Coding Capital Markets

New Beginnings

Change is hard, but change is good. I’ve decided to move my blog to Bluehost and decided to change my WordPress Theme at the same time. I don’t know that I’ll post with more frequency but I want to try, if only for my own sake. I love to write and I’ve frankly taken little time to do so over the last decade. I suppose that comes with the territory when one becomes a father and I didn’t possibly want to miss a minute with my son. He’s ten and a half now, though, and is slowly becoming more and more independent. I ought to spend more time on things I enjoy as well.

SpringOne Platform 2016: Bootiful Microservices in a Legacy Environment: Lessons Learned

Speaker: David Julia
Twitter: DavidJulia

In a Microservices Architecture

Services are cheap and fast to deploy and change independently.

Spring Boot

Simple and cheap to spin up a new microservice!
Autoconfiguration

Legacy Environment

An environment wherein many systems that are hard to change are in dire need of replacement or augmentation to meet business demands.

The importance of DDD in Legacy Environments

Domain-Driven Design is key! Lean on it!
Don’t couple your domain model to your legacy system’s models

You need to evolve to Microservices

appcontinuum.io

Succession Patterns

Strangler Application Pattern
Characterization tests – a vice

What’s the plan?

Identify behavior we need
“Sprout” a new class to hold behavior we want
Start moving behavior into that class
Sprout a component (JAR)

Premature Extraction

Extracting a Service too early can be costly
It’s easier to refactor the system with an in-process component
Only have to change things in one place

What did we just see

Started with a ball of mud
Identified/Extracted behavior into new classes
Packaged classes as JAR
Created a new service (strangler application)
Did all of this safely and with high confidence

Links

Simon Brown on Modular Monoliths
Working Effectively with Legacy Code

SpringOne Platform 2016: Testing with Spring 4.3, JUnit 5, and Beyond

Speaker: Sam Brannen
Twitter: @sam_brannen

Agenda

Spring Events App
Spring 4.3
JUnit 5
Spring 5

Spring Events App

The Spring Events App is a Spring boot powered web app using
Spring Boot 1.4, Spring Framework 5, JUnit 5.

Simple PJO Domain model: Event
Transactional service layer
Spring Data JPA
Spring MV
github.com/sbrannen/spring-events

Odds & Ends

JUnit 4.12+ required by the Spring TestContext framework (TCF)
Support for Primary transaction managers and data sources in TCF
@Sql and @Sqlgroup many now be used as meta-annotations:
- to create custom composed annotations with attribute overrides
- Same is true for many @Repeatable annotations in Core Spring
ReflectionTestUtils automatically unwraps proxies when setting/getting a field

Extending the Spring TextContext Framework

The getTestContext() method in TestContextManager is now public
New ContextCustomizer and ContextCustomizerFactory SPIs
- Potentially replaces need for custom ContextLoader
- Customize ApplicationContext after bean definitions are loaded but before context is refreshed
- Registered globally by third parties via spring.factories mechanism
- Enables Spring Boot Test Magic

New Features

SpringRunner alias for the SpringJUnit4ClassRunner
>> @RunWith(SpringRunner.class)
@ContextConfiguration can be completely omitted…
- if default XML or @Configuration is detected
- Spring Boot test 1.4 even locates your @SpringBootApplication class
ApplicationContext cache is now bounded

Preparing for the Future

Testing Traits
- Spring test annotations can be declared on interfaces
- Combines nicely with Java 8 default methods and JUnit 5
Non-public @Transactional test methods: for use with JUnit 5 and TestNG
Non-public @BeforeTransaction and @AfterTransaction methods

MockMvc Improvements

Expectations on multi-value response headers: HeaderResultMatchers.stringValues(…)
Form data equest content (e.g., from a POST) now parsed and used to populate request params
Support for Custom HTTP verbs (e.g. WebDAV)
Improve Cookie support for HtmlUnit integration

MockMvc – Assert invoked Handler Method

New mock-like methodCall() assertion in HandlerResultMatchers: Assert the @Controller method invoked to handle the response:

    mockMvc.perform(get("/"))
    .andExpect(handler().methodCall(
     on(HomeController.class).showHomePage()));

MockMvc – JSON Prefixes

New support for stripping JSON prefixes from Responses. A prefix is used to prohibit JSON hijacking:

    mockMvc.perform(get("/account/42").accept(APPLICATION_JSON))
    .andExpect(jsonPath("$.pin")
    .prefix("&&enigma&&")
    ...

