A review of the book titled "RESTful Java Web Services Security"

I had the chance to read this book titled "RESTful Java Web Services Security" from bit.ly/1myQc7O  and here is my honest review on the same...

First chapter presented a very concrete way of setting up a development environment and a sample project. A brief on Maven is a very good read for it's beginners.

Second chapter started with an excellent illustration on importance of security and various aspects like authentication and authorization, although I feel it is more elaborated than required. Nevertheless, gives a good feeling for the readers new to security. Concrete examples are presented to explain different options for security management.

Third chapter is the place where you actually start diving deep into the core area of this book, starting with a precise differences between fine-grained and coarse-grained security. Code sample given is very good, and it is one of the common positive points for all the chapters in this book. I understand that lot of thought process must be behind framing those examples.

Fourth chapter starts with introduction to OAuth. While the explanation was brief, I felt, the OAuth process could have been explained much better with elaborative explanation. However, the implementation is clear. SSO configuration for security management was very well explained and inclusion of the (relatively) rare topic of "filters and interceptors" made this chapter a must-read. I could understand the author's extensive thought process in all the examples included in the chapter.

Final and the fifth chapter is more into the actual hard-core security concepts like Digital Signatures and the explanation was extremely well done, with the appropriate examples to apply digital signatures. The example to show how to use annotations to validate signatures is excellent.

Overall, this is a must-read book for someone wanting to develop web services for applications demanding high security. While the entire book revolves around Java as the programming language, the concepts are applicable to any language someone wishes to implement these on. Personally I felt very happy reading this book and the last chapter is the one that I enjoyed the most. I would surely recommend this book for beginner and advanced level programmers working in the relevant areas!

Well done, authors!

Performance Analysis of few Multi-dimensional Index Structures

Multi-dimensional Index Structure is an index structure that is built to work on data points in a multi-dimensional space. In Document Vector notation, each term of the Document Corpus is a dimension and every document is represented as a point in that multi-dimensional space. Retrieval of information from a multi-dimensional space requires specialized index structures to be built. The article published on my other blog dedicated to Information Retrieval and Machine Learning, tries to introduce broad categories of Multi-dimensional index structures, discuss few structures and finally analyze the performance of those index structures under consideration. 

Have a read and post your comments here or on the other blog of mine.

Distribution of terms in Twitter Data

Term distribution is indeed a very interesting topic in Data Science, that once we start exploring it, we find many fascinating observations. I tried to plot the distribution of the terms on Twitter Data, taking a set of 10000 random tweets. I haven't removed any stop words, no spell checking was done. In fact, no technique that alters the data was implemented to just get a feel of the distribution of actual twitter data.

I have plotted the terms on X-axis in the decreasing order of their frequencies with the frequencies plotted on Y-axis. I got the below graph:

What this distribution means is that there are very few, in fact very very few words which are occuring most frequently. Without any doubt, these should be the articles, or conjunctions, or prepositions which are very much required for constructing english sentences.

Twitter allows users to post only 140 characters. As a Twitter user (@KausalMalladi), I find it difficult many times to fit my thoughts in that little space and I am sure it is same with everyone. On the flip side, because only 140 characters are allowed, we assume most of the words to be meaningful and relevant. But the distribution doesn't say that by providing a long tail. Why? I think it is because of “140 characters” and people tend to write short forms of the words and spelling mistakes are quite common in any social data.

The interesting part of the observation is that, although we are restricted to post only in 140 characters, in which case it is expected to make sense, it actually doesn't. May be we get a better term distribution with spelling corrections done on terms, I will try to do the same and post.

Same post is also published in my another blog.

