Software And Architecture

Introduction Policies are a fine grained model of applying security restrictions on the various entities in the business application.  Can I achieve fine grained access only with Policies? The answer is NO. There are ways where we can model the same with the entity level permissions like feature. So what is so special about policies. Policies are typically a agreed upon JSON format that can be used to be built by the user and tie up with any entity or specific record in the entity. Since this is a JSON, it is easy to define and contain wildcards, regex matches etc which kind of becomes difficult to manage in other formats. Design The below diagram illustrates how the policies can be created and enforced in an application. As shown above, the Administrator is responsible to create the policies and bind them with the entities. Enforcement of the policies are done as part of the entity service, which passes on the request for access to a policy manager. The policy manager talks to the dat

The need Q: Why do we need the option to allow tenant's to create their own roles? A: So that they can correlate their business roles with the SaaS application roles rather than try to create a mental map of what business role maps to which application role Q: It seems quite useful, but how much of an effort is this? A: Though it seems to be a little more work, it is quite simple. This post will walk through how to build and use this model. Database Design In the database (which ever multi-tenancy level is chosen), we need a table which we can call it as Roles. This table normally contains the following attributes Roles (id, name, description, createdby, createdon, updatedby, updatedon, status/isActive)  This table allows all the roles to be at the global level. There will be another table called as Tenant Role which map the roles against the tenant's TenantRoles(id, tenantId, roleId, mappedby, mappedon, updatedby, updatedon, status/isActive) In this table, we are mapping the r

Introduction We have been reading articles about how to architect / design a system, microservices etc. However, I still find that there are developers that require some details on how to write / create a method. These are valid for statically typed languages like C# , Java which I have worked. though some of them apply to Javascript as a good practice. Below are some of the points that I consider worth noting The method should have a descriptive verb of the action that it is performing. ReadFromConfigurationFile SaveUserData CheckInOrderPriorToPayment 2. The arguments if any to the method should be validated prior to consumption. There are some built-in types in Java that helps in checking for nulls like  requireNonNull  from  java.util Note:  The below given method is one that i had built which checks for null and empty value and if so, throws suitable exceptions. We have been using similar built-in functionality in  Microsoft Enterprise Library  for .Net as  Guard.Null  or  Guard.Nu

Background I am working on a project that depends using Jenkins with vast number of jobs dynamically created. We had a use-case where the Jenkins job[s] needs to be deleted. Based on analysis of the REST API offered by Jenkins, I was not able to find the API to delete multiple jobs. We can delete every job through the API, however that would be very chatty, had the user opted to delete more than 2 or 3 jobs at a time. In order to improve the performance, I decided to build a Jenkins job that does the job of deleting multiple jobs Job Selection in Jenkins In Jenkins, we might be having jobs at the root level or contained within folders and in case of having then under folders, we might be having the multiple folders nested. Jenkins has a name for a job which is just name of the job and a fullName that is the full jenkins path inclusive of the folders that contain this job from the jenkins root. In order to select a suitable collection of jobs, we must prefer to use the fullName based na

The Need  In case of using props in a hierarchy of components, we need to move the data throughout the hierarchy from the leaf node to the root node in order to communicate the data / handlers to the siblings This leaves us with the following 1. The parent components, does not need to know the child component's data but it still gets them inorder to uplift the state 2. Components gets polluted with the props of unused data / handlers 3. Chances are high that after development, in the maintenance phase, these methods might be overwritten or consumed in the wrong component if the maintainer does not have a good understanding and is on a hurry to resolve an issue 4. Data communication is highly linked between unrelated components Illustration The below diagram will illustrate the problem where each components uplifts the state in order to the siblings to get the update or data from their siblings. This causes the root component (<App />) to be fully aware of what is going on in

Introduction Which database strategy do I choose from and what are the options on the table? This post aims to help the developer / architect to choose the database strategy for a multi-tenant application In a multi-tenant application, there are many areas or concerns that require attention like the cost, data isolation and protection, maintenance, and disaster recovery. Multi-tenant solutions can opt any strategy from one database per tenant (fully isolated) to one row per tenant (shared database) or to have separate schema per tenant in the same database (Shared server, separate schemas).

useState vs useReducer Introduction This post does not deal with what a state and a reducer means as it is expected that the user has a little background on what they are and how they work. This post mainly focusses on the doubts that a developer might encounter when they have to choose between a state and a reducer and not clear on when to use which feature. useState =>  This is a good state management tool (mainly used for component state) Suitable to manage individual states where the properties or data are simple like primitive values This is a good option for simple and less dependent data Example:   When we have a input change like radio button that turns on / off the visibility of sections of the DOM, a state is a good fit useReducer =>  This is a good option when objects are used as a state This is a good option to use when there is a complex state update logic to be executed since there is dependency between the individual states This feature helps in moving out the stat

There exists a notion that in order to achieve the better security, we should opt for the physical isolation of databases This is not true in reality, we can design using the right patterns so that we can still have the single table which have all the tenant information and still use the row level security pattern to restrict the data access by the tenant. However, this has to be done for a MVP and based on the various parameters, this design is to be revisited and incase of having a tenant that has a very huge volume of data, in that case, we can migrate the tenant data to a separate database. The migration of the data might be taking more time, so there should be a suitable connector that is built so that the tenant filter is applied during the data migration in the appropriate value. The approach of having a single database is not applicable when there are GDPR or other HIPPAA compliances to be enforced.

