REST API Components – Standards and Design aspects

In this post, we will see the different REST API components w.r.t standards and design aspects

Query parameters and QueryString length in HTTP GET

Security Aspect:

Although officially there is no limit specified by RFC 2616, many security protocols and recommendations state that maxQueryStrings on a server should be set to a maximum character limit of 1024. While the entire URL, including the querystring, should be set to a max of 2048 characters. This is to prevent the Slow HTTP Request DDOS vulnerability on a web server. This typically shows up as a vulnerability on the Qualys Web Application Scanner and other security scanners.

Please see the below example code for Windows IIS Servers with Web.config:

        <requestLimits maxQueryString="1024" maxUrl="2048">
              <add header="Content-type" sizeLimit="100" />

This would also work on a server level using machine.config.

Note: Limiting query string and URL length may not completely prevent Slow HTTP Requests DDOS attack but it is one step you can take to prevent it.

414 URI Too Long (RFC 7231):

The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request, in which case it should be converted to a POST request. Called “Request-URI Too Long” previously.

Browser restrictions:

  • Microsoft Internet Explorer (Browser)
    Microsoft states that the maximum length of a URL in Internet Explorer is 2,083 characters, with no more than 2,048 characters in the path portion of the URL. Attempts to use URLs longer than this produced a clear error message in Internet Explorer.
  • Microsoft Edge (Browser)
    The limit appears to be around 81578 characters.
  • Chrome
    It stops displayingthe URL after 64k characters, but can serve more than 100k characters. No further testing was done beyond that.
  • Firefox (Browser)
    After 65,536 characters, the location bar no longer displays the URL in Windows Firefox 1.5.x. However, longer URLs will work. No further testing was done after 100,000 characters.
  • Safari (Browser)
    At least 80,000 characters will work. Testing was not tried beyond that.
  • Opera (Browser)
    At least 190,000 characters will work. Stopped testing after 190,000 characters. Opera 9 for Windows continued to display a fully editable, copyable and pasteable URL in the location bar even at 190,000 characters.
  • Apache (Server)
    Early attempts to measure the maximum URL length in web browsers bumped into a server URL length limit of approximately 4,000 characters, after which Apache produces a “413 Entity Too Large” error. The current up to date Apache build found in Red Hat Enterprise Linux 4 was used. The official Apache documentation only mentions an 8,192-byte limit on an individual field in a request.
  • Microsoft Internet Information Server (Server)
    The default limit is 16,384 characters (yes, Microsoft’s web server accepts longer URLs than Microsoft’s web browser). This is configurable.
  • Perl HTTP::Daemon (Server)
    Up to 8,000 bytes will work. Those constructing web application servers with Perl’s HTTP::Daemon module will encounter a 16,384 byte limit on the combined size of all HTTP request headers. This does not include POST-method form data, file uploads, etc., but it does include the URL. In practice this resulted in a 413 error when a URL was significantly longer than 8,000 characters. This limitation can be easily removed. Look for all occurrences of 16×1024 in and replace them with a larger value. Of course, this does increase your exposure to denial of service attacks.

When to use @QueryParam versus @PathParam

REST may not be a standard as such, Most APIs tend to only have resource names and resource IDs in the path. Such as:


Some REST APIs use query strings for filtering, pagination and sorting, but REST isn’t a strict standard.

Recommendation is put any required parameters in the path, and any optional parameters should certainly be query string parameters. Putting optional parameters in the path will end up getting really messy when trying to write URL handlers that match different combinations.

When to use Headers versus URL parameters (PathParam or QueryParam)

GET /orders/view
(custom HTTP header) CLIENT_ID: 23

instead of

GET /orders/view/client_id/23 or
GET /orders/view/?client_id=23

The URL indicates the resource itself. A “client” is a resource that can be acted upon, so should be part of the base url: /orders/view/client/23.

Parameters are just that, to parameterize access to the resource. This especially comes into play with posts and searches: /orders/find?q=blahblah&sort=foo. There’s a fine line between parameters and sub-resources: /orders/view/client/23/active versus /orders/view/client/23?show=active. Recommendation is the sub-resource style and reserve parameters for searches.

