How do I define and inject dependencies using annotations in Spring?

By I Wayan Saryada in Spring Core 0 Comment

In Spring, you can define and inject dependencies using annotations, which simplifies the process of configuring beans and their relationships. Here’s how you can do it step by step:

1. Define a Dependency with @Component

To define a class as a Spring-managed component (or bean), you annotate it with @Component, which makes the class eligible for dependency injection.

package org.kodejava.spring;

import org.springframework.stereotype.Component;

@Component
public class MyDependency {
    public void doSomething() {
        System.out.println("Dependency logic executed.");
    }
}

Here, @Component tells Spring to manage the lifecycle of this class as a bean.

2. Inject the Dependency with @Autowired

You can inject dependencies into another class by using the @Autowired annotation. It can be applied to:

  • Field injection
  • Constructor injection (recommended)
  • Setter injection

A. Field Injection

package org.kodejava.spring;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class MyService {
    @Autowired // Spring automatically injects the MyDependency bean here
    private MyDependency myDependency;

    public void performTask() {
        myDependency.doSomething();
    }
}

B. Constructor Injection (Recommended)

Constructor injection is preferred as it makes the dependencies immutable and facilitates better testing.

package org.kodejava.spring;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class MyService {
    private final MyDependency myDependency;

    @Autowired
    public MyService(MyDependency myDependency) {
        this.myDependency = myDependency;
    }

    public void performTask() {
        myDependency.doSomething();
    }
}

Note: From Spring 4.3 onward, if a class has only one constructor, the @Autowired annotation is optional since Spring will automatically use that constructor to inject dependencies.

C. Setter Injection

package org.kodejava.spring;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class MyService {
    private MyDependency myDependency;

    @Autowired
    public void setMyDependency(MyDependency myDependency) {
        this.myDependency = myDependency;
    }

    public void performTask() {
        myDependency.doSomething();
    }
}

3. Marking Other Components

Instead of using @Component, Spring provides additional stereotype annotations for specific roles, although they work similarly. These are:

  • @Service: Used for service classes.
  • @Repository: Used for data access/DAO components.
  • @Controller: Used for Spring MVC controllers.

Example:

import org.springframework.stereotype.Service;

@Service
public class MyService {
    public void executeService() {
        System.out.println("Executing service logic...");
    }
}

4. Enable Component Scanning

To ensure Spring automatically discovers and registers your components, you need to enable component scanning using the @ComponentScan annotation in your configuration class.

Example configuration class:

package org.kodejava.spring;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;

@Configuration
@ComponentScan(basePackages = "org.kodejava")
public class AppConfig {
}

Alternatively, if you are using Spring Boot, component scanning is enabled automatically for classes within the same package or sub-packages of the main application class annotated with @SpringBootApplication.

5. Example of Application Setup

Here’s a complete example:

Dependency

package org.kodejava.spring;

import org.springframework.stereotype.Component;

@Component
public class HelloWorldService {
    public String sayHello() {
        return "Hello, World!";
    }
}

Service

package org.kodejava.spring;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
public class GreetingService {
    private final HelloWorldService helloWorldService;

    @Autowired
    public GreetingService(HelloWorldService helloWorldService) {
        this.helloWorldService = helloWorldService;
    }

    public void printGreeting() {
        System.out.println(helloWorldService.sayHello());
    }
}

Main Application

package org.kodejava.spring;

import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

public class Application {
    public static void main(String[] args) {
        ApplicationContext context = new AnnotationConfigApplicationContext(AppConfig.class);

        GreetingService greetingService = context.getBean(GreetingService.class);
        greetingService.printGreeting();
    }
}

Configuration

package org.kodejava.spring;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;

@Configuration
@ComponentScan(basePackages = "org.kodejava")
public class AppConfig {
}

Summary of Annotations:

  • @Component: Marks a class as a Spring bean.
  • @Service: A specialization of @Component, typically used for service-layer classes.
  • @Repository: A specialization of @Component, used for DAO/repository classes.
  • @Controller: A specialization of @Component, used for Spring MVC controllers.
  • @Autowired: Marks a dependency to be automatically injected by Spring.
  • @ComponentScan: Specifies the base package(s) for scanning components.

