Category Archives: Java

Spring Security- Getting started

In last post I wrote about implementing a simple authentication and authorization code using filters to provide security to your web application.

Well, Spring security is there to make our life easier.

Lets take a very simple example of hello world application.

Simply create a new web application (in eclipse dynamic web application, cover to maven application to use maven).

Modify Web.xml

<servlet>
<servlet-name>controlServlet</servlet-name>
<servlet-class>com.spring.test.HelloWorld</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>controlServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>

And create HelloWorld.java

package com.spring.test;
import java.io.IOException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


@WebServlet (urlPatterns ={"/hello" } )
public class HelloWorld extends HttpServlet {

@Override
public void doGet (HttpServletRequest request , HttpServletResponse response){
try {
response.getWriter( ).write( "Hello World" ) ;
} catch(IOException e) {
e.printStackTrace( ) ;
}
}
}

Only dependency added to maven

<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
</dependency>

Build using maven and execute on any webserver. The /hello url will show a Hello World Message.

Lets add some security to this application now using Spring Security.

Tell your maven about Spring Jars

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>

Add to web.xml

<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

And create spring-security.xml inside WEB-INF

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/hello" access="ROLE_ADMIN" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user authorities="ROLE_ADMIN" name="kamal" password="kamal" />
<security:user authorities="ROLE_ADMIN" name="admin" password="admin" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>

JVM: Memory management and Garbage collection

If you have looked into server configuration files, you would have seen terms like –

-Xms512m -Xmx1536m -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=786m -XX:MaxPermSize=1024m -XX:+UseConcMarkSweepGC

These are parameters we use to set up heap memory use by JVM to store objects in memory and make sure effective usage of garbage collection.

Garbage Collection: Garbage collection or GC in Java is a way in which JVM reclaims the space in heap occupied by objects no longer in use. This is achived by Java in Mark and Delete approach (Mark objects no longer in use and then delete the marked objects, optionally compacting the survived objects to make all available space together for better usage).

Heap Memory: All the objects created by JVM are added to heap memory. -Xms512m defines the minumum heap memory requested by JVM and -Xmx1536m defines maximum.

Yound and Old Generation: Further heap memory is divided into 2 blocks- young generation and old generation for optimum GC. Young generation memory contains the newly generated objects and old generation contains older objects. The idea is that the newly created objects will be more prone to GC. The objects which have survived a few GC cycles (they are still in use), have more probability of surviving future GC cycles. A minor GC runs frequently which will clean up the young generation heap. The major GC runs less frequently and cleans up whole healp including old generation area.

-XX:NewSize=512m and -XX:MaxNewSize=512m defines memory setting for young generation GC.

Eden and Survivor: Young generation heap area is further divided into Eden space and survivor space. A newly created object is placed in Eden space and moves to survivor space if it survives a GC. A survivor space object which has survived multiple GCs is then moved to Old Generation area.

Stack memory: Apart from Heap memory, JVM also has stack memory which is allocated to a thread of execution and store local primitive variable and reference to variables in heap for that particular thread. Stack memory works in LIFO fashion and is short lived. Normally it is very small in size ~1mb by default, but can be set using -Xss flag.

Error: OutOfMemoryError is thrown by JVM when it runs out of heap and StackOverFlowError is thrown when stack memory is full.

Permanent Generation: Perm Gen is area where JVM defines application metadata about classes and methods. This is not part of heap memory. Can be set using -XX:PermSize=786m and -XX:MaxPermSize=1024m

GC Algorithms: There are various algorithms which can be used by JVM while GC. For example -XX:+UseConcMarkSweepGCin above cofiguration tells JVM to use concurrent mark sweep algo, which helps GC in parallel to application execution, hence low impact visible on application – read here. With Java 7, we have Garbage-First Collector option, which helps further by splitting heap in multiple areas and doing GC with minimum impact on application- read here.