Since each endpoint Represents a State Transfer (to mangle the mnemonic), custom headers should only be used for things that don’t involve the name of the resource (the url), the state of the resource (the body), or parameters directly affecting the resource (parameters). That leaves true metadata about the request for custom headers.

HTTP has a very wide selection of headers that cover most everything you’ll need. Where we could see custom headers which come up in a system to system request operating on behalf of a user. The proxy system will validate the user and add “X-User: userid” to the headers and use the system credentials to hit the endpoint. The receiving system validates that the system credentials are authorized to act on behalf of the user, then validate that the user is authorized to perform the action.

Custom headers have the following advantages:

  • Can be read easily by network tools/scripts (authentication, meta info)
  • Keeps urls free from security stuff (safer, not in browser/proxy caches)
  • Keeps urls cleaner: allows for better caching of resources


Algorithms in Java Interviews

In this post, we will see algorithm problems with their solutions which are asked during Java interviews.

How to check if a number is Palindrome?

void checkPalindrome(int n){
  int temp, sum = 0;
  int input=n;

  while(n>0) {
     temp = n%10;
     sum = (sum*10) + temp;
     n = n/10;

  if(input == sum){
  } else {
   System.out.println("Not Palindrome");

How to check if a number is Prime in Java8?

void checkPrime(int n) {
if(n > 1 && IntStream.range(2, n).noneMatch(i -> i%n==0)) {
} else {

How to sort objects in reverse order in Java8?

Student student1 = new Student(372,"Venkat",1);
Student student2 = new Student(2,"Sachin",4);
Student student3 = new Student(2345,"Ganguly",6);
Student student4 = new Student(72,"Karthik",2);
List studlist = new CopyOnWriteArrayList();

// Iterate in Java8
studlist.forEach(s -> System.out.println(;

// Sort by Ids
studlist.sort((Student s1,Student s2) -> s1.getId() - s2.getId());

// Sort by Rank in reverse Order
studlist.sort((Student s1,Student s2) -> s2.getRank() - s1.getRank());

Find second highest number in an Array?

int arr[] = {45,89, 29,1, 9, 100};
int highest = 0, secondHighest = 0;

for(int i=0; i<arr.length;i++) {   if(arr[i] > highest) {
     highest = arr[i];
  } else if(arr[i] > secondHighest) {
     secondHighest = arr[i];

Find Nth highest Salary from a SQL Table?

                               FROM EMPLOYEE ORDER BY SALARY desc);

Print Only Numerics from a String?

String sampleStr = "fdsha3430d3kdjafl0737434833";
String numericsOnlyStr = sampleStr.replaceAll("[^0-9]", "");

Print Duplicates in an Array?

for(int i=0;i<arr.length;i++) {
  for(int j=i+1; j< arr.length; j++) {
     if(arr[i] == arr[j]) {

Fetch Frequency of Elements repeated in an Array?

  Map<Integer, Integer> mp = new HashMap<>(); 
        // Iterating through array elements 
        for (int i = 0; i < n; i++) 
            if (mp.containsKey(arr[i]))  { 
                mp.put(arr[i], mp.get(arr[i]) + 1); 
            } else { 
                mp.put(arr[i], 1); 
        // Iterating through Map and Printing frequencies 
        for (Map.Entry<Integer, Integer> entry : mp.entrySet()) { 
            System.out.println(entry.getKey() + " " + entry.getValue()); 

Find Triplets in an array whose sum is equal to n?

public class Triplets {
public static List<List> findTriplets(int[] numbers, int sum) {
List<List> tripletsCombo = new ArrayList<List>();
HashSet set = new HashSet();
List triplets = new ArrayList();

if (numbers.length == 0 || sum <= 0) {
   return tripletsCombo;


for (int i = 0; i < numbers.length - 2; i++) {
int j = i + 1;
int k = numbers.length - 1;

while (j < k) {
   if (numbers[i] + numbers[j] + numbers[k] == sum) {
      String str = numbers[i] + "," + numbers[j] + "," +       numbers[k];
      // Check for the unique Triplet
      if (!set.contains(str)) {
               triplets = new ArrayList();
} else if (numbers[i] + numbers[j] + numbers[k] < sum) {    j++; } else { // numbers[i] + numbers[j] + numbers[k] > sum

return tripletsCombo;

public static void main(String[] args) {
int[] numbers = { 2, 3, 1, 5, 4 };
int sum = 9;
List<List> triplets = findTriplets(numbers, sum);

if (triplets.isEmpty()) {
   System.out.println("No triplets are found");
} else {

How to check if two strings are Anagrams?

