There are various ways to generate XML files in java. One of the easiest ways is to use DOM DocumentBuilderFactory.

DOM provides easy APIs to create XML. You will have to create DocumentBuilder from DocumentBuilderFactory, then add all the nodes like elements, attributes, comments, text nodes.

Finally you need to transform the document in to xml using transformers(javax.xml.transform.Transformer).You can transform document to xml file or simply console output for your convenience.

The XML we need to create is “rices.xml”, it will look like below at the end:


Java program to create the above XML file:


import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.OutputKeys;

import org.w3c.dom.Attr;
import org.w3c.dom.Comment;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

public class CreateXMLUsingDOM {
public static void main(String args[]){
try {
DocumentBuilderFactory theDocBuilderFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder theDocBuilder = theDocBuilderFactory.newDocumentBuilder();
Document theDoc = theDocBuilder.newDocument();
// root element
Element theRootElement = theDoc.createElement("rices");

// rice element
Element theRiceEl = theDoc.createElement("rice");
// adding attribute 'id' to 'rice' element
// setting attribute to element
Attr theAttr = theDoc.createAttribute("id");

 // Adding comment
 Comment theComment = theDoc.createComment("Rice and it's properties");		
 theRootElement.insertBefore(theComment, theRiceEl);

// name element
Element theNameEl = theDoc.createElement("name");
// adding text node

// type element
Element theTypeEl = theDoc.createElement("type");
// adding text node

// country element
Element theCountryEl = theDoc.createElement("country");
// adding text node

// days element
Element theDaysEl = theDoc.createElement("days");
// adding text node

// write the content into xml file
TransformerFactory theTransformerFactory = TransformerFactory.newInstance();
Transformer theTransformer = theTransformerFactory.newTransformer();
theTransformer.setOutputProperty("{}indent-amount", "4");
theTransformer.setOutputProperty(OutputKeys.INDENT, "yes");

DOMSource theSource = new DOMSource(theDoc);
StreamResult theResult = new StreamResult(new File("C:\\temp\\rices.xml"));
theTransformer.transform(theSource, theResult);

// Output to console for testing
StreamResult theConsoleResult = new StreamResult(System.out);
theTransformer.transform(theSource, theConsoleResult);

} catch (Exception e) {

To align the xml or console output to more readable pretty format, the following two options in the transformers are used. This will add 4 space indentation to each tag in the element.

theTransformer.setOutputProperty("{}indent-amount", "4");
theTransformer.setOutputProperty(OutputKeys.INDENT, "yes");

DOM – Document Object Model

I have developed a small standalone tool using adobe air. The tool is called "Budgeting tool". This tool can be used to store day to day spendings for groceries or milk or whatever we spend on daily basis. You can make an entry daily. you can also see the reports for your spending and all signed in user's as well.

I got the idea from our room. actually we are a few friends staying together. we use to buy milk packs curd , vegetables and groceries for our room,and we will make a note of it in a notepad. End of the month we will calculate the spendings and individual contribution on groceries and we will calculate how much each person has to pay.

I have developed the tool to do this manual calculation. As this is developed using adobe air, look and feel is awesome compare to old desktop application development technologies.

I have posted a few screenshots of my application. Please feel free to ask me , if you need the tool for your room/ house , when u r in such a need of application.

I will come up with new useful blogs on RIA, as this is my first blog, I will update this with technical details soon. At present this doesn't contain any technical information about Adobe AIR and flex.

Securing your web application is equally important as developing quality applications.An application is comprised of lot of resources which is available for their callers/users.

Security is an important aspect of applications that transport sensitive data over the internet.
It is important to protect the resources from being attacked/illegally accessed.
Basically illegitimate access to the resources of the application have to be stopped/rejected.

There are two main concerns in securing web applications and that need to be addressed:

  • Preventing unauthorised users from gaining access to protected content.
  • Preventing protected content from being read while it is being transmitted.

We will see some terms and we will jump back to the above 2 concerns.


Let us assume , we have a house(web application), it has lock and its locked(secured). We need key to open the house.

This is exactly called ‘Authentication’. You validate(authenticate) yourself with a key to get into the house.
This is the very first step to get into the house.

In software terms
“Determining whether a user is who he or she claims to be.” Mechanisms such as username/password, smart cards, and Public Key Infrastructure (PKI) can be used to assure authentication.

Authorization or Access Control:

Once you enter into the house,you are allowed to use/touch/access certain things in the house(TV, a room) ,

and you are not allowed to access/touch/use some items(example, the locked table drawer, another room).
This is called ‘access control or authorization’.

In software terms:
Ensures that an authenticated entity can access only those services they are allowed to access. Access control lists are used to implement this.

The above two terms (authentication and authorization or access control) are used to address the #1 concern “Preventing unauthorized users from gaining access to protected content.”

#2 concern, “Protecting data while it is in transit“, typically involves using Transport Layer Security (TLS), or its predecessor, Secure Sockets Layer (SSL), in order to encrypt any data communicated between the client and server.

Web applications are there to serve their callers through either ‘http://’ or ‘https://’ protocol.

What is ‘http’?
Short for Hyper Text Transfer Protocol, HTTP is the underlying protocol used by the World Wide Web.
HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.
For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page.

What is ‘https‘?
Using HTTPS, the computers agree on a “code” between them, and then they scramble the messages using that “code” so that no one in between can read them. This keeps your information safe from hackers. They use the “code” on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.

Common Security Terminologies

The most common security processes are authentication, authorization, realm assignment, and role mapping. The following sections define this terminology.

Authentication verifies the user. For example, the user may enter a username and password in a web browser, and if those credentials match the permanent profile stored in the active realm, the user is authenticated. The user is associated with a security identity for the remainder of the session.

Authorisation permits a user to perform the desired operations, after being authenticated. For example, a human resources application may authorize managers to view personal employee information for all employees, but allow employees to only view their own personal information.

A realm, also called a security policy domain or security domain in the J2EE specification, is a scope over which a common security policy is defined and enforced by the security administrator of the security service. Supported realms in Sun Java System Application Server are file, ldap, certificate, and solaris. For information about how to configure a realm, see Realm Configuration.

Role Mapping
A client may be defined in terms of a security role. For example, a company might use its employee database to generate both a company wide phone book application and to generate payroll information. Obviously, while all employees might have access to phone numbers and email addresses, only some employees would have access to the salary information. Employees with the right to view or change salaries might be defined as having a special security role.

A role is different from a user group in that a role defines a function in an application, while a group is a set of users who are related in some way. For example, members of the groups astronauts, scientists, and politicians all fit into the role of SpaceShuttlePassenger.