DEV Community: Sanjay Ghosh

Understanding Common Cybersecurity Attacks: A Practical Overview

Sanjay Ghosh — Tue, 14 Apr 2026 18:10:37 +0000

Modern applications are more powerful and interconnected than ever—but with that power comes increased exposure to security risks. Whether you're building a small backend service or a large distributed system, security is no longer optional.

Before diving into specific vulnerabilities, it’s important to understand why cybersecurity matters and how common attacks are structured.

Why Cybersecurity Matters in Modern Applications

🔐 Data Protection & Privacy

Modern applications handle large amounts of sensitive data—personally identifiable information (PII), financial records, and intellectual property. This makes them prime targets for attackers.

🏢 Maintaining Trust & Reputation

Users trust applications with their personal and financial data. A single breach can damage reputation, erode customer trust, and lead to significant financial loss.

⚖️ Regulatory Compliance

Organizations must comply with regulations such as GDPR and industry standards. Failing to do so can result in heavy fines and legal consequences.

⚙️ System Integrity & Availability

Security controls such as encryption and access management ensure that systems remain reliable, tamper-proof, and available—even under attack.

🚀 Defending Against Sophisticated Threats

As technologies like cloud computing and AI evolve, so do attack techniques—ransomware, phishing, and zero-day exploits are becoming more advanced.

🌐 Protecting Interconnected Systems

Modern systems rely heavily on APIs, microservices, and IoT devices. A vulnerability in one component can compromise the entire ecosystem.

The Role of OWASP (Open Worldwide Application Security Project)

Learn more: https://owasp.org/
When discussing application security, it’s hard to ignore OWASP.

OWASP is a nonprofit foundation that provides open-source resources, tools, and best practices to help developers build secure applications.

One of its most well-known contributions is the OWASP Top 10, which highlights the most critical web security risks.

OWASP Top 10 (2025)

Full list: https://owasp.org/Top10/2025/

A01: Broken Access Control
A02: Security Misconfiguration
A03: Software Supply Chain Failures
A04: Cryptographic Failures
A05: Injection
A06: Insecure Design
A07: Authentication Failures
A08: Software or Data Integrity Failures
A09: Security Logging and Alerting Failures
A10: Mishandling of Exceptional Conditions

These categories are widely used as a baseline for secure application design.

A Simple Classification of Cybersecurity Attacks

To make sense of the landscape, we can group common attacks into four practical categories:

Web Attacks
Authentication Attacks
Network Attacks
Human (Social Engineering) Attacks

Some threats span multiple areas, so we’ll also note a few cross-category cases.

🌐 Web Attacks (Application Layer)

These target application logic, APIs, and user input handling.

Injection Attacks (SQL, Command, LDAP)

→ Example: ' OR 1=1 -- login bypass
Cross-Site Scripting (XSS)

→ Injecting malicious JavaScript into web pages
Cross-Site Request Forgery (CSRF)

→ Forcing a logged-in user to perform unintended actions
Broken Access Control

→ Accessing unauthorized data (e.g., changing /user/123 to /user/124)
Security Misconfiguration

→ Default credentials, open ports, debug settings
Insecure Deserialization

→ Executing malicious code via manipulated serialized objects

🔑 Authentication Attacks

These focus on compromising login systems and user identities.

Brute Force / Dictionary Attacks
Session Hijacking / Fixation
Rainbow Table Attacks (password hash cracking technique)

🧠 Network Attacks

These target communication between systems.

Man-in-the-Middle (MITM)

→ Intercepting data in transit
Denial of Service (DoS / DDoS)
→ Overwhelming systems to make them unavailable

🧑‍💻 Human Attacks (Social Engineering)

These exploit human behavior rather than systems.

Phishing (Email, SMS, Voice)

→ Trick users into revealing sensitive data
💡 These are among the most successful real-world attacks.

🔄 Cross-Category / Special Cases

Some threats don’t fit neatly into one category:

Malware (virus, ransomware, spyware)
Zero-day exploits (attacks on unknown vulnerabilities) These can impact multiple layers—from applications to networks to users.

A Quick Example: How Vulnerabilities Start in Code

At this point, you might be wondering:
“These attacks sound serious—but how do they relate to the code we write every day?”

Let’s look at a simple backend example that illustrates how easily security vulnerabilities can be introduced.

This example focuses on password handling, but the same principle applies across all categories—small implementation choices can introduce major vulnerabilities.

Security vulnerabilities are often not caused by complex systems—but by small, overlooked decisions in everyday code.

❌ Insecure Approach: Plain Text Storage

String password = "admin123";
String stored = password; // storing plain text ❌

If a database is compromised, attackers immediately gain access to user passwords.

⚠️ Slightly Better: Hashing (But Still Weak)

MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] hash = md.digest(password.getBytes());

Hashing improves security, but it’s still vulnerable to precomputed attacks (like rainbow tables).

✅ Better Approach (Conceptual)

String saltedPassword = password + randomSalt;

Adding randomness makes attacks significantly harder.

We’ll explore why this matters in detail when we dive into authentication attacks in the next article.

Final Thoughts

Cybersecurity isn’t just about preventing attacks—it’s about building systems that are resilient by design.

As we’ve seen:

Attacks can target applications, networks, and even people
Many vulnerabilities originate from small design or coding decisions
Understanding attack patterns is the first step toward preventing them

What’s Next?
In the next article, we’ll take a deeper look at authentication attacks, including:

How attackers crack passwords
What rainbow table attacks are
Why techniques like salting are critical

Build a RAG Pipeline in Java (Text Vector LLM, No Paid APIs)

Sanjay Ghosh — Wed, 01 Apr 2026 23:23:34 +0000

Ever asked an LLM a question about your own data and received an incorrect or generic answer?

That’s because Large Language Models (LLMs) don’t know your private data.

In this article, we’ll build a complete Retrieval-Augmented Generation (RAG) pipeline using:

Java
PostgreSQL (with vector support)
Ollama (local LLM + embeddings)

👉 No OpenAI / No paid APIs
👉 Fully local
👉 Practical and production-relevant

🧠 What is RAG?

Retrieval-Augmented Generation (RAG) is an architecture that improves LLM responses by:

Retrieving relevant data from a knowledge source
Passing that data to the LLM
Generating an answer grounded in that context

In simple terms:

Instead of guessing, the model first looks up relevant information and then answers.

🔍 Why Do We Need RAG?

LLMs are powerful, but they have limitations:

❌ They don’t know your private/company data
❌ Their knowledge is static
❌ They can hallucinate

RAG solves this by combining:

Your data (database)
Smart retrieval (vector search)
LLM reasoning (generation)

📊 RAG Flow (This Project)

We will implement this pipeline:
Text → Embedding → Store in DB

Query → Embedding
↓
Vector Search (Top K)
↓
Pass to LLM
↓
Final Answer

⚙️ Prerequisites

1. Install PostgreSQL

Make sure PostgreSQL is installed and running.

2. Install Ollama (Local LLM)

sudo apt-get install zstd
curl -fsSL https://ollama.com/install.sh | sh

3. Pull Required Models

# LLM (for answer generation)
ollama pull llama3

# Embedding model
ollama pull nomic-embed-text

4. Verify Installation

ollama run llama3
If it responds, you’re ready.

🟢 Phase 1: Indexing (Store Data)

In this phase, we:

Convert text → vector (embedding)
Store it in PostgreSQL

Why Embeddings?

Embeddings convert text into numbers so we can measure similarity.
Example:
"OAuth authentication" → [0.12, -0.98, 0.45, ...]

Database Table

CREATE TABLE text_embeddings ( id SERIAL PRIMARY KEY, content TEXT, embedding VECTOR(768) );

Key Class: EmbeddingService.java

Calls Ollama
Converts text → vector

Snippet

ClassicHttpResponse response = (ClassicHttpResponse) Request.post("http://localhost:11434/api/embeddings")
                .bodyString(body.toString(), ContentType.APPLICATION_JSON)
                .execute()
                .returnResponse();

This returns a numerical vector representation of the input text, which we store in the database.

Key Class: StorageService.java

Stores text + embedding into PostgreSQL

PreparedStatement ps = conn.prepareStatement(
            "INSERT INTO text_embeddings (content, embedding) VALUES (?, ?::vector)"
        );

        ps.setString(1, text);
        ps.setString(2, vector);

        ps.executeUpdate();

Each piece of text is stored along with its vector representation.

🔵 Phase 2: Query (RAG Flow)

Step 1: User Query

"What is OAuth?"

Step 2: Convert Query → Embedding

Same process as storing text.

Step 3: Retrieve Relevant Data

SELECT content
FROM text_embeddings
ORDER BY embedding <-> ?::vector
LIMIT 3;
👉 This finds the most similar text chunks

Key Class: Retriever.java

This is the R (Retrieval) in RAG.

        PreparedStatement ps = conn.prepareStatement(
            """
            SELECT content
            FROM text_embeddings
            ORDER BY embedding <-> ?::vector
            LIMIT ?
            """
        );

        ps.setString(1, vector);
        ps.setInt(2, topK);

        ResultSet rs = ps.executeQuery();

Step 4: Generate Answer Using LLM

We pass retrieved data to the LLM:

Context:
OAuth 2.0 is an authorization framework...

Question:
What is OAuth?

👉 The LLM generates a clean answer.

Key Class: LLMService.java

This is the G (Generation) in RAG.
Passing Context to the LLM

        String prompt = """
                        Answer briefly in 2-3 sentences.

