Farasath blogs

I have always been excited on mobile development although I had only few opportunities to get my hands dirty. I came across this series of blog posts by Rashmika Nawarathne  which tell the story of hybrid mobile development from 'why' to 'how'. I have been the following the blog posts and thought it is certainly worth sharing with others as well. You can find the introductory blog post of the series  at, http://blog.nawaratne.com/2015/10/mobile-enablement-intro.html.  You can follow the rest of the series from his blog.

GSoC 2015 - In a nutshell I got the opportunity this summer(well it summer all year in Sri Lanka) to take part in Google Summer of Code. My project was to implement the User Managed Access 1.0 specification for WSO2 Identity Server . Though I wanted to blog about the project as the project went along, I did really make it a reality. They say it's never too late to share some experience. First of all I need to thank my mentors Johann Nallathamby and Prabath Siriwardena for their absolute support to make this project a reality. Johann in particular has been helpful all the way bearing my late night calls and chats to clarify and provide feedback. The overall experience of participating in GSoC was simply "awesome". Its my first considerable contribution to an open source project. And the experience gathered during the past three months have been priceless. There were sleepless nights where i could not get things to work missing out on trivial things, other days whe

Previously I wrote a post on my first step towards understanding OAuth. This post continues builds on that. OAuth has different types of flows targeting various scenarios or use cases. The main feature that differentiates each of these flows is the grant type. What exactly is an OAuth grant type? An OAuth grant is something that a client application could exchange for an access token from an Authorization Server. An access token typically represents a user's permission for the client application to access the resources on their behalf OAuth Grant Types The OAuth 2.0 core specification  defines four types of grants, Authorization code grant Implicit grant Resource owner credentials grant Client credentials grant In addition to these the core specification also defines a refresh grant type. There are few new additions to these as well, Message authentication code (MAC) tokens SAML 2.0 Bearer Assertion Profiles JSON Web Token grant I would like to focus on

A must read article explaining the vulnerabilities in some JWT libraries and the solutions to mitigate them by Tim McLean https://www.timmclean.net/2015/03/31/jwt-algorithm-confusion.html

Enter the token in the text-box and click Click me

You probably would have heard the word OAuth more than a few times. Ever wondered what that is? do we use that at all?. Guess what we make use of OAuth almost everyday.I got the opportunity to learn about OAuth during my time at WSO2 Identity Server team. Here's the first step of conquering OAuth :) What Exactly is OAuth? Let me start with OAuth,  OAuth solves the problem of allowing third party entities( eg: applications) to access a resource owner's protected resources without actually giving away your valuable credentials like passwords.  Let's think of it this way. You have a facebook account(Assuming you have one :P) which is your protected resource and you are the resource owner . Now you get a little high and decide to try out one of these fancy Facebook apps that finds your soul mate. The app now becomes the third party application which requires access to read out your friend list from your profile which is the protected resource. Suppose you don't hav

Here's an article about our project to extract Traffic Information from twitter feeds using Apache UIMA, Apache OpenNLP and WSO2 Complex Event Processor. http://wso2.com/library/articles/2015/03/integrating-apache-uima-with-wso2-complex-event-processor/ You can find the source code of the project below, Twitter Streaming ActiveMQ Client Twitter Search ActiveMQ Client Twitter ActiveMQ Client (Search and Stream) Apache UIMA Collection Processing Engine Read more about how we go there from here . 

Recently we concluded a project to extract traffic data from tweets of road.lk. This post would be one post of many posts to connect a few dots of our project. My friend Achintha has connected more than a few dots in his blog . I will post links to relevant parts as i proceed with this post. Initially let me give a brief introduction to the mischief we caused in this project. Our initial aim was to add support to sending events from Apache UIMA framework into the WSO2 Complex Event Processor.  We concluded the project by implementing a real world use case of Extracting traffic details using tweets(from road.lk ) and Apache UIMA framework and sending the extracted details as events to WSO2 Complext event processor. I know many of these terms are new, so let me start by describing some of these and i have included relevant links so that those of you who are interested can do some further reading. Apache UIMA( Unstructured Information Management Architecture )            

            I have been keen on wanting to blog for a long time, but i guess now is the time to do so. Blogs are a great way to share stuff with people so writing one isn't a bad idea. Blogs have been lifesaver for so many nagging problems I have faced during my entire life, so i guess its time for me to payback. Just like a baby would cry out when it comes out to the world, a programmer would essentially write out a line "Hello World!!!" to start off coding in any language( Well at least i do that still :P and I think I am a programmer too :P). Writing about tech stuff hasn't been my forte either but nevertheless I love writing. So let me start off with a big "Hello World !!!"