This approach makes dependency management clean and reduces boilerplate code compared to XML-based configurations.

Maven Dependencies

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-context</artifactId>
    <version>6.2.6</version>
</dependency>

Maven Central

How to Work with the Root Certificates Included in Java 10

By I Wayan Saryada in Java 10 0 Comment

In Java 10, root certificates are included as part of the cacerts file in the Java Runtime Environment (JRE) to establish trust for security protocols like TLS/SSL. Java includes a default set of trusted Certificate Authorities (CAs) in this file. Here’s how you can work with the root certificates in Java 10:

Accessing the Root Certificates

Root certificates in Java 10 are found in the cacerts file, which is located in the lib/security directory in your JRE or JDK installation:

  • Path for JDK: <JAVA_HOME>/lib/security/cacerts
  • Path for JRE: <JAVA_HOME>/jre/lib/security/cacerts (if the setup includes a separate JRE)

Managing Root Certificates Using the keytool Utility

Java provides the keytool command-line utility to manage keystores such as cacerts. You can use it to list, add, or remove root certificates. Here’s how:

1. List Certificates

To view the existing certificates in the cacerts keystore, use the following command:

keytool -list -keystore <JAVA_HOME>/lib/security/cacerts

By default, the password for the cacerts keystore is changeit.

2. Import a New Root Certificate

If you have a custom root certificate (e.g., mycert.crt) that needs to be trusted by Java, import it as follows:

keytool -import -trustcacerts -file mycert.crt -keystore <JAVA_HOME>/lib/security/cacerts -alias myalias
  • Replace mycert.crt with the file path of your certificate.
  • Replace myalias with a unique alias for the certificate.
  • Note: If no password change has been applied, the default password is changeit.

3. Remove a Certificate

If you need to remove a root certificate from the cacerts keystore:

keytool -delete -alias myalias -keystore <JAVA_HOME>/lib/security/cacerts

Replace myalias with the alias of the certificate you want to remove.

4. Change Keystore Password

To change the default password (changeit) for the keystore:

keytool -storepasswd -keystore <JAVA_HOME>/lib/security/cacerts

Exporting Certificates

To export a certificate from the keystore:

keytool -export -alias myalias -file mycert.crt -keystore <JAVA_HOME>/lib/security/cacerts

Troubleshooting and Tips

  1. Backup Before Modifying: Always create a backup of the cacerts file before making changes. If something goes wrong, you can restore the original file. 
    cp <JAVA_HOME>/lib/security/cacerts <JAVA_HOME>/lib/security/cacerts.bak
  2. Certificate Format: Ensure that the certificates you are working with are in the correct format. Java usually requires certificates in PEM or DER format.

  3. Java Home Environment Variable: Ensure the JAVA_HOME environment variable is set correctly to point to your Java 10 installation.

  4. Truststore for Applications: Applications that need a specific set of certificates can use a custom keystore/truststore by specifying the following JVM arguments:

    -Djavax.net.ssl.trustStore=/path/to/custom/truststore
   -Djavax.net.ssl.trustStorePassword=yourpassword

Switching to a Custom Truststore

If you prefer to use a custom truststore instead of altering the cacerts file:

  1. Create a new keystore file: 
    keytool -genkey -alias myalias -keyalg RSA -keystore mytruststore.jks
  2. Add certificates to this custom truststore using the steps outlined above.

  3. Point the application or JVM to your custom truststore using the -Djavax.net.ssl.trustStore parameter.

Conclusion

Working with the root certificates in Java 10 provides more control over establishing trust with certificate authorities. Tools like keytool simplify this management process, whether you’re adding, removing, or listing certificates in the cacerts keystore. Always follow security best practices when modifying trust settings, and ensure critical backups are in place.

