├── .gitignore
├── README.md
└── images
    ├── Image_ContinuousIntegration.png
    ├── image_Dev_QA_Stage_Prod.png
    ├── image_EventDriven_Microservice.png
    ├── image_LoadBalancer_Caching.png
    ├── image_LoadBalancer_Simple.png
    ├── image_Microservices_Scalability.png
    ├── image_Monolith_vs_Microservice.png
    └── image_TDD_Red_Green_Refactor.png


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Compiled class file
 2 | *.class
 3 | 
 4 | # Log file
 5 | *.log
 6 | 
 7 | # BlueJ files
 8 | *.ctxt
 9 | 
10 | # Mobile Tools for Java (J2ME)
11 | .mtj.tmp/
12 | 
13 | # Package Files #
14 | *.jar
15 | *.war
16 | *.ear
17 | *.zip
18 | *.tar.gz
19 | *.rar
20 | *.cmd
21 | *.classpath
22 | *.settings
23 | *.project
24 | *.mvn
25 | mvnw
26 | target
27 | *.DS_Store
28 | 
29 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
30 | hs_err_pid*
31 | bin
32 | .settings
33 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
   1 | # Java Technology for Beginners
   2 | 
   3 | In my 15 years of designing and developing more than 100 java web applications, I have learnt that techies love coining new terminologies. They are great as we don't need to explain each time but imagine the state of a beginning programmer or a non techie - a Tester or Business Analyst or your Product Owner. They hardly understand them. This guide is to demystify these terms through videos! 
   4 | 
   5 | As I find time, I will create more videos. Request some patience :) 
   6 | 
   7 | If you think, I'm missing an important topic, shoot an email or create a pull request!
   8 | 
   9 | If you have a great video for one of these topics, which does not have a video attached, submit a pull request!
  10 | 
  11 | ## Presentation Template
  12 | - https://app.mindmup.com/map/_free/ff0bce00baa611e6ae8525496545fc76
  13 | 
  14 | ## Keep Learning Every Day
  15 | - **1:** [FOLLOW](https://links.in28minutes.com/lin) Ranga on LinkedIn
  16 | 
  17 | ## Check Out Our Amazing ROADMAPS
  18 | - **1:** [AWS Roadmap](https://github.com/in28minutes/roadmaps/blob/main/README.md#aws-roadmap)
  19 | - **2:** [Azure Roadmap](https://github.com/in28minutes/roadmaps/blob/main/README.md#azure-roadmap)
  20 | - **3:** [Google Cloud Roadmap](https://github.com/in28minutes/roadmaps/blob/main/README.md#google-cloud-roadmap)
  21 | - **4:** [Cloud Beginner Roadmap](https://github.com/in28minutes/roadmaps/blob/main/README.md#cloud-beginner-roadmap)
  22 | - **5:** [DevOps Roadmap](https://github.com/in28minutes/roadmaps/blob/main/README.md#devops-roadmap)
  23 | - **6:** [Java Full Stack Roadmap](https://github.com/in28minutes/roadmaps/blob/main/README.md#java-full-stack-roadmap)
  24 | - **7:** [Java Microservices Roadmap](https://github.com/in28minutes/roadmaps/blob/main/README.md#java-microservices-roadmap)
  25 | 
  26 | 
  27 | 
  28 | 
  29 | 
  30 | 
  31 | ## Languages/Frameworks/Data Formats
  32 | - Java
  33 |  - Spring
  34 |  	- Spring Boot
  35 |  	- Spring MVC
  36 |  	- Spring Data
  37 |  	- Spring Data Flow
  38 |  	- Spring Data Rest
  39 |  	- Spring Cloud
  40 |  	- Spring Batch
  41 |  	- Spring Initializr
  42 |  	- Spring Security
  43 |  	- Spring HATEOAS
  44 |  	- Spring Integration
  45 |  - Unit Testing 
  46 |  	- JUnit
  47 |  	- Mockito
  48 |  	- EasyMock
  49 |  	- PowerMock
  50 |  	- Cobertura
  51 |  	- Emma
  52 |  - Database
  53 |  	- Hibernate
  54 |  	- iBatis
  55 |  - Rest Services
  56 |  	- Jersey Framework
  57 |  	- Play Framework
  58 |  	- Spring REST (actually Spring MVC)
  59 |  - Others 
  60 |  	- Quartz
  61 |  	- Guava
  62 |  	- Guice
  63 |  	- EhCache
  64 |  	- Drools
  65 |  	- Apache Commons
  66 | - JavaScript
  67 |  - NodeJS
  68 |  - JQuery
  69 |  - AngularJS
  70 |  - Ember.js
  71 |  - React.js
  72 |  - Redux
  73 |  - ECMAScript
  74 | - CSS
  75 |  - Bootstrap
  76 | - Formats
  77 |  - XML
  78 |  - XPath
  79 |  - JSON
  80 |  - SOAP
  81 |  - Swagger
  82 |  - Spring Rest Docs
  83 | - Others
  84 |  - jHipster
  85 |  
  86 | ## Java
  87 | - JDK
  88 | - JVM
  89 | - JRE
  90 | - JAR
  91 | - WAR
  92 | - EAR
  93 | - Classloader
  94 | - Annotations
  95 | - Platform Independence
  96 | 
  97 | ## Concepts
  98 | - OOPS
  99 |  - Interface
 100 |  - Inheritance
 101 |  - Abstract Class
 102 |  - Coupling
 103 |  - Cohesion
 104 |  - Encapsulation
 105 |  - Polymorphism
 106 |  - Abstraction
 107 | - Mocking and Mock objects
 108 | - Dependency Management
 109 | - Readable Code
 110 | - Dependency Injection
 111 | - Inversion of Control
 112 | - Synchronization
 113 | - Logging
 114 | - Caching
 115 | - Exception Handling
 116 | - Cross Cutting Concerns
 117 | - Aspect Oriented Programming (AOP)
 118 | - Spring
 119 |  - Autowiring
 120 |  - Component Scan
 121 |  - Application Context
 122 | 
 123 | ## Practices
 124 | - Coding Standards
 125 | - Code Review
 126 | - Refactoring
 127 | - Pair Programming
 128 | - Unit Testing
 129 | - Automation Testing
 130 | - Load Testing
 131 | - User Acceptance Testing (UAT)
 132 | - Test Driven Development (TDD)
 133 | - Behavior Driven Development (BDD)
 134 | - Acceptance Test Driven Development (ATDD)
 135 | - Continuous Integration (CI)
 136 | - Continuous Delivery (CD)
 137 | - DevOps
 138 | 
 139 | ## Terminologies
 140 | - Cloud
 141 | - Big Data
 142 | - Microservices
 143 |  - Cloud Native Applications
 144 |  - 12 factor app
 145 |  - Micro front-end
 146 |  - HATEOAS
 147 | - Functional Programming
 148 | - Reactive Programming
 149 | - In memory Database
 150 | - SPA (Single Page Application)
 151 | - Code Quality
 152 | - Technical Debt
 153 | - Code Coverage
 154 | - Legacy Code
 155 | - Tech Design
 156 | - Evolutionary Design
 157 | - Code First
 158 | - Contract First
 159 | - Web Service
 160 | - RESTful Web Service
 161 | - Static Code Analysis (Security)
 162 | - Vertical Slice
 163 | - Internationalization or Localization
 164 | - Transaction Management
 165 | - NFR (Non Functional Requirements)
 166 |  - Authentication 
 167 |  - Authorization
 168 |  - Performance
 169 |  - Scalability
 170 |  	- Load Balancing
 171 |  - Availability
 172 |  - Resilience
 173 |  - Maintainability
 174 |  - Portability
 175 |  - Security
 176 |  	- Cross Site Scripting (XSS)
 177 |  	- SQL Injection
 178 | - Containerization
 179 | 
 180 | ## Java EE
 181 | - http://www.oracle.com/technetwork/java/javaee/tech/index.html
 182 | - Batch Applications for the Java Platform - JSR 352
 183 | - Contexts and Dependency Injection for Java 1.1 - JSR 346
 184 | - Dependency Injection for Java 1.0 - JSR 330
 185 | - Java Persistence 2.1 - JSR 338
 186 | - Java Message Service API 2.0 - JSR 343
 187 | - Java Transaction API (JTA) 1.2 - JSR 907
 188 | - Java API for RESTful Web Services (JAX-RS) 2.0 - JSR 339
 189 | - Java API for XML-Based Web Services (JAX-WS) 2.2 - JSR 224
 190 | - Java Authentication Service Provider Interface for Containers 1.1 - JSR 196
 191 | - Java Architecture for XML Binding (JAXB) - JSR 222
 192 | - Java Database Connectivity 4.0 - JSR 221
 193 | - Java Management Extensions (JMX) 2.0 - JSR 003
 194 | - JSTL
 195 | 
 196 | ## Design
 197 | - Design Patterns
 198 | - 4 Principles of Simple Design
 199 | - SOLID principles
 200 | - UML
 201 | 
 202 | ## Tools
 203 | - IDE
 204 |  - Eclipse
 205 |  - NetBeans
 206 |  - Intellij
 207 | - Code Quality
 208 |  - SonarQube
 209 |  - CheckStyle
 210 |  - PMD
 211 |  - Findbugs
 212 | - Application/Web/Http Servers
 213 |  - Tomcat
 214 |  - WebSphere
 215 |  - Weblogic
 216 |  - Lightweight
 217 |   - Jetty
 218 |   - Undertow
 219 | - API Gateways
 220 | - Distributed Cache
 221 |  - Hazelcast
 222 | - Databases
 223 |  - In memory
 224 |  	- H2
 225 |  	- HSQL
 226 |  - Big Data
 227 |  	- Mongo DB
 228 |  - Redis
 229 | - Build
 230 |  - Ant
 231 |  - Maven
 232 |  - Gradle
 233 |  - Nexus
 234 | - Message Brokers
 235 |  - Kafka
 236 | - Performance
 237 |  - jProfiler
 238 |  - VisualVM
 239 | - Productivity
 240 |  - jRebel 
 241 | - Continuous Integration
 242 |  - Jenkins
 243 | - Automation Testing
 244 |  - Selenium
 245 | - Integration
 246 |  - Camel
 247 |  - Spring Integration
 248 |  - ESB
 249 | - BDD
 250 |  - Cucumber
 251 | - Version Control
 252 |  - Git
 253 |  - Stash 
 254 |  - SVN
 255 | - Containerization
 256 |  - Docker
 257 |  - Kubernetes
 258 | - DevOps
 259 |  - Chef
 260 | - CMS
 261 | - Load Testing
 262 |  - JMeter
 263 | 
 264 | ## Processes
 265 | - Agile
 266 |  - Scrum
 267 | - Kanban
 268 | - Waterfall
 269 | 
 270 | ## Details
 271 | 
 272 | ### Spring
 273 | The Spring Framework is a Java platform that provides comprehensive infrastructure support for developing Java applications. Spring handles the infrastructure so you can focus on your application.