Developing a RESTful Java Web service in Eclipse Indigo using maven

RESTful web services have become the kind of de-facto in the present days, thanks to Roy Fielding's dissertation stating its advantages. Developing these is also easy to someone who is NOT very accustomed to SOAP-WSDL based services. However it is little difficult to someone who has been working in the arena of SOAP, although not tough.
I believe a great deal of difficulty in developing RESTful web services is because of the unavailability of a uniform IDE that makes life easier for a developer. Although Netbeans has a very good abstracted mechanism that lets users develop RESTful web services with no pain, I don't prefer working with it, nor would I recommend anyone to use it. The major reason for the same is the highest levels of abstraction it offers to the developer which makes it difficult for him/her to understand the flow.
In this article I will try to walk you through the steps involved in successfully developing a RESTful java web service in eclipse using maven.
This article uses Eclipse Indigo, maven2, Sonatype M2Eclipse, Apache Tomcat 7.
Step1: Go to Help->Install New Software->Add. Enter the name as "m2eclipse" (you can give any name you wish to) and the location  http://m2eclipse.sonatype.org/sites/m2e. Then you will find the software "Maven Integration for Eclipse". Install it.
Step2: Developing a Dynamic web project also requires installing the software, "Maven Integration for Eclipse WTP", which can be found in the repository, http://m2eclipse.sonatype.org/sites/m2e-extras. Proceed similarly to add this repository too.
Step3: Now choose the directory where the workspace needs to be stored and run the folowing command.

mvn -Declipse.workspace= eclipse:add-maven-repo

This will be the local maven repository.
Step4: Now New->Project->Maven Project->Select Artifact ID as maven-archetype-webapp->Give groupID (similar to package name), artifact ID (similar to project name) and click Finish.
Step5: Now a directory structure will be formed as follows.

Step6: This is the most important step. The directory structure formed by default has to be changed a little. As per the Maven directory structure specifications, all the source java files (services) need to be inside /src/main/java. Follow the following steps to change the directory structure.

• Remove src/main/resources under Java Resources
• Add java folder to src/main directory
• Right click on Java Resources->New->Source Folder and give the previously added java folder in the Folder name and click Finish as shown below.

• The final directory structure should look like this.

Step7: Now add the following lines to pom.xml.

  

 
  maven2-repository.java.net
  Java.net Repository for Maven
  http://download.java.net/maven/2/
  default
 

  
    
   com.sun.jersey
   jersey-server
   1.8
    
  

This will essentially indicate the maven, the url to look for repositories while building. Also the dependency here is as required by the Jersey specification.
Step8: Now write the java service in a class file. Create a new class and add code similar to this. The annotations @Path along with @GET and @PathParam are very important, you can look into JSR311 API for details on this.

package com.rest.test;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
 
@Path("/test")
public class TestRest {
 
 @GET
 @Path("/{name}")
 public Response getMsg(@PathParam("name") String name) {
 
  String output = "Hello, " + name;
 
  return Response.status(200).entity(output).build();
 
 }
 
}

 Step9: Now we are required to update web.xml according to Jersey reference implementation. web.xml should look like this.

 Restful Web Application
 
 
  TestServlet
  
                     com.sun.jersey.spi.container.servlet.ServletContainer
                
  
       com.sun.jersey.config.property.packages
       com.rest.test
  
  1
 
 
 
  TestServlet
  /resources/*
 
 

These steps should essentially deploy a RESTful java web service successfully and you can test it by hitting the following URL.

http://localhost:8080/resources/test/kausal

And you should see the output "Hello, kausal". Here "kausal" is the parameter passed to the method response().

I hope this gives basic idea about how to develop a RESTful java web service with Jersey reference implementation in eclipse using maven. Please feel free to post your queries/comments.

Resolving issues with Eclipse on Ubuntu upgrade

Hi folks,
Today I did a partial upgrade of my Ubuntu and after that, to my surprise, Eclipse stopped working properly.
It gave an error saying...
"An internal error occurred during: "Compute launch button tooltip".org/eclipse/cdt/core/model/CoreModel"
... while I was trying to run my Java App.
Re-install of Eclipse didn't work from Ubuntu Software Center, neither did it work from Terminal.
Even apt-get install eclipse-platform --fix-missing didn't fix the issue.
After going through several posts, I found that a package called tzdata-java has to be re-installed.
So, apt-get --reinstall install tzdata-java finally worked.
This was just the condensed information from different sources and not my discovery! Posted here so that it might be useful to someone.
Thanks!

