Search This Blog

Thursday 28 December 2017

Overview of Scrum

Scrum is one of the most popular Agile methodologies. It is an adaptive, iterative, fast, flexible, and effective methodology designed to deliver significant value quickly and throughout a project. Scrum ensures transparency in communication and creates an environment of collective accountability and continuous progress. The Scrum framework,  is structured in such a way that it supports product and service development in all types of industries and in any type of project, irrespective of its complexity.


The key strength of Scrum lies in its use of cross-functional, self-organized, and empowered teams who divide their work into short, concentrated work cycles called Sprints

Sprint Flow

The Scrum cycle begins with a Stakeholder Meeting, during which the Project Vision is created. The Product Owner then develops a Prioritized Product Backlog which contains a prioritized list of business and project requirements written in the form of User Stories. Each Sprint begins with a Sprint Planning Meeting during which high priority User Stories are considered for inclusion in the Sprint. A Sprint generally lasts between one and six weeks and involves the Scrum Team working to create potentially shippable Deliverables or product increments. During the Sprint, short, highly focused Daily Standup Meetings are conducted where team members discuss daily progress. Toward the end of the Sprint, a Sprint Review Meeting is held during which the Product Owner and relevant stakeholders are provided a demonstration of the Deliverables. The Product Owner accepts the  Deliverables only if they meet the predefined Acceptance Criteria. The Sprint cycle ends with a Retrospect Sprint Meeting where the team discusses ways to improve processes and performance as they move forward into the subsequent Sprint.


Some of the key benefits of using Scrum in any project are:

  • Adaptability—Empirical process control and iterative delivery make projects adaptable and open to incorporating change.
  • Transparency—All information radiators like a Scrumboard and Sprint Burndown Chart are shared, leading to an open work environment.
  • Continuous Feedback—Continuous feedback is provided through the Conduct Daily   Standup, and Demonstrate and Validate Sprint processes.
  • Continuous Improvement—The deliverables are improved progressively Sprint by Sprint, through the Groom Prioritized Product Backlog process.
  • Continuous Delivery of Value—Iterative processes enable the continuous delivery of value through the Ship Deliverables process as frequently as the customer requires.
  • Sustainable Pace—Scrum processes are designed such that the people involved can work at a sustainable pace that they can, in theory, continue indefinitely.
  • Early Delivery of High Value—The Create Prioritized Product Backlog process ensures that the highest value requirements of the customer are satisfied first.
  • Efficient Development Process—Time-boxing and minimizing non-essential work leads to higher efficiency levels.
  • Motivation—The Conduct Daily Standup and Retrospect Sprint processes lead to greater levels of motivation among employees.
  • Faster Problem Resolution—Collaboration and colocation of cross-functional teams lead to faster problem solving.
  • Effective Deliverables—The Create Prioritized Product Backlog process and regular reviews after creating deliverables ensures effective deliverables to the customer.
  • Customer Centric—Emphasis on business value and having a collaborative approach to stakeholders ensures a customer-oriented framework.
  • High Trust EnvironmentConduct Daily Standup and Retrospect Sprint processes promote transparency and collaboration, leading to a high trust work environment ensuring low friction among employees.  
  • Collective Ownership—The Approve, Estimate, and Commit User Stories process allows team members to take ownership of the project and their work leading to better quality.
  • High Velocity—A collaborative framework enables highly skilled cross-functional teams to achieve their full potential and high velocity.
  • Innovative Environment—The Retrospect Sprint and Retrospect Project processes create an environment of introspection, learning, and adaptability leading to an innovative and creative work environment.

Tuesday 19 December 2017

Securing RESTful Web Services

Securing RESTful Web Services

This post describes how to secure Web services that conform to the Representational State Transfer (REST) architectural style using Java API for RESTful Web Services (JAX-RS).

We can secure the RESTful Web services using one of the following methods
  • Updating the web.xml deployment descriptor to define security configuration.
  • Using the javax.ws.rs.core.SecurityContext  interface to implement security programmatically.
  • Applying annotations to your JAX-RS classes. 

Securing RESTful Web Services Using web.xml

We secure RESTful Web services using the web.xml deployment descriptor as we would for other Java EE Web applications.
To secure your RESTful Web service using basic authentication, perform the following steps:
  1. Define a <security-constraint> for each set of RESTful resources (URIs) that you plan to protect.
  2. Use the <login-config> element to define the type of authentication you want to use and the security realm to which the security constraints will be applied. 
  3. Define one or more security roles using the <security-role> tag and map them to the security constraints defined in step 1. 
  4. To enable encryption, add the <user-data-constraint> element and set the <transport-guarantee> subelement to CONFIDENTIAL 

<web-app>
    <servlet>
        <servlet-name>RestfulServlet</servlet-name>
        <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>RestfulServlet</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>
    <security-constraint>
         <web-resource-collection>
             <web-resource-name>Employees</web-resource-name>
             <url-pattern>/employees</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
         </web-resource-collection>
         <auth-constraint>
             <role-name>admin</role-name>
         </auth-constraint>
    </security-constraint>
        <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>default</realm-name>
        </login-config>
    <security-role>
        <role-name>admin</role-name>
    </security-role>
</web-app>

Securing RESTful Web Services Using SecurityContext

The javax.ws.rs.core.SecurityContext  interface provides access to security-related information for a request. The SecurityContext provides functionality similar to javax.servlet.http.HttpServletRequest, enabling you to access the following security-related  information:
  1. java.security.Principal object containing the name of the user making the request.
  2. Authentication type used to secure the resource, such as BASIC_AUTH, FORM_AUTH, and CLIENT_CERT_AUTH.
  3. Whether the authenticated user is included in a particular role.
  4. Whether the request was made using a secure channel, such as HTTPS.

You access the SecurityContext  by injecting an instance into a class field, setter method, or method parameter using the javax.ws.rs.core.Context annotation.
package com.rest.helloworld;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.Context;

...

@Path("/stateless")
@Stateless(name = "JaxRSStatelessEJB")
public class MyApp {
...
        @GET
        @Produces("text/plain;charset=UTF-8")
        @Path("/hello")
        public String sayHello(@Context SecurityContext sc) {
                if (sc.isUserInRole("admin"))  return "Hello World!";
                throw new SecurityException("User is unauthorized.");
        }

Securing RESTful Web Services Using Annotations

The javax.annotation.security  package provides annotations, defined below, that you can use to secure your RESTful Web services.
Restful Annotations
Restful Annotations
package com.rest.helloworld;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.annotation.Security.RolesAllowed;


@Path("/helloworld")
@RolesAllowed({"ADMIN", "ORG1"})
public class helloWorld {

   @GET
   @Path("sayHello") 
   @Produces("text/plain")
   @RolesAllows("ADMIN")
   public String sayHello() {
      return "Hello World!";
   }
}