Friday, August 11, 2017

Synchronization in JAVA


You should be aware of Synchronization if you are working on an application where multiple threads are accessing the same resources or else it will show you erroneous or unforeseen results.
Imagine a scenario where you are doing the multiple transactions in your bank. I believe you don’t want one thread is updating your balance and in parallel, the other thread is reading your balance otherwise you will end up in error or unexpected results.

Example 1:
Public class HDFCBank {
            Protected long balanace =1000;
            Public void deposit( int amount) {
                        this.balance = this.balance + amount;
            }
}

Assume if two threads, A and B are executing the deposit method on the same instance of the HDFCBank Class then there will be no way to guess when the operating system is switching between these two threads.

Let’s assume current balance is 1000 
1.      A & B thread reads balance as 1000.
2.      A will execute deposit(1000) and will add 1000 so total balance should be 2000
3.      B will also execute deposit (500) but over here B’s balance is 1000 (read balance before step 2) so it will add 1000 +500 = 1500

You can observe that the total balance should be 2500 but we end up with only 1500 which is not we have expected. The above code in the deposit () contains a critical section and when multiple threads execute this critical section, race conditions occur. The situation where two threads compete for the same resource, where the sequence in which the resource is accessed is significant, is called race conditions and the code section that leads to race conditions is called a critical section.

The above problem can be easily solved by ensuring that the deposit() will be used by only one thread at a time. The process by which this is achieved is called synchronization and Java provides different constructs for synchronization and locking e.g. volatile keyword, atomic variable, ReentrantLock, ReentrantReadWriteLock & Synchronized.

Today, I am only going to discuss about synchronization in details. The synchronization keyword in java creates a block of code referred to as the critical section. It is built around an internal entity known as the lock or monitor. Every object has a lock associated with it and by convention, a thread that needs consistent access to an object's fields has to acquire the object's lock before accessing them, and then release the lock when it's done with them and till then all other threads attempting to enter the locked monitor will be suspended until the first thread exits the monitor.

Let’s remodify the above example

Example 2:
public class HDFCBank {
            Protected long balanace =1000;
            public void synchronization deposit( int amount) {
                        this.balance = this.balance + amount;
            }
}

Now, what will happen if threads A & B again executing the deposit() method?
·         A & B thread will try to get the lock and let’s say A got the lock. In such case thread B will wait till the time A is not releasing the lock. A->balance = 1000;
·         Will add 1000 to balance now total balance is 2000 and exit from deposit ()
·         B thread will get the lock and NOW it will read balance value which will be 2000
·         Add 500 to balance which will be 2500 as expected.

We can use synchronized keyword at the functional level or at block level but not with any variable and also it can be synchronized on the instance (object) or on the class object.

Synchronized Instance method

The above Example 2 is an example of instance method where you need to add synchronized keyword in the method declaration. This tells Java that the method is synchronized on the instance thus only one thread can execute at a time for one object. One thread one instance.
Assume HDFCBank has two instances hdfcBank1 & hdfcBank2 and each instance has its own two threads, T1 & T2 with hdfcBank1 and T3 and T4 with hdfcBank2.

Now, if we execute T1 and T2 at the same time then there will be no interference and T2 will wait for T1 to complete the task. Similarly, with T3 & T4 but if we execute all 4 threads then there can be interference between t1 and t3 or t2 and t4 because t1 acquires another lock and t3 acquires another lock.



Synchronized static method:
Similar to Example 2 but you have to add the static declaration at the method level.
Example 3:
            public void static synchronization deposit( int amount) {
                        this.balance = this.balance + amount;
            }
Over here, the deposit methods are synchronized on the class object of the class the synchronized static method belongs and we know only one class object exists in the Java VM per class therefore only one thread can execute inside a static synchronized method in the same class.
The problem that we saw in Synchronized Instance method can be easily solved by Synchronized static method.


Synchronized at block level:
There can be a scenario where you don’t want to synchronize the whole function but only the critical section or part of a method to be synchronized to an object or you want to lock an object for any shared resources. In all such situation, you can go with synchronized block.
Example 4:
            public void deposit(int amount) {
                        System.out.println(“Depositing amount: ” + amount);
                        synchronized(this) {
                                    this.balance = this.balance + amount;
                        }
                        System.out.println(“Total balance: ” + this.balance );
            }
In Example 4, you must have observed that the synchronized block construct takes an object in parentheses (this) which is the instance the deposit method is called on. Over here, the execution is very similar to synchronized Instance methods i.e. only one thread can execute per instance.