Two strings are called Anagrams if they contain same set of characters but in different order.  Examples:  “Astronomer – Moon starer”, “A gentleman – Elegant man”, “Dormitory – Dirty Room”, “keep – peek”.

void isAnagram(String input1, String input2) {
   //Removing all white spaces from s1 and s2
   String s1_nonSpaces = input1.replaceAll("\\s", "");
   String s2_nonSpaces = input2.replaceAll("\\s", "");

   boolean status = true;
   if(s1_nonSpaces.length() != s2_nonSpaces.length()) {
      status = false;
   } else {
      char[] s1Array = s1_nonSpaces.toLowerCase().toCharArray();
      char[] s2Array = s2_nonSpaces.toLowerCase().toCharArray();
      status = Arrays.equals(s1Array, s2Array);

Swap numbers without using temp/third variable?

void swapWithoutTemp(int a, int b) {
 a = a+b;
 b = a-b;
 a = a-b;

Find number of combinations for Sum of Two Elements from two arrays is equal to N?

We have two arrays of numbers, suppose we take one element from first array and another element from second array. Their sum should be equal to N(given number).

sumOfTwoElementsInTwoArrays() {
  int arr1[] = {4,8,10,12,7};
  int arr2[] = {6,90,34,45};

  int sumValue = 44; 
  HashSet complements = new HashSet();
  int pairCount = 0;

  for(int i=0;i<arr1.length;i++) {
    complements.add(arr1[i] - sumValue);

  for(int j=0;j<arr1.length;j++) {
    if(complements.contains(arr2[j])) {

System.out.print("Number of pairs is "+pairCount);

First non repeated character in a String?

String str = "BANANA";
char firsNonRepeatedCharacter;
HashMap<Character, Integer> hmp = new HashMap<Character, Integer>();

for(int z=0;z<s.length();z++) {
  if(hmp.containsKey(str.charAt(z))) {
    hmp.put(str.charAt(z), hmp.get(str.charAt(z))+1);
  } else {
     hmp.put(str.charAt(z), 1);

Set characterSet = hmp.keySet();
for(Character c:characterSet){
  if(hmp.get(c).toString()equals("1")) {
    firsNonRepeatedCharacter = c;

Find the number of occurrence of an element in an array using Java8?

int b[] = {1,2,34,1};

List bList =;

System.out.println( -> z.toString().equalsIgnoreCase("1")).count());

100 doors toggle open/close

There are 100 doors in a row, all doors are initially closed. A person walks through all doors multiple times and toggle (if open then close, if close then open) them in following way:

In first walk, the person toggles every door, In second walk, the person toggles every second door, i.e., 2nd, 4th, 6th, 8th, …, In third walk, the person toggles every third door, i.e. 3rd, 6th, 9th, …

Find in nth walk, what will be the status of all doors

doorsOpenClosed(int no_of_walks) {
  int door_id, walk_id;
  int doors[] = new int[101];
  for(int i=0;i<100;i++) {
   doors[i] = 0;

for (walk_id = 1; walk_id <= no_of_walks; walk_id++) {
  for (door_id = walk_id; door_id <= 100; door_id += walk_id) {
    if(door_id%walk_id == 0) {
      doors[door_id]=(doors[door_id] == 0)?1:0;

for (int j = 0; j <= 100; j++) {
 if(doors[j] == 1) {
   System.out.println("Open Door number::::"+j);


Convert Maven Project to Gradle Project

Install Gradle into your machine, here are the Gradle installation steps:

After successful installation of Gradle, below command should work in your command prompt/terminal window.