                        Context:
                        %s

                        Question:
                        %s
                        """.formatted(context, query);

We inject retrieved data into the prompt so the LLM generates grounded answers.

🧪 Sample Output
--- Retrieved Context ---
OAuth 2.0 is an authorization framework.
JWT is used for secure authentication.

--- Final Answer ---
OAuth is an authorization framework used to grant access to resources...
🧠 What’s Really Happening?

This is the most important part to understand:

Component Role
Database Stores knowledge
Retriever Finds relevant information
LLM Generates answer

👉 The LLM does NOT retrieve data
👉 The database does NOT generate answers

💻 Full Code

The project includes:

EmbeddingService.java
StorageService.java
Retriever.java
LLMService.java
RAGApp.java
pom.xml

👉 GitHub Repository

https://github.com/knowledgebase21st/Software-Engineering/tree/dev/AI/RAG

🚀 Why This Approach is Powerful

Works with your own data
Reduces hallucination
Fully offline (with Ollama)
Production-ready pattern

✅ Conclusion

We built a complete RAG pipeline using Java, PostgreSQL, and Ollama.

This approach combines:

Your data
Smart retrieval
LLM reasoning

Result:
Accurate, context-aware answers using your own knowledge base.

Understanding OAuth2 Flow with a Complete Java Servlet Demo (Step-by-Step)

Sanjay Ghosh — Wed, 25 Mar 2026 21:30:07 +0000

OAuth2 is everywhere.

“Login with Google”
“Continue with GitHub”
“Sign in with Microsoft”

We use it daily—but when it comes to explaining how it actually works, things quickly get confusing.

Most tutorials either:

Explain only the theory ❌
Or show isolated code without context ❌

Very few connect the full flow end-to-end.

🎯 What This Article Does Differently

In this article, we will:

Break down the 4 core actors
Walk through the entire OAuth2 flow
Map each step to working Java servlet code
Build a complete runnable demo

🧠 The Key Idea (Read This First)

OAuth2 is not about authentication.

It is about delegating access.

Instead of giving your username/password to an application, you allow it to access your data using a token issued by a trusted server.

🔷 Actors in OAuth2

This framework involves four key roles:

1. Resource Owner (User)

The user who owns the data
Grants or denies access

2. Client (Application)

The application requesting access to user data

3. Authorization Server

Authenticates the user
Issues authorization code and access token

4. Resource Server

Hosts protected data
Validates access tokens before responding

🔷 Real-World Example

A common example is “Login with Google”.

User → You
Client → Airbnb
Authorization Server → Google
Resource Server → Google APIs

Flow:

You click “Login with Google”
You are redirected to Google
You login and click Allow
Google sends a **code **to the client
Client exchanges code for token
Client fetches your data using the token

👉 This is exactly what we will implement.

🔷 High-Level Flow

Client requests authorization from the user
User authenticates and grants/denies access
Authorization Server returns an authorization code
Client exchanges code for access token
Client uses access token to call Resource Server
Resource Server validates token and returns data

🔷 Endpoints in This Demo

Endpoint	Role
/login	Starts OAuth flow (Client)
/authorize	User login + consent (Authorization Server)
/callback	Receives authorization code (Client)
/getToken	Helper to call token endpoint
/token	Issues access token
/data	Protected API (Resource Server)

🔷 Full Flow Overview

/login
→ redirect to /authorize
→ user login + allow
→ /callback (gets code)
→ /token (gets access token)
→ /data (uses token)

🔷 Step-by-Step Flow with Code

Full implementation is available in the GitHub repository at the end of this article.
🟢 Step 1: /login → Start Flow

LoginServlet.java

package com.oauth.demo;

import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Servlet implementation class LoginServlet
 */
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {

        String redirect = "http://172.21.236.75:9090/oauth/authorize?" +
                "response_type=code&client_id=test&redirect_uri=http://172.21.236.75:9090/oauth/callback";

        resp.sendRedirect(redirect);
    }
}

This is the entry point. It redirects the user to the Authorization Server.

resp.sendRedirect("http://host/oauth/authorize?...");

👉 This is how the Client requests authorization from the User.

🟢 Step 2: /authorize → User Login & Consent

AuthorizeServlet.java

Displays login form
Accepts username/password
Allows user to Allow **/ **Deny

package com.oauth.demo;

import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Servlet implementation class AuthorizeServlet
 */
@WebServlet("/authorize")
public class AuthorizeServlet extends HttpServlet {

    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
        resp.setContentType("text/html");
        resp.getWriter().write(
            "<form method='post'>" +
            "User: <input name='username'/><br/>" +
            "Pass: <input name='password' type='password'/><br/>" +
            "<button name='action' value='allow'>Allow</button>" +
            "<button name='action' value='deny'>Deny</button>" +
            "<input type='hidden' name='redirect_uri' value='" + req.getParameter("redirect_uri") + "'/>" +
            "</form>"
        );
    }

    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {

        String action = req.getParameter("action");
        String redirectUri = req.getParameter("redirect_uri");

        if ("deny".equals(action)) {
            resp.sendRedirect(redirectUri + "?error=access_denied");
            return;
        }

        String user = req.getParameter("username");
        String pass = req.getParameter("password");

        if ("admin".equals(user) && "password".equals(pass)) {
            String code = "abc123"; // normally random + stored
            resp.sendRedirect(redirectUri + "?code=" + code);
        } else {
            resp.getWriter().write("Invalid login");
        }
    }
}

👉 Output:

Success → ?code=abc123
Failure → ?error=access_denied

🟢 Step 3: /callback → Client Receives Code

CallbackServlet.java

package com.oauth.demo;

import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Servlet implementation class CallbackServlet
 */
@WebServlet("/callback")
public class CallbackServlet extends HttpServlet {

    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {

        String code = req.getParameter("code");

        if (code == null) {
            resp.getWriter().write("Authorization failed");
            return;
        }
        resp.setContentType("text/html");
        resp.getWriter().write(
            "<h3>Authorization Code: " + code + "</h3>" +
            "<a href='/oauth/getToken?code=" + code + "'>Get Access Token</a>"
        );
    }
}

👉 This is the authorization code, a temporary credential.

🟢 Step 4: /getToken → Prepare Token Request

GetTokenServlet.java

Creates a form to call /token:

package com.oauth.demo;

import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Servlet implementation class GetTokenServlet
 */
@WebServlet("/getToken")
public class GetTokenServlet extends HttpServlet {

    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {

        String code = req.getParameter("code");
        resp.setContentType("text/html");
        resp.getWriter().write(
            "<form method='post' action='/oauth/token'>" +
            "<input name='code' value='" + code + "'/><br/>" +
            "<input name='client_id' value='test'/><br/>" +
            "<input name='client_secret' value='secret123'/><br/>" +
            "<button type='submit'>Exchange Code for Token</button>" +
            "</form>"
        );
    }
}

👉 In real systems, this happens server-to-server, not via UI.

🟢 Step 5: /token → Exchange Code for Token

TokenServlet.java

package com.oauth.demo;

import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Servlet implementation class TokenServlet
 */
@WebServlet("/token")
public class TokenServlet extends HttpServlet {

    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {

        String clientId = req.getParameter("client_id");
        String clientSecret = req.getParameter("client_secret");

        if (!"test".equals(clientId) || !"secret123".equals(clientSecret)) {
            resp.setStatus(401);
            resp.getWriter().write("Invalid client");
            return;
        }


        String code = req.getParameter("code");

        if (!"abc123".equals(code)) {
            resp.setStatus(400);
            resp.getWriter().write("Invalid code");
            return;
        }

        // Simple JWT-like token (replace with real JWT later)
        String token = "header.payload.signature";

        resp.setContentType("application/json");
        resp.getWriter().write("{\"access_token\":\"" + token + "\"}");
    }
}

Returns:
{
"access_token": "header.payload.signature"
}
👉 This is the Access Token

🟢 Step 6: /data → Access Protected Resource

DataServlet.java
package com.oauth.demo;

import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Servlet implementation class DataServlet
 */
@WebServlet("/data")
public class DataServlet extends HttpServlet {

    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {

        String auth = req.getHeader("Authorization");

        if (auth == null || !auth.startsWith("Bearer ")) {
            resp.setStatus(401);
            resp.getWriter().write("Unauthorized");
            return;
        }

        String token = auth.substring(7);

        if (!"header.payload.signature".equals(token)) {
            resp.setStatus(403);
            resp.getWriter().write("Invalid token");
            return;
        }

        resp.getWriter().write("Secure Data for user: admin");
    }
}

👉 Client must call:
Authorization: Bearer header.payload.signature

If valid:
Secure Data for user: admin

🔷 What is the Access Token in this Demo?

In OAuth2, the access token is just a string. The specification does not enforce any particular format.

However, in most real-world systems, the access token is implemented as a JWT (JSON Web Token).

In this demo, we return a simplified token:

header.payload.signature

This mimics the structure of a JWT.

👉 For a detailed explanation of how JWT works (structure, signing, validation), you can refer to my earlier article:

Understanding JWT Authentication in Java with Encryption and Decryption
(https://dev.to/sanjayghosh/understanding-jwt-authentication-in-java-with-encryption-and-decryption-2ig7)

In a production system:

The Authorization Server generates a signed JWT
The Resource Server validates the JWT before granting access

This bridges the gap between OAuth2 (authorization framework) and JWT (token format).

