file.
3. Import the new certificate into the trust store with the below command

$ ./keytool -import -file /u01/jdk1.7.0_55/bin/cert_files/CLAIMSEARCHGWA.pem -alias <give some alias name to the certificate> -keystore trustfile.jks -storepass <store password> -keypass <key password>

Follow the below link if you want to know what is trust store and key store: