Wednesday, December 30, 2009

HTTP Status Codes Explanation

HTTP, Hypertext Transfer Protocol, is the method by which clients (i.e. you) and servers communicate. When someone clicks a link, types in a URL or submits out a form, their browser sends a request to a server for information. It might be asking for a page, or sending data, but either way, that is called an HTTP Request. When a server receives that request, it sends back an HTTP Response, with information for the client. Usually, this is invisible, though I'm sure you've seen one of the very common Response codes - 404, indicating a page was not found. There are a fair few more status codes sent by servers, and the following is a list of the current ones in HTTP 1.1, along with an explanation of their meanings.

A more technical breakdown of HTTP 1.1 status codes and their meanings is available at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html. There are several versions of HTTP, but currently HTTP 1.1 is the most widely used.

Informational

* 100 - Continue
            A status code of 100 indicates that (usually the first) part of a request has been received without any   problems, and that the rest of the request should now be sent.

* 101 - Switching Protocols
              HTTP 1.1 is just one type of protocol for transferring data on the web, and a status code of 101 indicates that the server is changing to the protocol it defines in the "Upgrade" header it returns to the client. For example, when requesting a page, a browser might receive a statis code of 101, followed by an "Upgrade" header showing that the server is changing to a different version of HTTP.

Successful

* 200 - OK
        The 200 status code is by far the most common returned. It means, simply, that the request was received and understood and is being processed.
* 201 - Created
        A 201 status code indicates that a request was successful and as a result, a resource has been created (for example a new page).
* 202 - Accepted
        The status code 202 indicates that server has received and understood the request, and that it has been accepted for processing, although it may not be processed immediately.
* 203 - Non-Authoritative Information
        A 203 status code means that the request was received and understood, and that information sent back about the response is from a third party, rather than the original server. This is virtually identical in meaning to a 200 status code.
* 204 - No Content
          The 204 status code means that the request was received and understood, but that there is no need to send any data back.
* 205 - Reset Content
        The 205 status code is a request from the server to the client to reset the document from which the original request was sent. For example, if a user fills out a form, and submits it, a status code of 205 means the server is asking the browser to clear the form.
* 206 - Partial Content
         A status code of 206 is a response to a request for part of a document. This is used by advanced caching tools, when a user agent requests only a small part of a page, and just that section is returned.

Redirection

* 300 - Multiple Choices
          The 300 status code indicates that a resource has moved. The response will also include a list of locations from which the user agent can select the most appropriate.

* 301 - Moved Permanently
               A status code of 301 tells a client that the resource they asked for has permanently moved to a new location. The response should also include this location. It tells the client to use the new URL the next time it wants to fetch the same resource.

* 302 - Found
                A status code of 302 tells a client that the resource they asked for has temporarily moved to a new location. The response should also include this location. It tells the client that it should carry on using the same URL to access this resource.

* 303 - See Other
                A 303 status code indicates that the response to the request can be found at the specified URL, and should be retrieved from there. It does not mean that something has moved - it is simply specifying the address at which the response to the request can be found.

* 304 - Not Modified
                 The 304 status code is sent in response to a request (for a document) that asked for the document only if it was newer than the one the client already had. Normally, when a document is cached, the date it was cached is stored. The next time the document is viewed, the client asks the server if the document has changed. If not, the client just reloads the document from the cache.

* 305 - Use Proxy
                  A 305 status code tells the client that the requested resource has to be reached through a proxy, which will be specified in the response.

* 307 - Temporary Redirect

                307 is the status code that is sent when a document is temporarily available at a different URL, which is also returned. There is very little difference between a 302 status code and a 307 status code. 307 was created as another, less ambiguous, version of the 302 status code.

Client Error

* 400 - Bad Request
               A status code of 400 indicates that the server did not understand the request due to bad syntax.
* 401 - Unauthorized
              A 401 status code indicates that before a resource can be accessed, the client must be authorised by the server.
* 402 - Payment Required
The 402 status code is not currently in use, being listed as "reserved for future use".
* 403 - Forbidden
A 403 status code indicates that the client cannot access the requested resource. That might mean that the wrong username and password were sent in the request, or that the permissions on the server do not allow what was being asked.
* 404 - Not Found
The best known of them all, the 404 status code indicates that the requested resource was not found at the URL given, and the server has no idea how long for.
* 405 - Method Not Allowed
A 405 status code is returned when the client has tried to use a request method that the server does not allow. Request methods that are allowed should be sent with the response (common request methods are POST and GET).
* 406 - Not Acceptable
The 406 status code means that, although the server understood and processed the request, the response is of a form the client cannot understand. A client sends, as part of a request, headers indicating what types of data it can use, and a 406 error is returned when the response is of a type not i that list.
* 407 - Proxy Authentication Required
The 407 status code is very similar to the 401 status code, and means that the client must be authorised by the proxy before the request can proceed.
* 408 - Request Timeout
A 408 status code means that the client did not produce a request quickly enough. A server is set to only wait a certain amount of time for responses from clients, and a 408 status code indicates that time has passed.
* 409 - Conflict
A 409 status code indicates that the server was unable to complete the request, often because a file would need to be editted, created or deleted, and that file cannot be editted, created or deleted.
* 410 - Gone
A 410 status code is the 404's lesser known cousin. It indicates that a resource has permanently gone (a 404 status code gives no indication if a resource has gine permanently or temporarily), and no new address is known for it.
* 411 - Length Required
The 411 status code occurs when a server refuses to process a request because a content length was not specified.
* 412 - Precondition Failed
A 412 status code indicates that one of the conditions the request was made under has failed.
* 413 - Request Entity Too Large
The 413 status code indicates that the request was larger than the server is able to handle, either due to physical constraints or to settings. Usually, this occurs when a file is sent using the POST method from a form, and the file is larger than the maximum size allowed in the server settings.
* 414 - Request-URI Too Long
The 414 status code indicates the the URL requested by the client was longer than it can process.
* 415 - Unsupported Media Type
A 415 status code is returned by a server to indicate that part of the request was in an unsupported format.
* 416 - Requested Range Not Satisfiable
A 416 status code indicates that the server was unable to fulfill the request. This may be, for example, because the client asked for the 800th-900th bytes of a document, but the document was only 200 bytes long.
* 417 - Expectation Failed
The 417 status code means that the server was unable to properly complete the request. One of the headers sent to the server, the "Expect" header, indicated an expectation the server could not meet.

Server Error

* 500 - Internal Server Error
A 500 status code (all too often seen by Perl programmers) indicates that the server encountered something it didn't expect and was unable to complete the request.
* 501 - Not Implemented
The 501 status code indicates that the server does not support all that is needed for the request to be completed.
* 502 - Bad Gateway
A 502 status code indicates that a server, while acting as a proxy, received a response from a server further upstream that it judged invalid.
* 503 - Service Unavailable
A 503 status code is most often seen on extremely busy servers, and it indicates that the server was unable to complete the request due to a server overload.
* 504 - Gateway Timeout
A 504 status code is returned when a server acting as a proxy has waited too long for a response from a server further upstream.
* 505 - HTTP Version Not Supported
A 505 status code is returned when the HTTP version indicated in the request is no supported. The response should indicate which HTTP versions are supported.

Wednesday, October 28, 2009

Difference between RPC and RMI

RMI:

* The remote objects are accessed by the references
* Implements object to object implementation among different java objects to implement distributed communication model.
- RMI passes the objects as parameters to remote methods.
- RMI invokes the remote methods from the objects

RPC:

* The process is through methods / functions
* Proxy server is involved in processing the procedure calls
* Calls a procedure remotely like invoking the methods
* The remoteness is not exactly transparent to the client

Tuesday, October 27, 2009

Spring Security

Getting Started

I would suggest getting started with the applicationContext-security.xml that is found in the tutorial sample, and trimming it down a bit. Here’s what I got when I trimmed it down:
<?xml version="1.0" encoding="UTF-8"?> 
 
<!--
- Sample namespace-based configuration
-
- $Id: applicationContext-security.xml 3019 2008-05-01 17:51:48Z luke_t $
-->
 
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

 
<global-method-security secured-annotations="enabled">
</global-method-security>
 
<http auto-config="true">
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>
 
<!--
Usernames/Passwords are
rod/koala
dianne/emu
scott/wombat
peter/opal
-->
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</beans:beans>

This makes a good baseline for the modifications we’re going to make. But first…

Mapping XML Elements to Java Code

I found it very helpful at this point, before messing with the XML, to know where the Java code was that corresponded to the available XML elements. The basic class that Spring Security uses for mapping XML elements to beans is SecurityNamespaceHandler. The code in this class simply delegates XML elements to bean definition parsers. It’s easy to follow along and map XML elements to Java code in this way. Unfortunately, don’t expect extensive commenting in the Java code to help you

web.xml Changes

I agree with the Spring Security documentation and found it easier to extract the security-related stuff into its own XML configuration file. This allows you to play XML tricks and not require namespace-tagging for the security elements. First off, you have to include a reference to applicationContext-security.xml in your [Spring] initialization parameters in your web.xml file:
 <context-param> 
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-app-servlet.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>

Next, as instructed by the Spring Security getting started guide, you need to add the filter mapping. In my case, this went right after the <context-param> end tag, since I didn’t have any other filters:


    <filter> 
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
 
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


This default mapping will run all requests to your application through Spring Security. Now we’re done with web.xml, and we move on to…


Database-Backed Authentication


In my case, my application was already configured to use a JDBC DataSource, so pointing Spring Security at my JDBC data source was as easy as modifying the authentication-provider element to reference my already configured Spring bean:


    <authentication-provider> 
<jdbc-user-service data-source-ref="dataSource"/>
</authentication-provider>


Now, the immediate question I asked is – OK, what does the convention over configuration assume my database tables look like? If you look at the documentation of the JDBC authentication provider, you would expect to see that information there, but you’d be wrong.


Instead, you have to look at the SQL queries that are hard-coded in the JdbcDaoImpl class and infer the schema structure for yourself. This article has a graphical depiction of the basic schema down in section 5.4.


If you want to configure the queries that are used, simply match the available attributes on the jdbc-user-service element to the SQL queries in the Java class I referenced above. In my example, I wanted to simplify my schema by adding the user’s role directly to the user table. So I modified the XML configuration slightly as follows:


  <jdbc-user-service data-source-ref="dataSource"  
authorities-by-username-query="select username,authority from users where username=?"/>


This allowed me to put values in the ‘authority’ column like ‘ROLE_ADMIN’ or ‘ROLE_USER’, which translate directly into Spring Security roles!


Configuring URL authorization


Mapping URLs to roles is really easy. In your http element, simply put successive elements like this:



        <intercept-url pattern="/admin/*.do" access="ROLE_ADMIN"  /> 
<intercept-url pattern="/**.do" access="ROLE_USER,ROLE_ADMIN" />


Note here that the ‘access’ attribute values directly correspond to the values returned by the second column of the authorities-by-username-query. The ‘.do’ mapping is what I arbitrarily chose for my application – you may have to adjust depending on what your application’s Spring-managed URLs look like.


Configuring and Branding Spring Security-managed Pages


Finally, I wanted to figure out where the pages related to Spring Security should be configured, so that I could modify them if I needed to. Somewhat oddly, Spring Security ships with a default login page whose HTML markup is located in a class file – DefaultLoginPageGeneratingFilter. We would (obviously) like to replace this with our own custom page. Since we are authenticating everything passing through the Spring servlet, we must use a JSP for this.


Add the following to the http tag in the security configuration file:


<form-login login-page="/login.jsp" />


Now you need to put the login.jsp page in your web application (generally in the WEB-INF directory). The basic structure of the page you’re creating will look like this:



<%@ page import="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" %> 
<%@ page import="org.springframework.security.ui.AbstractProcessingFilter" %>
<%@ page import="org.springframework.security.AuthenticationException" %>
 
...
<form action="j_spring_security_check">
<label for="j_username">Username</label>
<input type="text" name="j_username" id="j_username" <c:if test="${not empty param.login_error}">value='<%= session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY) %>'</c:if>/>
<br/>
<label for="j_password">Password</label>
<input type="password" name="j_password" id="j_password"/>
<br/>
<input type='checkbox' name='_spring_security_remember_me'/> Remember me on this computer.
<br/>
<input type="submit" value="Login"/>
</form>

The names of the form elements and form action must match what is shown here otherwise your login form will not work!