Useful reads

http://pubs.vmware.com/vfabric52/index.jsp?topic=/com.vmware.vfabric.em4j.1.2/em4j/conf-heap-management.html

http://www.journaldev.com/2856/java-jvm-memory-model-and-garbage-collection-monitoring-tuning

https://blog.codecentric.de/en/2014/01/useful-jvm-flags-part-8-gc-logging/

Adding HTTPS support to JBoss

Here is a good document with step by step instructions on setting up HTTPS support in JBoss

https://dzone.com/articles/ssl-wildfly-8-and-undertow

Adding Maven Jars to final war

There might be a requirement to let the war file include all maven dependencies (jars downloaded through maven) to avoid adding them manually to server, especialy while development time.

Right click project -> properties-> Deployment Assembly-> add ->build path entries->maven dependencies

Reference- http://stackoverflow.com/questions/6083501/maven-dependencies-not-visible-in-web-inf-lib

A simple cache utility class in Java

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/**
 * 
 * This class maintains in memory cache. 
 * @author kamalmeet
 *
 */

public class CommonCache {
	
	//The map that will store the cache
	private static Map<String, Object> cache=null;
	
	private static CommonCache reportCache=new CommonCache();
	
	/**
	 * Make sure the class is singleton so only one instance is shared by all. 
	 */
	private CommonCache()
	{
		cache=Collections.synchronizedMap(new HashMap<String, Object>());
	}
	
	/**
	 * Get the singleton instance.
	 * @return
	 */
	public static CommonCache getInstance()
	{
		return reportCache;
	}
	
	/**
	 * Add new element to cache.
	 * @param key
	 * @param value
	 */
	public void addToCache(String key, Object value)
	{
		cache.put(key, value);
	}
	
	/**
	 * Remove an element from cache.
	 * @param key
	 */
	public void removeFromCache(String key)
	{
		cache.remove(key);
	}
	
	/**
	 * Clean up cache.
	 */
	public void invalidateCache()
	{
		cache=Collections.synchronizedMap(new HashMap<String, Object>());
	}
	
	/**
	 * Get the element from cache.
	 * @param key
	 * @return
	 */
	public Object getFromCache(String key)
	{
		if(cache.containsKey(key))
			return cache.get(key);
		else
			return null;
	}
	
}

Returning auto generated id in spring – mybatis

Faced a problem with returning the autogenerated id for new rows being created for a postgres table through spring – mybatis.

@Insert("insert into user (name) values (#{name})") public void insertActor(User user);

One solution ofcourse was to simply get nextval from the sequence, but I wanted something cleaner where I need not be worried about multithreading issues.

Solution one Tried: One good solution found for postgres was using “Returning” keyword with Insert statement

insert into user (name) values (#{name}) Returning id;

Somehow that did not work with mybatis.

Solution that worked:

@Options(useGeneratedKeys=true, keyProperty = "userId", keyColumn="id") @Insert("insert into user (name) values (#{name})") public void insertActor(User user);

@Options, with useGeneratedKeys flag worked just fine. keyProperty defined the property name in Java and keyColumn name defined name of column in table.

Java- How to read an xlsx file

Here is a sample code to read xlsx file from java

import java.io.File;
import java.io.FileInputStream;
import java.util.Iterator;

import org.apache.poi.ss.usermodel.Cell;
import org.apache.poi.ss.usermodel.Row;
import org.apache.poi.xssf.usermodel.XSSFSheet;
import org.apache.poi.xssf.usermodel.XSSFWorkbook;

public class UploadSchools {

public static void main(String s[])
{
UploadSchools u=new UploadSchools();
u.readExcel(“/home/kamalmeet/schools.xlsx”);
}

public void readExcel(String path)
{
try{

File file = new File(path);
FileInputStream fis = new FileInputStream(file);
XSSFWorkbook workBook = new XSSFWorkbook (fis);
XSSFSheet sheet = workBook.getSheetAt(0);
Iterator rows = sheet.iterator();

while (rows.hasNext()) {
Row currentRow = rows.next();