Synchronized Blocks in Static Methods

Similar to Synchronized static method but over here you can pass the class object in the block.
Example 5:
public void static deposit(int amount) {
                        System.out.println(“Depositing amount: ” + amount);
                        synchronized(HDFCBank.class) {
                                    this.balance = this.balance + amount;
                        }
                        System.out.println(“Total balace: ” + this.balance );
            }

Points to remember while implementing synchronized keyword
·         Use synchronized wherever necessary as it can slow and degrade performance and prefer block synchronization over method synchronization as it will only lock critical section of the code, not the whole method.
·         Double check the object that you are using as monitor object in synchronized block as the uninitialized object will throw NULL POINTER EXCEPTION.
·         Thread acquires an object level lock when it enters into an instance synchronized method and a class level lock when it enters into the static synchronized method and the lock is released even if thread leaves synchronized method after completion or due to any Error or Exception.
·         Don’t use String object as a lock in java synchronized block as string is an immutable object and internally literal string gets stored in String pool. so, by any chance, if any other part of the code or any third-party library used same String as their lock then they both will be locked on the same object despite being completely unrelated which could result in unexpected behavior and bad performance.


Happy Coding…!!! 

Saturday, July 8, 2017

FAQ Questions on Spring Boot

How to control logging with Spring Boot?

By default, the SLF4j Logging is included in the Spring Boot starter package. To enable logging, create a application.properties file in the root of the resources folder.

1. application.properties

logging.level.org.springframework.web=ERROR
logging.level.com.waheedtechblog=DEBUG

# Logging pattern for the console
logging.pattern.console= "%d{yyyy-MM-dd HH:mm:ss} - %msg%n"

# Logging pattern for file
logging.pattern.file= "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n"

logging.file=/Users/waheed/application.log

Similarly we can configure in application.yml as well.

2. application.yml
logging:
  level:
    org.springframework.web: ERROR
    com.waheedtechblog: DEBUG
  pattern:
    console: "%d{yyyy-MM-dd HH:mm:ss} - %msg%n"
    file: "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n"
  file: /Users/waheed/application.log

3.  Classic Logback.xml

If you don’t like the Spring Boot logging template, just create a standard logback.xml in the root of the resources folder or root of the classpath. This will override the Spring Boot logging template.

How to run Spring boot application to custom port ?
In application.properties, add following property.
            Server.port=9090

How to configure datasource using Spring boot?
• Use either spring-boot-starter-jdbc or spring-boot-starterdata-jpa and include a JDBC driver on classpath
• Declare properties

1.      spring.datasource.url=jdbc:mysql://localhost/test
2.      spring.datasource.username=dbuser
3.      spring.datasource.password=dbpass
4.      spring.datasource.driver-class-name=com.mysql.jdbc.Driver
– Spring Boot will create a DataSource with properties set
– Will even use a connection pool if the library is found on the classpath!

How to change Context Path?
To change the context path, update server.contextPath properties either in application.properties file or application.yaml file.

Application.properties

server.port=8080
server.contextPath=/application

application.yaml

server:
  port: 8080
  contextPath: /application



Database access with Spring boot

The simplest way of creating Spring boot with MySQL application is via Spring starter project using STS (Spring Tool Suite) IDE.

Steps:
  • Create a new project by selecting spring starter project wizard
  • Select project type as Maven, provide project name, packaging, and Java version etc.

  • Select spring boot version and project dependencies

  • After finishing, It will create the project structure with all required dependency.
  • Configure MySQL configuration in application.properties file
  • Now, Create the @Entity model (User) which should be persisted in the database. Hibernate will automatically translate entity class into a table.

  • Create the repository (UserRepository.java). The Repository interface will be automatically implemented by Spring in a bean with the same name with changing case. For UserRepository, the bean name will be userRepository.

  • To handle HTTP request, Create a Controller class (UserController.java) having method POST and GET operations.

  • Now run the SpringBootMySQLApplication.java as a Java application. It will start the tomcat server on default port i.e. 8080
  • Open browser and hit url http://localhost:8080/users

  • As there is no user present into the database that is why we see empty list. Let's add few users using POSTMAN.
  • To add a user, Open Postman and run below http request


  • Congratulations! We've just developed a Spring application which is bound to a MySQL database, Ready for production! Source code can be downloaded from GITHUB.
Happy Coding...!!!