 274 | http://docs.spring.io/spring/docs/current/spring-framework-reference/html/overview.html
 275 | 
 276 | #### Video
 277 | COMING SOON..
 278 | 
 279 | #### What
 280 | - Lets Programmers focus on Business Logic
 281 | - Key feature is Dependency Management
 282 |  - Enables Testability
 283 | - Inversion of Control
 284 | - Application Context
 285 | 
 286 | #### Why
 287 | - Why is Unit Testing Important?
 288 |  - Loose Coupling
 289 |  - Testable Code
 290 | - Plumbing Code
 291 |  - JDBC
 292 |  - JMS
 293 | - Clean Architecture
 294 |  - Easy implementation of cross cutting concerns
 295 | - Architectural Flexibility
 296 |  - Integration with other frameworks
 297 | - Design Patterns
 298 | 
 299 | #### How
 300 | - Add a Maven Dependency
 301 | 
 302 | #### Best Practices
 303 | - Use Spring Initializr
 304 | - Consider Spring Boot
 305 | - Write Unit Tests
 306 | - Use BOM
 307 | - Use Maven or Gradle
 308 | 
 309 | #### Challenges
 310 | - Difficult for Starting Programmer to understand 
 311 | - Once You understand, you cannot stop using it!
 312 | 
 313 | #### What Else?
 314 | - Spring Modules https://github.com/in28minutes/SpringIn28Minutes/blob/master/Spring%20Tutorial%20For%20Beginners%20with%20Examples_v2.pdf
 315 | - Spring Projects http://spring.io/projects
 316 | - Spring Initializr https://start.spring.io
 317 | 
 318 | #### Course
 319 | https://www.udemy.com/course/spring-tutorial-for-beginners/
 320 | 
 321 | ### Spring Boot
 322 | Spring Boot makes it easy to create stand-alone, production-grade Spring based Applications that you can "just run". We take an opinionated view of the Spring platform and third-party libraries so you can get started with minimum fuss. Most Spring Boot applications need very little Spring configuration.
 323 | http://projects.spring.io/spring-boot/
 324 | 
 325 | #### Video
 326 | COMING SOON.. Fingers crossed
 327 | 
 328 | #### What 
 329 | 
 330 | - Reduces effort in starting up a project
 331 |  - How long does it take to start a new project?
 332 |  - What do you do in Sprint 0?
 333 |  - Integrating Frameworks may be complex!
 334 |  - Configuration Management
 335 |  - Logging
 336 |  - Transaction Management
 337 |  - Error/ Exception Handling
 338 |  - Monitoring & Health Checks
 339 |  - Integrate Unit Testing and Mocking Frameworks
 340 |  - Migrating to different version is tough
 341 |   - Incompatible Jars - Jar Hell
 342 |   - Which version of other frameworks (Hibernate etc..) to upgrade to?
 343 | 
 344 | #### Why
 345 | - Reduce start up time of a project
 346 | - Microservice Architecture!
 347 |  - No of small projects increase exponentially
 348 | - Starter Projects make integration with other frameworks easy
 349 |  - spring-boot-starter-web-services - Starter for using Spring Web Services
 350 |  - spring-boot-starter-web - Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container
 351 |  - spring-boot-starter-test - Starter for testing Spring Boot applications with libraries including JUnit, Hamcrest and Mockito
 352 |  - spring-boot-starter-hateoas - Starter for building hypermedia-based RESTful web application with Spring MVC and Spring HATEOAS
 353 |  - spring-boot-starter-jersey - Starter for building RESTful web applications using JAX-RS and Jersey. An alternative to spring-boot-starter-web
 354 |  - spring-boot-starter-security - Starter for using Spring Security
 355 |  - spring-boot-starter-data-jpa - Starter for using Spring Data JPA with Hibernate
 356 |  - spring-boot-starter-data-rest - Starter for exposing Spring Data repositories over REST using Spring Data REST
 357 | - Developer Tools
 358 |  - Easy to debug and hot deploy!
 359 |  
 360 | #### How
 361 | - Spring Initializr https://start.spring.io
 362 | 
 363 | #### Challenges
 364 | - You need to understand Spring to solve problems
 365 | - Standardize a little before you use Spring Boot in all your microservices
 366 | - Make sure to put right security around Actuator
 367 | 
 368 | ##### Deployment & Scalability
 369 | - Can be deployed to Cloud Services easily.
 370 | 
 371 | #### Course
 372 | ADD_LATER
 373 | 
 374 | ### Spring MVC
 375 | 
 376 | #### Video
 377 | https://www.youtube.com/watch?v=BjNhGaZDr0Y
 378 | 
 379 | #### What
 380 | - Great MVC & Rest Services Framework
 381 | - Loosely Coupled Design
 382 | - Support for multiple view technologies
 383 | - Integrates well with all popular frameworks
 384 | 
 385 | #### Course
 386 | ADD_LATER
 387 | 
 388 | ### Spring Data Rest
 389 | Spring Data REST is part of the umbrella Spring Data project and makes it easy to build hypermedia-driven REST web services on top of Spring Data repositories. http://projects.spring.io/spring-data-rest/
 390 | org.springframework.boot:spring-boot-starter-data-rest
 391 | 
 392 | #### Video
 393 | COMING SOON
 394 | 
 395 | #### What
 396 | - Expose Services from your Data without a lot of code
 397 | - Supports SQL based and No SQL based databases
 398 | - Pagination
 399 | - Filtering
 400 | - Sorting
 401 | - HATEOAS
 402 | - defaultPageSize
 403 | 
 404 | #### Why
 405 | - Simple Projects want to quickly expose Rest Services
 406 | 
 407 | #### How
 408 | - Simplest way is to use the Spring Boot Starter Project
 409 | 
 410 | #### Challenges
 411 | - Not recommended for Complex Applications 
 412 | 
 413 | #### Example Code
 414 | \pom.xml
 415 | ```
 416 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 417 | 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 418 | 	<modelVersion>4.0.0</modelVersion>
 419 | 	<groupId>com.in28minutes</groupId>
 420 | 	<artifactId>spring-data-rest-example</artifactId>
 421 | 	<version>0.0.1-SNAPSHOT</version>
 422 | 	<parent>
 423 | 		<groupId>org.springframework.boot</groupId>
 424 | 		<artifactId>spring-boot-starter-parent</artifactId>
 425 | 		<version>1.4.2.RELEASE</version>
 426 | 	</parent>
 427 | 
 428 | 	<properties>
 429 | 		<java.version>1.7</java.version>
 430 | 	</properties>
 431 | 
 432 | 	<dependencies>
 433 | 		<dependency>
 434 | 			<groupId>org.springframework.boot</groupId>
 435 | 			<artifactId>spring-boot-starter-data-rest</artifactId>
 436 | 		</dependency>
 437 | 
 438 | 		<dependency>
 439 | 			<groupId>org.springframework.boot</groupId>
 440 | 			<artifactId>spring-boot-starter-data-jpa</artifactId>
 441 | 		</dependency>
 442 | 
 443 | 		<dependency>
 444 | 			<groupId>com.h2database</groupId>
 445 | 			<artifactId>h2</artifactId>
 446 | 		</dependency>
 447 | 
 448 | 	</dependencies>
 449 | 
 450 | 	<build>
 451 | 		<plugins>
 452 | 			<plugin>
 453 | 				<groupId>org.springframework.boot</groupId>
 454 | 				<artifactId>spring-boot-maven-plugin</artifactId>
 455 | 			</plugin>
 456 | 		</plugins>
 457 | 	</build>
 458 | 
 459 | 	<repositories>
 460 | 		<repository>
 461 | 			<id>spring-releases</id>
 462 | 			<url>https://repo.spring.io/libs-release</url>
 463 | 		</repository>
 464 | 	</repositories>
 465 | 	<pluginRepositories>
 466 | 		<pluginRepository>
 467 | 			<id>spring-releases</id>
 468 | 			<url>https://repo.spring.io/libs-release</url>
 469 | 		</pluginRepository>
 470 | 	</pluginRepositories>
 471 | </project>
 472 | ```
 473 | \src\main\java\com\in28minutes\Application.java
 474 | ```
 475 | package com.in28minutes;
 476 | 
 477 | import org.springframework.boot.SpringApplication;
 478 | import org.springframework.boot.autoconfigure.SpringBootApplication;
 479 | 
 480 | @SpringBootApplication
 481 | public class Application {
 482 | 
 483 | 	public static void main(String[] args) {
 484 | 		SpringApplication.run(Application.class, args);
 485 | 	}
 486 | }
 487 | ```
 488 | \src\main\java\com\in28minutes\data\Todo.java
 489 | ```
 490 | package com.in28minutes.data;
 491 | 
 492 | import javax.persistence.Entity;
 493 | import javax.persistence.GeneratedValue;
 494 | import javax.persistence.GenerationType;
 495 | import javax.persistence.Id;
 496 | 
 497 | @Entity
 498 | public class Todo {
 499 | 
 500 | 	@Id
 501 | 	@GeneratedValue(strategy = GenerationType.AUTO)
 502 | 	private long id;
 503 | 
 504 | 	private String user;
 505 | 
 506 | 	private String desc;
 507 | 
 508 | 	private boolean isDone;
 509 | 
 510 | 	public long getId() {
 511 | 		return id;
 512 | 	}
 513 | 
 514 | 	public String getUser() {
 515 | 		return user;
 516 | 	}
 517 | 
 518 | 	public void setUser(String user) {
 519 | 		this.user = user;
 520 | 	}
 521 | 
 522 | 	public String getDesc() {
 523 | 		return desc;
 524 | 	}
 525 | 
 526 | 	public void setDesc(String desc) {
 527 | 		this.desc = desc;
 528 | 	}
 529 | 
 530 | 	public boolean isDone() {
 531 | 		return isDone;
 532 | 	}
 533 | 
 534 | 	public void setDone(boolean isDone) {
 535 | 		this.isDone = isDone;
 536 | 	}
 537 | 
 538 | 	@Override
 539 | 	public String toString() {
 540 | 		return String.format(
 541 | 				"Todo [id=%s, user=%s, desc=%s, isDone=%s]",
 542 | 				id, user, desc, isDone);
 543 | 	}
 544 | 
 545 | }
 546 | ```
 547 | \src\main\java\com\in28minutes\data\TodoRepository.java
 548 | ```