Note also that this is a plain ol’ JSP page, and not under Spring control. It is likely that you could play with the servlet filter patterns in web.xml to bring these pages under Spring control, but that is a topic outside the scope of this brief tutorial.


There are a couple other pages you will want to configure.


Access Denied: This is the page the user will see if they are denied access to the site due to lack of authorization (i.e. tried to hit a page that they didn’t have access to hit, even though they were authenticated properly). This is configured as follows:



    <http ... access-denied-page="/accessDenied.jsp"> 
...
</http>


Default Target URL: This is where the user will be redirected upon successful login. This can (and probably should) be a page located under Spring control. Configured as follows:



    <http ... > 
...
<form-login ... default-target-url="/home.do"/>
...
</http>


Logout URL: The page where the user is redirected upon a successful logout. This can be a page located under Spring control too (provided that it allows anonymous access):



    <http ... > 
...
<logout logout-success-url="/home.do"/>
...
</http>

Login Failure URL: Where the user will be sent if there was an authentication failure. Typically this is back to the login form, with a URL parameter, such as:



    <http ... > 
...
<form-login ... authentication-failure-url="/login.jsp?login_error=1"/>
...
</http>


Putting it Together


Here’s what my whole sample Spring security configuration looked like when I was done:



<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

 
<global-method-security secured-annotations="enabled">
<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
-->
</global-method-security>
 
<http auto-config="true" access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/login.jsp*" filters="none"/>
<intercept-url pattern="/admin/editUser.do" access="ROLE_ADMIN" />
<intercept-url pattern="/admin/searchUsers.do" access="ROLE_ADMIN" />
<intercept-url pattern="/**.do" access="ROLE_USER,ROLE_ADMIN" />
<form-login authentication-failure-url="/login.jsp?login_error=1" default-target-url="/home.do"/>
<logout logout-success-url="/home.do"/>
</http>
 
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" authorities-by-username-query="select username,authority from users where username=?"/>
</authentication-provider>
 
</beans:beans>


Wrap-Up


Ironically, just as I was drafting this article, a smart colleague of mine happened to come to me telling me about all the problems he was having getting started with Spring Security. He complained about the lack of detailed documentation on the XML, and the fact that the getting started documentation really wasn’t comprehensive (both complains that I had as well). Note that this colleague also happened to be responsible for implementing Acegi Security with Spring in a prior project that we worked on together – so he was intimately familiar with the underlying technology. He ended up going back to the Java-based configuration mechanism in frustration!


Hope this helps you out and I always appreciate hearing your comments and questions.

Wednesday, June 3, 2009

Flex Interview Questions

Flex Generic Interview Questions
What is Flex? Adobe Flex?
What kind of applications you can create from Flex?
What is the output of Flex applications?
What development environment you need to create Flex applications?
Can you manipulate images using Flex programs?
Does Flex support creating workflow based applications?
What kind of data grids you can create through Flex applications?
How do you connect to a database via a Flex program?
What kind of source code integration tools are available with Flex?
What third party development tools are available to program in Flex?
Can you develop web based applications in Flex?
Is Flex OS specific or operating system independent?
Can we run Flex applications in MAC?
Do we need any plugins to run Flex applications?


Flex Technical Interview Questions:
Source from : http://grou.ps/flex/talks/13594

