This is a quick reference which you can follow to setup a Commercetools web shop locally. As of writing this post on July — 2019, you can setup a web shop by simply having a Merchant center account and checking out the following github repository.

In this scenario Merchant center acts the role of backend server functionality and sunrise theme github repository play the frontend user interfaces. It is a well known fact that Commercetools merchant center communicate with different API endpoints as it build on microservices architecture.

Merchant center API client

You need to login to your merchant center account and create an…


OAuth is a specification and it is being used to Authorization of resources for different outside people. We are using OAuth 2.0 as the standard specification by the time of writing this post. OAuth is a very simple workflow which has defined to allow the facility for the resource owner to share resources in a more controlled manner.

Today, almost all the giants in software industry adhere to this specification so that other software systems can easily share resources in between the system.

OAuth 2.0 is a HTTPS-based protocol which enables a resource owner (the end-user), using a user-agent (typically…


It’s a type of web application vulnerability. At the most basic level, the reason for a CSRF is that browser’s do not understand how to distinguish if an action was performed deliberately by a user (like say by clicking a button on a form, or clicking a hyperlink etc.) or if the user unknowingly performed the action (like say user visited a page from some domain, say bad.com, and bad.com sent a request to good.com/some_action while the user was already logged into good.com).

Now let’s replace good.com above with facebook.com. And let’s assume that when a user, logged into facebook.com…


CSRF or Cross-Site Request Forgery is a well known security attack that is listed in OWASP security risks. CSRF is basically running malicious JavaScript code pieces to a targeted website without the knowledge of the browser user. It is more target centric attack where intruder has to know what s/he wants to perform.

Synchronizer Token Pattern is a very simple concept to mitigate the risk of being attacked through CSRF. In most web applications, servers are using HTTP session objects to identify the logged in users. In this case, session is generated in the server side and pass the session…


Google Summer of Code final report

Project : Trust based routing protocols framework

NS-3 is a discrete-event network simulator for Internet systems, targeted primarily for research and educational use. NS-3 is a free and open source software which is publicly available for research, development, and use. It has thousands of users which is backed by a active community. NS-3 participated in Google Summer of Code in 2018 and I was privileged enough to contribute to NS-3 with…


It’s not just another day I’m just checking my inbox. It was the first day of the week soon after the first evaluation ended in Google Summer of Code 2018. This grabbed my attention as soon as I opened up my inbox.


StackOverflow is undoubtedly the day saver for millions of programmers around the world. You can’t officially call yourself as a programmer if you haven’t visited this awesome website. There are millions of daily users and active contributors. Back in 2014, I started to search around online communities for developers. I found JavaRanch which was really interesting to me. I spend few months there which I checked every single post that pops up. I could see people are answering very politely even for very basic concepts.

After few months, I got to know that StackOverflow is also something similar but that…


It’s been 4 years since I thought I would be able to wear that cloak and the hat which every graduate wear on graduation day. I see lot of happy faces. My friends are there with their parents and all of those faces are full of happiness and pride. I know it’s not an easy task to get into that level. Today is the day that “Under graduates” will become “Graduates”.

When I look back into the past 4 years, the friends I met at the very first class has changed alot. They have grown up. They have learnt a…


Google Code-In is an annual program hosted by Google. This program is focused to spot the hidden talents in high school children and bring them to the open source culture. Program is announced by Google. Usually timeline goes up-to 3 months duration. Many open source organizations are willing to take part in this program and welcome the youngsters to come and do something for the open source world.

It was bit difficult sometime to review all the tasks which are pending in the task review list. But I understood that providing feedback soon is very important for the students.

It…

Jude Niroshan

Undergraduate at SLIIT | Google Summer of Code student

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store