Plug your own programming language and get syntax highlighted on Notepad++

Lets try to understand how to plug the new programming language. I'm selecting the "Panini" as my new programming language. First we try to understand how to plug the new syntax to Notepad++. This is very easy task but its very useful for the users who is going to develop software by using this language.

1. Notepad++ expose the grate feature to define your own language. Go to Notepad++ and follow the direction.
Language->Define your Language





Here you can define the language as you wish. But most convenient way is import the language settings from out side xml file. why I'm saying that people who are new to the language they don't know how to configure this by them selves but think about this if some one can provide the configuration file then they can import it in simply.

So then I'm going to discuss the second method.

2. First you have to define the userDefineLanguage.xml file with your new syntax as follows.
[code language="xml"]
<?xml version="1.0" encoding="Windows-1252" ?>
<NotepadPlus>
<UserLang name="Panini" ext="java">
<Settings>
<Global caseIgnored="no" />
<TreatAsSymbol comment="no" commentLine="no"/>
<Prefix words1="no" words2="no" words3="yes" words4="yes"/>
</Settings>
<KeywordLists>
<Keywords name="Folder+">{</Keywords>
<Keywords name="Folder-">}</Keywords>
<Keywords name="Operators">- ( ) * , . / : ? @ [ ] + =</Keywords>
<Keywords name="Comment">//</Keywords>
<Keywords name="Words1"></Keywords>
<Keywords name="Words2"></Keywords>
<Keywords name="Words3">instanceof assert if else switch case default break goto return for while do continue new throw throws try catch finally this super extends implements import true false null</Keywords>
<Keywords name="Words4">capsule design package transient strictfp void char short int long double float const static volatile byte boolean class interface native private protected public final abstract synchronized enum</Keywords>
</KeywordLists>
<Styles>
<WordsStyle name="DEFAULT" styleID="11" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="9" />
<WordsStyle name="FOLDEROPEN" styleID="12" fgColor="808040" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="14" keywordClass="Folder+"/>
<WordsStyle name="FOLDERCLOSE" styleID="13" fgColor="808040" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="14" keywordClass="Folder-" />
<WordsStyle name="KEYWORD3" styleID="7" fgColor="0000FF" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" keywordClass="Words3"/>
<WordsStyle name="KEYWORD4" styleID="8" fgColor="8000FF" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" keywordClass="Words4"/>/>
<WordsStyle name="COMMENT" styleID="1" fgColor="008000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" keywordClass="Comment"/>
<WordsStyle name="COMMENT LINE" styleID="2" fgColor="008000" bgColor="FFFFFF" fontName="Comic Sans MS" fontStyle="0" fontSize="" keywordClass="Comment"/>
<WordsStyle name="NUMBER" styleID="4" fgColor="FF0000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" />
<WordsStyle name="OPERATOR" styleID="10" fgColor="804000" bgColor="FFFFFF" fontName="" fontStyle="1" fontSize="" />
</Styles>
</UserLang>
</NotepadPlus>

[/code]

In above xml structure there is Keyword list as well as Styles as it is you can define the new keyword and colors. Once you complete your keywords you can import the file and restart the Notepad++ then you can see "Panini" Language is available in the language list as follows.



3. Create new file and select "Panini" as the language. then feel the "Panini" syntax highlighting feature.

Volatile Vs Static in JAVA

Static Variable: If two Threads(suppose Thread 1 and Thread 2) are accessing the same object and updating a variable which is declared as static then it means Thread 1 and Thread 2 can make their own local copy of the same object(including static variables) in their respective cache, so updating by Thread 1 to the static variable in its local cache wont reflect in the static variable for Thread 2 cache . Static variables are used in the Object Context where updating by one object would reflect in all the other objects of the same class but not in the Thread context where updating of one thread to the static variable will reflect the changes immediately to all the threads (in their local cache).

Volatile variable: If two Threads(suppose Thread 1 and Thread 2) are accessing the same object and updating a variable which is declared as volatile then it means Thread 1 and Thread 2 can make their own local cache of the Object except the variable which is declared as a volatile . So the volatile variable will have only one main copy which will be updated by different threads and updating by one thread to the volatile variable will immediately reflect to the other Thread. So the volatile variable is used in the Thread context.

for further understanding refer the following image.