> gradle -v

Gradle <<gradle version>>

Now navigate to the maven root project directory(where pom.xml exists) and execute the below command:

 > gradle init 

When you run the command, gradle basically pars the existing pom.xmls and generates the corresponding Gradle build scripts. Gradle will also create a settings script if you’re migrating a multi-project build.

The new Gradle build includes the following:

  • All the custom repositories that are specified in the POM
  • External and inter-project dependencies
  • The appropriate plugins to build the project

Once successful migration of the project, you can run the below command to build the gradle project.

> gradle build

This will run the tests and produce the required artifacts without any extra intervention on your part.

Note: If your project contains multiple modules in which each module have its own pom with dependencies, then you may need to run `gradle init` command in each directory where ever pom exists.

Gradle Vs Maven

Started my software developement career in Java with Ant build tool. By the time I want to learn about Ant, my team has migrated to Maven in early 2011. Since then, Maven is only the build tool that have been using for all the applications.

Currently, Gradle and Maven are the two major build tools that many developers use during the software developement process. Some times it is very difficult to make a decision on which build tool to be used and why to use it? Most of the software developers are comforatble to use Maven, as it is standardised few years back or it might be already integrated with their existing applications.

But using a right build tool actually improves the devlopement and deployment time for a individual developers. In this article, I would like to discuss about Gradle and Maven build tools. At the end, we can conclude which build tool is a best fit for your application.


Gradle is a dependency management and a build automation tool used for different programming languages like Java, Android, C/C++. Gradle is based on a graph of task dependencies – in which tasks are the things that do the work.

Gradle led to smaller configuration files – compared to maven- with less clutter since the language was specifically designed to solve specific domain problems. Gradle’s configuration file is by convention called build.gradle.

Sample build.gradle file is below:

apply plugin: ‘java’

repositories {

jar {
baseName = ‘gradleExample’
version = ‘1.0.0-SNAPSHOT’

dependencies {
compile ‘junit:junit:4.12’


Apache Maven is a dependency management and a build automation tool, primarily used for Java applications. Maven is based on a fixed and linear model of phases.

Maven prescribes strict project structure using configuration file called pom.xml, which also contains build and dependency management instructions. Maven’s build process is based on the available plugins in pom.xml. Maven supports wide range of plugins available in the market.

Here is the sample Spring-boot application maven pom.xml file

<project xmlns="" xmlns:xsi=""
		<relativePath/> <!-- lookup parent from repository -->




Which build tool is best suitable?

Both Maven and Gradle have their respective strengths and weaknesses, here are some points considered on Maven Vs Gradle

  • Flexibility: Both Gradle and Maven provide convention over configuration. However, Maven provides a very rigid model that makes customization tedious and sometimes impossible. While this can make it easier to understand any given Maven build, as long as you don’t have any special requirements, it also makes it unsuitable for many automation problems. Gradle, on the other hand, is built with an empowered and responsible user in mind.
  • Performance: Improving build time is one of the most direct ways to ship faster. Both Gradle and Maven employ some form of parallel project building and parallel dependency resolution. The biggest differences are Gradle’s mechanisms for work avoidance and incrementality. Here is the Performance comparision results for Maven and Gradle:
  • User Experiance:  Maven also supports a wide variety of build life-cycle steps and integrates seamlessly with third-party tools such as CI servers, code coverage plugins, and artifact repository systems, among others. As far as plugins go, there is a growing number of available plugins now, and there are large vendors that have Gradle-compatible plugins. However, there are still more available plugins for Maven compared to the number available for Gradle. Gradle provides an interactive web-based UI for debugging and optimizing builds: build scans. These can also be hosted on-premise to allow an organization to collect build history and do trend analysis, compare builds for debugging, or optimize build times.
  • Dependency Management: Both build systems provide built-in capability to resolve dependencies from configurable repositories. Both are able to cache dependencies locally and download them in parallel.


By this time, you might have already decided which tool is best suite for your requirement. Known fact is that, maven holds the majority of build tool market today but Gradle will be definately a good adoption for complex codebases and newly applications.

