The Infosys Labs research blog tracks trends in technology with a focus on applied research in Information and Communication Technology (ICT)

« October 2010 | Main | December 2010 »

November 26, 2010

Extend Spring Security to Protect Multi-tenant SaaS Applications

Spring Security, the open source security framework maintained by SpringSource, is a widely used framework that enterprises use to address the security requirements of enterprise Applications. It provides a comprehensive security solution that supports a wide range of authentication mechanisms, including HTTP authentications and authentication based on forms, LDAP, JAAS, OpenID, etc.

However, Spring Security currently does not provide out-of-box features to address the security requirements of SaaS applications. In this article, we present a solution to extend the JDBC- and LDAP-based implementations of Spring Security to address the multi-tenant security requirements of SaaS

Cloud Application Migration

The business value of a cloud model does not require any special emphasis to enterprises.
The Infrastructure elasticity promises to offer the desired flexibility that allows businesses
to penetrate new and emerging markets without the risk of a significant capital expenditure. The free cash flow made available will allow businesses to increase spending on R&D or other strategic initiatives. For small and medium businesses, Cloud Computing offers an ecosystem that allows them to co-exist, if not compete, with large businesses. For large businesses, it's a natural progression of how IT could better optimize its data centers and deliver more value for the business.

What are the real challenges that make organizations take a cautious, wait-and-watch approach to cloud adoption? The reasons are many. For one, concerns with regard to security and regulatory compliance overshadow other potential means through which one could benefit from cloud. It's necessary to uncover such possibilities for businesses to evaluate the potential of cloud computing. Put another way, we will explore the questions most business leaders ponder over - Is 'cloud computing' the logical next step for me to successfully execute business strategy? If so, what should be my cloud strategy? Which applications are best suited to run on cloud?

These are the questions we discuss, attempt to answer, and where required, make suitable recommendations in this article written by Ashok and me.


November 11, 2010

Bottleneck Analysis of J2EE Applications using Performance Management Tools

As J2EE applications are distributed in nature, interaction of components across layers is required to fulfill a single request. Also, components that behave well in isolation might have unacceptable performance when working under load. In a complex J2EE Environment which is facing performance issues, identifying the problem layer or component is the most difficult task. Under these scenarios, performance management tools can help in isolating, analyzing and resolving performance issues in complex applications occurring under testing phase


J2EE Performance Management tools make it possible to monitor a J2EE application under load conditions and isolate the bottleneck causing components. These tools have typically the following capabilities:

·         These tools have very low overheads and can be deployed on testing and production environments to identify bottlenecks.

·         These tools provide mechanism to integrate with Load Testing tools. These tools can monitor applications in a load testing environment and detect performance regressions inside applications invisible to testing tools, and to precisely isolate complex performance issues

·         These tools provide layer-wise and request-wise performance metrics. The tools have the capability to track a request across different layers in the J2EE environment and report its performance metric in each layer. For e.g., the tool can capture the time the request spent in the Servlet/JSP layer, the EJB layer and the JDBC layer. This is very useful in narrowing the layer which is causing the performance problem

·         Provides the capability to drill down for more precise performance measurements from the layer level to the actual method call level

·         Performance issues across all variables are captured by these tools in context of all or selected transactions and correlated with environmental influences such as virtualization, latencies, and configurations

·         Provides expert tips on indicating the potential bottlenecks and possible causes for those bottlenecks


Leveraging these performance management tools provides following benefits

·         Quick and easy diagnostic of application failures and performance problems in real-time or offline without having to reproduce problem scenarios on their local workstations, in turn freeing up key development resources for building new features.

·         Reduce and accelerate required test cycles by eliminating test runs with additional log-options to drill into certain problem allowing more time to be spent on strategic activities.