For many applications a security and authentication scheme centered around users makes sense since the focus of the application is logged in users taking some sort of action. Imagine a task tracking app, users “create tasks”, “complete tasks”, etc. For these use cases, Spring Boot’s Security system makes it easy to add application security which then provides a “User” model to the rest of the application. This allows your code to do things like “getUser()” in a Controller and have ready access to the currently authenticated user.
But what about applications that don’t have a user based model? Imagine something like an API which provides HTML to PDF conversions. There’s really no concept of “Users” but rather a need to authenticate that requests are coming from authorized partners via something like an API key. So from an application perspective you don’t really want to involve the user management system, there’s no passwords to verify, and obviously the simpler the better.
Turns out its very straightforward to accomplish this with a Spring managed Filter. Full code below:
The code is pretty straightforward but a couple of highlights are:
It’s a Spring Component so that you can inject the repository that you need to check the database to see if the key is valid
It’s setup to only activate on URLs which start with “/api” so your other routes wont need to include the Key header
If the key is missing or invalid it correctly returns a 401 HTTP response code
That’s about it! As always questions and comments welcome!
Amazon Web Services recently published an E-Book on modern application development. In short, this guide explains the significance of digital transformation and how it can reinvent how your business delivers value. The main topics covered include: Digital Innovators, Characteristics of Modern Applications, Data Management & Computing in Modern Applications, and Security & Compliance. Below, I have summarized a few takeaways from each topic.
To be a digital innovator, you must work backwards to understand that innovation starts with your customers and listening to their wants and needs. AWS calls this process the “innovation flywheel.” The innovation flywheel consists of three steps: listen, experiment, iterate. After putting your customers first, it is essential to put technology at the center of your business. Some ways to do this are through digital marketplaces (two sided market that connects buyers and sellers,) direct-to-customer engagement, digital products as services, and insight services.
Characteristics of Modern Applications
Modern application development is a powerful approach to designing, building, and managing software in the cloud. Characteristics of Modern Applications align with digital innovation (see above.) Modern Applications require a culture of ownership, which also starts with the customers. To create this culture, companies should hire builders and support them with a belief system and let them build. It is important to trust in others skill sets and know where your boundaries lie. In terms of the architectural patterns of modern applications, most are micro-services. Micro-services have minimal function services, are deployed separately but interact together, each has its own datastore, is organized around business capabilities, the state is externalized, and provides a choice of technology for each micro-service.
Data Management & Computing in Modern Applications
Data management refers to purpose built databases that serve as decoupled data stores. Data management includes computing in modern applications. Computing with micro-services effect the way you package and run code, and compute in modern applications such as AWS Lambda. Release pipelines in AWS are standardized and automated. This means that they are no longer manual, there is continuous integration and continuous delivery. Also, there is a server-less operational model. These models are ideal for high-growth companies that want to innovate quickly because they don’t require server management, they provide flexible scaling, you pay for the value you need, and they automate high availability.
Security & Compliance
Security configuration and automation are needed. To ensure security and compliance, these practices are incorporated within the tooling. Some of this tooling includes code repositories, build-management programs, and deployment tools. Security and compliance are also applied to the release pipeline itself and the software being released through the pipeline. Lastly, DevOps and DevSecOps safeguard security and compliance. AWS defines DevOps as, “the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity.” Similarly, DevSecOps is described as “philosophy of integrating security practices within the DevOps process. DevSecOps involves creating a “Security as Code” culture with ongoing, flexible collaboration between release engineers and security teams.”
Even in 2019, software testing is still a challenge for a lot of small companies. Testing is usually not prioritized amongst small teams. Small teams frequently lack a dedicated QA resource, this causes writing good tests to be a unique skill in itself. Because of this, teams will end up with maturing software products that have few or no tests. As development continues, the downside is that there is an increased potential for bugs to enter the product. So, how can small teams tackle this challenge? As the software development industry has evolved, the industry has developed a wide array of quality assurance (QA) tools and techniques. Broadly, these tools can be categorized into two buckets – manual (human) testing and automated testing.
Manual / human testing is essentially exactly what it sounds like. A human QA engineer manually executes a list of steps, evaluates the results, and decides if the tested software is passing. Manual testing is relatively easy to start because non-technical resources can develop and execute the tests. However, as the test suite grows, teams run into issues because they’re limited by how many QA resources they have. This leads to teams only running tests before certain deployments, causing them to miss bugs.
In contrast to manual testing, automated testing is typically entirely code based. A QA engineer writes tests in a general purpose programming language. This asserts that the tested software is still working as anticipated. Since the tests are executed by a computer, this approach does not suffer from the limitation highlighted above. The trade off is that, because the tests are written in a programming language, technical resources are required to develop the tests.
So, what if there was a hybrid approach that combined some aspects of each approach? Well, that’s why you’re here! Say hello to RainforestQA.
