Saturday, 12 January 2019

what is multithreading in java


Whatis multithreading in java

Multi threading

Way to define threads

There are two way to define thread in java.
  1. Introduction
  2. The way to define , Instantiate and start thread
  3. Getting and Setting name of thread
  4. Thread priorities
  5. The method to prevent thread execution
·         Yield
·         Join
·         Sleep
  1. Sysncronization
  2. Interthread communication
  3. Deadlock
  4. Daemon threads

Multitasking
Execution several tasks simultaneously is called multitasking.
There two types of multitasking:
1.       Process base multitasking
2.       Thread base multitasking
Example:
Student in classroom
Student
·         Listening
·         Writing
·         Sleeping
·         Watching
·         Reading
·         Noise keeping etc.


1.    Process base multitasking


Execution several tasks simultaneously, where each task is a separate independent process, is called process base multitasking.
Ex. While typing a java program in editor, we can able to listen audio songs by mp3 player in the system, at the same time we can download a file from the net. All these tasks are executing simultaneously and independent to each other. Hence, it is process base multitasking.
Process base multitasking is suitable at O.S. level.
2.    Thread base multitasking
Executing several tasks simultaneously where each task is a separate independent part of the same program is called Thread base multitasking and each independent part is called thread.
It is best suitable for programmatic level.
  • Whether it is process base or thread base, the main objective of multitasking is to improve performance of the system by reducing response time.
  • The main important application areas of the multithreading are developing video game, multimedia graphics, implementing animations etc.
  • Java provide inbuilt support for multithreading by introducing a rich API (Thread , Runnable, ThreadGroup,Threadlocal…) being a programmer we have to know how to use this API and we are not responsible to define that API. Hence, developing multithreading program is very easy when compare to c++.

 

The way to define, Instantiate and start a new thread

We can define thread in following two ways

  • By extending thread class.
  • By implementing Runnable Interface.
Defining thread by extending thread class
class mythread extends Thread
{
                public void run(){
                for(int i=1;i<=10;i++){
                System.out.println(“child thread…”);
}//job of the thread.
}
}
class ThreadDemo{
public static void main (String args[]){
MyThread  t=new MyThread(); // instantiating  thread
t.start(); // starting of the thread.
for(int i=10;i<=10;i++){
                System.out.println(“main Thread”);
}
}
}

Case: 1

Thread Scheduler
  • Whenever multiple thread waiting to get chance for execution which thread will get chance first is decided by thread Scheduler. Whose behavior is java vendor dependent. Hence, we can’t expect exact execution order. Hence, exact out put.
  • Thread scheduler is part of JVM. Due to this unpredictable behavior of thread scheduler we can’t expect exact output of the above program.
Note: whenever the situation comes to Multithreading the guarantee in the behavior is very less. We can tell possible output but not exact.

 Case: 2

Deference between t.start() and t.run()
In the above case of the t.sart() a new thread will be created and thread will be responsible to execute run().
  • But in the case of t.run() no new thread will be created and run method will be execute just like a normal method call.
  • In the above program, if we are replacing t.start() with t.run() the output will be normal as first 10 time child thread and second 10 time main thread.

By at No comments:
Labels:

Wednesday, 9 January 2019

spring security architecture

spring security architecture

Application Security Areas:

There are two main areas for application securities.
1.     Authentication: Process of checking the user, who they claim to be.
2.     Authorization: Process of deciding whether a user is allowed to perform an activity within the application.

Authentication Models supported by Spring Security:

Spring security supports more than 20 Models for authentication. Some of them are
1.     X.509 client certificate exchange
2.     LDAP Authentication
3.     OpenID authentication
4.     Java Open Source Single Sign On
…..

Spring Security Modules

Spring security code has been divided in different JARs(Can be considers as modules)
1.     Core (spring-security-core.jar) : Required Module. Contains core authentication and access-contol classes and interfaces, remoting support and basic provisioning APIs.
2.     Web (spring-security-web.jar): Required* if web authentication services and URL-based access-control is required.Contains filters and related web-security infrastructure code.
3.     Remoting : Provides intergration with Spring Remoting.
4.     Config : Contains the security namespace parsing code. You need it if you are using the Spring Security XML namespace for configuration.
5.     LDAP : LDAP authentication and provisioning code. Required if you need to use LDAPauthentication or manage LDAP user entries.
6.     ACL : Used to apply security to specific domain object instances within your application.
7.     CAS : If you want to use Spring Security web authentication with a CAS single sign-on server.
8.     OPENID :Used to authenticate users against an external OpenID server.
Note: Details extracted from Official doc for Spring


Spring Security Configuration

Web.xml Configuration:

In order to enable spring security for your web application, you have to add below filter declaration in your web.xml.
1.     <filter>
2.     <filter-name>springSecurityFilterChain</filter-name>
3.     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
4.     </filter>
5.     <filter-mapping>
6.     <filter-name>springSecurityFilterChain</filter-name>
7.     <url-pattern>/*</url-pattern>
8.     </filter-mapping>
All request now will go through “springSecurityFilterChain” filter which will apply app security.