How do I control access to resources using Semaphore?

By I Wayan Saryada in Concurrency 0 Comment

To control access to shared resources in a multithreaded environment, a Semaphore is frequently used, which is part of the java.util.concurrent package. A semaphore manages a set number of permits that control how many threads can access a shared resource simultaneously. Threads acquire permits before accessing the resource and release the permits after they are done, ensuring controlled and synchronized access.

Here’s how you can use a semaphore to control access to resources:

1. Key Points About Semaphore:

  • Permits: The semaphore holds a set number of permits, which represent the number of threads that can access the resource concurrently.
  • Acquire/Release:
    • A thread must acquire a permit using the acquire() method to access the resource.
    • It must release the permit using release() after finishing its access to the resource.
  • Blocking Behavior: If no permits are available, the acquiring thread will block until a permit is released by another thread.

  • Fairness: You can construct a semaphore in a fair mode to ensure that waiting threads acquire permits in the order they requested them.

2. Example: Semaphore with Limited Access to Resources

Here is a simple example where a semaphore is used to control access to a shared resource (e.g., a connection pool or a printer):

package org.kodejava.util.concurrent;

import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Semaphore;

public class SemaphoreExample {

    // Semaphore initialized with 2 permits (only 2 threads can access simultaneously).
    private static final Semaphore semaphore = new Semaphore(2);

    public static void main(String[] args) {
        // Create a thread pool with 5 threads
        ExecutorService executorService = Executors.newFixedThreadPool(5);

        // Simulate 5 threads trying to access the shared resource
        for (int i = 1; i <= 5; i++) {
            final int threadId = i;
            executorService.submit(() -> {
                try {
                    // Try to acquire a permit
                    System.out.println("Thread " + threadId + " is trying to acquire a permit.");
                    semaphore.acquire();  // Blocks if no permit is available

                    // Access the shared resource
                    System.out.println("Thread " + threadId + " has acquired a permit.");
                    Thread.sleep(2000);  // Simulate the resource usage

                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                } finally {
                    // Release the permit after use
                    System.out.println("Thread " + threadId + " is releasing the permit.");
                    semaphore.release();
                }
            });
        }

        executorService.shutdown();
    }
}

3. How It Works:

  1. Initialization: The semaphore is initialized with a number of permits (new Semaphore(2)), allowing only 2 threads to access the resource concurrently.
  2. Acquire: A thread attempts to access the resource by calling semaphore.acquire(). If permits are unavailable, the thread is blocked until a permit is released by another thread.
  3. Critical Section: Once the permit is acquired, it enters the critical section and uses the resource.
  4. Release: After the thread is done using the resource, it calls semaphore.release() to return a permit, allowing other threads to acquire it.

4. Output Example:

When you run the example above, you might see an output like this, showing how only 2 threads can access the resource simultaneously:

Thread 1 is trying to acquire a permit.
Thread 1 has acquired a permit.
Thread 2 is trying to acquire a permit.
Thread 2 has acquired a permit.
Thread 3 is trying to acquire a permit.
Thread 1 is releasing the permit.
Thread 3 has acquired a permit.
Thread 4 is trying to acquire a permit.
Thread 2 is releasing the permit.
Thread 4 has acquired a permit.
Thread 5 is trying to acquire a permit.
Thread 3 is releasing the permit.
Thread 5 has acquired a permit.
Thread 4 is releasing the permit.
Thread 5 is releasing the permit.

Here, only 2 threads are allowed to acquire permits at a time, while others are blocked until permits are released.

5. Fair Ordering:

If you want the semaphore to provide fairness (FIFO order), you can use the constructor:

Semaphore semaphore = new Semaphore(2, true);

The second argument (true) enables fair ordering, making sure the threads acquire permits in the order they requested them.

6. Use Cases:

  • Database Connection Pools: Managing the number of simultaneous connections to a database.
  • Printers: Limiting how many jobs can access a shared printer.
  • Rate Limiting: Throttling the number of threads processing tasks in high-volume systems.

