2nd interview
Security handling in angular
Angular has some inbuilt functions, for example, it automatically "sanitizes untrusted values for HTML, styles and URLs"., It also has cross site request forgery, so it can tell the difference between forged requests. --How does this work? Applkication server sends a randomly generated authentication token in a cookie, the client code reads the cookie value to the request header value and rejects the request if values are missing
Compare spring to angular
1. maven clean install => npm install(will install all the modules that are listed in your package.json) 2. .m2 folder (maven artificats) => node_modules(Under project folder)-kind of like javascript libraries 3. mvn test => npm test(test section on package.json) 4. junit, powermock, ... => mocha, node-unit, ... 5. Spring MVC => Express.JS 6. pom.xml => package.json 7. import package => require('module_name')
SONAR
A code quality analysis tool. It covers a wide area of code quality check points which include: Architecture & Design, Complexity, Duplications, Coding Rules, Potential Bugs, Unit Test etc.
Explain Toolkit UI
A web application (done in order to redo some applications from scratch) built with angular js on a nodejs platform for the front end, and spring boot - java based project for the backend. To combine java and javascript, we used maven, in which we included plugins to install and generate resources for nodejs, npm, and gulp when building the project. In order for users to have a single project for both the front end and the backend, we used the maven war plugin, in which we were able to pull in the necessary files to the backend. This is run on a tomcat 9.0 server.
Node.js
a platform built on Chrome's JavaScript runtime for easily building fast and scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. Node is a runtime or environment. It is not a framework.
Exact "hierarchy model" in angular
app home -> applications: First there is the app component, within that we had the home component that was what the user would see when they login, the authenticaton component, an error component (deals with what pages the user sees when they run into an error. Within the home component, you would have different components for each of the applications. There would be a routing module in the component such as homecomponent where we would need to be able to click to view different pages(different applications)
oauth
client id, client secret, granttype
Parts of API rest call
request - url/path parameters, your payload.(names & values you are sending in ), authentication,
Describe the applications
Csdmonitor: Rep tool where you could give some parameters like customer id or service request id to get information on select documents, audit trails MetadataUpdate: giving schema name and table name, you can edit a text field from a table that has metadata. (metadata - describes about info/data) ExceptionTool- Given customer id, get information related to team code and service model code. Some of the fields that are returned will be editable, so user can override and update information.
Talk about some of configuration involved with angular/npm
Our gulp build will copy all of our source files and dependencies to the correct folder in order for the application to work properly. The systemjs.confg file is pretty much the system configuration for the application. There includes a map which tells the system loader where to look for things. You can designate the folder where the angular bundles are located. Package.json - contains all of the dependencies and designated versions that will be installed. Index.html - similar to most html files, it has a heading, a title, a link to .js and .css files you need to use, the body<app></app>, and the footer.
Explain Model View Controller-
MVC is a software architecture - the structure of the system - that separates domain/application/business (whatever you prefer) logic from the rest of the user interface. It does this by separating the application into three parts: the model, the view, and the controller.
Front end testing
Jasmine: A behavior driven development framework, it provides functions to help with test structuring, assertions. Checks to make sure the appropriate items are being called, the services are reached, and the changes are reflected.
Security handling(classes, what they do): backend
Spring has some inbuilt classes and configurations for security. @EnableWebSecurity, SecurityConfiguration class AuthenticationSuccessHandler and FailureHandler, security dependencies deals with authentication, authorizations. Protection against attacks like session fixation, clickjacking, cross site request forgery, etc
What is Spring?
Spring is basically a framework for dependency injection. There a lot of implementations for REST and MVC web framework. Spring basically wires the classes up so all objects are instantiated, initialized, and injected in the right places.