What is RainforestQA?
RainforestQA is a SaaS product that incorporates manual and automated software testing approaches. RainforestQA offers a free trial, followed by a pay-as-you-go billing model, where you only pay for the resources being used. RainforestQA tests are executed by an automated system, or human testers, depending on how the test is constructed.
What does an automated RainforestQA test look like?
The tests are composed of a series of steps, which describe actions or assertions, that the automated system must take. The steps can include, “load this page” or “scroll the page down,” while the assertions are things like, “see a button” or “confirm text on the page.” When any one of these steps / assertions fail, the entire test fails, which indicates that something is broken in the software being tested.
What’s the process of building these automated tests?
Building automated tests on the Rainforest QA differs depending whether it is written in Plain English or Beta Language. When constructed in English, the user is constructed to write their own question and answer for each step. If the test is written in Beta Language, an action can be selected from the sidebar on the right, followed by a target, which is also listed on the same sidebar. The types of actions and targets can be adjusted depending on the test and what is being assessed.
When composing certain tests in Beta, you will find that the same sequence of steps are needed. Instead of writing out every individual step, over and over, the “custom actions” feature can be used. This feature enables a series of steps to be grouped together, which saves a lot of time and energy. I found the custom actions feature exceptionally useful when a login was required at the beginning of the test. However, a flaw in this feature can appear if the actual custom actions, itself, is being tested. The test results for a custom action will not appear unless the results page is reloaded. While this is a very small detail, it was a fairly substantial inconvenience for me. The rest results appeared as though the custom action test was in progress for over an hour, when in actuality, the test results were returned within a few minutes, they just did not appear until the page was refreshed.
How does the back-and-forth work between users and Rainforest QA engineers?
When running a test, everything is sent through a real and active test team of almost 60,000 testers. The test team provides clear feedback in a timely manner. If the test is passed, it will appear in green (as pictured above.) If the test is failed, it will come back in red. If the “Go To Test” button is selected, the test feedback can be viewed. Specific comments and critique are given on the particular step that caused the test to fail. Additionally, all of the tests and results are automatically recorded and stored in a neat and orderly fashion.
What is the Difference Between Testing Languages?
As discussed, on the Rainforest QA, tests can be written in “Plain English” or “Beta Language.” Writing tests in plain english is faster and easier, but also much more expensive. For a test to be passed in “Plain English,” the tests have to be written and constructed in a very specific way. For example, if you wanted to test the login page while leaving the username or password blank, you cannot use the “type” action to exemplify that you are leaving it empty. With the Beta Language tests, you have to select a specific action from the bar on the right, followed by a target. The only choices are what is already listed. In Beta, you have the option to use custom actions, you can also make new targets, but only by labeling a pre-existing type of target. When conducting a test in beta language, screenshots are used to identify what should be seen/clicked on each page. The downside being, if there are three of the same buttons on one page, you cannot type in directions, nor can you describe which of the three identical buttons needs to be selected.
I haven’t plugged Rainforest into our development workflow, so I cannot speak on the integrations or reporting. However, I would recommend the Rainforest QA to anyone- regardless of their technical ability- that wants to run automated tests on a timely and inexpensive budget. Building tests on this QA very quick and straightforward. While you may find a few complications and specificities on each language, it typically would not take more than one revision to fix the issue.
TL ; DR
Interface is easy to use
Variety of features available to test
Access to a test team that provides feedback quickly
Non-technical users can build tests and test the UI without writing code
Free trial and then pay as you go pricing
Tests written in Plain English language ask for specific answers on tests which allows a huge margin for error including spelling, spacing, and plurals
Have to be written and constructed in a very specific way to be passed and you can’t use any screenshots to clarify directions
Screenshot feature for capturing targets do not always capture / appear
Open Data is defined as: “data that can be freely-used, shared, and built-on by anyone, anywhere, for any purpose” (Open Knowledge Foundation Blog.) Open data provides many benefits.
In a similar manner that it is essential to record a nation’s history, recording open data has comparable advantages. Keeping a running log of statistics and information can be used to analyze changes in patterns and sequences. With a measurable starting point, as well as updates, each community can stay informed and up to date about their surroundings. It is useful for the affected society not only to be aware of the changes in their government’s policies and implementations, but also the consequences. With mandatory government submissions and access to open data, local businesses have the ability to develop custom business plans tailored to their company’s surroundings.
Open data often includes demographic statistics in addition to employment information, salary, income, and spending. With open access, local engagement is welcomed and encouraged. Also, there is room for the public sector to make digital and technical transformations, implementing social progression and efficiency. Through this evolution, statistics on unemployment high school dropout rates as well as crime and violence can be targeted and countered.