How do I configure key-based authentication with a passphrase using JSch?

By I Wayan Saryada in JSch 0 Comment

When using JSch (Java Secure Channel) for SSH key-based authentication with a passphrase, you need to set your private key file (which is protected by the passphrase) and optionally the passphrase itself. Below is an example demonstrating how to configure key-based authentication using JSch:

Code Example

package org.kodejava.jsch;

import com.jcraft.jsch.*;

public class JSchKeyBasedAuthentication {
    public static void main(String[] args) {
        String host = "example.com";         // Remote server hostname/IP
        String user = "username";            // SSH username
        String privateKey = "/path/to/private/key"; // Path to your private key
        String passphrase = "passphrase";    // Passphrase for the private key

        JSch jsch = new JSch();

        try {
            // Add the private key (with passphrase)
            jsch.addIdentity(privateKey, passphrase);

            // Create an SSH session
            Session session = jsch.getSession(user, host, 22);

            // Disable host key checking for simplicity (not recommended for production)
            session.setConfig("StrictHostKeyChecking", "no");

            // Connect to the server
            session.connect();

            System.out.println("Connected to the server!");

            // Once connected, you can execute commands, transfer files, etc.

            // Disconnect after use
            session.disconnect();
            System.out.println("Disconnected from the server.");
        } catch (JSchException e) {
            e.printStackTrace();
        }
    }
}

Explanation of the Code:

  1. jsch.addIdentity(privateKey, passphrase): This specifies the private key file and its passphrase for authentication. If the private key doesn’t have a passphrase, omit the passphrase parameter or pass null.
  2. session.setConfig("StrictHostKeyChecking", "no"): This disables host key checking. In a production environment, ensure you verify the server’s host key to prevent man-in-the-middle attacks.
  3. session.connect(): Establishes the SSH connection with the server using the provided private key.

Key Points:

  • Private Key Path: Ensure the private key file path is correct and accessible. It must be readable by the application.
  • Passphrase: If your private key is secured with a passphrase, you must provide it. If the private key is not secured with a passphrase, pass null instead.
  • Permissions: Ensure appropriate permissions on the private key file (e.g., chmod 600 on Unix-based systems).

Optional (To Load Known Hosts Manually):

To add known hosts verification:

jsch.setKnownHosts("/path/to/known_hosts");

This ensures the remote server’s key matches the key in the known_hosts file.

This configuration lets your Java application authenticate securely to an SSH server using a private key with a passphrase.

Maven Dependencies

<dependency>
    <groupId>com.jcraft</groupId>
    <artifactId>jsch</artifactId>
    <version>0.1.55</version>
</dependency>

Maven Central

How do I avoid thread safety issues using concurrent collections?

By I Wayan Saryada in Concurrency 0 Comment

When working with concurrent collections in Java, thread safety issues can be minimized or completely avoided by using the right tools and patterns provided by the Java concurrency library. Here are some guidelines for avoiding thread safety issues using concurrent collections:

1. Use Concurrent Collections

Java provides a range of thread-safe collections in the java.util.concurrent package. These collections provide built-in locking or non-blocking mechanisms to handle concurrent access safely.

Some commonly used concurrent collections include:

  • ConcurrentHashMap: A thread-safe alternative to HashMap. It minimizes contention by using segment-level locks (or CAS-based approaches in newer implementations).
  • ConcurrentLinkedQueue: A thread-safe non-blocking queue implementation.
  • CopyOnWriteArrayList: A thread-safe alternative to ArrayList. Suitable for scenarios with frequent reads and infrequent writes.
  • CopyOnWriteArraySet: A thread-safe variant of HashSet.
  • LinkedBlockingQueue: A bounded or unbounded thread-safe blocking queue.
  • PriorityBlockingQueue: A thread-safe alternative to PriorityQueue.