 549 | package com.in28minutes.data;
 550 | 
 551 | import java.util.List;
 552 | 
 553 | import org.springframework.data.repository.PagingAndSortingRepository;
 554 | import org.springframework.data.repository.query.Param;
 555 | import org.springframework.data.rest.core.annotation.RepositoryRestResource;
 556 | 
 557 | @RepositoryRestResource(collectionResourceRel = "todos", path = "todos")
 558 | public interface TodoRepository
 559 | 		extends PagingAndSortingRepository<Todo, Long> {
 560 | 
 561 | 	List<Todo> findByUser(@Param("user") String user);
 562 | 
 563 | }
 564 | ```
 565 | 
 566 | 
 567 | #### Example Execution
 568 | ```
 569 | POST to http://localhost:8080/todos
 570 | Use Header => Content-Type:application/json
 571 | Request:
 572 | 
 573 | {
 574 |   "user": "Jill",
 575 |   "desc": "Learn Hibernate",
 576 |   "done": false
 577 | }
 578 | 
 579 | Response:
 580 | 
 581 | {
 582 |   "user": "Jill",
 583 |   "desc": "Learn Hibernate",
 584 |   "done": false,
 585 |   "_links": {
 586 |     "self": {
 587 |       "href": "http://localhost:8080/todos/1"
 588 |     },
 589 |     "todo": {
 590 |       "href": "http://localhost:8080/todos/1"
 591 |     }
 592 |   }
 593 | }
 594 | ```
 595 | http://localhost:8080/todos
 596 | ```
 597 | {
 598 |   "_embedded" : {
 599 |     "todos" : [ {
 600 |       "user" : "Jill",
 601 |       "desc" : "Learn Hibernate",
 602 |       "done" : false,
 603 |       "_links" : {
 604 |         "self" : {
 605 |           "href" : "http://localhost:8080/todos/1"
 606 |         },
 607 |         "todo" : {
 608 |           "href" : "http://localhost:8080/todos/1"
 609 |         }
 610 |       }
 611 |     } ]
 612 |   },
 613 |   "_links" : {
 614 |     "self" : {
 615 |       "href" : "http://localhost:8080/todos"
 616 |     },
 617 |     "profile" : {
 618 |       "href" : "http://localhost:8080/profile/todos"
 619 |     },
 620 |     "search" : {
 621 |       "href" : "http://localhost:8080/todos/search"
 622 |     }
 623 |   },
 624 |   "page" : {
 625 |     "size" : 20,
 626 |     "totalElements" : 1,
 627 |     "totalPages" : 1,
 628 |     "number" : 0
 629 |   }
 630 | }
 631 | ```
 632 | http://localhost:8080/todos/1
 633 | ```
 634 | {
 635 |   "user" : "Jill",
 636 |   "desc" : "Learn Hibernate",
 637 |   "done" : false,
 638 |   "_links" : {
 639 |     "self" : {
 640 |       "href" : "http://localhost:8080/todos/1"
 641 |     },
 642 |     "todo" : {
 643 |       "href" : "http://localhost:8080/todos/1"
 644 |     }
 645 |   }
 646 | }
 647 | ```
 648 | - http://localhost:8080/todos?user=Jill
 649 | - http://localhost:8080/todos/search/findByUser?user=Jill
 650 | 
 651 | ### Spring Cloud
 652 | Spring Cloud provides tools for developers to quickly build some of the common patterns in distributed systems http://projects.spring.io/spring-cloud/ 
 653 | 
 654 | #### Video
 655 | COMING SOON
 656 | 
 657 | #### What
 658 | - What is Cloud?
 659 | - Why Cloud?
 660 | - Features of Spring Cloud
 661 |  - Configuration management 
 662 |  - Service discovery
 663 |  - Circuit breakers
 664 |  - API Gateway
 665 |  - Routing
 666 | 
 667 | Projects
 668 | - Spring Cloud Config 
 669 | - Spring Cloud Netflix : Integrates with Netflix OSS components (Eureka, Hystrix, Zuul...)
 670 | - Spring Cloud Security : OAuth2 rest client support.
 671 | - Spring Cloud Data Flow : Orchestration service for microservice. Create microservice based data pipelines using
 672 |  - DSL
 673 |  - Drag-and-drop GUI
 674 |  - REST-APIs 
 675 | 
 676 | #### Why
 677 | - Cloud Native Applications vs Micro Services
 678 |  - Dynamic deployment to cloud needs a lot of automation
 679 |  
 680 | #### How
 681 | - Spring Boot Starter Project
 682 | 
 683 | #### Challenges
 684 | - Its still a young evolving set of projects. Experience of Netflix is surely a good thing.
 685 | 
 686 | ### Spring Batch
 687 | A lightweight, comprehensive batch framework designed to enable the development of robust batch applications vital for the daily operations of enterprise systems. 
 688 | http://projects.spring.io/spring-batch/
 689 | 
 690 | #### Video
 691 | Coming Soon
 692 | 
 693 | #### Why
 694 | - Restartability : Easy to restart a batch program from where it failed
 695 | - Different Readers and Writers : Provides great support to read from JMS, JDBC, Hibernate, iBatis etc. It can write to JMS, JDBC, Hibernate and more.
 696 | - Chunk Processing : If we have 1 Million records to process, these can be processed in configurable chunks (1000 at a time or 10000 at a time).
 697 | - Easy to implement proper transaction management even when using chunk processing.
 698 | - Easy to implement parallel processing. With simple configuration, different steps can be run in parallel.
 699 | 
 700 | #### What
 701 | A Job in Spring Batch is a sequence of Steps. Each Step can be configured with
 702 | - next : next step to execute
 703 | - tasklet : task or chunk to execute. A chunk can be configured with a Item Reader, Item Processor and Item Writer.
 704 | - decision : Decide which steps need to executed.
 705 | 
 706 | A Job Launcher can be used to execute a Spring Batch Job. A job can be launched/scheduled in a web container as well.
 707 | - Each execution of a job is called a Job Instance. Each Job Instance is provided with an execution id which can be used to restart the job (if needed).
 708 | - Job can be configured with parameters which can be passed to it from the Job Launcher.
 709 | 
 710 | #### How
 711 | ```
 712 | <job id="job1">
 713 |     <split id="split1" task-executor="taskExecutor" next="step4">
 714 |         <flow>
 715 |             <step id="step1" parent="s1" next="step2"/>
 716 |             <step id="step2" parent="s2"/>
 717 |         </flow>
 718 |         <flow>
 719 |             <step id="step3" parent="s3"/>
 720 |         </flow>
 721 |     </split>
 722 |     <step id="step4" parent="s4"/>
 723 | </job>
 724 | ```
 725 | 
 726 | #### When
 727 | For Batch Programs
 728 | 
 729 | #### Best Practices
 730 | - Be careful about Exception Handling and Transaction Management
 731 | - Be as near to data as possible
 732 | - Allocate enough memory
 733 | - Stress test from the start of the project. Identify production data volumes and evolve the application to meet those needs.
 734 | 
 735 | #### What Else?
 736 | Spring Batch 3.0 supports JSR-352 -java specification for batch processing
 737 | 
 738 | ### Spring Initializr
 739 | Quick Start for Spring Projects. http://start.spring.io/
 740 | 
 741 | #### Video
 742 | Coming Soon....
 743 | 
 744 | #### What
 745 | - Choose Maven or Gradle
 746 | - Choose Version of Spring Boot
 747 | - Add all the stuff you want!
 748 | - Download the project
 749 | - Run... Thats it!!!
 750 | 
 751 | #### Why
 752 | - Awesome and Simple way to create Spring Boot Projects
 753 | - Supports more than 50 different frameworks
 754 | 
 755 | #### How
 756 | - Lets do a quick demo!
 757 | 
 758 | #### When
 759 | - Start of a project or when you want to do a quick prototype
 760 | 
 761 | ### Spring Security
 762 | Authentication and Authorization framework. (What is Authentication?) http://projects.spring.io/spring-security/ 
 763 | 
 764 | #### Video
 765 | Coming Soon..
 766 | 
 767 | #### What
 768 | - Great support for authentication and authorization
 769 | - Provides out of the box support to prevent session fixation, clickjacking and XSS 
 770 | 
 771 | #### Why
 772 | - Integrates well with Spring and Spring Boot Projects
 773 | - Proven Framework. You do not want to play with Authentication and Authorization.
 774 | - Great Integration with wide range of technologies
 775 |  - HTTP BASIC authentication headers
 776 |  - HTTP X.509 client certificate exchange
 777 |  - LDAP
 778 |  - Form based
 779 |  - JAAS
 780 | 
 781 | #### How
 782 | - org.springframework.security:spring-security-web
 783 | - Or use the spring security starter project!
 784 | 
 785 | #### Demo
 786 | Lets do a quick demo...
 787 | 
 788 | ### Spring HATEOAS
 789 | Spring support for HATEOAS (Hypermedia as Representation of Application State) http://projects.spring.io/spring-hateoas/
 790 | 
 791 | #### Video
 792 | 
 793 | #### What
 794 | - Create services that include HATEOAS links in the response..
 795 | - Create clients for services using HATEOAS
 796 | 
 797 | #### Why
 798 | #### How
 799 | #### When
 800 | #### Where
 801 | #### Best Practices
 802 | #### Challenges
 803 | #### Example
 804 | #### What Else?
 805 | #### Tips
 806 | #### Perspectives
 807 | ##### Code
 808 | ##### Test
 809 | ##### Design
 810 | ##### Architecture
 811 | ##### Management
 812 | ##### Deployment
 813 | ##### Operations
 814 | ##### Performance
 815 | ##### Scalability
 816 | ##### Maintainability
 817 | ##### Availability
 818 | ##### Security
 819 | #### Course
 820 | 
 821 | ### Topic
 822 | #### Video
 823 | #### What
 824 | #### Why
 825 | #### How
 826 | #### When
 827 | #### Where
 828 | #### Best Practices
 829 | #### Challenges
 830 | #### Example
 831 | #### What Else?
