JASIG CAS how to diagnose/monitor performance problems - cas

Users have been complaining about 30s+ delays in CAS authentication and our weblogs seem to support this.
I suspect it is one of our AuthenticationHandlers but I can't see an easy way to test this.
Any "out of the box" performance logging/warning I can turn on?
I was wondering about creating an AuthenitcationHandlerProxy class that would about slow checks but seems very heavy weight. I guess I could do a similar thing with AOP.
We are using JASIG CAS 4.0.7 with JDK 1.8 on RHEL 6.
Any suggestions?

You have statistics, status and audit logs in CAS. Check out: https://apereo.github.io/cas/4.0.x/installation/Monitoring-Statistics.html and https://apereo.github.io/cas/4.0.x/installation/Logging.html. You should be able to configure what you need with perf4j.

Related

Update of Bluemix run times or services. Will they always be backward compatible?

I've been playing with IBM Bluemix (liking it a lot so far) and we are considering to use it for production. What I'm not totally clear on is what happens when runtime environments or services get updated. I assume this happens quite frequently.
Will the new version be always backward compatible? If so, is this guaranteed somewhere in the terms of service?
What I am trying to avoid is to put production code on the platform and then having to update it constantly (or having it break) due to runtime or service updates.
Does anyone have any experience? Have past updates always been backward compatible?
Mark
While I don't believe there is a guarantee that the buildpacks will always be backwards compatible, you will always be able to select the previous buildpack version.
Try running a 'cf buildpacks' command and have a look at the buildpack names and version info encoded therein and think you'll see what I mean.
When buildpacks are updated they won't be used for your application until you restage it, so you have some control over when to pick up the updates as well. This gives you a chance to test it on non-production versions of the app.

CouchBase WEB(AngularJS), Android(Native), IOS(Native)

I'm planning to build an application that runs on WEB(AngularJS), Android(Native), IOS(Native).
I have experience with MongoDB, but I found CouchBase which sounds really good for me.
I read documentation and I found out I need to use sync_gatway to sync my mobile databases with main database server and reverse, until now everything is fine.
I also need to use "channels" to share records with multiple users.
The problem comes when I need to implement this for web application.
In their documentation on "Working with web applications" they explain how "bucket shadowing" is working, but they also say:
Bucket shadowing is meant to enable sync for existing Couchbase Server
apps. If you are creating a new app with both mobile and web clients,
we recommend starting with the Sync Gateway REST APIs, and connecting
backend services using the Changes Worker Pattern.
After reading Sync Gateway REST API I found out I'm limited to facebook and persona authentication. So I can't use my own authentication mechanism?
Also, there is nothing specified in REST API about channels?
Is there any example project or more documentation about this? I couldn't find anything :(
If someone has experience with this, please explain how this works.
Thanks
There is also Custom (Indirect) Authentication available on Sync Gateway, which you can use for any type of auth you need.
But you have to hide Sync Gateway's Admin API under your backend layer.
As for the channels: it is responsibility of Sync Function to route different documents to necessary channels based on Document data.
Here is a good video that describes how to build production architecture around Couchbase Lite.
I'm probably late for the party - but as of today I'd recommend taking a look in the PouchDB project for the WEB AngularJS side - they match pretty well and will sync with Couchbase.
Regarding authentication, I just released an article on that topic, find it here. Hope this helps somebody

