About a year ago I’ve blogged about jCard and jPTS (the jPOS-EE based Card Management System / Stored Value Engine and the jPOS Transaction Switch).

As part of the project, we defined what we called our IMF (internal message format) based on the ISO-8583 v2003 standard.

After several deployments and mapping exercises to different source (SS) and destination stations (DS), we believe that this extra message normalization layer was a good thing to do.

We get to see jPOS based systems connected to other jPOS based systems all the time, which is a good thing and makes things easier (when the connecting parties don’t see their channel and packager configurations as some kind of secret sauce and get to kindly exchange them), but the packager/channel is just the low level plumbing, a lot of effort has to be done on the higher levels in order to get them to play nicely with each other.

Our jCard system already has a quite complete set of self tests that use this format, same goes for jPTS. As part of this message normalization effort we plan to morph our internal tests into a TCK.

Andy and Dave from Online Strategies are already using
a similar format and are keen to work together into merging the differences. Mark is also #noded for this effort

We are releasing this work under a Creative Commons Attribution-Share Alike 3.0 License and everybody is welcome to participate.

You can get the PDF version here and you are very welcome to actively collaborate with the DocBook version (http://github/ar/jPOS-CMF).

This is by no means a perfect spec, there’s a lot of work to be done, but instead of reinventing a new spec, or coding to someone else’s proprietary spec, we encourage you to take this one as yours. You can even change the cover page (as long as you retain some due credit). Every new project will require some tweaks and addition to the spec and TCK, and we are here to make that happen fast. Feel free to contact us or send us a tweet.

/by apr on why-oh-why/

What’s wrong with Payment gateways?

I’ve seen this problem coming a long time ago; in my country there’s a local credit card association called POS2000. After a long long time they’ve settled on a single ISO-8583 v1987 based protocol that is a melange of several POS and host based protocols where every acquirer managed to bastardize the standard a little bit in order to make the POS implementor’s life a little bit worse. They did a pretty good job (at bastardizing us) and made jPOS quite better (we have now support for esoteric stuff such as the dynamic packagers that change the way we deal with a message for different message types, etc.).

But that’s nothing compared to web based payment gateways. The first craptastic work I’ve got to see was presented by a local credit card acquirer/issuer. You know, the regular redirect-to-the-acquirer-site thing with OK and DECLINE URLs which were available in hidden fields, as if a malicious user couldn’t read the page source code and hand-craft the OK-url to continue shopping. Come on!

More acquirers followed the trend and provided similar pathetic implementations that very few merchants and less users actually use; but things get worst, thanks to the mouse and some visual tools, there’s a whole new group of people writing SOAP based services. OMG!! We are dealing with quite a few now, to support credit card transactions, prepaid top up applications, etc.

Decades of hard work by large financial institutions working on good standards go down the toilet, it’s easier to “invent” an API than read an ISO spec and do the right thing.

We are working now with a pre-paid phone company and you get to see things like no reversals, and one-second time-window for voids (come on!), and the results code are usually SQL syntax errors displayed to the client.

A similar thing happens with language-specific APIs, vendors think that developers are stupid and not capable enough to deal with a well specified protocol, so they create an API that is usually a bad and closed source implementation of a bad proprietary wire protocol.

Serenity now!

As a follow-up to the previous post about vdmspace, I’ve implemented a simple SpaceWriter TransactionParticipant that can be used to log all transaction contexts to the highly reliable VoldemortSpace (vdm:space).

It can be added to your transaction flow like this:

 <participant class="org.jpos.transaction.SpaceWriter" 
     logger="Q2" realm="space-writer">
    <property name="space" value="vdm:space" />
    <property name="prefix" value="node00.txn." />
 </participant>

The code looks like this:

package org.jpos.transaction;
 
import java.io.Serializable;
import org.jpos.space.Space;
import org.jpos.space.SpaceFactory;
import org.jpos.core.Configurable;
import org.jpos.core.Configuration;
import org.jpos.core.ConfigurationException;
 
public class SpaceWriter implements AbortParticipant, Configurable {
    Space sp;
    String prefix;
    Configuration cfg;
    public int prepare (long id, Serializable o) {
        return PREPARED | READONLY;
    }
    public int prepareForAbort (long id, Serializable o) { 
        return PREPARED | READONLY;
    }
    public void commit (long id, Serializable o) { 
        outContext (id, (Context) o);
    }
    public void abort  (long id, Serializable o) { 
        outContext (id, (Context) o);
    }
    private void outContext (long id, Context ctx) {
        if (sp == null)
            sp = SpaceFactory.getSpace (cfg.get ("space", null));
        sp.out (prefix + Long.toString (id), ctx);
    }
    public void setConfiguration (Configuration cfg) {
        this.cfg = cfg;
        prefix = cfg.get ("prefix", "");
    }
}

You can add this participant to the very end of your transaction flow. All persistent entries in your Context would get stored.

As a follow-up to the VoldemortSpace post and after one month of development and testing we are not proud (see caveats below) to announce the vdmspace module and its supporting voldemort module.

I’ve added two modules to jposee/opt, ‘voldemort’ and ‘vdmspace’ (r153). I splitted them in two different modules because I think there might be situations where accessing a Voldemort store directly could be desirable, without the Space implementation layer.

During the last month playing with this exciting technology I faced many problems and tried different implementations. I tried not to use a coordinator, but Voldemort provides no easy locking mechanism in its StoreClient interface other than optimistic locking, making some space operations difficult to implement.

So here are the caveats:

• Using the vdmspace for high concurrency input / output (in space terms, in/out) over the same keys will work, but could eventually fail.
• An out with timeout works as expected, but requires an extra write in order to register the entry for later review by the garbage collector.
• You want to make sure that you run just one garbage collector in the cluster (this is a temporary limitation that can be easily solved).

Having said the cons, I believe the vdmspace is good for:

• Storing massive number of transactions, provided each transaction is stored under its own unique key (i.e. could be used to implement a SOR).
• Implementing a second level cache for configuration data that doesn’t change too often.

In order to test this, you need to enable opt/commons, opt/voldemort and opt/vdmspace, then you can use simple code like this:

    import org.jpos.space.*;
    Space sp = SpaceFactory.getSpace ("vdm:space");
    ...
    ...

This needs a lot of test, so feedback is Welcome!