I will handle the concurrency for you - from Panini

Hi all I was talking about the concurrency programming in java with my earlier blog post. Those are very simple examples but if you go to real world software development the concurrency handling will be mess for the developers with their business logic. So if some one can handle the concurrency implicitly then it would be grate for the developers then they do not want to consider the concurrent problems rather mainly focus on their business logic.

Think about there is a software development requirement of "manage the memory but not required to do it manually" so then you can use JAVA to do this because you don't want to handle the memory by manually, JAVA will take care of it.

As it is if you have requirement of "handle the concurrent connections but not required to do it by manually" then you can use capsules-oriented programming provided by Panini

lets talk about little bit of Panini program.
Panini is a new programming style designed to address the challenges of concurrent programming. Main goal is to enable non-concurrency experts to write correct and efficient concurrent programs.

How to set up the Panini to your command line
1. Download panini distribution from here then extract to any place in your computer
2. Set the $Panini/bin folder to the path variable in you Windows computer.
3. Then go to command line and check whether Panini is set to the command line by type "panc"

4. Now create the Simple Panini HelloWorld example as follows and save it as paniniHelloWorld.java
[code language="java"]
capsule HelloWorld {
void run(){
System.out.println("Panini: Hello World!");
long time = System.currentTimeMillis();
System.out.println("Time is now: " + time);
}
}
[/code]
5. Compile the Panini program


6. Run the program


You can follow the complex examples given by Panini and feel the difference with implicit concurrent behavior then Feel free to make the feed back about Panini :).

Synchronization and Concurrent programming in Java

Lets look at simple example to understand the concurrency.
Think about you are going to implement the software like stock controlling. Multiple users access the same value at same time that means different threads access the same value and doing some modification on it. if we don't handle the concurrent access correctly then we cannot guaranty visibility of the modification of values to one thread to the other, so will look at how to handle it correctly.

1. I have Stock class that is created only one instance and do the incCount() operation in different threads as follows
[code language="java"]
public class Stock {

private static int count = 0;

public synchronized void incCount() {
System.out.println("Thread name" + Thread.currentThread().getName());
System.out.println("Befor :"+count);
count = count+1;
System.out.println("After :"+count);
}

}

public class StockThread implements Runnable{
//This Stock variable is initializing only the first time
private static final Stock stock = new Stock();

public static void main(String[] args) {
//Here we create the three threads and run at the same time
Thread a = new Thread(new StockThread()," first");
Thread b = new Thread(new StockThread()," second");
Thread c = new Thread(new StockThread()," third");
c.start();
a.start();
b.start();
}

@Override
public void run() {

for(int i=0;i<500;i++){
//increase the count buy using shared Stock
stock.incCount();

}
}
}
[/code]

2. Now if you have multiple instances of the Stock.class and doing the operation incCount() in different threads then above code is not thread safe. so you have to change the code as follows.

[code language="java"]
public class Stock {

private static int count = 0;

public static synchronized void incCount() {
System.out.println("Thread name" + Thread.currentThread().getName());
System.out.println("Befor :"+count);
count = count+1;
System.out.println("After :"+count);
}

}

public class StockThread implements Runnable{

public static void main(String[] args) {
//Here we create the three threads and run at the same time
Thread a = new Thread(new StockThread()," first");
Thread b = new Thread(new StockThread()," second");
Thread c = new Thread(new StockThread()," third");
c.start();
a.start();
b.start();
}

@Override
public void run() {
//multiple Objects
Stock stock = new Stock();
for(int i=0;i<500;i++){
//increase the count buy using shared Stock
stock.incCount();

}
}
}
[/code]

Ok now let me explain the scenario in the example 1,
we used "synchronized" keyword to the local method so that means if you access this method by using same Stock instance with different threads code is in thread safe because its lock the synchronized method with object reference.

So If you run the same method at same time through the different threads by using same Stock object then all operations are going perfectly one after one.

But you access the same method at same time through the different threads by using different Stock objects then your code is not in thread safe.

In the second scenario I have used the "static synchronized" for the operation incCount() then what happens the synchronized method take the lock as Class. So if you came with different object no matter it will smoothly going one after one.

The same goal can achieve with the following code block as well.

