Java/J2ee Security Best practices

Best practises of Java/J2EE application development
1. Stop Memory Leak errors in by (garbage collection of unused objects, stop dangling references).
e.g String immutable class can lead to memory leak while mutable versions like StringBuffer, StringBuilder can reduce memory leak.

2. NIO Packages can improve performance with features non-blocking Input/output API. NIO packages can by using buffers to hold data, memory mapping of files minimize acess to hard disk, operating system.
3.  Coding to Interface reduce coupling. Low coupling and high cohesion should be goal of applications.
4. Types of inheritance :
Implementation Inheritance: best practise subclasses should only depend on behaviour of super classes and not on actual implementation. As superclasses become tightly coupled with subclasses making design not flexible as to chang superclass all details of subclasses must be known to avoid breaking them.

Interface Inheritance: Program to Interface not implementation as coding to interface reduce coupling. Also inheritance cannot be changed at run time. Object composition requires functionality is acquired dynamically at runtime. Also promotes Open Close principle of OOAD.

5. Design by Contract: Use of Assertion Enforce Input compulsory contracts. message also capture detailed statement for AssertionError
http://docs.oracle.com/javase/7/docs/technotes/guides/language/assert.html

6. Use OOAD principles

  • Open Close Principle:  Open for Extension and Close for modifications Enforce minimum changes in existing code.
  • Dependency Inversion Principle: High level modules contain complex logic hence should not depend on low level module for implementation.
    Order: High level classes –> Abstraction Layer –> low level classes
  • Interface Segregation Principle: client should not implement interfaces not used.
  • Single Responsibility Principle: Every class should have single responsibility (reason to change) reducing complexity.
  • Liskov’s Substitution Principle: Derived Types should be substitutable to base types.

7. For multi threading application When atleast one thread adds or delete into collection use API external Synchronization.
Three Types of collection { Map, Tree, List}
Map mymap1= Collection.sychronizedMap(mymap1); // Lock for Entire Map.
8. Use zero length Collection as opposed to returning Null:
StringBufferOverflow Attack Can be caused due
9 Deep and Shallow copy of objects : To Be continued.
Read more details:
1. Design principle in Real World
https://sandyclassic.wordpress.com/2014/02/05/design-pattern-in-real-world/
2. generalize-problem-solving-through-design-pattern https://sandyclassic.wordpress.com/2013/10/24/generalize-problem-solving-through-design-pattern/

BI App development using Cognos SDK

Read previous article written before on Topic Link below:
Business Intelligence reports are generally created to un-structured or semi structured business Problems which covers Decision support system DSS, Management support system MIS.
To Know more : Read:  https://sandyclassic.wordpress.com/2013/01/31/strategic-information-systems-will-be-in-focus-again-next-5-yrs/

Business Intelligence Reporting solution can develop reports of varying requirements from Nowadays from operation to BI due to pervasive nature of BI to Exit at level of  Transaction processing System TPS at Knowledge level, to Office Automation system OAS at lowest operational level where operational reports about daily status is gerally used from ERP.
MIS Typical hierarchy of Information systems from Decision Support system at top to lowest Office automation system.
Customising Cognos Authentication mechanism for integration is first step see details

1. https://sandyclassic.wordpress.com/2014/03/08/authentication-using-cognos-java-sdk/

How to Customize Cognos to any specific non-existent customisation using SDK. Read
2. https://sandyclassic.wordpress.com/2014/03/08/cognos-software-development-kit/

If data is completely unstructured data which cannot be analysed by traditional BI system but requiring Hadoop, Hive , HBase then customisation has to integrate Big data system Read:
3. https://sandyclassic.wordpress.com/2011/10/26/big-data-and-data-integration/