 832 | #### Tips
 833 | #### Perspectives
 834 | ##### Code
 835 | ##### Test
 836 | ##### Design
 837 | ##### Architecture
 838 | ##### Management
 839 | ##### Deployment
 840 | ##### Operations
 841 | ##### Performance
 842 | ##### Scalability
 843 | ##### Maintainability
 844 | ##### Availability
 845 | ##### Security
 846 | #### Course
 847 | 
 848 | ### Topic
 849 | #### Video
 850 | #### What
 851 | #### Why
 852 | #### How
 853 | #### When
 854 | #### Where
 855 | #### Best Practices
 856 | #### Challenges
 857 | #### Example
 858 | #### What Else?
 859 | #### Tips
 860 | #### Perspectives
 861 | ##### Code
 862 | ##### Test
 863 | ##### Design
 864 | ##### Architecture
 865 | ##### Management
 866 | ##### Deployment
 867 | ##### Operations
 868 | ##### Performance
 869 | ##### Scalability
 870 | ##### Maintainability
 871 | ##### Availability
 872 | ##### Security
 873 | #### Course
 874 | 
 875 | ### Topic
 876 | #### Video
 877 | #### What
 878 | #### Why
 879 | #### How
 880 | #### When
 881 | #### Where
 882 | #### Best Practices
 883 | #### Challenges
 884 | #### Example
 885 | #### What Else?
 886 | #### Tips
 887 | #### Perspectives
 888 | ##### Code
 889 | ##### Test
 890 | ##### Design
 891 | ##### Architecture
 892 | ##### Management
 893 | ##### Deployment
 894 | ##### Operations
 895 | ##### Performance
 896 | ##### Scalability
 897 | ##### Maintainability
 898 | ##### Availability
 899 | ##### Security
 900 | #### Course
 901 | 
 902 | ### Topic
 903 | #### Video
 904 | #### What
 905 | #### Why
 906 | #### How
 907 | #### When
 908 | #### Where
 909 | #### Best Practices
 910 | #### Challenges
 911 | #### Example
 912 | #### What Else?
 913 | #### Tips
 914 | #### Perspectives
 915 | ##### Code
 916 | ##### Test
 917 | ##### Design
 918 | ##### Architecture
 919 | ##### Management
 920 | ##### Deployment
 921 | ##### Operations
 922 | ##### Performance
 923 | ##### Scalability
 924 | ##### Maintainability
 925 | ##### Availability
 926 | ##### Security
 927 | #### Course
 928 | 
 929 | ### Topic
 930 | #### Video
 931 | #### What
 932 | #### Why
 933 | #### How
 934 | #### When
 935 | #### Where
 936 | #### Best Practices
 937 | #### Challenges
 938 | #### Example
 939 | #### What Else?
 940 | #### Tips
 941 | #### Perspectives
 942 | ##### Code
 943 | ##### Test
 944 | ##### Design
 945 | ##### Architecture
 946 | ##### Management
 947 | ##### Deployment
 948 | ##### Operations
 949 | ##### Performance
 950 | ##### Scalability
 951 | ##### Maintainability
 952 | ##### Availability
 953 | ##### Security
 954 | #### Course
 955 | 
 956 | 
 957 | ### Cloud
 958 | 
 959 | #### Video
 960 | Coming Soon
 961 | 
 962 | #### What
 963 | - Dynamic provisioning of resources (computing, network, servers, applications) on need.
 964 | 
 965 | #### Why
 966 | - Imagine a startup. Do you know how fast you will grow?
 967 | - Imagine a shopping company. Do you really need all the infrastructure you bought planning for the peak period (Black Friday, Holiday Season) during the lean periods of the year?
 968 | - Imagine applications for businesses have a year end peak period. What would the infrastructure be doing rest of the year?
 969 | 
 970 | #### Types
 971 | - Private
 972 | - Public
 973 | 
 974 | #### Advantages
 975 | - Agility 
 976 | - Cost reductions
 977 | - Scalability and elasticity 
 978 | - Reliability
 979 | 
 980 | #### How
 981 | - Make sure your applications are Cloud Native
 982 | - Choose a platform
 983 |  - Microsoft Azure
 984 |  - AWS
 985 |  - Google's Cloud Platform 
 986 | 
 987 | #### Best Practices
 988 | - 12 factor apps
 989 | 
 990 | #### Challenges
 991 | - Security
 992 | - Application Compatibility 
 993 | 
 994 | #### What Else?
 995 | - IaaS (Infrastructure as a Service)
 996 | - PAAS (Platform as a Service)
 997 | - SAAS (Software as a Service)
 998 | 
 999 | ### Big Data
1000 | 
1001 | #### Video
1002 | Coming Soon
1003 | 
1004 | #### What
1005 | - Large volumes of data
1006 |  - Few dozen terabytes to many petabytes of data
1007 | - Data Sources
1008 |  - Social Networking - Facebook, Twitter
1009 |  - Cameras
1010 |  - Software Logs
1011 | 
1012 | #### Why
1013 | - Faster, more intelligent decisions
1014 | - Business Trends
1015 | 
1016 | #### How
1017 | - Different Parts
1018 |  - Capture
1019 |  - Storage & Transfer
1020 |  - Search
1021 |  - Analysis
1022 |  - Visualization
1023 | 
1024 | #### Example
1025 | The Apache Hadoop software library is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Rather than rely on hardware to deliver high-availability, the library itself is designed to detect and handle failures at the application layer, so delivering a highly-available service on top of a cluster of computers, each of which may be prone to failures.
1026 | Modules
1027 | - Hadoop Common: The common utilities that support the other Hadoop modules.
1028 | - Hadoop Distributed File System (HDFS™): A distributed file system that provides high-throughput access to application data.
1029 | - Hadoop YARN: A framework for job scheduling and cluster resource management.
1030 | - Hadoop MapReduce: A YARN-based system for parallel processing of large data sets
1031 | 
1032 | ### Microservices
1033 | 
1034 | #### Video
1035 | Coming Soon
1036 | 
1037 | #### What
1038 | - Keep it Small - Small methods, Small classes, Small Components, Small Services, Small Deployable Units. 
1039 | - Microservices are another step in the direction of “Keep it Small”. Fundamental change is to keep the deployable unit small.
1040 | 
1041 | #### Why
1042 | - Many organizations found that embracing fine-grained, microservice architectures enable delivering software faster and adapt to new technologies. 
1043 | - Evolved from on the ground experiences at Netflix, eBay, Amazon, Groupon
1044 | 
1045 | #### Characteristics
1046 | - Small, Lightweight
1047 | - Loosely coupled service-oriented architectures with bounded contexts
1048 | - Bounded Scope, Limited Scope, Solve one problem well
1049 | - Interoperable with message based communication
1050 | - Independently deployable and testable services
1051 | - Building systems that are replaceable over being maintainable
1052 | - Smart endpoints and dump pipes
1053 |  
1054 | #### When
1055 | - When you are having problems taking your releases live!
1056 | 
1057 | #### Advantages
1058 | - Faster Time To Market
1059 | - Experimentation and Speed of innovation
1060 | - Team Autonomy
1061 | - Independent Teams
1062 | - Scaling
1063 | - High Tuning Ability
1064 | 
1065 | #### Challenges
1066 | - Identifying the right bounded contexts
1067 | - Challenges due to change in thinking towards event driven architectures
1068 | - Increased need for Automation
1069 | - More complex Monitoring & Application health management
1070 | - Fault Isolation
1071 |  - Correlation Ids
1072 | - Eventual Consistency through Standardization
1073 |  - Need to decide what you want to standardize and what you do not want to standardize.
1074 | 
1075 | #### Microservices vs SOA
1076 | SOA started with similar aims. Let’s highlight a couple of significant differences.
1077 | - However, as time passed, SOA is characterized by large product based implementations arounds ESBs. These ESBs became the magnet for all business logic and over a period of time became the bottleneck. 
1078 | - Microservices approach place additional focus on microservices being autonomous and independently deployable.
1079 | 
1080 | #### What Else?
1081 | - Spring Boot
1082 | - Spring Cloud
1083 | 
1084 | ### Cloud Native Applications
1085 | 
1086 | #### Video
1087 | Coming Soon
1088 | 
1089 | #### What
1090 | Applications which are easily deployable on cloud.
1091 | 
1092 | #### Challenges
1093 | - Visibility
1094 | - Fault Isolation
1095 | - Fault Tolerance
1096 | - Automated Recovery
1097 | 
1098 | #### Other useful stuff 
1099 | - DevOps
1100 | - Continuous Delivery
1101 | - Microservices - Bounded Context & Choreography
1102 | - Containerization
1103 | 
1104 | #### Best Practices
1105 | - 12 factors app
1106 |  - Codebase - One codebase tracked in revision control, many deploys
1107 |  - Dependencies - Explicitly declare and isolate dependencies
1108 |  - Config - Store config in the environment
1109 |  - Backing services - Treat backing services as attached resources
1110 |  - Build, release, run - Strictly separate build and run stages
1111 |  - Processes - Execute the app as one or more stateless processes
1112 |  - Port binding - Export services via port binding
1113 |  - Concurrency - Scale out via the process model
1114 |  - Disposability - Maximize robustness with fast startup and graceful shutdown
1115 |  - Dev/prod parity - Keep development, staging, and production as similar as possible
1116 |  - Logs - Treat logs as event streams
1117 |  - Admin processes - Run admin/management tasks as one-off processes
1118 | 
1119 | ###12 Factor App
1120 | A methodology for building modern, scalable, maintainable software-as-a-service apps. Originated from developers at Heroku.
1121 | 
1122 | #### Video
1123 | Coming Soon
1124 | 
1125 | #### What
1126 | - Best practices for Cloud native applications.
1127 | 
1128 | #### How
1129 | - 12 factors app
1130 |  - Codebase - One codebase tracked in revision control, many deploys
1131 |  - Dependencies - Explicitly declare and isolate dependencies
1132 |  - Config - Store config in the environment
1133 |  - Backing services - Treat backing services as attached resources
1134 |  - Build, release, run - Strictly separate build and run stages
1135 |  - Processes - Execute the app as one or more stateless processes
1136 |  - Port binding - Export services via port binding
1137 |  - Concurrency - Scale out via the process model
1138 |  - Disposability - Maximize robustness with fast startup and graceful shutdown
1139 |  - Dev/prod parity - Keep development, staging, and production as similar as possible
1140 |  - Logs - Treat logs as event streams
1141 |  - Admin processes - Run admin/management tasks as one-off processes
1142 | 
1143 | #### Related Topics
1144 | - Cloud Native Applications
1145 | 
1146 | ### Micro Frontend
1147 | Microservices With Front-End
1148 | 
1149 | #### Video
1150 | Coming Soon
1151 | 
1152 | #### Why
1153 | - Backend teams can't deliver business value without the frontend being updated
1154 | - Needs communication between frontend and backend teams
1155 |  
1156 | #### What
1157 | A new approach to developing microservices, with both front-end and back-end included.