Is it possible to make httpService Requests synchronous?
I need to load an image from flickr into my application. Do I need a crossdomain.xml file on flickr?
What is the difference between httpService and Data Service?
How do you generate random numbers within a given limit with actionscript?
Have you built any components with actionscript? If so explain how you did it?
How do you implement push on a flex applications?
I am going to add images into a tag. How will it resize itself?
What is a resource Manager??
What are the similarities between java and flex
What is the dynamic keyword used for
How do you implement push with flex data services?
What are the methods called when a UI component is intialized?
How do you implement drag and drop on components that do not support ondrag and ondrop?
Can you write to the file system from flex?
What is a drag manager?
How do you call javascript from Flex?
How do you use a repeater?
What are three ways to skin a component in flex?
How do you use css styles in flex?
What is the difference between sealed class and dynamic classes?
What is MVC and how do you relate it to flex apps?
What is state? what is the difference between states and ViewStack?
How does item renderer work? How do I add item renderer at runtime?
What keyword allows you to refer to private variables of a class?
How polymorphism works on actionscript?
How do you overload functions in action script?
What is dynamic keyword used for?
What are sealed classes ?
What are runtime shared libraries?
What is caringhorm ? how do you use it? Have you worked with Cairnghorn?
What keyword allows you to implement abstraction better?
What design patterns have you used? in Actionscript and java?
What's the difference between Java and AS3 getters and setters?
Explain how binding works in mxml components.
What's the difference between ChangeWatcher.watch, and BindingUtils.bindProperty?
Why would you want to keep a reference to a ChangeWatcher and call unwatch()?
How do you add event listeners in mxml components. Now AS3 components?
What does calling preventDefault() on an event do? How is this enforced?
Explain the lifecycle of a Cairngorm action.
What is the problem with calling setStyle()
Explain the difference between creating an effect and setting the target as opposed to adding an effectListener
How do you identify a component created in a repeater?

Sunday, May 31, 2009

Dr Stephen Covey's inspirational book - 7 Habits Of Highly Effective People®

Dr Stephen Covey is a hugely influential management guru, whose book The Seven Habits Of Highly Effective People, became a blueprint for personal development when it was published in 1990. The Seven Habits are said by some to be easy to understand but not as easy to apply. Don't let the challenge daunt you: The 'Seven Habits' are a remarkable set of inspirational and aspirational standards for anyone who seeks to live a full, purposeful and good life, and are applicable today more than ever, as the business world becomes more attuned to humanist concepts. Covey's values are full of integrity and humanity, and contrast strongly with the process-based ideologies that characterized management thinking in earlier times.

Stephen Covey, as well as being a renowned writer, speaker, academic and humanist, has also built a huge training and consultancy products and services business - Franklin Covey which has a global reach, and has at one time or another consulted with and provided training services to most of the world's leading corporations.


Stephen covey's seven habits of highly effective people®


Habit 1 - be proactive®
This is the ability to control one's environment, rather than have it control you, as is so often the case. Self determination, choice, and the power to decide response to stimulus, conditions and circumstances


Habit 2 - begin with the end in mind®
Covey calls this the habit of personal leadership - leading oneself that is, towards what you consider your aims. By developing the habit of concentrating on relevant activities you will build a platform to avoid distractions and become more productive and successful.


Habit 3 - put first things first®
Covey calls this the habit of personal management. This is about organising and implementing activities in line with the aims established in habit 2. Covey says that habit 2 is the first, or mental creation; habit 3 is the second, or physical creation.


Habit 4 - think win-win®
Covey calls this the habit of interpersonal leadership, necessary because achievements are largely dependent on co-operative efforts with others. He says that win-win is based on the assumption that there is plenty for everyone, and that success follows a co-operative approach more naturally than the confrontation of win-or-lose.


Habit 5 - seek first to understand and then to be understood®
One of the great maxims of the modern age. This is Covey's habit of communication, and it's extremely powerful. Covey helps to explain this in his simple analogy 'diagnose before you prescribe'. Simple and effective, and essential for developing and maintaining positive relationships in all aspects of life.


Habit 6 - synergize®
Covey says this is the habit of creative co-operation - the principle that the whole is greater than the sum of its parts, which implicitly lays down the challenge to see the good and potential in the other person's contribution.


Habit 7 - sharpen the saw®
This is the habit of self renewal, says Covey, and it necessarily surrounds all the other habits, enabling and encouraging them to happen and grow. Covey interprets the self into four parts: the spiritual, mental, physical and the social/emotional, which all need feeding and developing.


This 7 Habits summary is just a brief overview - the full work is fascinating, comprehensive, and thoroughly uplifting. Read the book, or listen to the full tape series if you can get hold of it.


Source of data @ http://www.businessballs.com