🔷 Why This Flow Exists

Why not just send username/password to the client?
Because:

Security risks ❌
Third-party access problems ❌
No control over permissions ❌

OAuth2 solves this using:

Tokens
Delegated access
Controlled permissions

🔷 Common Mistakes

❌ Client handling user credentials
❌ Confusing code vs token
❌ Sending token in URL
❌ Thinking client validates token
❌ Skipping redirect-based flow ### 🔷 Important Notes

⚠️ 1. This is a simplified demo

Hardcoded values
No database
No real token security

⚠️ 2. Token is NOT a real JWT

header.payload.signature

👉 In real systems:

Token is a JWT
Signed and verified

⚠️ 3. Client Secret should NOT be exposed

In this demo:

Shown in UI ❌

In real OAuth:

Used only in backend communication ✅

⚠️ 4. Browser cannot send Authorization headers directly

Use:

curl
Postman
Java client

⚠️ 5. Resource Server must validate token

In real systems:

Verify signature
Check expiry
Validate issuer

🔷 Key Takeaways

OAuth2 is about delegation of access
Client never sees user password
Authorization Server issues tokens
Resource Server enforces access

Now that you understand the complete flow, let’s run it.

🔷 Try It Yourself

If you want to understand OAuth2 deeply, I highly recommend running this demo locally.

👉 GitHub Repository (complete working example with all servlets and configuration):

https://github.com/knowledgebase21st/Software-Engineering/tree/dev/security/OAUTH

Steps:

Clone the repository
Deploy it in Tomcat
Open /login in your browser
Follow the complete OAuth2 flow step by step

Hands-on practice will make the concepts much clearer than theory alone.
If you run into any issues while trying this locally, feel free to leave a comment—I’ll be happy to help.

🏁 Conclusion

OAuth2 may seem complex at first—but the core idea is simple:
👉 The client never gets your password
👉 The Authorization Server issues a token
👉 The Resource Server trusts that token

🔑 What You Built

You implemented:

Client
Authorization Server
Resource Server
Complete OAuth2 flow This is the same pattern used by Google and Microsoft.

🔗 OAuth2 + JWT

OAuth2 = how you get the token
JWT = what the token contains

⚠️ Production Note

Use tools like Keycloak or frameworks like Spring Boot for real systems.

Understanding JWT Authentication in Java with Encryption and Decryption

Sanjay Ghosh — Thu, 19 Mar 2026 20:19:51 +0000

JSON Web Token (JWT) is a widely used mechanism for securely transmitting information between systems.

JWT is commonly used in:
• API authentication
• Single Sign-On (SSO)
• Microservices communication

This article explains:

What JWT is
JWT structure
How encryption and signing works
How to generate and validate JWT in Java
A simple diagram explaining the flow

What is JWT?

JWT (JSON Web Token) is a compact, URL-safe token format used to securely transmit information between two parties. Refer RFC7519 .

A JWT contains claims (information) that are digitally signed and optionally encrypted.

JWT tokens are typically used after a user logs in successfully. The server generates a token and sends it back to the client. The client includes this token in future requests for authentication.

JWT Structure

A JWT consists of three parts separated by dots:

HEADER.PAYLOAD.SIGNATURE

Example JWT:

eyJhbGciOiJIUzI1NiJ9
.
eyJpc3MiOiJteS5jb21wYW55LmNvbSIsInN1YiI6ImpvaG4uZG9lIiwiaWF0IjoxNzczMTg0MTIwLCJleHAiOjE3NzMxODQ0MjAsImp0aSI6IjI1Y2JkNjVmLTYzODEtNGZiYi05YWMyLTk4ZTk0ZGYwYTI2YSJ9
.
UEG4iZhhtyG58V0Vcz-IHOL8MMPmDVqZdyRhoaTnYCI

Each part is Base64URL encoded. ()

1. Header

The header contains metadata about the token.

Example:

{"alg":"HS256"}

alg indicates the algorithm used to sign the token.

Common algorithms include:

HS256
RS256
ES256

2. Payload

The payload contains claims, which are pieces of information about the user.
Example:
{
"iss":"my.company.com",
"sub":"john.doe","iat":1773184120,
"exp":1773184420,
"jti":"25cbd65f-6381-4fbb-9ac2-98e94df0a26a"}
}

Note:
JWT payload is not encrypted by default. It is only Base64 encoded.
Anyone can decode the payload, but the signature prevents tampering.

3. Signature

The signature ensures the token has not been modified.
Example process:
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret
)
If someone modifies the payload, the signature verification will fail.

JWT Authentication Flow

Typical authentication flow:

User logs in with username and password
Server validates credentials
Server generates a JWT
Client stores the token
Client sends JWT in Authorization header
Server verifies the token

Example header in API request:

Authorization: Bearer

Generating JWT in java

(Example Code)

package jwt;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Date;
import java.util.UUID;
import java.nio.charset.StandardCharsets;
public class JwtTokenGenerator {
    /**
     * Generates a signed JWT token using a shared secret key.
     * @param issuer The issuer of the token.
     * @param subject The subject of the token (e.g., user ID).
     * @param secretKey The secret key for signing (must be at least 256 bits).
     * @return The compact JWT string.
     */
    public static String generateJwtToken(String issuer, String subject, String secretKey) {
        // Define the key from the secret string
        // The key should be securely managed and stored
        Key key = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));

        Instant now = Instant.now();

        // Build the JWT
        String jwt = Jwts.builder()
                .setIssuer(issuer) // Set the issuer claim
                .setSubject(subject) // Set the subject claim
                .setIssuedAt(Date.from(now)) // Set the issued at time
                .setExpiration(Date.from(now.plus(5L, ChronoUnit.MINUTES))) // Set expiration for 5 minutes later
                .setId(UUID.randomUUID().toString()) // Set a unique ID for the token
                .signWith(key) // Sign the JWT with the key
                .compact(); // Compacts the JWT into its final string form

        return jwt;
    }

    public static void main(String[] args) {
        // Example usage: replace with your actual values
        String myIssuer = "my.company.com";
        String mySubject = "john.doe";
        // Key must be sufficiently long for HS256 (e.g., 32 characters or more for 256 bits)
        String mySecretKey = "aVerySecureAndLongSecretKeyForSigningJwts";

        String token = generateJwtToken(myIssuer, mySubject, mySecretKey);
        System.out.println("Generated JWT Token:");
        System.out.println(token);
    }
}

The above code will create the token.

Validating JWT in Java
Example Code

package jwt;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import java.nio.charset.StandardCharsets;

public class JWTValidation {
    private static final String SECRET_KEY = "aVerySecureAndLongSecretKeyForSigningJwts";
        public static Claims validate(String token) {
                 return Jwts.parser().verifyWith(Keys.hmacShaKeyFor(SECRET_KEY.getBytes(StandardCharsets.UTF_8))).build().parseSignedClaims(token).getPayload();
        }

    public static void main(String[] args) {
            if (args.length < 1 ) {
                    System.out.println("Please provide the token String as a parameter");
                    return;
            }
            String tokenString = args[0];
            Claims claims = validate (tokenString);
            System.out.println("Subject: " + claims.getSubject());
            System.out.println("Issuer: " + claims.getIssuer());
            System.out.println("Issued At: " + claims.getIssuedAt());
            System.out.println("Expiration: " + claims.getExpiration());
            System.out.println("ID: " + claims.getId());
            System.out.println("Audience: " + claims.getAudience());
   }


}

By running the above code you can pass the generated token to test the validity.

Decoding JWT
Java Example

package jwt;

import java.nio.charset.StandardCharsets;
import java.util.Base64;

public class JWTTokenDecoder {
    public static void decodeJWT(String token) {
        String[] parts = token.split("\\.");
        if (parts.length != 3) {
            throw new IllegalArgumentException("Invalid JWT token format");
        }

        Base64.Decoder decoder = Base64.getUrlDecoder();

        // Decode Header
        String header = new String(decoder.decode(parts[0]), StandardCharsets.UTF_8);
        System.out.println("JWT Header: " + header);

        // Decode Payload (Body)
        String payload = new String(decoder.decode(parts[1]), StandardCharsets.UTF_8);
        System.out.println("JWT Body: " + payload);

        // The signature part (parts[2]) is a hash and cannot be "decoded" into a readable string in the same way.
        // It's used for signature verification.
    }

    public static void main(String[] args) {
            if (args.length < 1 ) {
                    System.out.println("Please provide the token String as a parameter");
                    return;
            }
            String jwtToken = args[0];
            decodeJWT(jwtToken);
    }
}

You can pass the JWT and get the decoded value

JWT Encryption vs Signing

Many developers confuse signing and encryption.
Signing ensures:
• Token integrity
• Token authenticity

Encryption ensures:
• Token confidentiality

Most JWT tokens are signed but not encrypted.

Security Best Practices

When using JWT in production:

Never store sensitive data in payload
Always use HTTPS
Set token expiration (exp claim) Refer: Claims , setExpiration
Rotate secret keys periodically
Validate token signature on every request

When Should You Use JWT?

JWT works well when:

Building stateless APIs
Implementing microservices authentication
Creating Single Sign-On systems
Protecting REST APIs

Source Code

All source files are available on GitHub:
Github source codes

Conclusion

JWT provides a simple and secure way to transmit claims between systems.

Understanding how JWT works internally, including header, payload, and signature is important when implementing authentication systems in modern applications.

By using proper signing, validation, and expiration strategies, JWT can be a powerful tool for secure API authentication.

Keystore vs Truststore — How SSL Certificate Chain Actually Works (with java Examples)

Sanjay Ghosh — Sun, 15 Mar 2026 20:18:35 +0000

When you see the 🔒 HTTPS lock icon in your browser, something important has already happened behind the scenes.