1158 | 
1159 | #### Advantages
1160 | - Easy to take live - since only one microservice needs to be deployed
1161 | - One team works end to end!
1162 | 
1163 | #### Challenges
1164 | - How to make sure that the individual frontends are consistent. Common Framework is an option. However the risk is the coupling a common framework might create
1165 | - Different UIs for different devices - Computer, Mobile, iPad etc.. 
1166 | 
1167 | ### HATEOAS
1168 | 
1169 | #### Video
1170 | Coming Soon
1171 | 
1172 | #### What
1173 | - Hypermedia as the Engine of Application State. 
1174 | - One of the important constraints of REST application architecture. 
1175 | - Any REST service should include contextual hypermedia links with the response.
1176 | 
1177 | #### Example
1178 | ```
1179 | {
1180 |   "_embedded" : {
1181 |     "todos" : [ {
1182 |       "user" : "Jill",
1183 |       "desc" : "Learn Hibernate",
1184 |       "done" : false,
1185 |       "_links" : {
1186 |         "self" : {
1187 |           "href" : "http://localhost:8080/todos/1"
1188 |         },
1189 |         "todo" : {
1190 |           "href" : "http://localhost:8080/todos/1"
1191 |         }
1192 |       }
1193 |     } ]
1194 |   },
1195 |   "_links" : {
1196 |     "self" : {
1197 |       "href" : "http://localhost:8080/todos"
1198 |     },
1199 |     "profile" : {
1200 |       "href" : "http://localhost:8080/profile/todos"
1201 |     },
1202 |     "search" : {
1203 |       "href" : "http://localhost:8080/todos/search"
1204 |     }
1205 |   },
1206 |   "page" : {
1207 |     "size" : 20,
1208 |     "totalElements" : 1,
1209 |     "totalPages" : 1,
1210 |     "number" : 0
1211 |   }
1212 | }
1213 | ```
1214 | 
1215 | XML Example
1216 | ```
1217 | <?xml version="1.0"?>
1218 | <account>
1219 |    <account_number>12345</account_number>
1220 |    <balance currency="usd">100.00</balance>
1221 |    <link rel="deposit" href="https://somebank.org/account/12345/deposit" />
1222 |    <link rel="withdraw" href="https://somebank.org/account/12345/withdraw" /> 
1223 |    <link rel="transfer" href="https://somebank.org/account/12345/transfer" />
1224 |    <link rel="close" href="https://somebank.org/account/12345/close" />
1225 |  </account>
1226 | ```
1227 | #### Why
1228 | - Less Coupling with URI Structures
1229 | 
1230 | #### Related Topics
1231 | - HAL (Hypertext Application Language) is a simple format that gives a consistent and easy way to hyperlink between resources in your API.
1232 | - Resources have:
1233 |  - Links
1234 |  - Embedded Resources - other resources contained within them
1235 |  - State - the actual resource data
1236 | - Links have:
1237 |  - A target (a URI)
1238 |  - A relation (a name)
1239 | 
1240 | Example
1241 | ``` 
1242 | {
1243 |     "links": {
1244 |         "self": { "href": "http://api.com/items" },
1245 |         "item": [
1246 |             { "href": "http://api.com/items/1" },
1247 |             { "href": "http://api.com/items/2" }
1248 |         ]
1249 |     "data": [
1250 |             {"itemName":"a"}, 
1251 |             {"itemName":"b"} 
1252 |      ] 
1253 | }
1254 | ```
1255 | ### Functional Programming
1256 | Should be driven with an Example!
1257 | 
1258 | ### Reactive Programming
1259 | Should be driven with an Example!
1260 | 
1261 | ### In memory Database
1262 | - IMDB or MMDB
1263 | - Main memory used as primary storage
1264 | 
1265 | #### Why?
1266 | - In unit testing scenarios, you do not want to depend on external resources like a database. In memory databases help us to launch a database in memory, populate the data, run the tests and verify the results.
1267 | - Quick Prototyping and Learning
1268 | 
1269 | #### What?
1270 | - Typically support a subset of the SQL (Structured Query Language) standard.
1271 | - Browser based console
1272 | 
1273 | #### Examples
1274 | - H2 http://www.h2database.com/html/main.html
1275 | - HSQL
1276 | 
1277 | #### How to use?
1278 | - Include a jar
1279 | - Point your datasource to the url
1280 | - Database is automatically created
1281 | 
1282 | #### Demo
1283 | - Quick demo - Spring JDBC Example?
1284 | 
1285 | ### SPA (Single Page Application)
1286 | - Load one page and dynamically update the page on user actions.
1287 | - Provides user experience similar to a desktop application.
1288 | - Typically use AJAX and HTML5
1289 | - Complete page is never reloaded!
1290 | 
1291 | #### Demo
1292 | - http://demos.telerik.com/kendo-ui/websushi
1293 | - Gmail, Twitter and Facebook!
1294 | 
1295 | #### How
1296 | Typical architectures involve 
1297 | - Building REST Services in the background! Java(most popular Spring Boot) or NodeJs
1298 | - Front-ends developed with frameworks like AngularJS, Ember.js, Meteor.js, ExtJS and React 
1299 | 
1300 | #### Advantages
1301 | - Improved User Experience
1302 | - Reduced load on servers because only parts of page are reloaded
1303 | - Leads to more microservice based architectures!
1304 | 
1305 | #### Challenges
1306 | - Needs completely different mindset!
1307 | 
1308 | #### How to Learn?
1309 | - Start developing a quick app with AngularJS with a stubbed/mocked backend!
1310 | 
1311 | ### Code Quality
1312 | Why duplicate? Reuse existing video?
1313 | 
1314 | ### Technical Debt
1315 | - Cost of not using the best possible design and standards.
1316 | - Or how much cost is involved in getting to a good design meeting all standards
1317 | - Martin Fowler "extra effort that we have to do in future development because of the quick and dirty design choice"
1318 | - Impossible to measure accurately
1319 | 
1320 | #### How is it measured?
1321 | - First thing: It cannot be measured perfectly! How do you find the technical debt because of wrong choice of technology, lack of common components, bad variable or method names.
1322 | - SonarQube - http://docs.sonarqube.org/display/SONARQUBE52/Technical+Debt
1323 |  - Measures technical debt against different Non Functional Requirements! Gives a SQALE rating!
1324 | 
1325 | #### Consequences
1326 | As the application becomes bigger, the productivity of the team goes down. You would notice that the velocity of the team comes down.
1327 |  
1328 | #### How to reduce Technical Debt?
1329 | - Simple Architecture (4 Principles of Simple Design)
1330 | - Continuous Refactoring
1331 | - Good Unit Tests 
1332 | - TDD
1333 | - Static Analysis
1334 | - Good Standards
1335 | - Peer Reviews
1336 | - Fingers crossed (Nobody can predict future architecture and when current architecture becomes obselete)
1337 | - Maintain a Technical Backlog
1338 | - Do a cleanup spring once in a while!
1339 | 
1340 | #### Challenges?
1341 | - How do you improve a project which already has a large Technical Debt? 
1342 |  - Identify potential areas of improvement 
1343 |  - Identify changes in the next 6 months
1344 |  - Write test for areas which are gonna be changed in the next 6 months
1345 |  - Refactor
1346 |  - Build the test base over a period of time
1347 |  
1348 | #### Best Practices
1349 | - Have Technical Debt as part of Definition of Done
1350 | - Measure Technical Debt from day one of the project!
1351 | 
1352 | ### Code Coverage
1353 | How much percentage of your source code is covered by unit tests?
1354 | 
1355 | #### Example
1356 | http://www.sonarqube.org/manage-code-coverage-by-unit-tests-with-sonar/
1357 | 
1358 | #### Why is it important?
1359 | - Unit Testing is one of the most important modern development practices.
1360 | - Good Unit Tests are there for ever! They catch defects in future!
1361 | - Systems with good unit tests improve over a period of time! Developers are not worried about breaking functionality. So, they continuously refactor!
1362 | 
1363 | #### Challenges
1364 |  - Not having proper asserts
1365 |  - Writing tests just for coverage!
1366 |  - Certains parts of the applications are not designed for unit testing
1367 |   - Old frameworks - Web and database especially
1368 | 
1369 | #### How to measure?
1370 | - SONAR
1371 | - Eclipse - Cobertura and EclEmma plugins
1372 | - Inbuilt in Intellij
1373 | 
1374 | #### Best Practices
1375 | - Have Code Coverage as part of Definition of Done
1376 | - Measure Code Coverage from day one of the project!
1377 | 
1378 | #### Related Topics
1379 | Unit Testing
1380 | Dependency Injection
1381 | In memory databases
1382 | 
1383 | ### Legacy Code
1384 | Make your choice
1385 | - Old Code!
1386 | - Code without Tests?
1387 | - Code with Lot of Technical Debt?
1388 | - Code with old out of date frameworks and languages?
1389 | 
1390 | #### Challenges
1391 | - Unexpected impact - Changing one part of application impacts another part
1392 | - Large code bases
1393 | - Large teams
1394 | - Long Release Cycles
1395 | 
1396 | #### Dealing with Legacy Code
1397 | - Refactor (atleast very important areas)
1398 | - Replace :)
1399 | - Have good code review process
1400 | - Introduce Static Analysis where possible
1401 | - Introduce Unit Testing where possible
1402 | - Measure Technical Debt
1403 | - Have Automated Regression Tests at least
1404 |  - Especially as writing good unit tests might be difficult
1405 | - Develop new functionality outside using new architecture and connect using services
1406 | 
1407 | #### Related Topics
1408 | - Refactoring
1409 | - Code Quality
1410 | 
1411 | ### Tech Design
1412 | - Lets not worry about it!
1413 | 
1414 | ### Evolutionary Design
1415 | In water fall model, we followed an approach where we architected and designed the entire system before we started coding. Evolution Design is using a combination of good tests and high level architecture base to drive you to a good design. You apply basic design principles (4 Principles of Simple Design) and continuously refactor your code ensuring good design emerges. Uses an iterative approach.