Here is the video based explanation for the same article:

Helpful Articles:

String.join() Example – Java 8

Java 8 has String.join() method where first parameter is separator and then you can pass either multiple strings or some instance of Iterable having instances of strings as second parameter. Here is the sample program:

package in.mallikatalksjava.java8;
import java.time.ZoneId;

public class StringJoinDemo {
   public static void main(String[] args) {
	String joined = String.join("", "mallik", "talks", "java",".in");
	String directory = String.join("/", "C:", "java", "programs");

	String ids = String.join(", ", ZoneId.getAvailableZoneIds());

Asia/Aden, America/Cuiaba, Etc/GMT+9, Etc/GMT+8, Africa/Nairobi, America/Marigot, Asia/Aqtau ....etc.

Node JS experienced interview questions

Is Node.js Single-threaded? Why it is required?

Yes, Node Js is single threaded to perform asynchronous processing.
All Node JS applications uses “Single Threaded Event Loop Model” architecture to handle multiple concurrent clients. Doing async processing on a single thread could provide more performance and scalability under typical web loads than the typical thread-based implementation.

What are events in Node Js?

An event is an action or occurrence recognized by software/app that is handled by event handler by writing a code that will be executed when the event fired.
Mouse move, Click, file copied or deleted are some examples of events.
In Node Js there are two types of events.
1)System Events: The event that comes from the C++ side.
2)Custom Events: Custom events are user-defined events.

What is an event loop in Node Js?

In Node Js processes are single threaded, to supports concurrency it uses events and callbacks. An event loop is a mechanism that allows Node.js to perform non-blocking I/O operations.

What is Express JS?

Express JS is an application framework which is light-weighted node JS. A number of flexible, useful and important features are provided by this JavaScript framework for the development of mobile as well as web applications with the help of node JS.

List some features of Express JS.

Some of the main features of Express JS are listed below: –

  • It is used for setting up middlewares so as to provide a response to the HTTP or RESTful requests.
  • With the help of express JS, the routing table can be defined for performing various HTTP operations.
  • It is also used for dynamically rendering HTML pages which are based on passing arguments to the templates.
  • It provides each and every feature which is provided by core Node JS.
  • The performance of Express JS is adequate due to the presence of a thin layer prepared by the Express JS.
  • It is used for organizing the web applications into the MVC architecture.
  • Everything from routes to rendering view and performing HTTP requests can be managed by Express JS.

Why we need to use Express.js in a node application?

Below are the few reasons why to use Express with Node.js

  • Express js is built on top of Node.js. It is the perfect framework for ultra-fast Input / Output.
  • Cross Platform
  • Support MVC Design pattern
  • Support of NoSQL databases out of the box.
  • Multiple templating engine support i.e. Jade or EJS which reduces the amount of HTML code you have to write for a page.
  • Support Middleware, basic web-server creation, and easy routing tools.

What are the differences between readFile and createReadStream in Node.js?

  • readFile load the whole file which you had marked to read whereas createReadStream reads the complete file in the parts of the size you have declared.
  • The client will receive the data faster in the case of createReadStream in contrast with readFile.
  • In readFile, a file will first completely read by memory and then transfers to a client but in later option, a file will be read by memory in a part which is sent to clients and the process continue until all the parts finish.

Show example for asynchronously/blocking and asynchronously/non-blocking

Normally NodeJs reads the content of a file in non-blocking, asynchronous way. Node Js uses its fs core API to deal with files. The easiest way to read the entire content of a file in nodeJs is with fs.readFile method. Below is sample code to read a file in NodeJs asynchronously and synchronously.

Reading a file in node asynchronously/ non-blocking

var fs = require('fs');  
fs.readFile('DATA', 'utf8', function(err, contents) { console.log(contents);
console.log('after calling readFile');

Reading a file in node asynchronously/blocking

var fs = require('fs'); 
var contents = fs.readFileSync('DATA', 'utf8'); console.log(contents);

What are Streams? List types of streams available in Node Js?

Streams are special types of objects in Node that allow us to read data from a source or write data to a destination continuously. There are 4 types of streams available in Node Js, they are

  • Readable − For reading operation.
  • Writable − For writing operation.
  • Duplex − Used for both read and write operation.
  • Transform − A type of duplex stream where the output is computed based on the input.