Portals What are portals and why do we need another fancy terminology for a web app? The need In software development, be it in the server side development or client side development, the best practice that we follow is to identify and isolate the cross-cutting concerns and then use them in a separate library or package or module. This helps us test the implementation and also plug-in any newer version if the old version does need an upgrade and also to make them accessible at a global level. HTML & Cross-Cutting Concerns In the case of HTML, we have all been working in the rendering of the various elements in the DOM not worrying about the location of certain DOM elements and with the advent of many frameworks, we have got control on the logic and the rendering is taken care of by the framework (React, Angular etc..) However, in case of HTML we have several components like dialogs, modals, alerts, info etc which we kind of duplicate across various HTML fragments (through component

What is AOP AOP stands for Aspect Oriented Programming. It is mainly used to implement the Cross-Cutting concerns in applications. These are used to reduce the mix of the business logic from the NFR (Non Functional Requirements) like logging, performance monitoring, validations etc. Also, these "Aspects" can be [should be] generalized and be located in a common library or package so that it can be easily upgraded / patched. Further, these Aspects are to be implemented without bringing-in these Aspects into every service or business logic layer so that they can be less invasive and like autowired to get the job done without being omni-present. Spring AOP helps us achieve this model by bringing in the support for the Aspects and help us wire these aspects at places where required. Core Terms / Concepts Aspect This is the cross cutting concern like logging / time measurement / validation etc. Join Point The method execution. (Example: Executing a service method like CustomerServ

The need for a upgrade? Any library comes with upgrades to the functionality like security patches, functional improvement, performance tuned and new functionality added to accommodate the latest changes in the underlying language (in this case, it is Javascript) Also, these days there are lot of CVE (vulnerabilities) reported in many libraries so it is always good to upgrade and be on the latest version so as not to compromise the application. Also new functionalities / features brings in good chance for the dev team to learn and also write less and build more, so its a happy path always :) Steps to Upgrade 1. Install the npm-check-updates package through the below command  npm install -g npm-check-updates 2. Ensure that the package.json file is having a back-up or in source control like git, to be safe to make sure that we can revert back to the older one in case of troubleshooting any issues / incompatibilities in the new versions.  3. run the below command that scans the `package.j

Row Level Security The need for row level security stems from the demand for fine-grained security to the data. As the applications are generating vast amounts of data by the day. Application developers are in need of making sure that the data is accessible to the right audience based on the right access level settings. Even today, whenever an application was built, the application development team used to spend a lot of time researching the approach, implementing multiple tables multiple logics 25 queries to add filters to manage the data security for every query that gets transferred from the end user request to the application database. This approach requires a lot of thought process, testing and security review because the queries needs to be intercepted, updated and the data retrieval to be validated to make sure the end-users see only the data that they are entitled to. Implementation With the advent of of row level security feature being rolled out in main d

Why a Vault? The reason for having a vault is to have the secrets for the application stored in a very "safe" / "secure" location so that only trusted clients of the Vault (Web Apps / Services etc ) can get access to the secrets. When we do not use a vault, the dev team will check-in the secrets like Database Credentials, AWS credentials etc to the source control, which leaves it open to be accessible to anyone that gets access to source code. There are a lot of Vaults out there in AWS, Azure etc, but this system is opensource and we have full control of the installation and security, which piqued my interest and hence I started exploration. Dangers of exposing Secrets In the hands of wrong person, it could be disastrous, especially if the secret has more privileges, more the depth of the damage Developers might get to try out changes with these credentials. In recent years, a colleague of mine forgot to append the where clause in the production

User Authentication in Multi-Tenant SaaS Apps Introduction We will cover few scenarios that we can follow to perform the user authentication in a Multi-Tenant SaaS application. Scenario 1 - Global Users Authentication with Tenancy and Tenant forwarding In this scheme, we have the SaaS Provider Authentication gateway that takes care of Authentication of the users by performing the following steps Tenant Identification User Authentication User Authorization Forwarding the user to the tenant application / tenant pages in the SaaS App This demands that the SaaS provider authentication gateway be a scalable microservice that can take care of the load across all tenants. The database partitioning (horizontal or other means) is left upto the SaaS provider Service. Scenario 2 - Global Tenant Identification and User Authentication forwarding   In the above scenario, the tenant identification happens on part of the SaaS provider Tenant Identification gateway. Post which, the

Migrating from Springfox to OpenAPI 3 in Spring Boot Application This blogpost, I would like to share about the migration to OpenAPI 3 in my project application that is built using Java 8 and Spring boot.  I was working in a project that had a very old framework support and JDK. I was taking my free time whenever I find one and then did some upgrade to the core so as to get the application to be on the latest frameworks and get support if any issues. Why Upgrade? The reason for upgrade is to facilitate the following The application dependencies are up-to-date, meaning that when we face any issue or require any help, people will be able to help (Community support). Though we have support for the deprecated frameworks also from the vibrant community like Stackoverflow.com, better to be with the upgrades There might be limitations hindering in building new functionality or extending existing ones with the older versions, so a version upgrade to the latest will be always handy