Implementing a scalable multiroom chat system

I've been looking into sockjs-tornado recently and am working on a chat function for a social networking site. I'm trying to get a feel for common methods used in building scalable multiroom chat functionality. I'll outline a couple of the methods I've thought of and I'd like to get feedback. What methods are used in the real world? What are the advantages and disadvantages to these methods?
Prereqs:
running tornado
using sockjs-tornado lib
sockjs-client lib for js
Everything else is open.
Methods I've considered:
For loop
This seems like the simplest way to go. You create a user class that subscribes to certain room classes. The user sends a message class that contains a room id and the server redirects the message in the loop only to users that have subscribed to that room. This seems to me to be by far the worst because the complexity is obviously at least linear. (Imagine 500 users connected at once to 5 chat rooms each.)
Multi-tasking/multiple server instances
This also seems like a bad idea because you could have 500 server instances running at any time on... different ports? I'm really not sure on the implementation of this method.
Native support
Now granted, a lot of libraries have this built in such as socketio. However that's not an option due to the sole node.js support. (I'm on tornado server.) Socks in particular does not have built in support for multiple "rooms".
Conclusion
I'm looking for resources/case studies, and industry standards. Any help would be appreciated.
I would just use a message queue server like RabbitMQ with a fanout exchange as each "chat room".
You can see an example of using a fanout exchange in Python here.
The Pika AMQP library works with Tornado, too.
The advantage with using a message queueing system is that you can have users connected to different Tornado processes on different servers while still being in the same "room", giving you high availability on the HTTP layer.
RabbitMQ also has HA capabilities (although not the greatest).

Java SE binary crash

I have a Java swing application that subscribes to a lot of data and displays this data in various ways. Under heavy load I have come to encounter that the JRE simply stops working with message "Java(TM) Platform SE binary has stopped working". This obviously shuts down my application and I need to restart it. I have tried to google for ways to troubleshoot this issue as I do not get a stacktrace in my code or anything that I can work with but I have found very little useful information beyond upgrading/re-installing the JRE and running virus scans. I have done both of these measures and rebooted the server but the problem still persists. I have tried to monitor the process with Java VisualVM (see dump below) but I am no expert on this tool and may not know what to look for. The observation that I have made is that the 'crashes' appear to coincide with Garbage Collections.
The issue is quite easy to reproduce and occurs after about 10 minutes of running the application. I do not run the application with any specific jvm parameters. The Java version is 1.6.0_31 (was _25 before upgrade) and I run on Windows 7 64-bit.
In the pic below from VisualVM the Java binary has just stopped working which appears to coincide with the GC-run.
Any help or ideas so that I can troubleshoot or remedy the problem is greatly appreciated. Thanks.
Three things to check:
If you've implemented the finalize() method anywhere, make sure it doesn't directly or indirectly lock any objects; this can cause a catatrophic deadlock correlated with GC.
If you've got native code, any number of weird things can happen if the code is not using global references correctly, including deadlocks and weird memory corruption, which would again correlate with GC activity.
Finally, GC might just be "stirring the pot" and exposing vanilla deadlocks which exist otherwise in the application; check your synchronization protocols.
Garbage collection pauses the VM's application threads while it happens, which might be exposing a race condition somewhere.

How would I get started writing my own firewall?

There is previous little on the google on this subject other than people asking this very same question.
How would I get started writing my own firewall?
I'm looking to write one for the windows platform but I would also be interested in this information for other operating systems too.
­­­­­­­­­­­­­­­­­­
For Windows 2000/XP there is an article with examples on CodeProject Developing Firewalls for Windows 2000/XPFor Vista I think you will need to use Windows Filtering Platform
This question is alarmingly similar to those asking how to write an encryption algorithm. The answers to both should end in gentle reminders about industry standard solutions that already:
embody years of experience and constant improvement,
are probably far more secure than any home-grown solution, and
account for ancillary requirements, such as efficiency.
A firewall must inspect every packet efficiently and accurately, and it therefore runs within the OS kernel or network stacks. Errors or inefficiencies jeopardize the security and performance of the entire machine and those downstream.
Building your own low-level firewall is an excellent exercise that will provide an education across many technologies. But for any real application, it's much safer and smarter to build a shell around the existing firewall API. Under Windows, the netsh command will do this; Linux uses netfilter and iptables. Googling any of these will point you to lots of theory, examples, and other helpful information.
So, to get started, I'd brush up on TCP/IP (specifically, the header information: ports and protocols), then learn about the various types of attacks and how to detect them. Learn about each operating system of interest and how it interacts with the network stacks. Finally, think about administration and logging: how will you configure your firewall and trace packets through it to ensure it's doing what you want it to do?
Good luck!
The usual approach is to use API hooking. Google can teach you that. Just hook all important networking stuff, like connect's and listens's, and refuse what you want.