Pega passivation

1.  Passivation allows a requestor, service, or clipboard page to be saved into the Pega Platform database and reactivated later, helping to free up JVM memory and making more memory available to other requestors.
2. When a page is passivated, other pages for that requestor remain in memory, and requestor processing continues normally until that page is needed (such as for read access or for update) and is reactivated into memory. When an entire thread is inactive, the thread context is passivated (including the associated clipboard pages). If the requestor remains idle, eventually the entire requestor context is passivated.When a requestor is activated, the pages that had previously been passivated remain in storage until they need to be activated.
3. The initialization/PersistRequestor prconfig setting or dynamic system setting controls whether time-out passivation occurs. If the setting is not defined or equals OnTimeout, time-out passivation occurs. Time-out passivation is required for high availability environments. To prevent time-out passivation, set this to Never.
4. Passivation occurs through three distinct mechanisms:
1. Page passivation 
1. Used for individual pages, threads, or entire requestors. Page passivation is used to improve system performance by removing pages from the clipboard that have not been accessed by a requestor for a specified period of time. Other pages for that requestor remain in memory, and requestor processing continues normally until that page is needed (such as for read access or for update) and is reactivated into memory. By default, passivation occurs for:
1. Pages that are idle for at least 15 minutes
2. Threads that are idle for at least 30 minutes
3. Requestors that are idle for at least 60 minutes
2. You can configure the time-out periods with the prconfig.xml or dynamic system settings timeout/page, timeout/thread, and timeout/browser. These settings signify numbers of seconds.
2. Timeout passivation – Used for entire requestors. Timeout passivation in a single-node system allows users to resume work without loss of context after a specific period of no activity, with the possibility that they will have to reauthenticate.To enable timeout passivation, use the following prconfig.xml setting or Dynamic System Setting:<env name="Initialization/PersistRequestor" value="OnTimeout"/> (the requestor is persisted to the database based on the timeout/browser setting)
3. HTTP session passivation – Used to free JVM memory and support failover. HTTP session passivation helps to provide high availability in a multinode environment by allowing a cluster to operate in a resilient manner, reducing the risk of loss of data if a node fails.When the Pega Platform is running in high availability mode, the Initialization/PersistRequestor prconfig.xml setting or Dynamic System Setting should be set to "OnTimeout". When set to AtInteractionEnd, the requestor is passivated at the end of each user interaction.
5. Passivation storagePega Platform provides two passivation storage mechanisms: database and filesystem. The default passivation storage is database, which is most efficient and robust. You can override the default storage mechanism by setting the prconfig setting "inititlization/persistrequestor/storage" to either "database", "filesystem", or "custom".With database storage, the passivation daemon saves requestor information as an instance of the System-Requestor-Context class, corresponding to the pr_sys_context database table. The daemon saves page details as an instance of the System-SavedPages class in the pr_page_store database table.

Springboot

 Bootstrapping

Create application context, register beans and start embedded tomcat server.

Auto-configuration

• @Configuration
• @EnableAutoConfiguration
• @ComponentScan

Camunda

 

1. Embedded process engine : Process engine is part of our application.
2. Shared container managed process engine : multiple applications access a process engine deployed on the same container
3. Stand-alone/remove process engine : process engine hosted on separate server.

Invoke Servlet from index.html

 

Servlet

// src/main/java/com/example/web/CsrfStateServlet.java

package com.example.web;

import com.example.security.StateUtil;

import jakarta.servlet.annotation.WebServlet;

import jakarta.servlet.http.*;

import java.io.IOException;

@WebServlet("/api/oauth/state")

public class CsrfStateServlet extends HttpServlet {

    @Override

    protected void doGet(HttpServletRequest req, HttpServletResponse resp)

            throws IOException {

        HttpSession session = req.getSession(true);

        String state = StateUtil.generateState();

        session.setAttribute("oauth_state", state);

        resp.setContentType("application/json; charset=UTF-8");

        resp.getWriter().printf("{\"state\":\"%s\"}", state);

    }

}

// src/main/java/com/example/security/StateUtil.java

package com.example.security;

import java.security.SecureRandom;

import java.util.Base64;

public final class StateUtil {

    private static final SecureRandom RANDOM = new SecureRandom();

    private StateUtil() {}

    public static String generateState() {

        byte[] bytes = new byte[24]; // 192 bits

        RANDOM.nextBytes(bytes);

        return Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);

    }

}

Set-Cookie