Friday, July 7, 2017

Spring Boot application Example

As we know that there are various ways for creating Spring Boot application. For this sample application, I am going to use STS (Spring Tool Suite) IDE.

Steps:
  • Create a new project by selecting spring starter project wizard


  • Select project type as Maven, provide project name, packaging, and Java version etc.

  • Select spring boot version and project dependencies

  • After finishing, you can see the project structure as shown below

  • Spring boot generates a Java file in the src/main/java directory, pom.xml file with all required dependency. 


  • To handle HTTP request, Create a Controller class

  • Now run the SpringBootExampleApplication.java as a Java application. It will start the tomcat server on default port i.e. 8080

  • Open browser and hit url http://localhost:8080/application
Note:

By Default, Application will start on port 8080 but can override by adding server.port to application.properties file.


Happy Coding..!!!

What is Spring Boot Initilizr?

Spring Boot Initilizr is a web tool which is provided by Spring on official site using which Spring Boot project can be created by providing project details. It simplifies Spring Applications Development by providing initial project structure and build scripts which reduces development time thus increase productivity.
Steps to create Spring Boot project via initilizr
·        Select Maven project and dependencies. Fill other details as shown below and click on generate project.


·        Download the project, extract and now import this project As Maven by using Import option from the STS (Spring Tool Suite) IDE.
·        After finishing, You can see the project structure as shown below:

·    Spring boot generates a Java file in the src/main/java directory, pom.xml file with all required dependency. The default created Java file is the below.

·    Now run this project by selecting Java Application from run options and you will see the following output.


 Happy Coding…!!!

Introduction to Spring Boot

Spring Boot is another module provided by Spring Framework which provides RAD (Rapid Application Development) feature to Spring framework. Using boot, we can create standalone Spring based application that you can “just run” in no time and Most Spring Boot applications need very little Spring configuration and it does not require any XML configuration. It uses convention over configuration software design paradigm that means it decrease the effort of developer.

Why Spring Boot?

As we know Spring framework provides flexibility to configure the beans in multiple ways such as XML, Annotations and JavaConfig. With the number of features increased the complexity also gets increased and configuring Spring applications becomes tedious and error-prone.
Spring Boot:
·         Ease the dependency Management, Java-based applications Development, Unit Test and Integration Test Process.
    • Eg: By adding springboot-starter-web dependency to pom.xml file will pull by default all the commonly used libraries such as spring-webmvc, jackson-json, validation-api and tomcat into your Spring MVC applications.
  • Do the Auto Configuration
    • Eg: By Adding above dependency will adds all these libraries but also configures the commonly registered beans like DispatcherServlet, ResourceHandlers, MessageSource etc beans with sensible defaults. Will see JDBC configuration blog in next blog.
  • Support for Embedded Servlet (Tomcat, Jetty )
    • It provides Embedded HTTP servers like Tomcat, Jetty etc. to develop and test our web applications very easily.
  • Easy to develop Spring Based applications with Java or Groovy and it reduces lots of development time and increases productivity. It also avoids writing lots of boilerplate Code, Annotations and XML Configuration.
  • Easy to integrate Spring Boot Application with its Spring Ecosystem like Spring-jdbc, Spring-orm, Spring-data-jpa, Spring security etc.

Spring Boot Components

·         Spring Boot Starter

    • Spring boot starter are just JAR Files or set of convenient dependency descriptors which we can include in our application to makes development easier and faster. It follows a naming pattern like: spring-boot-starter-*, where * is a particular type of application. This naming structure is intended to help when you need to find a starter. For example, if we want to get started using Spring and JPA for database access, just include the spring-boot-starter-data-jpa dependency in your project.

·        Spring Boot AutoConfigurator

·   It used by Spring Boot Framework to provide “Auto-Configuration. It attempts to automatically configure your Spring application based on the jar dependencies that you have added. For example, If HSQLDB is on your classpath, and you have not manually configured any database connection beans, then we will auto-configure an in-memory database.
·      You need to opt-in to auto-configuration by adding the @EnableAutoConfiguration or @SpringBootApplication annotations to one of your @Configurationclasses.