Your browser has verified:

The identity of the server
The certificate chain
The trusted Certificate Authority

But where are these certificates stored?
And how does the verification actually work?

This is where Keystore and Truststore come in.

In this article we will cover:

What a Keystore is
What a Truststore is
How the certificate chain works
How they are used during the TLS handshake
Examples using keytool
Common SSL handshake errors
A quick look at Mutual TLS (mTLS) (two-way TLS (or two-way SSL)

🧾 Certificate Creation Flow

Before talking about keystore and truststore, let's see how a certificate is created.

The server generates a public/private key pair.
It creates a CSR (Certificate Signing Request).
The CSR is sent to a Certificate Authority (CA).
The CA verifies the identity of the organization.
The CA issues a leaf certificate.
The certificate is signed by an Intermediate CA.
The intermediate CA is signed by a Root CA.

This produces a certificate chain.
Example chain:

Root CA ↓ Intermediate CA 1 ↓ Intermediate CA 2 ↓ Leaf Certificate (Server Certificate)
Each certificate is digitally signed by the one above it.

🏪 What is a Truststore?

A Truststore is a secure repository that contains certificates from trusted entities.

These certificates are used to verify the identity of remote systems during secure communication.

A truststore typically contains:

Trusted Root Certificates

These are:

Self-signed certificates
Issued by trusted Certificate Authorities
Preinstalled in operating systems, browsers, or Java runtimes

Intermediate CA Certificates

Intermediate certificates help bridge the chain of trust between a root CA and the server certificate.

🎯 Purpose of Truststore

The truststore is used to validate certificates presented by other parties.

Example:
When a browser connects to:
https://myserver.com

The browser:

Receives the server’s certificate
Builds the certificate chain
Verifies the chain up to a trusted root certificate in its truststore

If the verification succeeds, the connection is trusted.
If not, the browser displays a certificate warning.

🔑 What is a Keystore?

A Keystore is a secure repository that stores your own cryptographic identity.

It usually contains:

Server private key
Server leaf certificate
Sometimes intermediate certificates

Note: The private key stored in the keystore corresponds to the leaf certificate of the server.

The private key is used during the TLS handshake to prove ownership of the certificate.
It must never be shared.

🔄 How Keystore and Truststore Work Together

During the TLS handshake:

Step 1 — Client connects to server

The client initiates a secure connection.

Step 2 — Server sends certificate chain

The server sends:
Leaf Certificate Intermediate Certificates

Step 3 — Client validates the chain

The client verifies:
Leaf Certificate ↓ Intermediate Certificate ↓ Root CA
The root CA must exist in the client's truststore.

Step 4 — Secure connection established

If the certificate chain is valid and trusted, the TLS session is established.

☕ Java Example — Keystore

In Java applications, keystores are commonly stored as:
.jks .p12

Create a Keystore

keytool -genkeypair \ -alias myserver \ -keyalg RSA \ -keysize 2048 \ -keystore keystore.jks

This above command generates:

A private key
A self-signed certificate

View Keystore Contents

keytool -list -v -keystore keystore.jks
Example output:
Alias name: myserver Entry type: PrivateKeyEntry Certificate chain length: 1

☕ Java Example — Truststore

Java provides a default truststore which is:
$JAVA_HOME/lib/security/cacerts
Default password:
changeit
List certificates in the truststore:
keytool -list -keystore $JAVA_HOME/lib/security/cacerts
This truststore contains nearly two hundred trusted CA certificates.

Import Certificate into a Truststore

When the certificate is trusted by the Truststore
Example
keytool -importcert \ -alias myserver \ -file server.crt \ -keystore truststore.jks

⚠️ SSL Handshake Errors Related to Certificate Issues

Many SSL handshake failures occur because of certificate chain or trust problems.
Here are some of the most common errors.

SSL Handshake Failed / Error 525

This indicates that the client and server failed to establish a secure connection.
A common cause is an incomplete certificate chain, where the server does not send the required intermediate certificates.

Certificate Unknown (Java / JSSE)

In Java applications, you may see errors such as:
javax.net.ssl.SSLHandshakeException: PKIX path building failed
This means the client cannot verify the certificate chain, usually because the issuing CA is not present in the truststore.

ERR_CERT_AUTHORITY_INVALID (Browser)

Browsers show this error when:

The root CA is not trusted
The intermediate certificate is missing
The certificate is self-signed
The certificate chain was issued by an authority that is not trusted
This error commonly appears in:
SQL Server connections
Internal client-server applications
It occurs when the client cannot recognize the certificate authority that signed the server certificate.

SSL error: 0x8009001a (SChannel)

In Windows systems using SChannel, this error usually indicates:

An invalid certificate
A broken certificate chain
A trust validation failure

Key Takeaway

Most SSL handshake errors occur because:

The client truststore does not trust the CA
The server did not send the full certificate chain
The certificate has expired or is invalid Understanding keystore and truststore helps quickly diagnose these issues.

🔐 Mutual TLS (mTLS) (Or two-way TLS (or two-way SSL)

In standard TLS:
Client verifies Server
In Mutual TLS (mTLS):
Client verifies Server Server verifies Client

Both sides present certificates.
Flow:

Client connects to server
Server presents its certificate
Client verifies it using its truststore
Server requests client certificate
Client sends its certificate
Server verifies it using its truststore mTLS is commonly used in:

Microservices architectures
Banking systems
Internal APIs
Zero-trust security environments

🧠 Summary

Keystore: Stores private keys and certificates used to prove identity
Truststore: Stores trusted CA certificates used to verify others
Certificate Chain: Establishes trust from server certificate to a trusted root CA

Every secure TLS connection depends on this chain of trust.

📌 Final Thought

Next time you see the 🔒 lock icon in your browser, remember:
Behind that simple symbol is a complex system involving:

certificate chains
keystores
truststores
certificate authorities

—all working together to ensure secure communication.

From Image to Vector: Building Image Similarity Search with Python and MySQL

Sanjay Ghosh — Sun, 08 Mar 2026 19:24:17 +0000

Modern applications increasingly rely on vector embeddings to search and compare data such as text, images, and audio.
For example:

finding visually similar images
semantic document search
recommendation systems

In this article we will:

Convert an image to a vector embedding
Store the vector in MySQL
Compare images using vector similarity

Stacks used:

Python
sentence-transformers
PyTorch
MySQL vector support

Final Result

After storing the vectors in MySQL we can run a similarity query.
Example output:
+------------+-------------+ | image_name | similarity | +------------+-------------+ | img/t3.jpg | 1.00 | | img/t2.jpg | 0.96 | | img/t1.jpg | 0.96 | | img/t4.jpg | 0.92 |

System Architecture

The overall pipeline is simple:

An image is processed by a multimodal embedding model
The model converts the image into a numerical vector
The vector is stored in MySQL
SQL queries compute similarity between vectors

AI → ML → DL → Neural Networks → LLM

Let’s briefly explain each level.

Artificial Intelligence (AI)

Artificial Intelligence refers to systems designed to simulate aspects of human intelligence, such as:

learning
reasoning
decision making
problem solving

Early AI systems (often called Good Old-Fashioned AI) did not involve learning. They relied on predefined rules.

Example:
IF humidity > 60% THEN alert

Machine Learning (ML)

Machine Learning is a subset of AI where systems learn patterns from data rather than being explicitly programmed.

There are three main types of machine learning:

Supervised Learning

Uses labeled data, where each input has a known correct output.
Example: Predicting house prices.
Inputs: house size, location
Output: predicted price

Unsupervised Learning

The data is not labeled. The system tries to discover patterns or structure in the data on its own.
Example:
Customer purchase behavior analysis.
For instance, the system might detect that customers who buy Product P1 often also buy Product P2.

Reinforcement Learning

Works through interaction with an environment using a reward/penalty mechanism.
The system learns through trial and error, continuously improving its decisions based on feedback.
An agent interacts with the environment repeatedly to achieve the optimal outcome.

Deep Learning (DL)

Deep Learning is a subset of Machine Learning.
It uses multi-layer neural networks to learn complex patterns in large datasets.
Deep learning is especially powerful for:

images
speech
language processing

Neural Networks (NN)

Neural Networks are the core architecture used in deep learning.
They consist of nodes (neurons) organized into layers:

Input layer
Hidden layers
Output layer

Each neuron performs a mathematical operation based on the following equation:
y = Σ (xi * wi) + b
Where:

xi = input value
wi = weight (importance of the input)
b = bias (a learnable scalar parameter)
y = output

Data flows through the network in a feed-forward manner, and the network learns by adjusting weights during training.

Types of Neural Networks

Artificial Neural Networks (ANN)
Basic layered neural networks where information flows in one direction.
Convolutional Neural Networks (CNN)
Designed for image data. CNNs extract spatial features such as:
edges
textures
shapes
Recurrent Neural Networks (RNN)
These networks contain loops and can remember previous inputs. They are commonly used for sequence data such as text or speech.

Large Language Models (LLM)

Large Language Models are a type of deep learning model trained on massive text datasets.

They are capable of:

understanding language
generating human-like text
producing embeddings for semantic similarity

Process Overview with practical example

Convert an image to a vector embedding
Store the vector in MySQL (version 9.0 or later)
Run queries to compare vectors
Identify which images are most similar

Environment Setup

Create a Python Virtual Environment

Install the virtual environment package:
sudo apt install python3.12-venv
Create the environment:
python3 -m venv venv

Activate it
Linux/macOS
source venv/bin/activate
Windows
venv\Scripts\activate

Install Required Libraries

pip install sentence-transformers pillow torch

Create the MySQL Table

Create a table with a vector column (createtable.sql).