1416 | At each pass - add, refactor and test 
1417 | 
1418 | #### Advantages
1419 | - Avoids over design
1420 | - Avoids designing for some future feature which never materializes
1421 | - Continuous & Immediate feedback as we are not waiting for all design to complete before we deliver value to customer
1422 | 
1423 | #### Challenges
1424 | - Need clear separation between Design and Architecture
1425 | - Need skilled and experienced developers/architects to guide and govern
1426 | - Needs Continuous Integration
1427 | - Needs high focus on tests. If tests are not good, design cannot evolve as developers are reluctant to make changes!
1428 | 
1429 | #### Best Practices
1430 | - Use TDD
1431 | - Use Continuous Integration
1432 | 
1433 | #### How to Learn?
1434 | - Good Question. Experience it to learn it. Pair with Good Programmers.
1435 | 
1436 | ### Code First
1437 | When we develop any service, we have two approaches
1438 | - Code First
1439 | - Contract First
1440 | 
1441 | In Code First approach we write the code for the service first and generate the contract for the service from code!
1442 | 
1443 | #### Examples 
1444 | Swaggerizing Spring Boot Services
1445 | Generating WSDL from Web Service Code
1446 | 
1447 | #### Demo
1448 | Exposing Swagger contract from REST Services
1449 | 
1450 | #### Advantages
1451 | - Does not need additional effort to create the contract!
1452 | - Contract and Code always in sync!
1453 | 
1454 | #### Disadvantages
1455 | - Makes it difficult to develop in parallel!
1456 | - Teams do not know the target! As contract is not agreed ahead of time, teams might make more changes than necessary.
1457 | - In old frameworks, sometimes the generated contract was not compatiable across platforms!
1458 | - How do we support versioning?
1459 | 
1460 | #### Move from WSDL to JSON REST Services
1461 | - Makes it more difficult to make a choice
1462 | - Tools are evolving. Today some of the disadvantages of Code First have alternatives. 
1463 | 
1464 | ### Contract First
1465 | When we develop any service, we have two approaches
1466 | - Code First
1467 | - Contract First
1468 | 
1469 | In Contract First approach we agree on the contract for the service first. We write code based on the contract.
1470 | 
1471 | #### Advantages
1472 | - Teams can develop in parallel!
1473 | - Teams know what to expect. Can use some stub framework to mock the service based on the contract.
1474 | - Cross Platform Compatible
1475 | - Enables reuse of Schemas
1476 | 
1477 | #### Disadvantages
1478 | - Some initial additional effort
1479 | - Needs some effort to ensure that the updated contracts are shared as when needed
1480 | 
1481 | #### Move from WSDL to JSON REST Services
1482 | - Makes it more difficult to make a choice
1483 | - Tools are evolving. Today some of the disadvantages of Code First have alternatives. 
1484 | 
1485 | ### Web Service
1486 | - Everything on the web is a web service! 
1487 | - Fundamental to SOA and Microservice approaches.
1488 | 
1489 | #### Example
1490 | - You send a request to Google.com. Google.com responds with HTML. Browser renders it.
1491 | ![Example Web Service](http://3.bp.blogspot.com/-RSSyK3JhGhw/VVTOQyaX2jI/AAAAAAAAAL8/BZL6jYEZXL4/s640/WebService_BrowserGoogle.png)
1492 | 
1493 | #### Some Terminologies
1494 | - Service Provider : Google.com is the service provider. Handles the request and sends a response back.
1495 | - Service Consumer : Browser is the service consumer. Creates Request. Invokes Service. Processes the Response.
1496 | - Data Exchange Format : In this example, Data Exchange is done over HTTP protocol. Request is HTTP request and Response is HTTP Response. Data exchange format can be something else as well. XML (in case of SOAP web services) and JSON (most RESTful services).
1497 | - Contract : Agreement to the definition of a service.
1498 | 
1499 | #### Types of Webservices
1500 | - SOAP : Simple Object Access Protocol
1501 | - REST : RESTful Web services
1502 | 
1503 | #### Advantages
1504 | - Re-use : Web services avoid the need to implement business logic repeatedly. If we expose a web service, other applications can re-use the functionality
1505 | - Modularity : For example, tax calculation can be implemented as a service and all the applications that need this feature can invoke the tax calculation web service. Leads to very modular application architecture.
1506 | - Language Neutral : Web services enable communication between systems using different programming languages and different architectures. For example, following systems can talk with each other : Java, .Net, Mainframes etc.
1507 | - Web Services are the fundamental blocks of implementing Service Oriented Architecture in an organization.
1508 | 
1509 | #### Approaches to developing web services
1510 | - Contract First vs Code First
1511 | - SOAP vs REST
1512 |  - REST is winning the race. Lightweight. With JSON, more options for consumers.
1513 | - HTTP vs JMS vs AMQP vs...
1514 |  - As we move towards Microservices with event driven architectures, AMQP is getting more popular as a means of programming language neutral asynchronous communication approach. 
1515 | - Defining Contracts
1516 |  - WSDL for SOAP Services
1517 |  - Swagger/RestDocs for RESTful JSON Services
1518 | 
1519 | #### Best Practices
1520 | - Keep your contracts programming language neutral
1521 | - Follow contract first
1522 | - JSON based RESTful services are emerging as a popular approach. They are lightweight and consumable from browser and mobile apps.
1523 | 
1524 | #### Demo
1525 | - Let run a web service and call it using Postman?
1526 | 
1527 | ### SOAP Web Services
1528 | - Refer web service section above for understanding what a web service is.
1529 | - In SOAP web services, data exchange (request and responses) happens using SOAP format. SOAP is based on XML.
1530 | 
1531 | #### SOAP
1532 | - SOAP is a platform independent messaging protocol. Allows communication between disparate operation systems. For example, a system using Windows can talk to as sytem using UNIX using services built using SOAP protocol.
1533 | - SOAP format defines a SOAP-Envelope which envelopes the entire document. SOAP-Header (optional) contains any information needed to identify the request. Also, part of the Header is authentication, authorization information (signatures, encrypted information etc). SOAP-Body contains the real xml content of request or response.
1534 | - All the SOAP web services use this format for exchanging requests and responses. In case of error response, server responds back with SOAP-Fault.
1535 | ![SOAP Web Services](http://4.bp.blogspot.com/-DyySh3d6XUs/VVTOTSlv3RI/AAAAAAAAAMQ/MGYhbgtYuo4/s640/WebService_SoapMessge.png)
1536 | 
1537 | #### Steps in creating a SOAP Web Service
1538 | - Define a Contract
1539 | - Create Service Provider
1540 | - Create Service Consumer
1541 | 
1542 | #### How it works
1543 | Request/Response  Client Side	                        Server Side
1544 | Request           (1)Java Object => SOAP Request XML ----o------->  (2)SOAP Request XML => C# Object
1545 | Response           (4)Java Object <= SOAP Response XML <----o----- (3) SOAP Response XML <= C#Object
1546 | 
1547 | - Structure of Request and Response XML are defined in WSDL
1548 | - Converting Java object to SOAP xml. This is called Marshalling.
1549 | - Converting SOAP xml to Java object. This is called Unmarshalling.
1550 | JAXB and XMLBeans are frameworks which enable use to do marshalling and unmarshalling easily.
1551 | 
1552 | #### Security
1553 | - At transport level, SSL is used to exchange certificates (HTTPS). This ensures that the server (service producer) and client (service consumer) are mutually authenticated. It is possible to use one way SSL authentication as well.
1554 | - At the application level, security is implemented by transferring encrypted information (digital signatures, for example) in the message header (SOAP Header). This helps the server to authenticate the client and be confident that the message has not been tampered with.
1555 | 
1556 | #### Demo
1557 | - Let run a web service and call it using Postman?
1558 | 
1559 | ### REST Web Services
1560 | - There are a set of architectural constraints called REST Constraints. Any service which satisfies these constraints is called RESTful Web Service.
1561 | - There are a lot of misconceptions about REST Web Services : They are over HTTP , based on JSON etc. Yes : More than 90% of RESTful Web Services are JSON over HTTP. But these are not necessary constraints. We can have RESTful Web Services which are not using JSON and which are not over HTTP.
1562 | 
1563 | #### RESTful Constraints
1564 | The five important constraints for RESTful Web Service are
1565 | - Client-Server : There should be a service producer and a service consumer.
1566 | - The interface (URL) is uniform and exposing resources. Interface uses nouns (not actions)
1567 | - The service is stateless. Even if the service is called 10 times and there is no change in the state of the resource, the result must be the same.
1568 | - The service response should be Cacheable. 
1569 | - Client should not assume direct connection to server - it might be getting info from a middle layer - cache.
1570 | 
1571 | #### What is HTTP?
1572 | - HTTP is the protocol to exchange or transfer hypertext.
1573 | - Request–Response protocol
1574 | - HTTP Request - The request message consists of the following:
1575 |  - A request line with request method and URI (e.g., GET /images/logo.png HTTP/1.1, which requests a resource called /images/logo.png from the server).
1576 |  - Request header fields (e.g., Accept-Language: en).
1577 |  - An optional message body.
1578 | - HTTP Response - The response message consists of the following:
1579 |  - A status (e.g., HTTP/1.1 200 OK).
1580 |  - Response header fields (e.g., Content-Type: text/html).
1581 |  - An optional message body.
1582 | 
1583 | - HTTP methods: indicate the desired action to be performed on the identified resource. GET, POST, PUT, PATCH, DELETE among a host of others.
1584 | - Different HTTP Status Codes
1585 | 
1586 | #### Applying RESTful Constraints to HTTP web services
1587 | - While designing any API, the most important thing is to think about the api consumer i.e. the client who is going to use the service. What are his needs? Does the service uri make sense to him? Does the request, response format make sense to him?
1588 | - Always use HTTP Methods. Best practices with respect to each HTTP method is described below:
1589 |  - GET : Should not update anything. Should be idempotent (same result in multiple calls). Possible Return Codes 200 (OK) + 404 (NOT FOUND) +400 (BAD REQUEST)
1590 |  - POST : Should create new resource. Ideally return JSON with link to newly created resource. Same return codes as get possible. In addition : Return code 201 (CREATED) is possible.
1591 |  - PUT : Update a known resource. ex: update client details. Possible Return Codes : 200(OK) 
1592 |  - DELETE : Used to delete a resource.
1593 | - Have properly structure URIs. URI’s should be hierarchical and as self descriptive as possible. Prefer plurals.
1594 |  - Friends List - GET /users/Ranga/friends
1595 |  - Add a Friend - POST  /users/Ranga/friends
1596 |  - Get details about a specific friend - GET /users/Ranga/friends/Ravi
1597 | 
1598 | #### Implementation Approaches in Java
1599 | - JAX RS
1600 | - Spring MVC
1601 | 
1602 | #### JAX-RS
1603 | JAX-RS is the JEE Specification for Restful web services implemented by all JEE compliant web servers (and application servers). Important Annotations
1604 | - @ApplicationPath("/"). @Path("users") : used on class and methods to define the url path.