Talk about jenkins
- Jenkins is an open source automation tool written in Java with plugins built for Continuous Integration purpose. Jenkins is used to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for users to obtain a fresh build. It also allows you to continuously deliver your software by integrating with a large number of testing and deployment technologies. • First, a developer commits the code to the source code repository. Meanwhile, the Jenkins server checks the repository at regular intervals for changes. • Soon after a commit occurs, the Jenkins server detects the changes that have occurred in the source code repository. Jenkins will pull those changes and will start preparing a new build. • If the build fails, then the concerned team will be notified. • If built is successful, then Jenkins deploys the built in the test server. • After testing, Jenkins generates a feedback and then notifies the developers about the build and test results. • It will continue to check the source code repository for changes made in the source code and the whole process keeps on repeating. Benefits of Jenkins: Build failures are cached, for each change you get a build notification, it allows easy tracking of bugs at early stage.
Hurdles in the front end
: I was having an issue where when using the service class to get back and object, you need to use .suscribe() in order to access the service methods and receive back data. I noticed that during part of development, I wasn't getting expect values, basically things were not changing. I debugged this by printintout the values in different methods, to see what was happening. I noticed that I was getting the correct data in the subscribe method, and it was indeed storing the data in the empty object I had created in order for the subscribed data to be in. That's when I found out you are not able to change values that are received directly by the subscribe function(kind of like a read only). Therefore I decided to pass in the data from the subscribe function to another method where I copied those values into the empty object. In this case, I was able to modify the data as needed.
Talk about Symphony
: Integrating Fidelity Internal Application - called Search 2.0 to an existing multi- application tool scalled symphony. With search 2.0, users could query documents on research analytics. It was meant for use by members of the Research Analytics and Metrics team. The symphony tool a place where users can go in and use applications to find content from various companies and communicate with other users. Sales & Trading, Research, Portfolio Management It was done using AngularJS on a nodejs platform. http request to get back information Table search result, you can use advanced filter.
TOOLKIT UI USER EXPERIENCE
: Pagination, User loading, security -goes back to home page, angular forms, form validations
Traditional MVC controller and RESTful web service controller
: The restful web services controller simply populates and returns a n object. The object data will be written directly to http response as JSON. Where as in mvc - it relies on view technology to provide server side rendering of the data to html.
What is dependency injection
? In software engineering, dependency injection is a technique whereby one object supplies thedependencies of another object. A dependency is an object that can be used (a service). An injection is the passing of a dependency to a dependent object (a client) that would use it. loosely couple architecture, it is valuable during testing whereyou could create mock objects, increased system maintability because logic changes affect fewer modules., It dosent require changes in code behavior so it can be applied to legacy code.. --disadvantage: Clients demand configuration details, sometimes it can be difficult to trace, develoopers have to refer to more files to follow how the system works
Example Tags spring
@Configuration tags the class as a source of bean definitions for the application context.(central interface) @EnableAutoConfiguration tells Spring Boot to start adding beans based on classpath settings, other beans, and various property settings. @ComponentScan tells Spring to look for other components, configurations, and services in the hello package, allowing it to find the controllers.
Talk about Backend
Backend: Using Java and Spring boot. We would have a controller for the different service groups, so they would all have a mapping url that helps bring attention to that controller which are ready to handle web requests. The controller consists of methods for each of the service call types for that group. These methods would in turn call the Service class, We used a rest template using a Repository where it would send in the Request object to the correct url and pass back the response object. To make sure we were getting the correct data we used curl commands
Leading Scrums-
For the toolkit UI, I led a scrum for me and 2 other people. It was every other day, and we would go over the stories in jira and talk about what we have done so far. I planned a quick agenda before hand.
Talk about front end code
Front end: The application consists of modules for each application. Angular framework: module.ts-> imports all necessary classes from packages. component.html Structure of the page Component.ts javascript with the underlying logic/functions Model.ts-> Objects that have fields/constructors S ervice.ts-> class used to call services and get the response back in object form.
Angular2 vs Angular
General benefits: 1. Two-way data binding, You can see data changed in javascript automatically reflected in UI. All you have to do is have the proper controller to the html. 2. Directives: offers built in functionality to applications, you can even define your own. Ex) ng-init= "firstName='John' Initialize value to John, and as you change it it will change. <input type = "text" ng-model="firstName"> You wrote {{firstName}} Braquets to indicate data binding logic/ using something like a variable from js class. Angular - allowed you to create applications in more tightly coupled items like controllers views services. Angular2 - the purpose of angular2 is to create components that are loosely coupled, so they don't depend on eachother. Its all about components tree like structure. The components contain the logic and the view. Done using TypeScript, it compiles at runtime to javascript.