    /*This SQL is to create the table with Vector , MySQL Version 9.6.0
     *The size of the Vector is set to (512) ,
     * The INSERT statement has 512 floating point number
     * and this is the correct match for Common Model Source - CLIP / Truncated OpenAI */
    CREATE TABLE image_embeddings (
        id INT PRIMARY KEY AUTO_INCREMENT,
        image_name VARCHAR(255),
        embedding VECTOR(512) -- Example for a 512-dimensional float vector
    );

Python Script: Convert Image to Vector

Write a Python script to convert images into vectors.
(transformer_image-to-vector.py)

import glob
import sys
import os

# Test it!
if len(sys.argv) > 2:
    imageDir = sys.argv[1]
    sqlFilePath = sys.argv[2]
    if os.path.exists(sqlFilePath):
        os.remove(sqlFilePath)
else:
    print("Usage: python3 transformer_image-to-vector.py <image directory> <path of the output sql")
    sys.exit();

from sentence_transformers import SentenceTransformer
from PIL import Image
import json


# 1. Load the CLIP model (this is the modern equivalent of imgbeddings)
# It downloads about 600MB on the first run.
model = SentenceTransformer('clip-ViT-B-32')

#This is the Function to generate the sql from the image and write to a desired file
def get_sql_insert(image_path,file_path_to_write):
    try:
        print("Will write the image {} to file: {}".format(image_path,file_path_to_write))
        # 2. Load and process the image
        img = Image.open(image_path)

        # 3. Generate the vector (embedding)
        # We use .tolist() to turn the math array into a Python list
        embedding = model.encode(img).tolist()

        # 4. Format the list as a string for SQL [0.1, 0.2, ...]
        vector_string = json.dumps(embedding)

        # 5. Create the SQL command
        sql = "--This sql is genrated from the image using  the model SentenceTransformer('clip-ViT-B-32')\n"
        sql = sql + f"INSERT INTO image_embeddings (image_name, embedding) VALUES ('{image_path}', STRING_TO_VECTOR('{vector_string}'));\n"
        with open(file_path_to_write, "a") as file:
            file.write(sql)
        return ("Successfully Wrote the image {} to file: {}".format(image_path,file_path_to_write))

    except Exception as e:
        return f"Error: {e}"

#It will take all the .jpg files from the image directory (First parameter of this python script)
#and write to the desired file (2nd parameter of this python script)
for lst in glob.glob(f"{imageDir}/*.jpg"):
    print(get_sql_insert(lst,sqlFilePath))

Usage:
python3 transformer_image-to-vector.py <image_directory> <output_sql_file>
The script generates SQL statements that insert vectors into the MySQL table. Run the output SQL file to store the vectors in MySQL Database.

Comparing Image Vectors

Once the vectors are stored, we can compare them using vector similarity.
At the moment, some MySQL vector functions are still evolving.
For example, direct usage of VECTOR_DISTANCE() may have limitations in certain versions (9.60).
So we implement custom helper functions.

Custom MySQL Functions

Two helper functions are created:

my_dot_product(vector, vector)

DELIMITER //

CREATE FUNCTION my_dot_product(v1 VECTOR, v2 VECTOR)
RETURNS FLOAT DETERMINISTIC
BEGIN
    DECLARE total FLOAT DEFAULT 0;
    DECLARE i INT DEFAULT 0;
    DECLARE dim INT;
    -- Convert Vector to String, then to JSON
    DECLARE j1 JSON DEFAULT CAST(VECTOR_TO_STRING(v1) AS JSON);
    DECLARE j2 JSON DEFAULT CAST(VECTOR_TO_STRING(v2) AS JSON);

    SET dim = JSON_LENGTH(j1);

    WHILE i < dim DO
        SET total = total + (JSON_EXTRACT(j1, CONCAT('$[', i, ']')) * JSON_EXTRACT(j2, CONCAT('$[', i, ']')));
        SET i = i + 1;
    END WHILE;

    RETURN total;
END //

DELIMITER ;

my_vec_norm(vector)

DELIMITER //

CREATE FUNCTION my_vec_norm(v VECTOR)
RETURNS FLOAT DETERMINISTIC
BEGIN
    DECLARE total FLOAT DEFAULT 0;
    DECLARE i INT DEFAULT 0;
    DECLARE dim INT;
    DECLARE j JSON DEFAULT CAST(VECTOR_TO_STRING(v) AS JSON);
    DECLARE val FLOAT;

    SET dim = JSON_LENGTH(j);

    WHILE i < dim DO
        SET val = JSON_EXTRACT(j, CONCAT('$[', i, ']'));
        SET total = total + (val * val);
        SET i = i + 1;
    END WHILE;

    RETURN SQRT(total);
END //

DELIMITER ;

These functions allow us to compute cosine similarity between vectors.

Querying Image Similarity

Now we run a query to compare stored images against a target image.