Iterator cells = currentRow.cellIterator();
while (cells.hasNext()) {

Cell currentCell = cells.next();
System.out.print(currentCell.toString()+”\t”);
}
System.out.println(“”);
}
workBook.close();
}
catch(Exception e)
{
e.printStackTrace();
}
}
}

Note that I am simply printing string value of the cells. You can check the cell type and read the value accordingly. For example, add following utility method

private String getCellValue(Cell cell) {
if (cell == null) {
return null;
}
if (cell.getCellType() == Cell.CELL_TYPE_STRING) {
return cell.getStringCellValue();
} else if (cell.getCellType() == Cell.CELL_TYPE_NUMERIC) {
return cell.getNumericCellValue() + “”;
} else if (cell.getCellType() == Cell.CELL_TYPE_BOOLEAN) {
return cell.getBooleanCellValue() + “”;
}else if(cell.getCellType() == Cell.CELL_TYPE_BLANK){
return cell.getStringCellValue();
}else if(cell.getCellType() == Cell.CELL_TYPE_ERROR){
return cell.getErrorCellValue() + “”;
}
else {
return null;
}
}

References :

http://stackoverflow.com/questions/12526310/returning-decimal-instead-of-string-poi-jar

http://java67.blogspot.in/2014/09/how-to-read-write-xlsx-file-in-java-apache-poi-example.html

Understanding Maven

Official definition of Maven states “Apache Maven is a software project management and comprehension tool.” For me, Maven is a build tool, that helps me manage dependencies as well. The advantage I get over Ant tool, is that it not only manages dependencies, but also downloads them automatically. Also I need not worry about transitive depeendies, that is if a jar I need for my project is inturn dependent on other jars, maven will take care of it for me.

Getting started: Using maven with Eclipse is simple. Eclipse comes with embedded maven so you need not worry about downloading or installing.

In New->Project, you can select Maven Project. It will ask you to select Archtype. An Archtype is predefine project templates. For example you can use Spring project, you can choose spring archtype. This will help you getting started by providing a sample template project, on which you can build further.

Once you create a project, you will find a pom.xml. POM stands for Project Object Model. It is fundamental Unit of Work in Maven.

A simple POM file might look like
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion>


<groupId>TEST</groupId>

<artifactId>TEST</artifactId>

<version>0.0.1-SNAPSHOT</version>

<packaging>jar</packaging>
<name>Permission</name>

<url>http://maven.apache.org</url>
<properties>

<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

</properties>

<dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> </dependencies> </project>
Note the dependencies part. This is telling the maven which version of the required dependency is needed by application.

ExecutorService with Callable and Future

In last post I talked about ExecutorService basics.

Let us take it forward to understand usage of Future keyword. So far we have seen Executor service usage to start executing a thread in controlled way. What if we need to get a returned object from the thread being executed. Callable interface comes to help. Instead of implmenting Runnable, we can implement Callable to create thread. In this case we will override call() method method instead of run().

From Javadocs: The Callable interface is similar to Runnable, in that both are designed for classes whose instances are potentially executed by another thread. A Runnable, however, does not return a result and cannot throw a checked exception.

The result of callable class is retrived in Future instance. Instead of executor.execute, we will call submit method which forces ExecutorService to return the Future instance. execute can also be used with Runnable instance, but in that case it will return null on completion as run() method cannot return an object.

ExecutorService

Here is refresher of multithreading in java.

Java (since 1.5) has come up with more controlled and cleaner way to handle threads, i.e. ExecutorService.

ExecutorService is a way in which we can create thread pools and execute threads in controlled manner, i.e. can define number of threads to be allowed at the same time.

ExecutorService ex = Executors.newSingleThreadExecutor();
ExecutorService ex = Executors.newFixedThreadPool(5);
ExecutorService ex = Executors.newScheduledThreadPool(10);

In first case we are creating a singlethreaded pool, whereas in second case we are defining a pool of fixed length. In third case we are creating a pool of threads which can perform activities at a defined time.

