To read Window’s close button event using java script for application specific processing like session clear etc.

We are in very rapid technology transition world. Writing an application which is comparable to all the browsers and environments will be a tedious task for the developers like me.

Let me write a common & interesting issue with the web application session handling. While developing the web application, we will be clear about the scope of the variable to be used with in a web application (Like application, Session, Request and page scope etc). The entire logged in user specific details usually will be stored as session attributes. If we clear all session attributes, prior to closing the web application, its fine. No Harm. The same can be turned to be a headache if HttpSession was not handled properly. However if you use IE6, browser session automatically collected. In IE7, the same session will be used irrespective of the tabs opened within a browser instance. For IE8, same session will be used for all the browser/tab instances opened in a machine.

In a typical web application, we will be providing a Close/LogOff kind of buttons, so user could follow some basic process to exit the web application, using the button, we can handle the HttpSession. Also, we can’t assume that everyone would follow the process (It’s like turning off the PC. Sometimes we used to press the power button instead of shut down our PC). Now, the question is how can we handle, user session attributes such occasions as well.

Below example is self explanatory to address the above mentioned issue specifically for IE. Write to me if anything unclear.

Windows authentication using SingleSignOn within J2EE/.net application

Today I am going to write about Windows authentication using SingleSignOn method with-in j2EE and asp.net applications. Hope you will enjoy.

Consider the scenario where you are developing a web application, which can be used with-in an organization (Intranet environment) and also in Would Wide Web (Internet environment). Both the environments, application business logic would be. The only key difference would be, the authentication mechanism used among these two applications.

With in Internet environment, we may end up with displaying login page, where need to get the username and password from user and the same will to be validated in backend. Once authentication successful, we would be invoking application page.

Incase of Intranet environment, we know that the request is coming from trusted domain.  Hence we can go with Windows authentication using SingleSignOn option, to not to prompt username and password to login the application. Here, we can read the login username using windows shell script and set password can be set as some unique text and we can click the login submit button using java script. If request contains the password mentioned in html/jsp, we can consider request is intranet users, So we can consider the request as valid one, BUT we should check the username is correct and has correct privilege to access the application.

HTML code sample here explained for Windows authentication using SOO with in login page. Similar login page can be created for Internet application as well.  The only difference would be, we would be end u with calling setFocusForText java script mention in onload and anywhere with in th page.

<HTML>

<HEAD>

<TITLE> This is Windows authentication SOO testing TITLE>

HEAD>

<script type="text/javascript">

function setFocusForText() {

            document.getElementById("userNameText").focus();

            var wshShell = new ActiveXObject("wscript.shell");

            var userNameFromWin=wshShell.ExpandEnvironmentStrings("%username%");

            document.getElementById("userNameText").value=userNameFromWin;

            document.getElementById("passwordText").value="~~~~";

            document.getElementById("loginMe").click();

}

script>

<BODY onload="javascript:setFocusForText();">

<form id="loginForm" >

            <input type="text" id="userNameText" value=""/>

            <input type="password" id="passwordText" value="" />

            <input id="loginMe" value="Login" type="submit" />

form>

BODY>

HTML>

Do you think, hard coding the password with in html is venerable? If so, follow my previous blog to implement password encryption algorithm and store the same. And also, user can’t see the SSO page since it is kind of auto submit page. Page load would happen with in fraction of seconds.

Any other queries in your mind? Add it in comments section. Happy to respond to you. 

To deal with Java BigDecimal object within a financial application

Hi Guyz,

I am working for one of the UK government owned bank from last two years. I worked for International payments project. Personally, I have learned many things as a developer. Thought of share my technical learning’s in my personal blog to benefit others as well.

From the post title, you can come to know that I am going to write something about java.math.BigDecimal object usage. Let me explain the scenario here, so that you can understand the issue better. Since it is International payment, customer is free to select the payment currency from the list of available currencies to express the payment amount. Something likes 100.00 USD OR 50.00 GBP OR 34.98 EUR etc. As per the application design, we should not store the payment amount with decimals. We should store only in long values; we used to convert the payment amount based on currency decimal places. Ie 100.00 USD will be stored as 10000, 34.98 EUR will be stored as 3498, 45 JPY will be stored as 45 and 45.985 KWD will be stored as 45985 in payment amount column. If you see closely look these, the payment currencies are ISO currency codes which has it’s own currency decimal places to be allowed (For currencies like INR, GBP, USD, EUR you can have currency decimals maximum of 2 and all Dinars currency decimals maximum of 3 and for JPY no currency decimals to represent the payment amount).

We used movePointRight method available in java.math.BigDecimal to perform the above mentioned logic. Unfortunately my input type is primitive double which returns incorrect result. To add more details, if I pass payment amount as 77.80(double value) to the movePointRight method, it returns 77.79 (we were loosing one final decimal value). One of our UAT meetings, the user raised a concern asking how they are loosing ‘one cent’ if they enter payment amount as 77.8 EUR. When we debug the code, realized there was wrong amount conversion was happening if we use movePointRight method available in BigDecimal class for double/float arguments. We have written our own code to address this issue. But this issue can be addressed in a simple way. Ie, if we pass payment amount as string value to the movePointRight method it works fine.

Mentioned issue is clearly explained form the below mentioned example. You can run this program to get more information.