Example: ConcurrentHashMap

package org.kodejava.util.concurrent;

import java.util.concurrent.ConcurrentHashMap;

public class ConcurrentCollectionExample {
    public static void main(String[] args) {
        ConcurrentHashMap<Integer, String> map = new ConcurrentHashMap<>();
        map.put(1, "One");
        map.put(2, "Two");

        map.forEach((key, value) -> System.out.println(key + ": " + value));
    }
}

2. Understand the Collection’s Guarantees

Each concurrent collection has different thread safety guarantees:

  • Non-blocking vs blocking: Non-blocking collections like ConcurrentHashMap allow concurrent reads and writes without locking, while blocking collections like LinkedBlockingQueue block threads under certain conditions.
  • Consistency during iteration: Iterating over a ConcurrentHashMap may reflect updates made during the iteration, whereas CopyOnWriteArrayList provides a snapshot of the collection at the time of iteration.

Pick the appropriate collection based on your requirements.

3. Avoid External Synchronization

Avoid wrapping concurrent collections with synchronized blocks or manually synchronizing around them. Their thread-safety mechanisms are carefully designed, and external synchronization can lead to:

  • Performance bottlenecks.
  • Deadlocks.

Instead, rely on provided atomic operations like putIfAbsent, replace, compute, or merge.

Example: Avoid manual locking

// Bad practice: External synchronization
Map<Integer, String> map = new ConcurrentHashMap<>();
synchronized (map) {
   map.put(1, "One");
}

// Better: Let ConcurrentHashMap handle thread safety
map.put(1, "One");

4. Use Atomic Methods for Compound Actions

Use atomic methods on concurrent collections for compound actions to avoid race conditions. These operations combine checks and updates into a single atomic operation.

Example: putIfAbsent

ConcurrentHashMap<Integer, String> map = new ConcurrentHashMap<>();
map.putIfAbsent(1, "One");

Example: compute and merge

// Using compute
map.compute(1, (key, value) -> (value == null) ? "One" : value + "-Updated");

// Using merge
map.merge(1, "Value", (oldValue, newValue) -> oldValue + "," + newValue);

5. Minimize Lock Contention

  • Collections like ConcurrentHashMap use techniques such as striped locks or non-blocking CAS operations to minimize lock contention.
  • For extremely high-concurrency cases, you may use LongAdder or LongAccumulator to handle summations without contention, as these are designed for heavy-write scenarios.

6. Choose the Right Collection for Blocking Scenarios

When you need blocking behavior in concurrent programming, prefer blocking queues or deque implementations such as ArrayBlockingQueue, LinkedBlockingQueue, or LinkedBlockingDeque.

Example: Producer-Consumer using LinkedBlockingQueue

package org.kodejava.util.concurrent;

import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;

public class ProducerConsumerExample {
    public static void main(String[] args) {
        BlockingQueue<Integer> queue = new LinkedBlockingQueue<>();

        Thread producer = new Thread(() -> {
            try {
                for (int i = 0; i < 10; i++) {
                    queue.put(i); // Blocks if the queue is full.
                    System.out.println("Produced: " + i);
                }
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
        });

        Thread consumer = new Thread(() -> {
            try {
                while (true) {
                    int value = queue.take(); // Blocks if the queue is empty.
                    System.out.println("Consumed: " + value);
                }
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
        });

        producer.start();
        consumer.start();
    }
}

7. Avoid Using Non-Thread-Safe Collections in Multi-Threaded Scenarios

Avoid using standard collections like HashMap or ArrayList in multithreaded environments unless explicitly synchronized. Instead, use the concurrent alternatives.

8. Consider Higher-Level Constructs

For more complex concurrent programming, Java provides higher-level frameworks and tools:

  • Executor framework: Manages thread pools for efficient task execution.
  • ForkJoinPool: Efficient parallel task execution.
  • java.util.concurrent.locks: Fine-grained lock management.

Combining concurrent collections with these tools can help avoid thread safety issues altogether.

By following these practices and using the right tools provided by the java.util.concurrent package, you can safely work with collections in multithreaded environments while minimizing performance overhead.