A simple code example

Play around with thread pool size to understand the usage.

package com.kamalmeet;

import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

public class ThreadTestExecutor {
	public static void main(String s[]) {
		ExecutorService executor = Executors.newFixedThreadPool(5);
		for (int i = 0; i < 10; i++) {
			executor.execute(new RunTest());
			executor.execute(new RunTest2());
		}
		executor.shutdown();
	}
}

class RunTest implements Runnable {
	@Override
	public void run() {
		try {
			Thread.sleep(1000);
		} catch (InterruptedException e) {
			e.printStackTrace();
		}
		System.out.println("run" + Thread.currentThread().getName());
	}
}

class RunTest2 implements Runnable {
	@Override
	public void run() {
		try {
			Thread.sleep(2000);
		} catch (InterruptedException e) {
			e.printStackTrace();
		}
		System.out.println("run2" + Thread.currentThread().getName());
	}
}

At this point let us dig a bit into what happens behind the scenes when we initialize an ExecutorService Instance. In Executor class we have this implementation for the newFixedThreadPool method

public static ExecutorService newFixedThreadPool(int nThreads) {
   return new ThreadPoolExecutor(nThreads, nThreads, 0L,  TimeUnit.MILLISECONDS, new LinkedBlockingQueue<Runnable>());
}

Similar to the newFixedThreadPool, we have implementation for SingleThreadExector and CachedThreadPool

public static ExecutorService newSingleThreadExecutor() {
    return new FinalizableDelegatedExecutorService(new ThreadPoolExecutor(1, 1, 0L, TimeUnit.MILLISECONDS, new LinkedBlockingQueue<Runnable>()));
}

public static ExecutorService newCachedThreadPool() {
    return new ThreadPoolExecutor(0, Integer.MAX_VALUE, 60L, TimeUnit.SECONDS, new SynchronousQueue<Runnable>());
}

Let’s take a look at ThreadPoolExecutor as well

/**
     * Creates a new {@code ThreadPoolExecutor} with the given initial
     * parameters, the
     * {@linkplain Executors#defaultThreadFactory default thread factory}
     * and the {@linkplain ThreadPoolExecutor.AbortPolicy
     * default rejected execution handler}.
     *
     * <p>It may be more convenient to use one of the {@link Executors}
     * factory methods instead of this general purpose constructor.
     *
     * @param corePoolSize the number of threads to keep in the pool, even
     *        if they are idle, unless {@code allowCoreThreadTimeOut} is set
     * @param maximumPoolSize the maximum number of threads to allow in the
     *        pool
     * @param keepAliveTime when the number of threads is greater than
     *        the core, this is the maximum time that excess idle threads
     *        will wait for new tasks before terminating.
     * @param unit the time unit for the {@code keepAliveTime} argument
     * @param workQueue the queue to use for holding tasks before they are
     *        executed.  This queue will hold only the {@code Runnable}
     *        tasks submitted by the {@code execute} method.
     * @throws IllegalArgumentException if one of the following holds:<br>
     *         {@code corePoolSize < 0}<br>
     *         {@code keepAliveTime < 0}<br>
     *         {@code maximumPoolSize <= 0}<br>
     *         {@code maximumPoolSize < corePoolSize}
     * @throws NullPointerException if {@code workQueue} is null
     */
    public ThreadPoolExecutor(int corePoolSize,
                              int maximumPoolSize,
                              long keepAliveTime,
                              TimeUnit unit,
                              BlockingQueue<Runnable> workQueue) {
        this(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue,
             Executors.defaultThreadFactory(), defaultHandler);
    }

If you need additional control on the type of threads being created, you can send ThreadFactory as an additional parameter to ThreadPoolExecutor.

Before closing on the topic, it is worth looking at Atomic Variables. Atomic variables provide a way to maintain a thread-safe state for variables. This implements CAS (Compare and Swap) approach, which is faster than implementing synchronization as that needs locking and unlocking mechanism. The most commonly used atomic variable classes in Java are AtomicInteger, AtomicLong, AtomicBoolean, and AtomicReference.