Idea to geek

API Throttling and Rate Limiting

Thisara's Research Space

Controlling Throughput on API


The infrastructure that the API services are deployed has a cost factor coined with it and relative to resource consumption on infrastructure such as CPU, Memory, Disk Space, Bandwidth etc. the cost factor of infrastructure would also increase.

A high volume of calls on API services at at given time would increase server resource consumption and if auto-scaling is enabled over a cloud infrastructure, it will spin-up more instances which will increase the cost of infrastructure. If the load is due to an unauthorized intrusion it would be a chaos. Thus, use of a limited rate-for-service calls during a specific time block is important in API communication.

Limiting of API service consumption is generally applicable for concurrent calls made by a single consumer who is identifiable with a single API identity. The thresholds of API throttling has to be set based on the predicted consumption of…

View original post 2,990 more words

Identity Delegation and Federated Authentication

Thisara's Research Space

What is Identity?

Identity is a generic term which identifying user and attributes of user within an electronic system. An electronic system identify a user using the information shared by the user with the electronic system. Hence identity is not what you are, it is all about what you share.

Identity and Access Management is explained in the Wikipedia as below;

“enables the right individuals to access the right resources at the right times and for the right reasons.”

As per the above statement, the role of identity solution would be to grant access to a restricted resource for an authorized individual at correct time for a valid reason.

There are main two concepts which represent basis of identity such as;

  1. Authentication
    • This is the process of validating ‘who you are’ by comparing the provided information with existing information data base of the system. E.g.:- using email address /…

View original post 1,721 more words

Dynamic Rates Management Module Research

Thisara's Research Space

Rates maintenance is a common requirement in today’s business applications. This solution allows systems to maintain rates in more dynamic approach where the administrative or the operational user could define rate formulas.
The solution is based on rate bases where a rate base could be any artifact that to be considered when defining a rate for a service or good. And these rate bases could be combined together in order to create dynamic rates. And at the time of combining rate bases additional information such as measuring unit, operating currency, taxes etc. could be defined. And the rate bases could be created, deleted and updated any time where the values are not hard-coded in table formats within the data store.
The approach could be elaborated using following example. Rate bases could consider as building blocks in a Lego system and the templates are built using the building blocks. And the…

View original post 3,437 more words

System Administration Module Design with optional Federated Authentication

Thisara's Research Space

System administration is a common requirement in many of the systems. This includes user authentication to authorization management to content within a system. There are set of commonly used functions within an legacy administrative module for authentication and authorization such as;

User Authentication
1. User Management
  • Maintenance of user authentication credentials within the system in traditional systems.
  • System has to maintain critical information of the user and maintain them such as passwords.
  • User has to maintain a profile with the system; in other words user has to register on the system.
  • To avoid the hassle of remembering password for multiple number of systems, Identity Delegation and Federated Authentication is used instead of maintaining credentials locally.
  • In Federated Authentication, third party openID enabled service will be used to authenticate user where the system (Resource Owner) does not need to maintain password and login credentials locally.

2. Authentication Rules

  • This will be…

View original post 3,154 more words

2015 in review

The stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

A San Francisco cable car holds 60 people. This blog was viewed about 1,800 times in 2015. If it were a cable car, it would take about 30 trips to carry that many people.

Click here to see the complete report.

Session Management in J2EE

Session Management in J2EE
By ~Thisara~.

Thisara's Research Space

Web applications are following HTTP protocol for communication where it instructs how to transport Hyper Text content over a TCP/IP based network environment.

http communication

HTTP is known as a state-less protocol where the protocol will NOT provide any functionality to keep track of the messages communicated between client and server over the network.

Server will need to store and process some private data for specific clients connected to the server and the private content will be kept in a volatile memory are within the server which is called a Session. Each session will be able to uniquely identifiable and each have unique ID which is known as SESSIONID. Usually a server keeps single session per client.


Session creation and destruction

When getSession(false) is invoked within the HttpServlerRequest, the servlet will attend to retrieve existing session using the JSESSIONID sent by the client. If existing session is not available it will be…

View original post 666 more words

Java සිංහලෙන්-හැඳින්වීම

Java සිංහලෙන්-හැඳින්වීම

Hibernate Tutorial – සිංහලෙන් – හැඳින්වීම

Blog at

Up ↑