Memory allocation upon malloc() in C

Hi All,
Many of you would have already known how memory allocation happens when malloc() function is used in C language. This article is just the gist of my study on malloc() function.

What happens when you invoke malloc()?
When the C compiler sees malloc(4) function in the program, it requests the underlying OS (Operating System) to allocate 4 bytes and the OS, upon allocation, returns the block containing the address to the next block in the memory + the starting address of the memory allocated + the size of the block (here 4 bytes), rounded off to the multiples of size of the most restricted datatype on the machine.

Example:

int *p;

p=(int*)malloc(sizeof(int));

printf("%u\n",p);

p=(int*)malloc(sizeof(int));

printf("%u\n",p);

p=(int*)malloc(sizeof(int));

printf("%u\n",p);

p=(int*)malloc(sizeof(int));

printf("%u\n",p);

returns...

152002568
152002584
152002600
152002616

These are separated by 16 bytes, on my 32-bit machine! Please find the math for this below.
I will try to illustrate it with another bigger example there and put math of both examples together.


What is the most restrictive datatype?
For each machine, there is a most restrictive type. It is not unique and varies on different machines. It means that if you can store the most restricted datatype in an address, you can store any primitive type. Generally it will be double (as it is on my machine) but I read somewhere that it can be int or float too.

Yet another example, with calculations?
Consider creating the following structure and allocate memory using malloc() function.

struct test

{

char c;

char f;

int a;

int b;

float d;

double e;

double g;

double h;

double i;

};

int main()

{

struct test *t;

t=(struct test*)malloc(sizeof(struct test));

printf("%d\n",sizeof(struct test));

printf("%u\n",t);

t=(struct test*)malloc(sizeof(struct test));

printf("%u\n",t);

t=(struct test*)malloc(sizeof(struct test));

printf("%u\n",t);

t=(struct test*)malloc(sizeof(struct test));

printf("%u\n",t);

t=(struct test*)malloc(sizeof(struct test));

printf("%u\n",t);

t=(struct test*)malloc(sizeof(struct test));

printf("%u\n",t);

return 0;

}

returns...

48

140615688

140615744

140615800

140615856

140615912

140615968

Reason goes here...
On a 32-bit machine, char occupies 1 byte, int and float, 4 bytes while double occupies 8 bytes. So the structure essentially needs 46 bytes but 48 bytes are allocated because it should be in the multiples of (8 bytes - most restricted datatype, double on a 32-bit machine).
Now, on a 32-bit machine, each word is addressed by 32 bits (==4 bytes). So, as per the explanation given above w.r.t. block returned by malloc(), it has to return the address to next block (4 bytes) + address of allocated block (4 bytes) + size of structure (48 bytes), i.e. 56 bytes. This is the reason why we got addresses separated by 56 bytes for each allocation!

Similar math follows for the first example I quoted...
On a 32-bit machine, int occupies 4 bytes, but address to the next block (4 bytes) and address of the currently allocated block (4 bytes) add up to it making it 12 bytes. But the actual memory allocated must be in the multiples of most restricted datatype on the underlying machine which is double ( 8 bytes) and hence 16 bytes are allocated.

Hope this information will be useful to you all. I would like to have your comments/feedback on this. I am open for discussion on this topic! :)

Presenting my blog on Java programming

Hi All,
Apart from the technical ideas and articles of mine in this blog, I am also presenting you all another blog of mine, which is dedicated to Java programming.
http://mkausal.blogspot.in/
Please visit the blog for any queries w.r.t. Java programming.

Thanks!