If you found the contents in this blog useful, then please make a donation to keep this blog running. You can make donations via Skrill with email address

Tuesday, April 26, 2016

Spring Security 4.1.0 Features implemented by Me

Recently I got the chance to contribute to an open source project which I have been using for a really long time. Spring Security is one of the de-facto projects when it comes to protecting Web Applications as well as some Standalone applications.

It provides many features with regards to Authentication and Authorization out of the box and it is highly customizable and extendable to work with any third party, proprietary Security implementations (SSO, OAuth, Openid etc).

I took the dive in by forking the Spring security project available at github and went through the issues and found issues that are interesting to me and sent pull requests. I must thank Rob Winch who is the Spring security Project Lead who instructed me on how things need to work.

Before I knew it I have submitted 4 pull requests which have been merged with of course minor changes based on Project Lead's review. The Spring Security version 4.1.0.RC2 is now available to use if you are using the Milestone repository of the Spring project. Which means the features I implemented are almost available to the rest of the world.

Well I took that opportunity to write about the features I implemented which are also documented in the Spring Security reference guide. Following are the features I partially/fully contributed to Spring Security.


Spring Security ships alot of Password encoders such as MD5, SHA which the developers can use to encode the password before storing in the database. This gives added security in case of Security breaches because all the hackers will be getting is an hash not a clear text password.

Scrypt is a similar encoding algorithm and I implemented the PasswordEncoder implementation using the Bouncy Castle library to be used in Spring Security.


AuthenticaionSuccessHandlers give the ability to extend the capabilities of the Spring Security to allow the developers to do a task after a successful login by a user. This can be auditing, etc. In order to forward to a URL after the successful authentication the user had to write custom implementation of AuthenticationSuccessHandler. Well not any more.


AuthenticaionFailureHandlers give the ability to extend the capabilities of the Spring Security to allow the developers to do a task after a failed login by a user. This can be auditing, locking out etc. In order to forward to a URL after the failed authentication the user had to write custom implementation of AuthenticationFailureHandler. Well not any more.


Since creating and initializing ForwardAuthenticationSuccessHandler can be cumbersome at times. The lead wanted a convenient method to set successForwardUrl in a fluid API way. Now the same thing can be accomplished using XML as well using authentication-success-forward-url under form-login XML tag.


Since creating and initializing ForwardAuthenticationFailureHandler can be cumbersome at times. The lead wanted a convenient method to set failureForwardUrl in a fluid API way. Now the same thing can be accomplished using XML as well using authentication-failure-forward-url under form-login XML tag.


LogoutSuccessHandlers are an extension in Spring Security where an action can be performed based on Success of the logout. For this there can be different use cases for example. If a request came from a web browser the logout may redirect to a web page after logout. But if the request came from within an AJAX can there seems to be no point of redirecting to page but better to return a status code alone. This implementation takes care of that in a configurable way. A request matcher and logout success handler is mapped based on the request criteria.

The complete source codes for the examples is available at and following image shows the example in action.

Sunday, March 13, 2016

Home Security using Raspberry Pi + Web Cam + PIR Sensor and Telegram Bot

I saw a post in which was about using Telegram API to control LEDs attached to a Raspberry Pi. Telegram is a messaging service similar to Watsapp but it allows a unique bot API to support its non human machine to machine communication. 

Because of this feature it is hacker friendly because the possibilities are only limited by imagination. I had a PIR sensor and a USB web camera lying around and thought it would be cool to put together something related to Telegram bot API using those.

In Sri Lanka CCTV cameras selling like hot cake and office and home security surveillance has become a high priority in the last couple of years. Because of this I thought it would be cool to put a Home security service for me using the aforementioned components. 

Thus came up with the following schematic.

And attached the USB camera to the Raspberry Pi's USB port. 

Finally a little bit of coding 

After installing all important Telegram messenger and creating a bot by going through the Documentation of Telegram, finally I managed to get the whole thing working together. You can see the application in action in the following video.

  1. Telegram on Raspberry Pi
  2. Raspberry Pi + PIR
  3. Telegram Bot Python Library
  4. Telegram Bots Introduction
  5. Standard Web Cam usage in Raspberry Pi

Thursday, March 3, 2016

Temperature and Humidity Measuring using Arduino + DHT Sensor

Oven, the somewhat correct word which can be used explain Sri Lankan climate at the moment. It becomes so hot during the day and somewhat similar in the nights. Sleeping is impossible without taking a shower. Ideal time to do a project to measure the Humidity and Temperature.

Had the DHT sensor and a 8x2 LCD (GDM0802A) lying around in my electronics collection and thought to put up a small project. 

Unfortunately the LCD didn't have pins so I had to do a bit of soldering. To be honest not the most experienced man when it comes to soldering, so was a bit worried to get started and going. But anyway went on with it and finally managed to do a pretty decent job with the hot iron and it came out well enough to work.

And managed to get the following schematic in place for the project. 

And a bit of Arduino coding to get the sketch done. 

Finally the whole project in working mode.

And video of humidity changing when a cold water bottle is placed near.

  1. DHT Library -
  2. GDM0802A Datasheet -

Thursday, February 25, 2016

Asynchronous Streaming Request Processing in Spring MVC 4.2 + Spring Boot

With the release of Spring 4.2 version, Three new classes have been introduced to handle Requests Asynchronously of the Servlet Thread. Which are;
  1. ResponseBodyEmitter
  2. SseEmitter
  3. StreamingResponseBody
ResponseBodyEmitter enables to send DeferredResult with a compatible HttpMessageConverter. Results can be emitted from threads which are not necessarily the Servlet Request Thread of the Servlet Container.

SseEmitter is used to send Server Sent Events to the Client. Server Sent Events has a fixed format and the response type for the result will be text/event-stream.

StreamingResponseBody is used to send raw unformatted data such as bytes to the client asynchronously of the Servlet Thread.

ResponseBodyEmitter and SseEmitter has a method named complete to mark its completion and StreamingResponseBody will complete when there is no more data to send. 

All three options will be keeping alive a connection to the endpoint until the end of the request.

StreamingResponseBody is particularly useful for streaming large files such as Media Files as writing of the bytes to the Response's OutputStream will be done asynchronously. StreamingResponseBody has a writeTo(OutputStream os) call back method which needs to be overridden inorder to support streaming.

I wrote a small Spring Boot Application to showcase the StreamingResponseBody capabilities in terms of Streaming large files. The application source code can be found at Below is a screen shot of the application.

In order to send the Video files streaming to the Projekktor player in the web page following code snippet is used.

And a Custom Web Configuration to over ride default timeout behavior to no timeout and finally configuring an AsyncTaskExecutor


Tuesday, February 16, 2016

The New Buzz Word in Information Technology Space - Microservices

Microservices, a word which is buzzing around information technology space almost everyday. What is this means? How did we get here?

Well to start off we need to go back to good old days to see how enterprise applications were developed. Most of the application developed at that time where Monolithic. Monolithic applications are collection of functionalities grouped together which will eventually be compiled and packaged into one single application. In Java terms a Jar/War/Ear. In a monolithic application if an application had a Web Tier, User Registration and Account Registration functionalities. All these will be packaged and deployed as a single unit. Let's see the pros and cons of this approach.

Pros of Monolithic Applications

  1. Easy steps to build (can be automated).
  2. Ease of monitoring.
  3. Centralized code repository.
  4. Code is monoglot.
Cons of Monolithic Applications
  1. As the Application becomes complex and large building can take significantly more time.
  2. During deployment of newer versions there are down times for the application.
  3. Less Flexible for change.
  4. Difficulty in scaling out. 
These cons are blockers for High Availability/Low Latency, Rapidly Evolving applications. In order to address these Software Architects tried Modular/Component programming where each functionality is developed as a separate module/component. This in fact managed to reduce the build time drastically. But the applications were still monoliths. Deploying a newer version of a module/component meant that the whole application had to stop and restarted as they are run in one process.

Enter Microservices, According to Martin Fowler microservices means;

The term "Microservice Architecture" has sprung up over the last few years to describe a particular way of designing software applications as suites of independently deployable services. While there is no precise definition of this architectural style, there are certain common characteristics around organization around business capability, automated deployment, intelligence in the endpoints, and decentralized control of languages and data.

His illustrations clearly distinguishes a Monolithic application from a Microservices architecture.

Figure 1

Having a Microservices based architecture means that your applications can;
  • Evolve rapidly and independently.
  • Deploy and test a service easily.
  • Scale out or in for demand.
  • Be polyglot (Each Microservice can be developed using separate Programming Language/Database).
  • Be developed by Small, Independent, Easy to Manage Teams
Lets have a look at Hypothetical Microservices Application. The company MS have business cases for User Registration and Account Registration. User registration has sub use cases (Persisting User, Sending Email Account Verification, Verifying Email Account) of their own which are complex and time consuming but must be flexible for change. Account Registration means maintaining the financial aspect of the User. Furthermore there is a REST API web tier open to users and partners. The following microservices architecture can be used to implement MS company application.

For implementation we can use Spring Boot as it allows to create both Web Container based as well as Stand Alone Production Ready applications using minimal coding. There are more alternatives if you are not a fan of Spring at

When Rabbit MQ is installed successfully, this microservices based application is ready to run. The applications are so independent there is no order to start the microservices. Just running the Main methods of all three projects would spin up the required service.

When a Create New User request is sent to the Web REST API it is enqueued in ms-user queue which will be dequeued and processed by User Registration microservice, which after finishing processing will enqueue another message in ms-account queue. Those messages will be handled by the Account Registration microservice. 

Request to REST API

Message Dequeued from Rabbit MQ queue ms-user

Message Dequeued from Rabbit MQ queue ms-account

All the microservices run on their own process and can be modified, scaled out and/or in transparently. The implementation source code can be found at


Tuesday, January 19, 2016

RxJava and Spring Boot

It has been a really long time (more than six months) since I wrote my last blog post. Life was a bit busy with coming down from Malaysia and finding a new job in Sri Lanka and settling down. It doesn't mean I was not working with new technologies. Got the chance to work with alot of new technologies and frameworks.

Ok having said that while going through the usual weekly dose of InfoQ videos I was bumped on Simon BaslĂ© and Laurent Doguin's talk on Introducing RxJava into a Spring Boot REST API. 

I have blogged about Reactive programming previously in this post. Which is all about writing non blocking, concurrent, functional code. Two main aspects of Reactive manifesto is;

  1. Reactive Streams (Observable in RxJava)
  2. Reactive Extensions (Observer/Subscriber in RxJava)

But this time I wanted to go beyond and learn the cores of Reactive Programming. I build a small application which has a Service which returns an Observable (Non blocking) which can be used to asynchronously perform many tasks such filter, zip, map etc.

This Service can be used in many ways to produces many results as we need and I have used findAll() method in findByName() method to filter records which are only matching the given name. Likewise this gives many more options.

And in the Controller this Service can be used to retrieve the data we want and finally collect those as a List or any other way and pass it back.

Spring a return type named DeferredResult which will send a response asynchronously when it is finished processing. Either by returning a DeferredResult from the controller method or by writing a custom ReturnValueHandler for Observable we can send asynchronous results.

The complete source code can be found at and I strongly advice to go through the presentation in the references section.


  1. Introducing RxJava into a Spring Boot REST API -
  2. Introduction to Reactive Programming -

Wednesday, April 1, 2015

Simple Twitter Sentiment Notification System with ESP8266 Wifi + Arduino

I am a huge fan of Cricket and die hard supporter of Sri Lankan Cricket Team. The World Cup was concluded recently with Australia emerging as champions. New Zealand were runner up and had a great tournament even though they lost the final. With cricket comes a lot of social media interaction. Trolls, Complements, Griefs, Celebrations, you name it all happens in social media platforms. 

Out of this twitter stands out because in twitter you can directly interact with players involved and large audience of cricket followers. I wanted to know how twitter users are feeling and talking about cricket matches during the world cup so I developed a small, simple twitter sentiment notification system with Arduino and a recently bought ESP8266 Wifi.


The requirement was to just illuminate a red or green light (out, not out in cricket :) ) based on the sentiment score of a particular tweet instead of reading the whole tweet. The idea was to keep everything as simple as possible because this is just a small project with limited usage.

Implementation Decision

For this I used Spring XD which is built for Extreme Data Processing by creating an engine to source , transform and sink from multiple data points. Furthermore I used a Redis list act as the sink from Spring XD and source for the arduino via ESP8266 over wifi. 

The sentiment analysis is done by a custom written Processor module for Spring XD which just does negative word count and determines whether the tweet is negative or positive, simple but works for this simple project.

A small java TCP server act as the intermediate between arduino via ESP8266 over wifi and Redis





The source codes are available at

Spring XD 1.1.0 was used with Redis 2.8.7, for this to work Spring XD must be started in Single Node mode with the following command


Redis server must be started with the following command


A shell must be opened to Spring XD to execute commands


in the shell following commands must be executed

This registers the custom sentiment processor module in Spring XD 

module upload --file /Path/To/sent-processor-0.0.1-SNAPSHOT.jar --name sent-processor --type processor

This creates the stream which sources tweets from twitter, analysis and calculates their sentiment score and sinks in redis. twittersearch --query could be anything you want to search. In this case I have added spring to focus on the word spring.

stream create --name tweetsentiments --definition "twittersearch --query=Spring --consumerKey= --consumerSecret= | sent-processor | redis --queue=sentiments" --deploy

Finally the TCP server must be started and arduino sketch ESPWifi must be loaded into arduino.

java -cp jedis-2.6.2.jar:./ Server