1605 | - @GET @POST : Used to define the HTTP method that invokes the method.
1606 | - @Produces(MediaType.APPLICATION_JSON) : Defines the output format of Restful service.
1607 | - @Path("/{id}") on method (and) @PathParam("id") on method parameter : This helps in defining a dynamic parameter in Rest URL. @Path("{user_id}/followers/{follower_id}") is a more complicated example.
1608 | - @QueryParam("page") : To define a method parameter ex: /users?page=10.
1609 | Useful methods:
1610 | - Response.OK(jsonBuilder.build()).build() returns json response with status code.
1611 | - Json.createObjectBuilder(). add("id",user.getId()); creates a user object.
1612 | 
1613 | #### Document REST Services
1614 | - Swagger
1615 | - Restdocs
1616 | 
1617 | #### Richardson Maturity Model
1618 | Richardson Maturity Model defines the maturity level of a Restful Web Service. Following are the different levels and their characteristics.
1619 | - Level 0 : Expose SOAP web services in REST style. Expose action based services (http://server/getPosts, http://server/deletePosts, http://server/doThis, http://server/doThat etc) using REST.
1620 | - Level 1 : Expose Resources with proper URI’s. Ex: http://server/accounts, http://server/accounts/10. However, HTTP Methods are not used.
1621 | - Level 2 : Resources use proper URI's + HTTP Methods. For example, to update an account, you do a PUT to . The create an account, you do a POST to . Uri’s look like posts/1/comments/5 and accounts/1/friends/1.
1622 | - Level 3 : HATEOAS (Hypermedia as the engine of application state). You will tell not only about the information being requested but also about the next possible actions that the service consumer can do. When requesting information about a facebook user, a REST service can return user details along with information about how to get his recent posts, how to get his recent comments and how to retrieve his friend’s list.
1623 | 
1624 | #### Best Practices
1625 | - Have a RESTful api standard across organization- YARAS
1626 |  - Message and URI Layout, HATEOAS, Sorting, Filtering, Pagination
1627 | - Use HATEOAS where possible
1628 | - Have Great Unit Tests!
1629 | 
1630 | #### Demo
1631 | - Show case a Spring MVC Based REST Service
1632 | - Show case HATEOAS
1633 | - Show case Swagger Documentation
1634 | 
1635 | ### Static Code Analysis 
1636 | - Isn't this already done?
1637 | 
1638 | ### Vertical Slice
1639 | - We want to build a large application talking to multiple services. When we start developing an application, we want to lay down the architecture  and design, set up frameworks, integrate them and setup unit testing.
1640 | - Vertical Slice can be a small use case which ensures all layers are involved
1641 |  - Database
1642 |  - External Services
1643 | 
1644 | #### Why?
1645 | - Vertical Slice is used to identify and solve technology risks at the very start of a project. 
1646 | - Vertical Slice acts as a reference for other developers as they start building more stuff. 
1647 | 
1648 | #### Best Practices
1649 | - Ensure that Static Analysis is in place in parallel and Vertical Slice adheres to all standards
1650 | - Ensure that continuous integration is in place.
1651 | - Do developers need trainings on the frameworks?
1652 | 
1653 | #### Challenges
1654 | - Identify the right use case for the vertical slice! Usually choose a relatively complex use case!
1655 | 
1656 | ### Internationalization or Localization or i18n 
1657 | Customizing an application for use in different locations and languages - for different Locales!
1658 | 
1659 | #### Why?
1660 | - You don't want 100 applications for 100 Locales
1661 | 
1662 | #### How to implement Internationalization?
1663 | - Lets take a quick demo of implementing it with Spring MVC!
1664 | 
1665 | #### Challenges
1666 | - Sometimes data from database tables need to be internationalized. This needs a custom solution. 
1667 | 
1668 | #### Best Practice
1669 | Build it in from the first day. Should be part of vertical slice usually.
1670 | 
1671 | ### Transaction Management
1672 | - Already done!
1673 | 
1674 | ### Non Functional Requirements NFRs
1675 | Requirements which are not typically specified as part of how application should behave
1676 | - Authentication and Authorization
1677 | - Performance
1678 | - Scalability
1679 | - Availability
1680 | - Resilience
1681 | - Maintainability
1682 | - Portability
1683 | - Security
1684 | 
1685 | #### Best Practices
1686 | - Have clearly stated non functional requirements
1687 | - Build vertical slices where-ever possible to eliminate most important non functional risks - scalability or performance
1688 |  - Will the framework be able to withstand a specific load?
1689 | - Check for Security from start of the project.
1690 | - Use Static Analysis from start of the project.
1691 | - Use Secure Code Static Analysis tools from start of the project.
1692 |  
1693 | #### Challenges
1694 | - Sometimes you do not know the target for non functional requirement? What if your app becomes more popular than what you expect?
1695 | 
1696 | ### Authentication and Authorization
1697 | - Authentication: Are you who you state you are?
1698 | - Authorization: Do you have access to the specific resource or functionality?
1699 | 
1700 | #### Best Practices
1701 | - Use HTTPS - SSL
1702 | - Use Standard Frameworks - Spring Security
1703 | - Authorization: Have a clear framework. Check before performing action. Best way to implement is to use Filters
1704 | - Use Server Side Validations.
1705 | - Don't re-invent the wheel.
1706 | - Don't allow your access tokens to last forever.
1707 | - Don't store access tokens or passwords in plaintext.
1708 | - Build visibility into volumes of authentication failures.
1709 | - Do not use Basic Authentication
1710 | - Use secure cookies only
1711 | 
1712 | ### Performance
1713 | How fast is your application?
1714 | 
1715 | #### Best Practices
1716 | - Have clear performance objectives
1717 | - Make the right architecture choice for your needs
1718 |  - If needed, implement a vertical slice quickly to test performance
1719 | - Measure Early
1720 | - Use Load Tests early in the cycle
1721 | - NO premature optimizations. Any optimization decision should be based on numbers or past experience. In Donald Knuth's paper "Structured Programming With GoTo Statements", he wrote: "Programmers waste enormous amounts of time thinking about, or worrying about, the speed of non critical parts of their programs, and these attempts at efficiency actually have a strong negative impact when debugging and maintenance are considered. We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil. Yet we should not pass up our opportunities in that critical 3%."
1722 | - Session size - Small
1723 | - Implement Caching where ever possible
1724 | - Create necessary Indexes on Database. Collect Statistics and Remove unnecessary data
1725 | - In critical parts - write unit tests for performance.
1726 | - Java Specific
1727 |  - Set initial size on Collections
1728 |  - Be conscious about create as few objects as possible. Especially in loops.
1729 |  - Avoid String Concatenation
1730 |  - Eliminate Obselete Object References
1731 |  - Close connections and Streams
1732 |  
1733 | ### Scalability
1734 | - Will your system handle more load if you give it more resources?
1735 | - "A system whose performance improves after adding hardware, proportionally to the capacity added, is said to be a scalable system."
1736 | - If supporting X users needs Y resources, will I be able to support 2X users or better with 2Y resources?
1737 | 
1738 | #### Types
1739 | - Horizontal : Add more nodes to cluster. Now popular with the cloud bringing in new possibilities.
1740 | - Vertical : Add resources to the current node. Increase main memory, for example.
1741 | - Comparison
1742 |  - There are limits to how much you can scale vertically.
1743 |  
1744 | #### Notes
1745 | - Usually databases become the bottleneck in large systems.
1746 | 
1747 | #### Best Practices
1748 | - Have clear scalability targets
1749 | - Test Early
1750 | - Be wary of typical bottlenecks - Things which are difficult to scale horizontally
1751 |  - Load balancers
1752 |  - Databases (Do not have a large database! Try splitting up databases! Transaction database, Reporting database. See if you can have as small databases as possible)
1753 |  - Large Monolithic Application (difficult to deploy!)
1754 | - Caching can improve scalability
1755 |  - Static Resources
1756 |  - Configuration Data
1757 |  - User Data
1758 |  - Service Responses
1759 | - Think of a Distribute Cache
1760 | - Build visibility and build alerts
1761 | - Build cloud native microservice based applications and make use of the cloud!
1762 | 
1763 | ### Availability
1764 | - Proportion of time that the system is functional and working
1765 | - Downtime can be caused by
1766 |  - Software Errors
1767 |  - Infrastructure Problems
1768 |  - Denial of Service Attacks
1769 |  - High Load
1770 | - Examples
1771 |  - High load on database
1772 |  - A server crash because of a bug in code
1773 |  
1774 | #### Best Practices
1775 | - Build Redundancy
1776 | - Identify possible bottlenecks or choke points and plan to reduce them
1777 | - Install Security Updates of Operating System and Software
1778 | - Load Test with real time loads
1779 | - Have proper exception handling 
1780 | - Have Automated Visibility to detect unusual patterns.
1781 | - Validate data on the Server
1782 | 
1783 | ### Resilience
1784 | - How does your system respond in case of a failure of a specific component or a service?
1785 | - Can it provide reduced set of functionality instead of completely breaking down?
1786 | - Especially important in the world of microservices. Things become more distributed increasing the chances of failure
1787 | - Will the entire amazon.com be down if product recommendations service is down?
1788 | 
1789 | #### Best Practices
1790 | - Always think what if a service is down?
1791 | - Test for service failures. Switch off a service and see how the system reacts
1792 | - Use Circuit Breaker Frameworks like Hystrix
1793 | 
1794 | ### Maintainability
1795 | - How is easy is it to make changes to your system?
1796 | 
1797 | #### Questions to ask?
1798 | - How frequently do things break when you make a change?
1799 | - How many defects come as a result of changes?
1800 | - How much effort does it take to make a change?
1801 | 
1802 | #### Best Practices
1803 | - Coding Standards, Static Code Analysis and Peer Reviews
1804 | - Loose Coupling and High Cohesion
1805 |  - Proper Layering
1806 | - Small Applications compared to Monoliths
1807 | - Continuous Integration
1808 | - Automation Testing - Unit Testing and Integration Testing
1809 | - Sufficient Documentation
1810 | 
1811 | ### Portability
1812 | - How easy is it to move other Language, Database, Framework or a Platform?