Udeploy
IBM UrbanCode Deploy is a tool for automating application deployments through your environments. It is designed to facilitate rapid feedback and continuous delivery in agile development while providing the audit trails, versioning and approvals needed in production.
talk about rest architecture
REST - Representational State transfer, is basically an architectural style of systems. One of the main principles of REST is that there is stateless interaction between the client and server. Each request from the client to the server must contain all of the information necessary to understand the request.. Additionally, stateless requests are free to be answered by any available server, which is appropriate for an environment such as cloud computing. The client can cache the data to improve performance. Another important REST principle is the layered system, which means a component cannot see beyond the immediate layer with which it is interacting. By restricting knowledge of the system to a single layer, a boundary is placed on the overall system complexity, promoting substrate independence.
What does REST stand for
REpresntational State Transfer.
Software development life cycle stages:
Requirement Gathering and analysis: Me and backend developer would discuss the existing applications and make notes about what needs to be changed. Design Implementation Testing Deployment Maintenance
Spring MVC vs Spring Boot
Spring boot is much faster, one of the cool things it is looks at your class path and at the beans you have and figures out what you are missing and adds it. With this you can focus more on business features and less on infrastructure.
How do spring and rest work together
The Spring framework supports two ways of creating RESTful services: • using MVC with ModelAndView • using HTTP message converters The ModelAndView approach is older and much better documented, but also more verbose and configuration heavy. It tries to shoehorn the REST paradigm into the old model, which is not without problems. The Spring team understood this and provided first-class REST support starting with Spring 3.0. The new approach, based on HttpMessageConverter and annotations, is much more lightweight and easy to implement. Configuration is minimal, and it provides sensible defaults for what you would expect from a RESTful service. It is, however, newer and a bit on the light side concerning documentation - the reference doesn't go out of its way to make the distinction and the tradeoffs between the two approaches as clear as they should be. Nevertheless, this is the way RESTful services should be built after Spring 3.0. The CONTROLLER receives http requests from spring front controller - dispatcher servlet controllers are non public. Mapping http response codes important.
Waterfall vs Agile
The Waterfall Methodology Waterfall is a linear approach to software development. In this methodology, the sequence of events is something like: 1. Gather and document requirements 2. Design 3. Code and unit test 4. Perform system testing 5. Perform user acceptance testing (UAT) 6. Fix any issues 7. Deliver the finished product Advntages: customer presence is not strictly required, progress is easily measured as ful scope is known in advance, Disasdvantages: customer would only see after implemented. Effectiveness of requirements. Java Key things you know - Agile is an iterative, team-based approach to development. This approach emphasizes the rapid delivery of an application in complete functional components. Rather than creating tasks and schedules, all time is "time-boxed" into phases called "sprints." • Disadvantage: The very high degree of customer involvement, while great for the project, may present problems for some customers who simply may not have the time or interest for this type of participation. • Agile works best when members of the development team are completely dedicated to the project. Waterfall : when you know exactly what you want, customer does not want to be involved, Agile: volatile projects, that might need to be changed.
Backend Testing
Unit Testing : Eclemma code coverage.-80% MockMVC- sends http requests into the servlet and make assertions about the result. SONARCUBE - CODE smells
AWS service what did you learn
VPC -> Amazon VPC lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address ranges, creation of subnets, and configuration of route tables and network gateways. You can also create a hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter. S3 - Static website - benefits: To host a static website, you configure an Amazon S3 bucket for website hosting, and then upload your website content to the bucket. The website is then available at the AWS Region-specific website endpoint of the bucket: API gateway: benefits: Amazon API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a "front door" for applications to access data, business logic, or functionality from your back-end services, such as applications running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, or any web application. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. Amazon API Gateway has no minimum fees or startup costs. You pay only for the API calls you receive and the amount of data transferred out.