ApplicationContext-security.xml Configuration:

As Spring security is enabled till now we can now configure the security XML for different security related options like “Authentication Model”, Login page, Access denied page etc..

Namespace

Namespace configuration allows you to supplement the traditional Spring beans application context syntax with elements from additional XML schema. In order to use security namespace in application context, “spring-security-config” jar needs to be in classpath. Schema declaration that needs to be there in “application-context” XML.
1.     <beans:beans xmlns="http://www.springframework.org/schema/security"
2.     xmlns:beans="http://www.springframework.org/schema/beans"
3.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4.     xsi:schemaLocation="http://www.springframework.org/schema/beans
5.     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
6.     http://www.springframework.org/schema/security
7.     http://www.springframework.org/schema/security/spring-security-3.1.xsd">
8.     ...
9.     </beans:beans>
With this configuration we can use “security” as the default namespace rather than “beans”.

Authentication Model:

Here we decide which authentication model you will use for your web application. Option could be any of the above(LDAP, Open ID..). Once decided same could be configured via “<authentication-manager></authentication-manager>” tag.
Ex 1 :
1.     <authentication-manager>
2.     <authentication-provider>
3.     <user-service>
4.     <user name="user1" password="password" authorities="ROLE_USER, ROLE_ADMIN" />
5.     <user name="user2" password="password" authorities="ROLE_USER" />
6.     </user-service/>
7.     </authentication-provider>
8.     </authentication-manager>
Here user and their roles have been hard coded in XML itself and user will be authenticated and authorized on given basis. Two user has been created with password as “password” and there are roles are “ROLE_USER, ROLE_ADMIN”.
Ex. 2 :
1.     <authentication-manager>
2.     <authentication-provider ref="ldapActiveDirectoryAuthProvider"></authentication-provider>
3.     </authentication-manager>
4.      
5.     <beans:bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
6.     <beans:constructor-arg value="abc.xyz.com"></beans:constructor-arg>
7.     <beans:constructor-arg value="ldaps://abc.xyz.com:636"></beans:constructor-arg>
8.     </beans:bean>
Here user will be authenticated and authorized via LDAP server(In current Situation Active Directory)
Note : Port no will be 636 for secured connection and will 393 for non secured.
Ex 3 :
1.     <authentication-manager>
2.     <authentication-provider>
3.     <jdbc-user-service data-source-ref="dataSource" />
4.     </authentication-provider>
5.     </authentication-manager>
Here user will be authenticated and authorized on the basis of table(USERS & AUTHORIZATION) in DB. datasource will be used to access the given tables in DB. Structure of the tables should be.
1.     CREATE TABLE USERS (USERNAME VARCHAR2, PASSWORD VARCHAR2,ENABLED VARCHAR2);
2.      
3.     CREATE TABLE AUTHORITIES(USERNAME VARCHAR2, AUTHORITY VARCHAR2);
Note*: You can have multiple <authentication-provider> elements to define different authentication sources and each will be consulted in turn.
Till now you have enabled the Spring security for your web application and configured the “Authentication- Manager” through which user can be authenticated and authorised. We might have to configure login, logout page and role based URL access.


These are the relevant links to provide custom authentication provider and to add multiple authentication providers in Spring Security.

https://www.baeldung.com/spring-security-authentication-provider
https://www.baeldung.com/spring-security-multiple-auth-providers

Session Management Configuration
1.     <session-management>
2.     <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
3.     </session-management>
Here we have defined that user can have 1 session at max.
error-if-maximum-exceeded is used to define what should be happend when user tries to create more then one session.
If it is true : User will get error page stating that user can not have more then one session if it already has one active session.
If it is false: User will not get any error while trying to login to application(Creating another session) but other session will get invalidated and user will have only have new session.


Spring as they say is truly a one stop shop for all. It is no less when it comes to securing applications.
There are other available frameworks and APIs to secure web application like Apache CXF, IBM’s WSS and so on but these could be considered only as per requirement. In the current scenario, the required features are all available with Spring and therefore it makes Spring the best candidate to win security implementation.

By at No comments:
Labels:
Subscribe to: Posts (Atom)