Big Data with Apache Kafka (tutorialspoint.com)

Kafka = Scala + Java
Provides low-latency message delivery
Fault tolerance capability

Messaging types

• Point to point (Messages are persisted in a Queue. Only one consumer can consume a particular message)
• Publish-subscribe (pub-sub)
• Messages are persisted in a topic.
• Message producer = publisher
• Message consumer = subscriber
• Consumers can subscribe to more than one topic and consume all messages in that topic

Scala ( SCAlable LAnguage)

• runs on JVM
• Scala compiler complies the Scala code into java byte code
• The compiled bytecode can be run using "scala" command
• All data types of scala are considered objects

SSO (Single Sign On)

• SSO is a session and user authentication service
• single sign-on - a single action of signing in provides access to multiple software systems.
• single sign-off - a single action of signing out terminates access to multiple software systems.
• SSO must internally store the credentials used for initial authentication and translate them to the credentials required for the different mechanisms.
• can cause a potential damage to security since an attacker who cracked a password has acces to all the SPs once signed in
• examples of protocols used - Kerberos, SAML

SAML workflow

• Three main roles i.e.
• User
• Identity Provider (Middle layer between user and SP)
• Service Provider (SP) (ex: Facebook, Twitter etc.)
• SAML request is triggered by SP, SAML response is sent by IdP

Kerberos workflow

Refer SAML example

http://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-quick-start.html

Code reviewing tips

(Extract from dzone.com)

Clean Code

Checklist Item	Category
Use Intention-Revealing Names	Meaningful Names
Pick one word per concept	Meaningful Names
Use Solution/Problem Domain Names	Meaningful Names
Classes should be small!	Classes
Functions should be small!	Functions
Do one Thing	Functions
Don't Repeat Yourself (Avoid Duplication)	Functions
Explain yourself in code	Comments
Make sure the code formatting is applied	Formatting
Use Exceptions rather than Return codes	Exceptions
Don't return Null	Exceptions

* Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-development/9780136083238

Security

Checklist Item	Category
Make class final if not being used for inheritance	Fundamentals
Avoid duplication of code	Fundamentals
Restrict privileges: Application to run with the least privilege mode required for functioning	Fundamentals
Minimize the accessibility of classes and members	Fundamentals
Document security related information	Fundamentals
Input into a system should be checked for valid data size and range	Denial of Service
Avoid excessive logs for unusual behavior	Denial of Service
Release resources (Streams, Connections, etc) in all cases	Denial of Service
Purge sensitive information from exceptions (exposing file path, internals of the system, configuration)	Confidential Information
Do not log highly sensitive information	Confidential Information
Consider purging highly sensitive data from memory after use	Confidential Information
Avoid dynamic SQL, use prepared statement	Injection Inclusion
Limit the accessibility of packages,classes, interfaces, methods, and fields	Accessibility Extensibility
Limit the extensibility of classes and methods (by making it final)	Accessibility Extensibility
Validate inputs (for valid data, size, range, boundary conditions, etc)	Input Validation
Validate output from untrusted objects as input	Input Validation
Define wrappers around native methods (not declare a native method public)	Input Validation
Treat output from untrusted object as input	Mutability
Make public static fields final (to avoid caller changing the value)	Mutability
Avoid exposing constructors of sensitive classes	Object Construction
Avoid serialization for security-sensitive classes	Serialization Deserialization
Guard sensitive data during serialization	Serialization Deserialization
Be careful caching results of potentially privileged operations	Serialization Deserialization
Only use JNI when necessary	Access Control

 * Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html

Performance

Checklist Item	Category
Avoid excessive synchronization	Concurrency
Keep Synchronized Sections Small	Concurrency
Beware the performance of string concatenation	General Programming
Avoid creating unnecessary objects	Creating and Destroying Objects

* Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

General

Category	Checklist Item
Use checked exceptions for recoverable conditions and runtime exceptions for programming errors	Exceptions
Favor the use of standard exceptions	Exceptions
Don't ignore exceptions	Exceptions
Check parameters for validity	Methods
Return empty arrays or collections, not nulls	Methods
Minimize the accessibility of classes and members	Classes and Interfaces
In public classes, use accessor methods, not public fields	Classes and Interfaces
Minimize the scope of local variables	General Programming
Refer to objects by their interfaces	General Programming
Adhere to generally accepted naming conventions	General Programming
Avoid finalizers	Creating and Destroying Objects
Always override hashCode when you override equals	General Programming
Always override toString	General Programming
Use enums instead of int constants	Enums and Annotations
Use marker interfaces to define types	Enums and Annotations
Synchronize access to shared mutable data	Concurrency
Prefer executors to tasks and threads	Concurrency
Document thread safety	Concurrency
Valid JUnit / JBehave test cases exist	Testing

* Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

Static Code Analysis

Category	Checklist Item
Check static code analyzer report for the classes added/modified	Static Code Analysis

de Analysis