To insure political justice, reporting open data is mandatory. This is essential for two reasons, it prevents the government from concealing certain statistics and information, and it is not gathered for a specific purpose. What this means is that the options for interpretation, analysis, and creativity are unlimited. People can use this data to make assessments and conclusions that the government may not have wanted to publicize. Additionally, this data can be used to measure and reinforce financial and economic status. From a technical standpoint, open data is very useful and endless in its opportunity for building.
Some examples of projects that have been produced with open data include: a school selection device, a flood print, online voting at events, home health and safety report, traffic and accident browser, damage from disasters assessment, a mobile voting ballot, etc.. The chart below provides the Greater Boston regions that have open data readily available. With this data, endless projects and tools could be designed, so, what will you build?
I started in accounting, I worked in the CPA world with a real estate background. Over time, I drifted away from the CPA path. I knew it wasn’t for me. After CPA, I got an agent license and I thought my background provided a unique skill set to the industry. Thus, I went on my own and failed A LOT along the way, looking for a tech market fit in real estate.
How did you first incorporate tech in the real estate space?
With the help of engineers, my buddy and I built a pretty cool property search platform for buyers. There was a messaging feature, between agents and buyers, that we thought was state of the art at the time. After building a ton of legacy code that nobody wanted, we realized that we weren’t really solving a problem. The buyer search was occupied by major sites, like Zillow and Trulia, it didn’t make sense for us to compete there.
As you faced these challenges, what was your outlook?
I think many people perceive life is this perpetual climb to the top of a mountain and then you finally reach the top, raise your hands in the air, and scream “I made it!!” When in actuality, life is more like walking up 10 feet of the mountain, and then falling into a 30 foot drop off, meaning there isn’t a linear climb to the top. There are a ton of ups and downs. For me, it’s all about persistence and surrounding yourself with talented people, engineers and creatives especially.
So, what do you do now?
I currently own a real estate brokerage in South Boston. I work with a rockstar CTO and a talented digital team. We’ve built a proprietary database tool which helps us stand out from the rest, it basically tells us who is more likely to sell their home.
What inspired you to leverage tech/data for real estate?
I didn’t just want to be a traditional agent/broker and sell places. I felt I needed to add a ton of value in what I was doing and building. When I look back on what really started things for me, it was on the tech and data side. I’ve owned a place in Southie for some time now. I frequently get mailers from real estate agents, enticing me to sell. I actually received one yesterday! After collecting so many mailers, I thought to myself over the years, this can’t be the best way to reach owners. I mean I’m a broker, myself, receiving these mailers with no analytics on them. So, how many of these are actually read and converted into sale? A very small percent.
How do you identify a potential opportunity to use tech in a non-traditional situation?
I try to look at things from a high level and ask where the most value is added. In my industry, Redfin, the discount broker, has gained a lot of market share because buyers/sellers are getting smarter. They have begun to question the value of an agent. There are many agents covering too much territory in order to survive. When this happens, there is very little value add to the consumer. (i.e. if you have an out of town agent repping a buyer in South Boston, often times, there is very little value add for the buyer.) Whereas, if I was representing you as a buyer, I’d be able to give you neighborhood knowledge along with off market opportunities outside of MLS.
And for sellers, I can create an unmatched amount of bandwidth (targeting buyers) for your home because of our database technology.
What are some challenges you face building as a non-technical person?
Where do I start!? Haha. I actually want to write a book about this, maybe I’ll call it, The Technical Guide for Non-Tech Founders. I haven’t seen anything like it out there, have you? Would you like to co-author with me? Making the right hiring decisions is a huge challenge, ALONG with building something a bunch of people actually need. Finding really great engineers to buy into your work can be tough. I’ve spent a lot of time in my early days on Elance (which is now UpWork) and you can get burned on there. I’ve always been bootstrapped, and when you make a mistake, it really really hurts.
Why do you think real estate is one of the last industries to adapt to new software and technologies? (calculations by hand and not through a database)
Great question! I think it is mostly because the business model has stood the test of time very well, even with the internet disruption in many other industries. 2005 and 2015, saw a wave of change. But, even with all the advancements on the home buying front, there is still a complicated and mostly analog process after the online search occurs. An end to end platform is coming and this will be interesting. Currently, there are some really talented people working on this.
Overall, how would you characterize the adoption of new technologies in the real estate space?
Real estate literally touches everything we do, because it defines our environment, our physical space. Think about this: of all the tech changes we have seen in our lifetime
Real estate is larger than all of these categories combined. Real estate will evolve more quickly than people think. Venture Capital has poured a ton of money into the race, recently. The new wave startups are tackling a wide range of areas — building management, financing, co-working, appraisals, building amenities and empty retail space, even tech-enabled construction, management, and maintenance.
Do you think the future of real estate will evolve as they adapt to using new technology?
Yes, with the rise of technologies like autonomous vehicles, the drone, robotic delivery, decentralized workspaces, and other macro trends. These inventions are likely to lead to a complete transformation in how we utilize the spaces in which we work and live.