How to generate unique UUIDs/ guid in Node Js

Use node-uuid package to generate unique UUIDs/ guid in Node Js. Below code demonstrates how to generate it.

var uuid = require('node-uuid'); 
// Generate a v1 (time-based) id
// Generate a v4 (random) id

Rewrite the code sample without try/catch block:


Consider the code:

async function check(req, res) {
  try {
    const a = await someOtherFunction();
    const b = await somethingElseFunction();
  } catch (error) {

Rewrite the code sample without try/catch block.


async function getData(){
  const a = await someFunction().catch((error)=>console.log(error));
  const b = await someOtherFunction().catch((error)=>console.log(error));
  if (a && b) console.log("some result")

or if you wish to know which specific function caused error:

async function loginController() {
  try {
    const a = await loginService().
    catch((error) => {
      throw new CustomErrorHandler({
        code: 101,
        message: "a failed",
        error: error
    const b = await someUtil().
    catch((error) => {
      throw new CustomErrorHandler({
        code: 102,
        message: "b failed",
        error: error
    if (a && b) console.log("no one failed")
  } catch (error) {
    if (!(error instanceof CustomErrorHandler)) {
      console.log("gen error", error)

Client Tools required to pre-install to access or create a new Open Shift application

I have faced hell lot of issues when I started implementing the Openshift sample application. I thought of sharing my experience with everybody so that it will help if there is any issue during others project implementation. Most important thing in accessing the application is to install the client tools in your machine.

In this post I would like to explain about the Client tools required, install the tools in to windows machine and check the installation status of the tools.

Install Client Tools:

For Windows based desktop it is required to install the three client tools as mentioned below:

1) Ruby: All open shift tools runs on the Ruby, this is the basic software that is required to install. Download suitable Ruby installer for your desktop from Ruby Down loads page and install the by accepting all default options. After the installation is completed, to verify that the installation is working run:


2) Git Client: Git is used to synchronize local application source and your OpenShift application. Download and install the latest version of Git for Windows. After installing the git, it is required to ensure that git is added into your system PATH. If it is not added, make sure to add it manually in system environment variables.

After installing the git, you can check the git version installed in machine using below command.


3) Openshift client: After Ruby and git installed properly, run the openshift client tools bundled in the ruby installer.


After installation completes, run the rhc command as below, then complete list of options to be displayed.



Other Useful Links:

Openshift – The Open Hybrid Cloud Application Platform by Red Hat

Openshift – The Open Hybrid Cloud Application Platform by Red Hat

When I saw about Openshift for the first time, it was kind of amazing feeling to me. When I started using it, I feelings never decreased.

It is an Open Hybrid Cloud Application Platform by Red Hat. I have looked into IDE based implementation, I have looked into command based implementation for JAVA application deployment in JBoss Enterprise application server. I felt like I have learned something new, which may change my life entirely if I become a master in that.

Hope, keep exploring about it from your side, you will definitely love it. I am sure, I have not given any mis perception on this to you.

Base Site :

About Product :

User Guide : 


I am very happy if you keep posting your comments on OpenShift, lets others know about this interesting thing. All comments are invited!!!



Access Specifiers in Java

An access specifier is a keyword that specifies how to access or read the members of a class or the class itself.

There are four access specifiers in Java as mentioned below:

  1. private
  2. public
  3. protected
  4. default

1. Private : Private members of a class are not accessible in other class either in the same package or in another package. The scope of private specifier is class scope.

2. Public : Public members of a class are accessible any where in the same package or another package. The scope of public specifier is Global.

3.Protected : Protected members are available in the same package. They are not available in the class of another package. You can access the protected members in sub class of same package or another package.

4. Default : Default members are available in the class of same package but they are not available in another package. The scope of default specifier is Package level.

Other Useful Links:

Avoid nested loops using Collection Framework in Java

Replace special characters in a String using java

Singleton Design pattern in JAVA

Convert Array to Vector in Java

Marker or Tag Interface in Java

equals() and hashCode() methods of Object Class

Difference between Iterator and ListIterator

Inner classes in Java

Difference between Abstract Class and Interface: