Saturday, December 26, 2015

Introduction to event stream processing

Today most of the businesses are actively monitoring data streams and application messages in order to detect business events or situations and take time-critical actions. Even though plans are made for businesses, events are the real drivers of the enterprise today because they represent changes in the state of the business.

Unfortunately, as it happened in case of data management in pre-database days, every usage area of business events today tends to build its custom infrastructure to filter, process, aggregate and propagate events.

Building efficient, scalable systems for monitoring and processing events has been a major research interest in recent years. As new technologies rise and existing ones are expanding the sources of relevant events is growing exponentially. A lot of technologies have been proposed, including Data stream management, complex event processing and asynchronous messaging. 

One can observe that all these systems share a common processing model but differ in query language features. Besides, some applications might have different requirements related to the consistency of the data which might translate in tradeoffs between insensitivity to event arrival order and system performance. It is clear that some applications require that events are processed in the order in which they arrive or were created, while others are more concerned with high throughput. If exposed to the user and handled in the system, user can specify the consistency requirements per query and the system would adjust itself at runtime to guarantee consistency and manage system resources.

Event stream processing use case

As an example let us consider a financial services company that actively monitors financial markets, individual trader activity and monitors financial markets. Having a desktop application, a trader can track a moving average of the value of an investment portfolio. From the business perspective it is required that the average is updated continuously as stock updates arrive and trades are confirmed. A second application running on the trading floor would extract events from live news feeds and correlates these events with market indicators to infer market sentiment, impacting automated stock trading programs. 

The query would filter patterns of events, correlated across time and data values. In order to bring value to the business, this application needs to provide the information as soon as possible, late events might result in a retraction. Meanwhile a third application might be running in the compliance office monitors trader activity and customer accounts, to watch for law violations, bad intentioned actions or institution guidelines. This queries might run until the end of the trading day or even until it finished processing all the events from that day. These applications carry out similar computations but differ significantly in their workload, requirements for consistency guarantees and response time.

The example illustrates that most real-world enterprise applications are complex in functionality and might incorporate different technologies that need to be integrated and are required to achieve high accuracy and consistency. In following posts I will write about a solution which can be used for building applications from the area of event stream processing. The solution is a platform developed by Microsoft and it is named StreamInsight.

Saturday, August 22, 2015

Setup CAS server tutorial


For setting up the CAS server the following must be installed:
I assume that you have knowledge of all these technologies and I will not go into many details about them.

Setup CAS server project

CAS uses Maven to build a deployable package which can be installed into a Java servlet container. In this tutorial we'll use Tomcat as a container.

Also CAS server makes use of Maven overlay which makes the setup very easy and provides default configurations and flows which can be easily updated to your needs.

To make things faster I will provide below the pom.xml which contains only the dependency to the cas server webapp and the configured maven overlay build plugin. Importing the pom.xml as a maven project into an IDEs such as Intellij will generate an overlays folder which contains the defaults of CAS server, browsing through them will help you understand how it works. 

<project xmlns="" xmlns:xsi=""







Configuration of CAS server

You will need to copy into yourTomcatInstallationPath/conf/cas folder two configuration files, to be easier for you can take them from github and later change them to fit your needs.
  • contains CAS configuration which can be changed at runtime without the need to build the web application again. Of course after changing the configuration you will need to reload the application or restart tomcat.
  • log4j.xml contains the logging configuration for CAS server
It is very important to change in the configuration which points to the location of log4j.xml otherwise the server will not be deployed successfully.


You will need to create in your project a spring configuration xml file which will replace the one from the cas-webapp dependency at build time. The file name must be propertyFileConfigurer.xml and its location must be inside your project at:
The file contains the location of the CAS server configuration which will be picked at runtime, when deploying the webapp in Tomcat. The content is the following (just replace yourTomcatInstallationPath):

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns=""




    <context:property-placeholder location="file:yourTomcatInstallationPath/conf/cas/"/>


Build it and run it

  • Build the webapp using: mvn clean install
  • Copy the obtained cas.war file into yourTomcatInstallationPath/webapps
  • Start tomcat (startup.bat)
  • Visit http://localhost:8080/cas
You will see the default look of the CAS server together with a login form. To test it you can use the dummy username "casuser" and its password "Mellon".  
These are configured in next xml file overlays/org.jasig.cas.cas-server-webapp-4.0.2/WEB-INF/deployerConfigContext.xml in the primaryAuthenticationHandler bean. 

If you are not able to access the CAS server web application after you deployed the war file into tomcat checking the container logs or the CAS logs will probably help you to fix the issue. 

The end!

As you've seen I did not get into to much details and kept it short. I will try to make some posts on how to further configure the server to use some various authentication handlers or how to register cas clients. If you have any suggestions please leave a comment below. 

To better understand CAS I suggest that you also read the following article CAS - Central Authentication Service which contains an introduction into CAS and also a lot of useful resources to get you started. 

 Robert Rusu

Update: Even if at the time when I wrote this tutorial the CAS Server had version 4.0.2, the same steps can be applied, maybe small adjustments might be needed like using the latest configuration samples.

Wednesday, March 11, 2015

CAS - Central Authentication Service


This post will give you a brief overview of what is CAS - Central authentication service as a protocol and CAS solution which is an solution for web services implemented by JASIG - Java in Administration Special Interest Group.

Before you dive in, there are some things you need to know like:

  • What is multi-sign-on? We have multi-sign-on when we have multiple web applications, each having their own login form. Most probably for each of them you need to use different usernames and passwords
  • What is single-sign-on? We can describe this as being able to login only once in order to access multiple web applications. From my point of view the most obvious example is Google, one needs to login only once to access all Google services like Gmail, Google Drive, Google+ or Google analytics.

CAS - the protocol

CAS is a single-sign-on protocol which allows users to access multiple web services by providing only once their authentication credentials, usually their username and password.

The involved entities in such a protocol would be the CAS server, the registered to CAS web service and the client web browser. Obviously the CAS server would hold an CAS application instance. A registered service is a service which will become accessible by the user after he successfully logs in, a user would use a web browser to access the service.

One of the best way to get you started with understanding CAS protocol is to follow the sequence diagram which is available on JASIG's website at

CAS - the application

CAS, the application, developed by JASIG is an open source software that implements CAS protocol.

The application consists of a server component which is written in Java. CAS developers also used Spring Webflow and Spring MVC framework which in my opinion is a very good thing as it allows other developers to improve or customize CAS according to their needs easier by just being able to understand these common used frameworks.

CAS has libraries for different authentication methods like authenticating user against LDAP or database. Also its very easy to configure your own authentication handler, for example an authentication handler which calls an external service.

As the registered services must also implement the CAS protocol there are client implementations in different programming languages like Java, C#, PHP or Perl.

When is CAS useful and when its not useful?

CAS is useful when you want to allow users to access multiple web applications by requiring them to authenticate only once instead of multiple times. Obviously you cant have multiple users with same username, this means that you might want to have only one place in which you store usernames and passwords.

One of the most problematic issue which I've found in CAS is that it does not allow you to group registered services which are accessible by a user after authenticating in CAS. For example if I have four registered services, after an user with a certain role logs in he should be able to access only first two of the four services and a second user with other privileges should be able to access only the last two of the services. From the short research which I've done there is no support for this. A way to solve this is to have two CAS instances running or another would be to customize CAS to work with something similar to ACL - Access Control List.

Useful resources

Even if I am not an expert in developing applications which implement CAS protocol or use CAS application as a solution for single-sign-on I wanted to share what I know and I hope that this will help other developers to get them started with CAS. I will also try to create a blogpost in which to describe a step by step and from scratch CAS installation and configuration. 

You're feedback and comments are more than welcome!

Good luck!
Robert Rusu

Saturday, February 28, 2015

Book review: Thinking in Java - Fourth edition

To become a better programmer you should always look into reading new programming books, watch online tutorials or attend to related workshop. For Java programmers this book is one of the best and it provides detailed explanations and examples about the most important Java features.

I read this book once and later came back several times when I wanted to refresh my knowledge about a certain Java topic. As it has been such a useful learning resource for me I want to share it with you. To do so I composed a short and straight to the point book review.


Thinking in Java was written by Bruce Eckel who also wrote other popular books like: Thinking in C# and Thinking in C++. The book was revised and improved multiple times, as a result of this multiple editions were published. The last one, fourth edition, was published in 2006.

In my opinion you at least must have little to medium programming background and prior hands-on experience Java/C#/C++. Besides this even if you are an experienced Java developer, if you did not read this book yet I highly recommend to do so as you will find a lot of information which will certainly improve your skills.

Good things

  • The book is designed in such a manner that it helps you to learn fast starting with simple Java topics like Operators, Objects and Access Control to more advanced Java features like Annotations, Concurrency and Graphical User Interfaces.
  • This book contains a lot of examples and exercises. 
  • Interesting and relevant references are given when approaching a new topic.
  • Explanations are easy to understand.
  • Author mentions deprecated methods and why those should not be used anymore.
  • Covers common pitfalls.

Bad things

Final note

Reading a technical book is not enough, to get most value of your time you should run all code samples, modify them to crash or even think how to improve them. Besides this you should also solve all exercises from the book in order to clearly understand the approached topics. So what are you still waiting? Open the book, start your favorite IDE and start learning!

Feel free to add your opinion in a comment about this blog post or about this great book.

Robert Rusu