SET @target = STRING_TO_VECTOR('[0.07557862997055054, 0.3899604380130768, -0.149032324552536, 0.06481198966503143, 0.17365998029708862, 0.1696033775806427, -0.009633079171180725, 0.026114463806152344, 0.13283401727676392, -0.048670023679733276, 0.2853511571884155, -0.47713860869407654, 0.3193468451499939, -0.4782599210739136, 0.19979414343833923, -0.4020282030105591, -0.17893710732460022, -0.16028517484664917, 0.11166025698184967, -0.4441247880458832, 0.0721852108836174, -0.015377134084701538, 0.06420326232910156, -0.5317407846450806, 0.011108562350273132, 0.7078717350959778, -0.15541546046733856, 0.06636792421340942, -0.1235189437866211, 0.17564985156059265, -0.2749885618686676, -0.021165557205677032, 0.24020248651504517, 0.4338991641998291, 0.3174438774585724, -0.2427300065755844, -0.15270879864692688, -0.13448885083198547, -0.03258641064167023, 1.4516336917877197, 0.2088334858417511, -0.07482234388589859, -0.060038354247808456, -0.09696637094020844, 0.2288440763950348, -0.45773571729660034, -0.442022442817688, -0.1333482265472412, 0.20572619140148163, 0.022368118166923523, 0.2268296778202057, 0.0717138946056366, -0.18176983296871185, -0.08150641620159149, -0.3742990493774414, -0.08863221853971481, 0.24395513534545898, 0.14680302143096924, 0.45115935802459717, 0.07179692387580872, 0.13299871981143951, -0.6536737680435181, -0.10842005163431168, 0.46789559721946716, -0.09359163045883179, -0.029734283685684204, -0.4210904538631439, 0.44143062829971313, -0.2495618760585785, 0.16764293611049652, -0.0010016188025474548, 0.12750700116157532, -0.09728701412677765, -0.33462393283843994, -0.19563797116279602, 0.38896551728248596, -0.07021686434745789, 0.05845819413661957, -0.2159923017024994, 0.22142955660820007, 0.08275012671947479, 0.08141633123159409, 0.011051833629608154, -0.0470392107963562, 0.2281772345304489, 0.1281975507736206, -0.2673131823539734, 0.09869228303432465, -0.46927496790885925, 0.5890671014785767, -0.26286429166793823, 0.029046714305877686, -6.433596611022949, 0.8787387609481812, -0.3467825651168823, 0.3790345788002014, 0.04438466578722, 0.651203453540802, -0.34149351716041565, -0.8458610773086548, 0.034017741680145264, -0.2053813338279724, 0.35773321986198425, 0.04032140225172043, 0.30020737648010254, -0.20292143523693085, -0.6659493446350098, -0.14945490658283234, -0.08128952980041504, 0.037803277373313904, -0.24363872408866882, -0.5452983975410461, -0.15123391151428223, 0.06196553260087967, 0.0037244856357574463, 0.37201881408691406, 0.3830801248550415, 0.038900259882211685, 0.5477883815765381, -0.2165623903274536, -0.12358544021844864, 0.6665405035018921, 0.08692356944084167, -0.7012655138969421, -0.2776182293891907, -0.10287892073392868, -0.16323958337306976, 0.29088079929351807, 0.17843754589557648, -0.041389890015125275, -0.206215500831604, 0.8713011741638184, 0.10298433899879456, 0.8146358132362366, 0.5424628257751465, 0.2975153625011444, -0.013563252985477448, 0.13421256840229034, -0.3498159945011139, -0.3292694687843323, -0.2611740529537201, 0.026821553707122803, -0.4656805992126465, 0.733379602432251, 0.09556902945041656, 0.031042248010635376, 0.3466207981109619, 0.470894992351532, -0.24531006813049316, 0.09481766074895859, -0.07527203112840652, -0.3095394968986511, 0.6393522024154663, -0.09749913960695267, -0.11673454940319061, -0.17871969938278198, -0.1564812809228897, 0.2511930465698242, -0.13378417491912842, 0.17615115642547607, -0.06127139925956726, -0.04496309161186218, -0.35364609956741333, -0.08319900929927826, 0.14410080015659332, -0.2627147138118744, 0.9161733388900757, 0.37756675481796265, 0.1632954180240631, 0.0905647948384285, -0.10490548610687256, 0.33364954590797424, -0.05363786220550537, -0.6529805064201355, 0.26767054200172424, 0.26338034868240356, -1.0595732927322388, -0.22944216430187225, -0.26375362277030945, -0.1988820880651474, -0.12509888410568237, 0.24070680141448975, -0.2588941156864166, -0.33498746156692505, 0.126882404088974, 0.17642360925674438, 0.040883928537368774, -0.0052263736724853516, -0.16343313455581665, 0.0562138706445694, 0.2096858024597168, 0.09584870934486389, -0.11106163263320923, 0.1729261875152588, 0.20461152493953705, 0.12263501435518265, 0.27892982959747314, -0.6255460381507874, -0.764202892780304, 0.14997950196266174, 0.16245627403259277, -0.37481117248535156, -0.06923999637365341, 0.6191018223762512, -0.2948871850967407, 0.261602520942688, -0.04764917492866516, -0.15079966187477112, -0.5841816067695618, 0.21257054805755615, -0.21506810188293457, -0.04135539382696152, 0.5817644596099854, 0.12262402474880219, 0.42174848914146423, 0.1265665739774704, 0.01666194200515747, 0.13379910588264465, -0.5832018256187439, -0.3252071738243103, 0.22216439247131348, 0.4046194851398468, 0.20799392461776733, -0.07600507140159607, -0.3153631389141083, -0.10026045888662338, 0.2151670753955841, -0.15998244285583496, -0.498496949672699, -0.04490187019109726, -0.3262564539909363, 0.2954603433609009, -0.07442381978034973, 0.24110326170921326, 0.17248889803886414, 0.45136961340904236, 0.13689523935317993, -0.4876601994037628, 0.050953567028045654, -0.5781422853469849, 0.39940330386161804, 0.08282990008592606, 0.12615060806274414, -0.29397282004356384, -0.1800389140844345, 0.6491589546203613, -0.46026864647865295, 0.35799282789230347, -0.2924331724643707, -0.43013110756874084, -0.3808341324329376, 0.55094313621521, 0.03232079744338989, -0.462185800075531, -0.313692569732666, 0.07338142395019531, 0.16393449902534485, -0.039127856492996216, 0.6098682880401611, -0.16981320083141327, -0.35463374853134155, -0.4267345666885376, -0.09102936089038849, 1.8269031047821045, 0.20107018947601318, 0.15080709755420685, 0.3966326117515564, 0.14836283028125763, 0.43229472637176514, -0.12651363015174866, 0.008955806493759155, -0.02638685703277588, 0.13089591264724731, 0.07453787326812744, -0.26478222012519836, -0.22489425539970398, 0.24618230760097504, 0.17845292389392853, -0.0707186758518219, -0.062373995780944824, -0.06923562288284302, 0.47168073058128357, -0.07979298382997513, -0.07240656018257141, 0.20423418283462524, 0.4307517111301422, -0.9086780548095703, 0.40964275598526, -0.23126669228076935, -0.28451400995254517, -0.020541366189718246, 0.2600404620170593, -0.10833749175071716, 0.036447957158088684, -0.36018478870391846, -0.12711986899375916, 0.2606499195098877, 0.2881711423397064, 0.7029435634613037, -0.1414911448955536, -0.0848516896367073, 0.3585105538368225, -0.04511311650276184, 0.24639412760734558, 0.4116198420524597, -0.4193349778652191, 0.5370025038719177, 0.4218825697898865, 0.03302404284477234, 0.04051119089126587, -0.4930671155452728, 0.12944979965686798, 0.8145080804824829, -0.49908819794654846, 0.19380804896354675, 0.09682479500770569, 0.4217352271080017, -0.5215371251106262, -0.06526830792427063, -0.26663315296173096, 0.2522737979888916, 1.213325023651123, 0.0012408196926116943, -0.2426946759223938, -0.28965428471565247, -0.3634025752544403, -0.13846488296985626, -0.3301095962524414, -0.12310884147882462, -0.03835451602935791, -0.7434549331665039, 0.24088844656944275, -0.17097029089927673, -0.13022029399871826, -0.007050663232803345, 0.06718186289072037, 0.45522329211235046, 0.10973918437957764, 0.012622185051441193, 0.16777338087558746, -0.05771467462182045, 0.19996578991413116, -0.24137984216213226, 0.24456733465194702, -0.11382054537534714, 0.010699808597564697, 0.19115638732910156, -0.0028515905141830444, -0.09564647823572159, 0.09341803193092346, 0.2944413125514984, 0.23297476768493652, -0.17356669902801514, 0.39457371830940247, -0.31496915221214294, 0.23409241437911987, -0.12645113468170166, -0.6129994988441467, -0.15042293071746826, -0.26337844133377075, 0.3586566150188446, 0.015362411737442017, -0.1516532152891159, 0.22309523820877075, -1.4553773403167725, 0.622140645980835, -0.5070102214813232, -0.7885435223579407, 0.1319749355316162, -0.446965754032135, -0.16092371940612793, 0.3529052436351776, 0.007851272821426392, 0.09744635224342346, 0.20603105425834656, -0.08496123552322388, 0.3391745984554291, 0.0328497439622879, 1.0089284181594849, 0.3865002393722534, 0.8738011121749878, 0.06040278077125549, -0.015890859067440033, -0.21144962310791016, 0.5995208621025085, 0.32733339071273804, 0.9662830829620361, 0.3483368158340454, 0.08898067474365234, 0.887071430683136, 0.3696739375591278, 0.19864115118980408, 0.03314075618982315, 0.03536325320601463, -0.12863528728485107, 0.06904687732458115, -0.24006515741348267, -0.012378469109535217, -0.5082074403762817, -0.7163709402084351, -0.1123851016163826, 0.010127410292625427, 0.4355129599571228, -0.6237277984619141, 0.2890245020389557, 0.5209721326828003, -0.15595661103725433, 0.08429825305938721, 0.09569454938173294, -0.23599457740783691, -0.16896066069602966, -0.004924099892377853, 0.6319135427474976, 0.4765503704547882, 0.01589702069759369, -0.05348372459411621, 0.055996619164943695, -0.5671727657318115, 0.15062867105007172, -0.5092383623123169, -0.058769792318344116, 0.09755947440862656, 0.2507498860359192, 0.08485430479049683, 0.0793701708316803, 0.021087057888507843, -0.5461320281028748, 0.304355651140213, -0.7253096699714661, 0.6294398307800293, -0.3105747103691101, 0.3905089199542999, 0.2852843105792999, -0.07321953773498535, 0.023653872311115265, -0.37693509459495544, 0.2675110697746277, 0.04210440814495087, 0.09981885552406311, -0.20424491167068481, 0.3030926287174225, 0.026748113334178925, 0.5781193375587463, 0.00048617273569107056, -0.1131657287478447, 0.2036598026752472, -0.2140207141637802, -0.011482134461402893, -0.2234390377998352, -0.43609818816185, -0.504375696182251, -0.01408250629901886, -0.06268232315778732, -0.3341209888458252, 0.29185229539871216, -0.2411029040813446, 0.5522151589393616, -0.06291865557432175, -0.3783164620399475, -0.2328968197107315, -0.3904339075088501, -0.11180463433265686, -0.16056767106056213, -0.16029603779315948, -0.2223338484764099, 0.33838483691215515, -0.23742935061454773, 0.12314961105585098, -0.5309375524520874, -0.07631200551986694, 0.35636740922927856, 0.17236372828483582, 0.19029422104358673, -0.1397394984960556, 0.5870028734207153, -0.4097609221935272, 0.15144716203212738, 0.003988280892372131, -0.05234433710575104, -0.2421717643737793, -0.006953790783882141, -0.5565206408500671, 0.06222153455018997, -0.07391542196273804, 0.40786826610565186, -0.04986128211021423, -0.285273939371109, -0.1444988250732422, 0.024988561868667603, -0.3689330816268921, -0.40285810828208923, -0.10759894549846649, -0.0395619198679924, 0.01536903902888298, 0.0707881823182106, 0.22722786664962769, 0.2506854236125946, 0.023645572364330292, -0.14591404795646667, 0.09581179171800613, -0.12541484832763672, 0.03997009992599487, -0.02025282382965088, -0.23364081978797913, 0.3128877580165863, 0.12357562780380249, -0.1596986949443817, 0.22576884925365448, -0.14733293652534485, 0.24771124124526978, 0.0026986300945281982, 0.5146662592887878]');

SELECT image_name,
       (my_dot_product(embedding, @target) / (my_vec_norm(embedding) * my_vec_norm(@target))) AS similarity
FROM image_embeddings
ORDER BY similarity DESC
LIMIT 5;

Source Code

All source files are available on GitHub:
GIT Source Codes

Role of the Libraries Used

NumPy

Handles:

arrays
matrix operations
linear algebra

PyTorch

Used for:

building neural networks
defining layers (Linear, CNN, Transformer)
training models
GPU acceleration
backpropagation

sentence-transformers

This library converts text or images into dense vector embeddings using deep neural networks.
Internally the process is:
Input → Transformer Model → Embedding Vector

Pillow

Pillow is a Python library for image processing.
Before an image is passed to a neural network, it usually undergoes preprocessing such as:

loading
resizing
cropping
normalization
converting to tensors

Pillow helps perform these operations.

Real-World Use Cases

Images stored as vectors could be useful for many real world applications
Search Image: Find similar images
Ecommerce: Find visually similar products
Check Duplicity: Detect very similar or duplicate image
Prohibited Image: Identify prohibited or restricted image

Tested with:

- Python 3.12  
- MySQL 9.x  
- sentence-transformers  
- PyTorch

Conclusion

Vector embeddings enable powerful capabilities such as:

semantic search
image similarity detection
recommendation systems
multimodal AI applications With modern databases like MySQL supporting vector storage, it becomes possible to build AI-powered search systems directly inside the database layer.

Cipher Suite Explained Component by Component

Sanjay Ghosh — Mon, 02 Mar 2026 08:13:07 +0000

Key Exchange

How the keys are exchanged.
Example :DH,DHE (Diffie Hillman Ephamarel 1.e short lived), ADH(Anonymous DH), ECDHE (Eliptic curve ), RSA

Authentication

This is digital signature algorithm. This is needed to confirm if the client is sending to the correct server. Server sends the certificate back to the client (That certificate contains the public key).
Examples : RSA, ECDSA (Elliptic Curve Digital Signature Algorithm )

Bulk Encryption Cipher

It is used to encrypt the data being sent.
There are 2 kinds of Bult Ciphers:

Stream Cipher: A stream cipher, which operates on data 1 byte at a time, converts a key to a keystream to encrypt data and produce ciphertext. The remote end converts the shared key to the same keystream and decrypts the plaintext data.
Block Cipher: A block cipher operates on data in groups (or blocks) of bytes. Stream ciphers perform better than block ciphers. However, block ciphers provide better security. DES (56-bit), Triple-Data Encryption Standard (TDES) (168-bit), and Advanced Encryption Standard (AES) are the most common block ciphers. DES and TDES operate on blocks of 8 bytes at a time. AES operates on blocks of 16 bytes at a time.

Example: AES (Advanced Encryption Standard).
Refer

Hash or MAC

MAC (Message Authentication Code) : This is to verify the legitimacy of data sent. This is to make sure message sent is not altered or tamperd and data integrity is maintained.
Refer

Example : SHA, MD5

Understanding RSA: A Simple Guide to Public-Key Math

Sanjay Ghosh — Mon, 23 Feb 2026 01:36:37 +0000

RSA (Rivest–Shamir–Adleman) is a Public-Key cryptographic algorithm. It involves a public key to encrypt and corresponding private key to decrypt data to transmit securely and to verify digital signature.

Step 1: Generate the key

Take any 2 large prime numbers p and q
Let n = p*q
Find the totient of n (Totient of n means the count of the numbers which are less than n and each of the numbers are relatively prime to n. So, for example totient of 11 is 11 , because there are 11 numbers 1,2,3,4,5,6.7,8,9,10 , these are relatively prime to 11. Same way Totient of 12 is 4, because 1,5,7,11 , these 4 numbers are relatively prime to 12, and there is no common factor of 12 and any of these numbers. Easy way to find totient of p*q = (p-1)*(q-1)) )

Step 2: Do the math to encrypt/decrypt

If your message is m and cypher is c , then

c = m^e mod n -- This is encryption
m = c^d mod n -- This is decryption

Example

Let p = 7 and q = 17 , so n = 7 x 17 = 119
The totient of n (119) = (p-1)(q-1) = (7-1)(17-1) = 96

Choose integer e (public exponent) which is < 96 and relatively prime to 96 . Let us choose the number 53 which satisfies this condition.
Choose the 2nd integer d (private exponent) , which will satisfy (e*d) mod totient(n) = 1 . d = 29 satisfies this.
(53 * 29) mod 96 = 1)
so public key = 53 and private key = 29 .
Let us encrypt the Letter H (Which is 7 as integer, A=0, B=1 , C=2 ....Z=25) and decrypt back.)

c = m^e mod n = 7^53 mod 119 = 28 Encrypted
m = c^d mod n = 28^29 mod 119 = 7 Decrypted (Which is back to H)

Why is it secure

In our example we used very small prime integers (7 and 17). But in real use, the prime integers are big to enhance security. It is not only knowing the public exponent e and the value of n to crack this, the totient is needed too.
If it is said that 2048 bit RSA signature means the n is of 2048 bits (Max integer value 2^2048 - 1). So, if the value of n is a 2048 bit number, it is almost impossible to crack it.

Implementation

I’ve implemented a simple version of this in Java so you can play with the logic yourself.
GitHub: Supporting Java code and Readme

Common Risks

Size

Problem: If the value of n (p*q) is small, it is easy to detect the factors (p and q) quickly.
Solution: Use 2048 bit numbers

Determinism Attack

Problem: When attacker could guess the message, because as per the theory the encrypted value of the same TEXT would be the same. If "Hi" is encrypted with the public key twice it would give the same encrypted value.
Solution: Using Padding like OAEP . Here random data are added to the message before encrypting it to make the text of the message look different before encrypting.

Mathematical Attack

Problem: when m is small , it could be easy for the attacker to find the value of c = m^e mod n , without knowing the private exponent d.
Solution: Same as before, use padding OAEP.

How to Debug Deadlocks Using Thread Dumps and Scripts (Bash/Python)

Sanjay Ghosh — Sun, 15 Feb 2026 19:33:33 +0000

Have you ever had an application completely freeze in production without throwing a single error? You likely encountered a Deadlock. While Java’s JVM is powerful, circular dependencies between threads can bring your entire system to a halt.

In this post, we’ll analyze a real-world deadlock scenario and I’ll share two scripts (Bash and Python) to help you automate the detection of these "silent killers."

🏗️ The Scenario

The scenario is like this with 2 Threads, Thread1 and Thread2.
Thread 1 acquired a lock on a Resource1 (Thread2 is trying to lock it) and waiting to acquire a lock on Resource2 (Already locked by Thread2).Thread 2 acquired a lock on the Resource2 (Thread 1 is trying to lock it) and waiting to acquire a lock on Resource1 (Already locked by Thread1).

Example of java code which will cause dead-lock

public class MyDeadLockExample1 {    

    public static Object someResource1 = new Object();

    public static Object someResource2 = new Object();

    public static void main (String[] args) {     

        System.out.println("Test of DeadLock -------------------");
        TestThread1 t1  = new TestThread1();
        TestThread2 t2  = new TestThread2();     
        t1.start();
        t2.start();
    }

    /*Now create a class which will Acquire lock on someResource1 and also wait to Acquire lock on someResource 2*/

    private static class TestThread1 extends Thread {    

        public void run() {
            /*Aquiring lock on someResource1*/

            synchronized (someResource1) {           
                      System.out.println("Thread 1 has locked someResource1");            
                      /*Now sleep for a minute to wait and then try to acquire lock on someResource 2*/           
                       try {
                           Thread.sleep(60)           
                       }           
                       catch (InterruptedException ie)           
                       {           
                           ie.printStackTrace();         
                       }

                       /*Now going to acquire lock on someResource2*/           
                       synchronized(someResource2) {           
                           System.out.println("Thread 1 has locked someResource 2");           
                       }

         }

      }

    } /*End class TestThread1*/



    /*Now create a class which will Acquire lock on someResource2 and also wait to Acquire lock on someResource1*/

    private static class TestThread2 extends Thread {   

        public void run() {

            /*Aquiring lock on someResource1*/

            synchronized (someResource2) {           
                       System.out.println("Thread 2 has locked someResource2");            
                       /*Now sleep for a minute to wait and then try to acquire lock on someResource 1*/          
                       try {           
                           Thread.sleep(60);           
                       }           
                       catch (InterruptedException ie)           
                       {           
                          ie.printStackTrace();           
                       }             
                       /*Now going to acquire lock on someResource1*/           
                       synchronized(someResource1) {           
                           System.out.println("Thread 1 has locked someResource 2");           
                       }
            }

        }

    } /*End class TestThread1*/



} /*End of class MyDeadLockExample1*/

Run the above code:
javac MyDeadLockExample1.java
java MyDeadLockExample1
It will hang forever because of deadlock

🛡️ How to know that there is a Dead Lock

🔍 Step 1: Generate the Thread Dump
Either do
kill -3 //From Linux
or
jcmd Thread.print

This will create the thread dump and you can save in a file (In example td.txt)

Thread dump for this below (td.txt):