[code language="java"]
public class Stock {

private static int count = 0;

public void incCount() {
synchronized(Stock.class){
System.out.println("Thread name" + Thread.currentThread().getName());
System.out.println("Befor :"+count);
count = count+1;
System.out.println("After :"+count);
}
}

}

public class StockThread implements Runnable{

public static void main(String[] args) {
//Here we create the three threads and run at the same time
Thread a = new Thread(new StockThread()," first");
Thread b = new Thread(new StockThread()," second");
Thread c = new Thread(new StockThread()," third");
c.start();
a.start();
b.start();
}

@Override
public void run() {
//multiple Objects
Stock stock = new Stock();
for(int i=0;i<500;i++){
//increase the count buy using shared Stock
stock.incCount();

}
}
}
[/code]

WSO2 ESB talk to WSO2 Identity Server and get the authentication decision to invoke the proxy service

This is very good and simple example. let me explain the exact requirement.

If we need to secure the proxy service with UT (Username Token) in WSO2 ESB but all users and roles are maintained in the WSO2 Identity Server so when the users are going to invoke this service it should talk to WSO2 IS and get authenticated. In order to do this we have to implement Password Callback handler as follows.You can checkout total source here

[code language="java"]
package org.wso2.is.callback;


import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.axis2.transport.http.HttpTransportProperties;
import org.apache.ws.security.WSPasswordCallback;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.um.ws.api.WSUserStoreManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;


public class ISCallBackHandler implements CallbackHandler {
private static final Log log = LogFactory.getLog(ISCallBackHandler.class);
private String serverUrl = "https://localhost:9443/services/";

private AuthenticationAdminStub authstub = null;
private ConfigurationContext ctx;
private String authCookie = null;
private WSUserStoreManager remoteUserStoreManager = null;
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
try {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback passwordCallback = (WSPasswordCallback) callbacks[i];
String username = passwordCallback.getIdentifer();
String receivedPasswd = passwordCallback.getPassword();

ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
String authEPR = serverUrl + "AuthenticationAdmin";
authstub = new AuthenticationAdminStub(ctx, authEPR);
ServiceClient client = authstub._getServiceClient();
Options options = client.getOptions();
HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
authenticator.setUsername("admin");
authenticator.setPassword("admin");
authenticator.setPreemptiveAuthentication(true);
options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);
client.setOptions(options);

boolean status = authstub.login(username,receivedPasswd,"localhost");
if(status){
//Login Successful
} else{
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}

}
}

}catch (UnsupportedCallbackException e){
if(log.isDebugEnabled()){
log.debug(e.getMessage(), e); //logging invlaid passwords and attempts
throw e;
}
throw e;
} catch (Exception e){
log.error(e.getMessage(), e);
//can't build an unsupported exception.
throw new UnsupportedCallbackException(null, e.getMessage());
}

}
}

[/code]

1. First of all you have to build the above project and place the created jar file in to $ESB_HOME/repository/components/lib
2. Create the proxy service as follows and secured by UT








2. Now you have to engage the created Password Call back handler. This is simply do with the policy configuration.
Go to policy configuration and insert the following line into the rampart configuration as follows.
"org.wso2.is.callback.ISCallBackHandler"









3. Now you can invoke the service with username and password which is located in WSO2 Identity server.
(If you are going to run ESB and IS on same machine please consider the port offset as well as change the call back handler server url)

SCIM Bulk Endpoint Operations in WSO2 Identity Server

SCIM - (System for Cross-Domain Identity Management)
WSO2 Identity server has exposed the three major endpoints for SCIM operation as follows.
/Users , /Groups, /Bulk

Lets look at the SCIM Bulk operations supported by the Identity Server.
1. Create Users
Request -
[code language="java"]
curl -v -k --user admin:admin -H "Accept: application/json" -H "Content-type: application/json" -X POST -d "{\"failOnErrors\":2,\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"Operations\":[{\"data\":{\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"path\":\"/Users\",\"userName\":\"hasini\",\"method\":\"POST\",\"emails\":[{\"value\":\"hasini@gmail.com\"},{\"value\":\"hasinig@yahoo.com\"}],\"phoneNumbers\":[{\"value\":\"0772508354\"}],\"displayName\":\"Hasini\",\"externalId\":\"hasini@wso2.com\",\"password\":\"dummyPW1\",\"preferredLanguage\":\"Sinhala\",\"bulkId\":\"bulkIDUser1\"},\"path\":\"/Users\",\"method\":\"POST\",\"bulkId\":\"bulkIDUser1\"},{\"data\":{\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"path\":\"/Users\",\"userName\":\"dinuka\",\"method\":\"POST\",\"emails\":[{\"value\":\"dinuka.malalanayake@gmail.com\"},{\"value\":\"dinuka_malalanayake@yahoo.com\"}],\"phoneNumbers\":[{\"value\":\"0772508354\"}],\"displayName\":\"Dinuka\",\"externalId\":\"dinukam@wso2.com\",\"password\":\"myPassword\",\"preferredLanguage\":\"Sinhala\",\"bulkId\":\"bulkIDUser2\"},\"path\":\"/Users\",\"method\":\"POST\",\"bulkId\":\"bulkIDUser2\"}]}" https://localhost:9443/wso2/scim/Bulk
[/code]


Response -
[code language="java"]
{"schemas":["urn:scim:schemas:core:1.0"],"Operations":[{"status":{"code":"201"},"location":"https://localhost:9443/wso2/scim/Users/bcbc6fed-6519-4eeb-a1ff-9b643fdab1b5","method":"POST","bulkId":"bulkIDUser1"},{"status":{"code":"201"},"location":"https://localhost:9443/wso2/scim/Users/ce6cf606-c4de-4260-bfdf-a751161eeae0","method":"POST","bulkId":"bulkIDUser2"}]}
[/code]


2. Create Groups - Here you need to change the existing user IDs.
Request -
[code language="java"]
curl -v -k --user admin:admin -H "Accept: application/json" -H "Content-type: application/json" -X POST -d "{\"failOnErrors\":2,\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"Operations\":[{\"data\":{\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"path\":\"/Groups\",\"method\":\"POST\",\"displayName\":\"engineer\",\"externalId\":\"engineer\",\"members\":[{\"value\":\"b1b03cf2-470f-4a73-b517-ae4faed8e61b\"},{\"value\":\"8e2c7178-e5bf-4013-b526-1193e0611d9a\"}],\"bulkId\":\"bulkGroup1\"},\"path\":\"/Groups\",\"method\":\"POST\",\"bulkId\":\"bulkGroup1\"},{\"data\":{\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"path\":\"/Groups\",\"method\":\"POST\",\"displayName\":\"doctor\",\"externalId\":\"doctor\",\"members\":[{\"value\":\"8e2c7178-e5bf-4013-b526-1193e0611d9a\"},{\"value\":\"b1b03cf2-470f-4a73-b517-ae4faed8e61b\"}],\"bulkId\":\"bulkGroup2\"},\"path\":\"/Groups\",\"method\":\"POST\",\"bulkId\":\"bulkGroup2\"}]}" https://localhost:9443/wso2/scim/Bulk
[/code]


Response -
[code language="java"]
{"schemas":["urn:scim:schemas:core:1.0"],"Operations":[{"status":{"code":"201"},"location":"https://localhost:9443/wso2/scim/Groups/6f008b6c-e990-4f67-9048-0fbcb3b52d5c","method":"POST","bulkId":"bulkGroup1"},{"status":{"code":"201"},"location":"https://localhost:9443/wso2/scim/Groups/1b7c44a8-26b8-4e81-9961-26d90fe68ac5","method":"POST","bulkId":"bulkGroup2"}]}
[/code]


3. Delete Users
Request -
[code language="java"]
{"failOnErrors":2,"schemas":["urn:scim:schemas:core:1.0"],"Operations":[{"path":"/Users/6f3fc3ee-f39c-4d53-bc4d-649775313e29","method":"DELETE"},{"path":"/Users/b75bdb63-a36d-436d-8462-edd1db7e6b29","method":"DELETE"}]}
[/code]


Response -
[code language="java"]
{"schemas":["urn:scim:schemas:core:1.0"],"Operations":[{"status":{"code":"200"},"location":"/Users/bcbc6fed-6519-4eeb-a1ff-9b643fdab1b5","method":"DELETE"},{"status":{"code":"200"},"location":"/Users/ce6cf606-c4de-4260-bfdf-a751161eeae0","method":"DELETE"}]}
[/code]

Analyze java source with "Yasca" and detecting security vulnerabilities

Here I'm going to explain how to analyze the source code by using the "Yasca"

1. First of all you can checkout the Yasca from "https://svn.wso2.org/repos/wso2/people/prabath/yasca"

2. Check whether the php installed in your machine. if not you have to install it first
(In Linux you can do easily "sudo apt-get install php5")

3. Go to the "yasca" directory and write the the following command
"./yasca $Source_Directory_path" for more command refer this


4. Go to your desktop the you can see the folder call Yasca and all the generated reports are located there


This is very useful for detecting security vulnerabilities and other issues in program source code.