1813 |  - How easy can you move from Hibernate to other framework? JPA
1814 |  - How easy can you move from Websphere to Weblogic? Adhere to JEE standards
1815 |  - How easy to move from Windows to Unix? If you have a java based application, you already made a good start
1816 |  - How easy is to move from Oracle to mySql? Are you adhering to Ansi SQL Standards? Are you using any Oracle specific features?
1817 |  
1818 | ### Testability
1819 | - How easy is to test parts/components of your application?
1820 | 
1821 | #### Best Practices
1822 | - Avoid Monoliths
1823 |  - Too much business logic. Too difficult to test.
1824 | - Simple Design using Dependency Injection 
1825 |  - Design for Testability
1826 | - Agreed contacts for Services
1827 | - Architectures build with development needs - Stubs & Mocks
1828 | - Focus on Unit testing and Integration testing from the first day of the project
1829 | - Use TDD and Continuous Refactoring
1830 | 
1831 | ### Security
1832 | - Protect from unintended use! 
1833 |  - Protect from denial of service attacks.
1834 |  - Protect unauthorized users from gaining access
1835 |  - Restrict authorized users access only to the specific modules or data they are supposed to access!
1836 | 
1837 | #### Principles
1838 | - Least Priviliges : Build with security in mind from the initial project stages. Think about various user roles and accesses
1839 | - Complete Mediation : Similar to building a security for a King's fort. One Gate through which every body has to pass through. Ex: Spring Security
1840 | - Defence in Depth : Have Multiple levels of security.
1841 | - Trust Nothing
1842 |  - Validate all data into system. 
1843 |  - Sanitise data
1844 | - Economy of Mechanism. Keep it simple. Simple systems are easy to protect
1845 |  - Openness of Design
1846 |  - Opposite to "Security through Obscurity" 
1847 | 
1848 | #### Three Parts
1849 | - Prevention
1850 | - Detection
1851 | - Reaction
1852 | 
1853 | #### Best Practices
1854 | - Think of security from day one
1855 | - Educate developers, testers, operations teams and business about the threats
1856 | - Be aware of OWASP and their recommendations
1857 | - Test Early
1858 |  - Use Security Static Analysis tool
1859 |  - Get external security testers to hack your applications!
1860 | - OWASP
1861 | - Have an approved software/framework/platfrom list by a Security Team
1862 | - Use latest versions
1863 | - Safeguard web server, app server, os & hardware. 
1864 |  - Web sphere admin console example - Deleting default accounts & Exposing it outside enterprise.
1865 | - Use encryption for sensitive data. One way functions. When hashing use some salt - Salt can be stored in Db for each user.
1866 | 
1867 | ### SQL Injection
1868 | Injecting a part of query through a form field!
1869 | 
1870 | #### Other Types of Injections
1871 | - LDAP
1872 | - XML Xpath
1873 | - Log
1874 | - OS Command
1875 | - XSS (Javascript)
1876 | 
1877 | ##### Prevention
1878 | - Parameterised Queries
1879 | 
1880 | ### Cross Site Scription - XSS
1881 | 
1882 | #### Cause
1883 | - Invalid Data
1884 |  - external services
1885 |  - databases
1886 |  - user
1887 | 
1888 | #### Types
1889 | - Stored : Stored in db from ui. Problem happens when info is shown to user at a later point.
1890 | - Reflected : Dom - Untrusted data processed in JavaScript
1891 | 
1892 | #### Possible Abuse
1893 | - Stealing Session Cookies
1894 | - Page Content Rewrite
1895 | - Logging Keystrokes
1896 | 
1897 | #### Solutions
1898 | - Validate untrusted data
1899 | - Encode all data - even trusted data
1900 | - Encoding should be contextual
1901 |  - CSS
1902 |  - HTML
1903 |  - JS
1904 | - Ideally contextual encoding should be built into the frameworks
1905 | - Use JSTL & Other tag libraries
1906 | - Use Content Security Policy
1907 | - XSS Prevention Cheat Sheet
1908 | 
1909 | ### Insecure Direct Object References
1910 | User changes link on the browser from resource he has access to to one which he has no access to
1911 | - /account/123 to /account/125
1912 | - especially vulnerable if the reference appears in url
1913 | 
1914 | #### Prevention
1915 | - Proper Authorization using Mediation - Filters
1916 | - Use object references in urls
1917 | - Avoid predictability of urls
1918 | 
1919 | #### Insufficient Transport Layer Security
1920 | - things that can be compromised in non secure request
1921 |  - passwords
1922 |  - session ids
1923 |  - Other sensitive data on page
1924 | 
1925 | #### Prevention
1926 | - Use TLS
1927 |  - All elements on page should use TLS
1928 |   - Popups
1929 |   - Other websites we redirect to
1930 | - Possibility of sending session id cookie insecurely to a NON https website redirect
1931 | - Use Secure Cookies : Mark cookies as secure. These are sent only to secure (https) websites
1932 | - Use Trusted Certificates
1933 | - Reissue session tokens when switching between secure and insecure website pages
1934 | 
1935 | ### Cross Site Request Forgery (CSRF)
1936 | Reuse of an user's existing session on a banking website on a forum to fire a unauthorised url or ajax request
1937 |  - I log into a banking website and go to a forum without logging out
1938 |  - My session cookie is in my browser!! It can be abused
1939 | 
1940 | #### Prevention
1941 | - Include an unpredictable UNIQUE token with every request called CSRF Protection token. typically a hidden form field
1942 | - Reauthenticate user when performing significant actions
1943 | - Use frameworks like OWASP CSRF Guard or Spring Security
1944 | 
1945 | ### Session Management
1946 | - Http is stateless
1947 |  - How to identify a user between subsequent requests
1948 | 
1949 | #### Mechanisms
1950 | - Url Rewrite - Session id in url
1951 |  - vulnerable to sniffing
1952 |  - Url is logged in multiple places including web server logs
1953 |  - When you visit a third party site, the url is sent as a REFERRAL URL in request header
1954 |  - Recommendation: Use https for entire session
1955 | - Basic Authentication : Base 64 encoded userid and password in every request
1956 |  - Sniffing
1957 |  - NOT RECOMMENDED
1958 | - Cookies
1959 |  - Use domain : which hosts should this cookie be sent to path
1960 |  - Use expiration date
1961 |  - Mark as secure : sent only to https websites
1962 |  
1963 | ### Missing Function Level Access Controls
1964 | Improper Authorization
1965 |  - Complete Mediation Principle
1966 |  - Filters or interceptors
1967 |  - Have well defined roles
1968 | 
1969 | #### Exploitation
1970 | - Changing url in browser
1971 | - Firing AJAX Requests
1972 | 
1973 | ### Containerization
1974 | - OS level virtualization technology
1975 |  - Shares the host operating system kernel  
1976 |  - No dedicated operating system 
1977 | 
1978 | #### Advantages
1979 | - Lightweight 
1980 | - High performance
1981 | - TODO MORE
1982 | 
1983 | Copy Again~~~~~~~~~~~~~~~~~~~~~~
1984 | ### Topic
1985 | #### Video
1986 | Coming Soon
1987 | #### What
1988 | #### Why
1989 | #### How
1990 | #### When
1991 | #### Where
1992 | #### Best Practices
1993 | #### Challenges
1994 | #### Example
1995 | #### What Else?
1996 | #### How to Learn?
1997 | #### Related Topics
1998 | #### Tips
1999 | #### Perspectives
2000 | ##### Code
2001 | ##### Test
2002 | ##### Design
2003 | ##### Architecture
2004 | ##### Management
2005 | ##### Deployment
2006 | ##### Operations
2007 | ##### Performance
2008 | ##### Scalability
2009 | ##### Maintainability
2010 | ##### Availability
2011 | ##### Security
2012 | #### Course
2013 | 
2014 | ### Troubleshooting
2015 | - Refer our TroubleShooting Guide - https://github.com/in28minutes/in28minutes-initiatives/tree/master/The-in28Minutes-TroubleshootingGuide-And-FAQ
2016 | 
2017 | ## Youtube Playlists - 500+ Videos
2018 | 
2019 | [Click here - 30+ Playlists with 500+ Videos on Spring, Spring Boot, REST, Microservices and the Cloud](https://www.youtube.com/user/rithustutorials/playlists?view=1&sort=lad&flow=list)
2020 | 
2021 | ## Keep Learning in28Minutes
2022 | 
2023 | in28Minutes is creating amazing solutions for you to learn Spring Boot, Full Stack and the Cloud - Docker, Kubernetes, AWS, React, Angular etc. - [Check out all our courses here](https://github.com/in28minutes/learn)
2024 | 


--------------------------------------------------------------------------------
/images/Image_ContinuousIntegration.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in28minutes/java-technology-for-beginners/bc3bc907a5892c4fcf3948e19849a3d4002be00f/images/Image_ContinuousIntegration.png


--------------------------------------------------------------------------------
/images/image_Dev_QA_Stage_Prod.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in28minutes/java-technology-for-beginners/bc3bc907a5892c4fcf3948e19849a3d4002be00f/images/image_Dev_QA_Stage_Prod.png


--------------------------------------------------------------------------------
/images/image_EventDriven_Microservice.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in28minutes/java-technology-for-beginners/bc3bc907a5892c4fcf3948e19849a3d4002be00f/images/image_EventDriven_Microservice.png


--------------------------------------------------------------------------------
/images/image_LoadBalancer_Caching.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in28minutes/java-technology-for-beginners/bc3bc907a5892c4fcf3948e19849a3d4002be00f/images/image_LoadBalancer_Caching.png


--------------------------------------------------------------------------------
/images/image_LoadBalancer_Simple.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in28minutes/java-technology-for-beginners/bc3bc907a5892c4fcf3948e19849a3d4002be00f/images/image_LoadBalancer_Simple.png


--------------------------------------------------------------------------------
/images/image_Microservices_Scalability.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in28minutes/java-technology-for-beginners/bc3bc907a5892c4fcf3948e19849a3d4002be00f/images/image_Microservices_Scalability.png


--------------------------------------------------------------------------------
/images/image_Monolith_vs_Microservice.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in28minutes/java-technology-for-beginners/bc3bc907a5892c4fcf3948e19849a3d4002be00f/images/image_Monolith_vs_Microservice.png


--------------------------------------------------------------------------------
/images/image_TDD_Red_Green_Refactor.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/in28minutes/java-technology-for-beginners/bc3bc907a5892c4fcf3948e19849a3d4002be00f/images/image_TDD_Red_Green_Refactor.png


--------------------------------------------------------------------------------