Nitin Agrawal
Contact -
  • Home
  • Interviews
    • Secret Receipe
    • InterviewFacts
    • Resume Thoughts
    • Daily Coding Problems
    • BigShyft
    • Companies
    • Interviews Theory
  • Programming Languages
    • Java Script >
      • Tutorials
      • Code Snippets
    • Reactive Programming >
      • Code Snippets
    • R
    • DataStructures >
      • LeetCode Problems >
        • Problem10
        • Problem300
      • AnagramsSet
    • Core Java >
      • Codility
      • Program Arguments OR VM arguments & Environment variables
      • Java Releases >
        • Java8 >
          • Performance
          • NasHorn
          • WordCount
          • Thoughts
        • Java9 >
          • ServiceLoaders
          • Lambdas
          • List Of Objects
          • Code Snippets
        • Java14 >
          • Teeing
          • Pattern
          • Semaphores
        • Java17 >
          • Switches
          • FunctionalStreams
          • Predicate
          • Consumer_Supplier
          • Collectors in Java
        • Java21 >
          • Un-named Class
          • Virtual Threads
          • Structured Concurrency
      • Threading >
        • ThreadsOrder
        • ProducerConsumer
        • Finalizer
        • RaceCondition
        • Executors
        • Future Or CompletableFuture
      • Important Points
      • Immutability
      • Dictionary
      • Sample Code Part 1 >
        • PatternLength
        • Serialization >
          • Kryo2
          • JAXB/XSD
          • XStream
        • MongoDB
        • Strings >
          • Reverse the String
          • Reverse the String in n/2 complexity
          • StringEditor
          • Reversing String
          • String Puzzle
          • Knuth Morris Pratt
          • Unique characters
          • Top N most occurring characters
          • Longest Common Subsequence
          • Longest Common Substring
        • New methods in Collections
        • MethodReferences
        • Complex Objects Comparator >
          • Performance
        • NIO >
          • NIO 2nd Sample
        • Date Converter
        • Minimum cost path
        • Find File
      • URL Validator
    • Julia
    • Python >
      • Decorators
      • String Formatting
      • Generators_Threads
      • JustLikeThat
    • Go >
      • Tutorial
      • CodeSnippet
      • Go Routine_Channel
      • Suggestions
    • Methodologies & Design Patterns >
      • Design Principles
      • Design Patterns >
        • TemplatePattern
        • Adapter Design Pattern
        • Proxy
        • Lazy Initialization
        • CombinatorPattern
        • Singleton >
          • Singletons
        • Strategy
  • Frameworks
    • Apache Velocity
    • React Library >
      • Tutorial
    • Spring >
      • Spring Boot >
        • CustomProperties
        • ExceptionHandling
        • Custom Beans
        • Issues
      • Quick View
    • Rest WebServices >
      • Interviews
      • Swagger
    • Cloudera BigData >
      • Ques_Ans
      • Hive
      • Apache Spark >
        • ApacheSpark Installation
        • SparkCode
        • Sample1
        • DataFrames
        • RDDs
        • SparkStreaming
        • SparkFiles
    • Integration >
      • Apache Camel
    • Testing Frameworks >
      • JUnit >
        • JUnit Runners
      • EasyMock
      • Mockito >
        • Page 2
      • TestNG
    • Blockchain >
      • Ethereum Smart Contract
      • Blockchain Java Example
    • Microservices >
      • Messaging Formats
      • Design Patterns
    • AWS >
      • Honeycode
    • Dockers >
      • GitBash
      • Issues
      • Kubernetes
  • Databases
    • MySql
    • Oracle >
      • Interview1
      • SQL Queries
    • Elastic Search
  • Random issues
    • TOAD issue
    • Architect's suggestions
  • Your Views

Questions in Interviews

5/6/2018

0 Comments

 
Below I will be sharing some interview questions I came across.
​But the answers of these may be correct or may not be. You have to check that once.
​Plus the kind of answer will also depends on what your interviewer wants to hear or knows about.
​So you are on your own there, if the interviewer doesn't know about your answer & s/he can reject you even though you are right.
​Will really be helpful if you can also share your thoughts on this.
Interview 1 : This question has been asked in a few interviews with Deutsche Bank, Xoriant,
​                      Sapient
like. How you will make your web service secure or how you include
​                      security in your web service?
​Answer : Like I say, it depends on what your interviews knows the answer of this or want to
​                listen. But I think such questions are quiet abstract & the answers of these can
​                depend on many factors like what kind of security ?.... At what stage you want to
​                apply?....What kind of resources need to be secured here?....etc.
               So further details you have to find by yourself, here I will give just
​               ideas/suggestions around this.
​                A) You want to apply simple authentication/authorization around your web service.
​                     For this you can use 'Authorization' header & have one interceptor class to read
​                     those values & will allow further service methods access accordingly or can
​                     return '401' error code for 'Unauthorized'.
​                B) If your services will majorly be used via browsers then you can use cookies to
                     store such access information in the browsers & let the browsers send these
​                     cookies back for the same domain.
 ​                    Such cookie concept depends on how you have configured your cookie & what
​                     protocol you are using.
                     So having this can help you but you need to test your services around cookies if
                     it is following all your security & performance parameters.
​                C) If your project is around Spring framework or Spring is being used then
​                     analysing the features being provided by Spring Security module will be worthy.
​                D) If you still looking for options then can try for SAML, OAuth or LDAP etc, if any
​                     of these fitting your requirements.
​                E) If you are looking to protect the data being transmitted from your service then
​                     security requirements take a different turn here. Now you have to think about
​                     various encryption APIs or Algorithms to incorporate in your web service
​                     architecture.
​                F) If your web services are built around microservices architecture then you may
​                    have to think about all the above options & other options which are not
​                    mentioned. Then only you can decide on which option fits well to your
​                    architecture.

​                For implementation of authorization concept for each individual service or
​                operation you can have either properties file for role based access or if you want to
​                have user based access dynamically then create database & interceptor class
​                around your service/operation and check if such service/operation is               
​                forbidden for this user. As this access check/verification you are doing at the micro
                level, so it is surely going to be bit slower & you can improve it by caching such
​                access information & pass it across the services/operations during the same
                session.

​ As I said earlier, there is no single direct answer for the issues around security. Millions/billions are spent around security only, so you can't say directly how you will incorporate the security in your application/system. One needs to analyse many factors related to its usage, expectations, requirements, environment, context, tools being used for this, lot of testing etc. then one can come up with the better approach.
0 Comments



Leave a Reply.

    Author

    Nitin Agrawal

    Archives

    May 2018

    View my profile on LinkedIn
Powered by Create your own unique website with customizable templates.