     1  25047:
     2  2026-02-07 18:37:20
     3  Full thread dump OpenJDK 64-Bit Server VM (17.0.18+8-Ubuntu-124.04.1 mixed mode, sharing):
     4
     5  Threads class SMR info:
     6  _java_thread_list=0x00007df42c001ed0, length=14, elements={
     7  0x00007df4c017c250, 0x00007df4c017d640, 0x00007df4c0185610, 0x00007df4c01869d0,
     8  0x00007df4c0187df0, 0x00007df4c01897b0, 0x00007df4c018acf0, 0x00007df4c0194160,
     9  0x00007df4c019b8d0, 0x00007df4c019ef20, 0x00007df4c01a17f0, 0x00007df4c01a28b0,
    10  0x00007df4c00182e0, 0x00007df42c000f40
    11  }
    12
    13  "Reference Handler" #2 daemon prio=10 os_prio=0 cpu=0.26ms elapsed=213.94s tid=0x00007df4c017c250 nid=0x61df waiting on condition  [0x00007df4a13a9000]
    14     java.lang.Thread.State: RUNNABLE
    15          at java.lang.ref.Reference.waitForReferencePendingList(java.base@17.0.18/Native Method)
    16          at java.lang.ref.Reference.processPendingReferences(java.base@17.0.18/Reference.java:253)
    17          at java.lang.ref.Reference$ReferenceHandler.run(java.base@17.0.18/Reference.java:215)
    18
    19  "Finalizer" #3 daemon prio=8 os_prio=0 cpu=0.33ms elapsed=213.94s tid=0x00007df4c017d640 nid=0x61e0 in Object.wait()  [0x00007df4a12a9000]
    20     java.lang.Thread.State: WAITING (on object monitor)
    21          at java.lang.Object.wait(java.base@17.0.18/Native Method)
    22          - waiting on <0x0000000717602f40> (a java.lang.ref.ReferenceQueue$Lock)
    23          at java.lang.ref.ReferenceQueue.remove(java.base@17.0.18/ReferenceQueue.java:155)
    24          - locked <0x0000000717602f40> (a java.lang.ref.ReferenceQueue$Lock)
    25          at java.lang.ref.ReferenceQueue.remove(java.base@17.0.18/ReferenceQueue.java:176)
    26          at java.lang.ref.Finalizer$FinalizerThread.run(java.base@17.0.18/Finalizer.java:172)
    27
    28  "Signal Dispatcher" #4 daemon prio=9 os_prio=0 cpu=0.74ms elapsed=213.94s tid=0x00007df4c0185610 nid=0x61e1 waiting on condition  [0x0000000000000000]
    29     java.lang.Thread.State: RUNNABLE
    30
    31  "Service Thread" #5 daemon prio=9 os_prio=0 cpu=0.18ms elapsed=213.94s tid=0x00007df4c01869d0 nid=0x61e2 runnable  [0x0000000000000000]
    32     java.lang.Thread.State: RUNNABLE
    33
    34  "Monitor Deflation Thread" #6 daemon prio=9 os_prio=0 cpu=61.88ms elapsed=213.94s tid=0x00007df4c0187df0 nid=0x61e3 runnable  [0x0000000000000000]
    35     java.lang.Thread.State: RUNNABLE
    36
    37  "C2 CompilerThread0" #7 daemon prio=9 os_prio=0 cpu=5.41ms elapsed=213.94s tid=0x00007df4c01897b0 nid=0x61e4 waiting on condition  [0x0000000000000000]
    38     java.lang.Thread.State: RUNNABLE
    39     No compile task
    40
    41  "C1 CompilerThread0" #10 daemon prio=9 os_prio=0 cpu=4.74ms elapsed=213.94s tid=0x00007df4c018acf0 nid=0x61e5 waiting on condition  [0x0000000000000000]
    42     java.lang.Thread.State: RUNNABLE
    43     No compile task
    44
    45  "Sweeper thread" #11 daemon prio=9 os_prio=0 cpu=0.27ms elapsed=213.94s tid=0x00007df4c0194160 nid=0x61e6 runnable  [0x0000000000000000]
    46     java.lang.Thread.State: RUNNABLE
    47
    48  "Notification Thread" #12 daemon prio=9 os_prio=0 cpu=0.31ms elapsed=213.94s tid=0x00007df4c019b8d0 nid=0x61e7 runnable  [0x0000000000000000]
    49     java.lang.Thread.State: RUNNABLE
    50
    51  "Common-Cleaner" #13 daemon prio=8 os_prio=0 cpu=0.68ms elapsed=213.92s tid=0x00007df4c019ef20 nid=0x61e9 in Object.wait()  [0x00007df4a094f000]
    52     java.lang.Thread.State: TIMED_WAITING (on object monitor)
    53          at java.lang.Object.wait(java.base@17.0.18/Native Method)
    54          - waiting on <0x0000000717618120> (a java.lang.ref.ReferenceQueue$Lock)
    55          at java.lang.ref.ReferenceQueue.remove(java.base@17.0.18/ReferenceQueue.java:155)
    56          - locked <0x0000000717618120> (a java.lang.ref.ReferenceQueue$Lock)
    57          at jdk.internal.ref.CleanerImpl.run(java.base@17.0.18/CleanerImpl.java:140)
    58          at java.lang.Thread.run(java.base@17.0.18/Thread.java:840)
    59          at jdk.internal.misc.InnocuousThread.run(java.base@17.0.18/InnocuousThread.java:162)
    60
    61  "Thread-0" #14 prio=5 os_prio=0 cpu=14.72ms elapsed=213.89s tid=0x00007df4c01a17f0 nid=0x61ea waiting for monitor entry  [0x00007df4a084f000]
    62     java.lang.Thread.State: BLOCKED (on object monitor)
    63          at MyDeadLockExample1$TestThread1.run(MyDeadLockExample1.java:35)
    64          - waiting to lock <0x0000000717619480> (a java.lang.Object)
    65          - locked <0x0000000717619470> (a java.lang.Object)
    66
    67  "Thread-1" #15 prio=5 os_prio=0 cpu=15.43ms elapsed=213.89s tid=0x00007df4c01a28b0 nid=0x61eb waiting for monitor entry  [0x00007df4a074f000]
    68     java.lang.Thread.State: BLOCKED (on object monitor)
    69          at MyDeadLockExample1$TestThread2.run(MyDeadLockExample1.java:60)
    70          - waiting to lock <0x0000000717619470> (a java.lang.Object)
    71          - locked <0x0000000717619480> (a java.lang.Object)
    72
    73  "DestroyJavaVM" #16 prio=5 os_prio=0 cpu=32.70ms elapsed=213.89s tid=0x00007df4c00182e0 nid=0x61d8 waiting on condition  [0x0000000000000000]
    74     java.lang.Thread.State: RUNNABLE
    75
    76  "Attach Listener" #17 daemon prio=9 os_prio=0 cpu=1.51ms elapsed=12.63s tid=0x00007df42c000f40 nid=0x620e waiting on condition  [0x0000000000000000]
    77     java.lang.Thread.State: RUNNABLE
    78
    79  "VM Periodic Task Thread" os_prio=0 cpu=327.22ms elapsed=213.94s tid=0x00007df4c019d220 nid=0x61e8 waiting on condition
    80
    81  "VM Thread" os_prio=0 cpu=17.21ms elapsed=213.94s tid=0x00007df4c0178270 nid=0x61de runnable
    82
    83  "G1 Service" os_prio=0 cpu=81.37ms elapsed=213.96s tid=0x00007df4c01498e0 nid=0x61dd runnable
    84
    85  "G1 Refine#0" os_prio=0 cpu=0.38ms elapsed=213.96s tid=0x00007df4c01489d0 nid=0x61dc runnable
    86
    87  "G1 Conc#0" os_prio=0 cpu=0.23ms elapsed=213.96s tid=0x00007df4c0095020 nid=0x61db runnable
    88
    89  "G1 Main Marker" os_prio=0 cpu=0.23ms elapsed=213.96s tid=0x00007df4c00940a0 nid=0x61da runnable
    90
    91  "GC Thread#0" os_prio=0 cpu=0.36ms elapsed=213.96s tid=0x00007df4c0083280 nid=0x61d9 runnable
    92
    93  JNI global refs: 6, weak refs: 0
    94
    95
    96  Found one Java-level deadlock:
    97  =============================
    98  "Thread-0":
    99    waiting to lock monitor 0x00007df410001000 (object 0x0000000717619480, a java.lang.Object),
   100    which is held by "Thread-1"
   101
   102  "Thread-1":
   103    waiting to lock monitor 0x00007df404000d80 (object 0x0000000717619470, a java.lang.Object),
   104    which is held by "Thread-0"
   105
   106  Java stack information for the threads listed above:
   107  ===================================================
   108  "Thread-0":
   109          at MyDeadLockExample1$TestThread1.run(MyDeadLockExample1.java:35)
   110          - waiting to lock <0x0000000717619480> (a java.lang.Object)
   111          - locked <0x0000000717619470> (a java.lang.Object)
   112  "Thread-1":
   113          at MyDeadLockExample1$TestThread2.run(MyDeadLockExample1.java:60)
   114          - waiting to lock <0x0000000717619470> (a java.lang.Object)
   115          - locked <0x0000000717619480> (a java.lang.Object)
   116
   117  Found 1 deadlock.
   118

📊 Step 2: Analysis of the Dump (td.txt)
Look for the BLOCKED state in your logs:
"Thread-0" #14 ... java.lang.Thread.State: BLOCKED (on object monitor)

waiting to lock <0x0000000717619480>
locked <0x0000000717619470>

When we look at a thread dump, the smoking gun is usually the BLOCKED state. Let's look at the specific conflict in our example:

Key Findings:

Thread-0 (Lines 61-66) has locked ID ...9470 but is waiting for ...9480.

Thread-1 (Lines 67-71) has locked ID ...9480 but is waiting for ...9470.

Thread-0: Holding Resource 1, Waiting for Resource 2
Looking at lines 61-66, we see Thread-0 in action:

Status: java.lang.Thread.State: BLOCKED (on object monitor)

Locked: 0x0000000717619470 (Source 1)

Waiting to lock: 0x0000000717619480 (Source 2)

Thread-1: Holding Resource 2, Waiting for Resource 1
In lines 67-71, the "Circular Wait" is completed:

Status: BLOCKED

Locked: 0x0000000717619480 (Source 2)

Waiting to lock: 0x0000000717619470 (Source 1)

The Conclusion: Neither thread can proceed because each is holding the key that the other one needs.

🛠️ Automation Scripts
Instead of manually digging through thousands of lines in a production thread dump, you can use these automation scripts to flag deadlocks instantly.

🔗 [GitHub Repository Link Here]
All resources for this example are available on GitHub: GitHub location

Included Files:
MyDeadLockExample1.java: The Java source that reproduces this exact deadlock.

td.txt: The raw thread dump file used in this analysis.

parse.py: A Python script for deep parsing. (Usage: python3 parse.py td.txt)

parse.sh: A lightweight Bash script for quick CLI checks. (Usage: ./parse.sh td.txt)

Pro-Tip
These scripts aren't just for this example—you can run them against any thread dump file to detect monitor-based deadlocks in your own applications.