/*

* File: JavaDecimalBug.java

* Created/Last updated Date: Feb 7, 2012

* Created/Last updated by: Blx

* Last updated Time: 10:30:33 PM

* Copyright: BLX

*

* Revision History:

*******************************************************************

* Date Author Version Comments

*------------------------------------------------------------------

*

*/

package com.blx.laern.java.bug;

import java.math.BigDecimal;

/**

* @author Nanjundan Chinnasamy

* @version 1.0

*

*/

public class JavaDecimalBug {

/**

*

* @param value

* @param points

* @return

*/

private static long convertDecimalToLongByPoints(double value, int points) {

BigDecimal amountBD = new BigDecimal(value);

return amountBD.movePointRight(points).longValue();

}

/**

*

* @param value

* @param points

* @return

*/

private static long convertDecimalToLongByPoints(String value, int points) {

BigDecimal amountBD = new BigDecimal(value);

return amountBD.movePointRight(points).longValue();

}

/**

*

* @param args

*/

public static void main(String[] args) {

double paymentAmountInDub = 77.8;// 77.88, 77.97

String paymentAmountInStr = String.valueOf(paymentAmountInDub);

System.out.println(convertDecimalToLongByPoints(paymentAmountInDub, 2));

System.out.println(convertDecimalToLongByPoints(paymentAmountInStr, 2));

}

}

Result:

7779

7780

Web application performance tips and tricks

I was interested in web application performance improvement topic earlier. When we (Myself and TechLead) discussed on this regard, he advised me to go through Yahoo Developer website on Web application Performance Improvement article (http://developer.yahoo.com/performance/rules.html). It adds more interests to go through similar topics earlier. After doing further Google search, found an interesting article from Balusc blog (http://balusc.blogspot.com/2009/09/webapplication-performance-tips-and.html) where he recommends few more option to enhance the web application performance, on top of the options mentioned in the above Yahoo developer Group website. It sounds more interesting.

So you might think, what am I trying to convey to my developer? J Did further search and come up with few more details on how we can design web application with the improved performance.

My analysis after referring an existing travel agent website below:

1) Use Of Content Delivery Network:

Reference#1 Yarta.Com (Website: http://uk.yatra.com/)

Style sheets downloaded from: http://css3.yatra.com

eg: http://css3.yatra.com/UK/include/css/uk-india-uk.css

Java script down laded from: http://js1.yatra.com

Eg: http://js1.yatra.com/UK/include/js/homepage.js

Images down loaded from: http://img1.yatra.com

Eg: http://img1.yatra.com/images/UK/AIR/continue_but.gif

Separate CNS referred to deliver specific content instead of delivering to Static content alone. This has been mentioned in my below diagram.

2. Points noticed during our analysis:

Direct access to these contents restricted, If we attempt to access it redirects to Home page

1. All the images are gif format. It is very less in size. They tried to minimize total no of images in a page as much as possible
2. Many of them embedded images along with Style sheet
3. Same application used for both http & https. Based on the protocol type actions were defined
4. A CSS Sprite (http://spritegen.website-performance.org/section/what-are-css-sprites) is a combination of smaller images into one big image. So that we can reduce total no of http requests
5. Don’t have spaces as much as possible in CSS/JS. Static file download time is directly related to size of the files

This chuck of CSS:

.some-class {

  color: #ffffff;

  line-height: 20px;

  font-size: 9px;

}

can be converted to:

.some-class{color:#fff;line-height:20px;font-size:9px;}

…and it’ll work just fine.

7. Try to have many forms as much as possible. In other words, our form should not have complex/more inputs

3) Web Page performance measurement Tools:

http://getfirebug.com/

http://sixrevisions.com/tools/faster_web_page/

4) Available tools to help us the web page optimization:

CSS:

http://sixrevisions.com/css/css_code_optimization_formatting_validation/

Image:

Digg (shown above http://digg.com), you can see individual icons for user interaction. To reduce server requests, Digg combined several icons in one big image and then used CSS to position them appropriately.

JavaScript:

JSMIN - http://www.crockford.com/javascript/jsmin.html

YUI Compressor - http://developer.yahoo.com/yui/compressor/

Java Script code improver - http://jcay.com/id-190119110113039.html

5) Reference:

http://sixrevisions.com/web-development/10-ways-to-improve-your-web-page-performance/

Hope this will add more interest to you as well! Happy learning!

-NJN

Password Encryption using Java

Hi Guyz,

My Business Unit is in the process of creating a new development process tool something like Teamtracker for Internal purpose. I was identified as a secondary developer to complete the tool three weeks back. Almost 70% of the development activities have been completed so far. Within an application, we have list of users and their credential details, roles and projects etc.. and those details were stored in database as a plain text.

Early this week I got a requirement from my BA to replace the exiting “plain text” passwords to “hash codes“ and he gave me only 2 hrs to complete the requirement. I was afraid to take that task when I heard it from him. Since the application is built with Spring framework, I thought I can apply ACEGI framework to apply security with in the application. Considering the fact TIME (Existing application code rewrite and the estimation – always worrying factor), thought of do some Google Search and see if I can find anything exciting.

I found a very interesting article on Password Encryption using java code (http://www.devbistro.com/articles/Java/Password-Encryption). Beauty of this article is it is self explanatory, it doesn't require any third party jar files. With in 15 mins of time, I was able to complete the requirement.

Thought of sharing my learning’s to my readers as well. Hope you also enjoy! Happy programming.

Cheers

Nanjudan Chinnasamy