·        Spring Boot Actuator

·         It is used to expose different types of information about the running application – health, metrics, info, dump, env etc.
·         We can choose to manage and monitor our application using HTTP endpoints, with JMX or even by remote shell (SSH or Telnet). Auditing, health and metrics gathering can be automatically applied to your application.
·         To start using the existing actuators in Boot – we’ll just need to add the spring-boot-actuator dependency to the pom:
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
    <version>1.4.2.RELEASE</version>
</dependency>

·        Spring Boot CLI

·         Tool to run and test Spring Boot applications from command prompt. When we run Spring Boot applications using CLI, then it internally uses Spring Boot Starter and Spring Boot AutoConfigurate components to resolve all dependencies and execute the application.
·         It internally contains Groovy and Grape (JAR Dependency Manager) to add Spring Boot Defaults and resolve all dependencies automatically.

·        Spring Boot Initilizr

·         It is a web tool which is provided by Spring on official site using which Spring Boot project can be created by providing project details. Check here in depth details.


That’s it all about Spring Boot Framework. Will add few more blogs for depth details.





Wednesday, April 12, 2017

Shibboleth Idp with External Authn Configuration

Shibboleth Idp comes with by default various flows like UsernamePassword, Mfa, X509, Kerberos, Spengo and various others flow but today I am going to discuss in details about one more flow which is also provided by Shibboleth Idp itself i.e External Flow

Use case:

Shibboleth Idp supports external Authn flow using which specific requirement can be fulfilled like your authentication database resides at some other location or some other servlet will do the authentication on the Idp’s behalf like authentication should be done at Facebook or Google side. All such scenario can be easily handled using External Authn flow.
Shibboleth team has already created document for the same which you can read it over here. I am writing this document to explain it in more details with example.

There are few predefined steps that we need to follow to add new custom flow in Shibboleth Idp as per Shibboleth guidelines. Let’s assume we have to create new flow named “Authn/Custom” in Shibboleth Idp. 

Here are the steps:

  • Copy opt\shibboleth-idp\conf\authn\ external-authn-config.xml and change it to custom-authn-config.xml and keep it under the same directory i.e. “opt\shibboleth-idp\conf\authn”.
  •  Replace all ‘External’ with ‘Custom’ in  custom-authn-config.xml file like 

<bean id="shibboleth.authn.External.externalAuthnPath" class="java.lang.String"
        c:_0="contextRelative:Authn/External" />                               
                                                TO
<bean id="shibboleth.authn.Custom.externalAuthnPath" class="java.lang.String"
        c:_0="contextRelative:Authn/Custom" />

  • Copy files from system to flow folder:

            cp system/flows/authn/external-authn-flow.xml flows/authn/Custom/Custom-flow.xml
            cp system/flows/authn/external-authn-beans.xml flows/authn/Custom/Custom-beans.xml

           Note: Make sure the name of the folder should be same as flow name. over here it is Custom  and Replace all ‘External’ with ‘Custom’ and edits the correct path too in both files.

  • Create a java project and create new Servlet CustomAuthnFlowServlet”. Servlet should contain final String key= ExternalAuthentication.startExternalAuthentication(httpRequest) and ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse) and the authentication logic should be added between this statement and If you are doing any redirect then make sure you should persist the key as startExternalAuthentication & finishExternalAuthentication require the same key.
One more point principal should be set as httpRequest.setAttribute(ExternalAuthentication.PRINCIPAL_NAME_KEY, username) if you want to retrieve at Shibboleth SP side and in case of error mapped it with AUTHENTICATION_ERROR_KEY. httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, AUTHN_EXCEPTION);
                            
  •  Add new Servlet mapping to web.xml file of Shibboleth Idp.

             
  •  Add your custom exception that we have created in our Servlet in  opt\shibboleth-idp\conf\authn\authn-events-flow.xml.
                   
  •  Add below snippet to opt\shibboleth-idp\conf\errors.xml

<entry key="CustomException" value-ref="shibboleth.SAML2Status.AuthnFailed" />
        <entry key="AnotherException" value-ref="shibboleth.SAML2Status.AuthnFailed" />

Note: Map your Exception to correct value-ref as incase of error Idp will send this error Response to Shibboleth SP.
  • Register Custom Auth flow in conf/authn/external-authn-config.xml

                
  • Set idp.authn.flows as Custom (idp.authn.flows=Custom)
  • We can retrieve Principal at Shibboleth IdP side by adding below snipped in attribute-resolver.xml.
We are done here. Restart Shibboleth and hit target URL and you will see the SSO happening using your custom flow. Please feel free to comment or mail me for any queries.

Happy Coding!!!


How TOPT Works: Generating OTPs Without Internet Connection

Introduction Have you ever wondered how authentication apps like RSA Authenticator generate One-Time Passwords (OTPs) without requiring an i...