MockRestServiceServer Improvements

Expectations for form data in the request body
Specify expectation counts
- Pass ExpectedCount to the expect() method
- once(), manyTimes(), times(int), min(int), max(int), between(int, int)
- verify() and reset() afterwards
Specify whether ordering should be ignored: invoke ignoreExpectOrder(true) on the MockResetServiceServerBuilder

JUnit 5: Impetus for Change

JUnit 4.0 was released a decade ago
Modularity -> big ball of mud (i.e., only THE junit.jar)
Test Discovery and execution -> tightly coupled
Extensibility -> lot of room for improvement
Java 8 support

JUnit 4 Runner API

Very Powerful
You can do anything
But you cannot combine Runners
Parameterized + SpringJUnit4ClassRunner -> no way

JUnit 4… Rules… are meant to be broken

JUnit 4.7: MethodRule -> @Rule
JUnit 4.9: TestRule -> @Rule/@ClassRule

JUnit Lambda

Initiated by Johannes Link and Marc Philipp
Later joined by Matthias Merdes, Stefan Bechtold, and Sam Brannen

JUnit 5 – Roadmap

Prototype – December 2015
Alpha – February 2016
M1 & M2 – July 2016
M3, M4, RC1 – Fall 2016
GA – End of 2016… maybe

JUnit 5 – In a Nutshell

Modular
Extensible
Modern
Forward & Backward Compatible
- JUnit Platform supports JUnit 3.8, 4 and 5
- New testing frameworks can be run with JUnit 4 infrastructure:
  @RunWith(JUnitPlatform.class)

JUnit 5 = Platform + Jupiter + Vintage

JUnit Platform 1.0.0
- Foundation for launching testing frameworks on the JVM
- Launcher and TestEngine APIs
- ConsoleLauncher, Gradle Plugin, Maven Surefire provider
JUnit Jupiter 5.0.0: New programming model and extension model for JUnit 5
JUnit Vintage 4.12.0: TestEngine for running old stuff

Launcher API

Used by IDEs and build tools to launch the framework
Central API for discovering and executing tests via one or more engines
LauncherDiscoveryRequest: Selectors and filters
Feedback provided via the TestExecutionListener API

TestEngine API

aka, Runner in JUnit 4
Test engine discovers and executes tests for a particular programming model
Automatic registration via Java’s ServiceLoader mechanism
JupiterTestEngine
VintageTestEngine
Implement your own…

Extension APIs

BeforeAllCallback
BeforeEachCallback
BeforeTestExecutionCallback
AfterTestExecutionCallback
AfterEachCallback
AfterAllCallback
ContainerExecutionCondition & TestExecutionCondition
TestInstancePostProcessor
ParameterResolver
TestExecutionExceptionHandler

JUnit 5 – Programming Model

org.junit.jupiter.api

Annotations & Meta-annotations
Assertions & Assumptions
Custom Display Names
Visibility
Tagging
Conditional Test Execution
DI for Constructors and methods
Lambda Expressions and method references
Interface default methods
Nested test classes
Dynamic Tests

Annotations

@Test / @TestFactory
@BeforeAll / @AfterAll
@BeforeEach / @AfterEach
@DisplayName
@Tag
@Disabled
@Nested

Assertions

org.junit.jupiter.api.Assertions

Limited set of core assertions
assertThrows() and expectThrows()
assertTimeout()
assertAll()

SpringOne Platform 2016: Intro to Spring Boot

Speaker: Eddú Meléndez
Twitter: @EdduMelendez

Spring Ecosystem: The Spring Framework

Spring Social
Spring Web Services
Spring Integration

Spring AMQP
Spring Hatecas
Spring Mobile

Spring Security
Spring Data
Spring Batch

Spring Boot is not ingredients but the whole cake

XML Config > Java Config > Spring Boot Configuration

spring.datasource.username=sa
spring.datasource.password=password
…

Why Spring Boot?

Convention over Configuration
Provide dependency Management
Auto-configuration
Starter Dependencies
Actuator

Demo

start.spring.io

or via the command line:

curl https://start.spring.io

or using Spring CLI:

spring run appname

Properties

Defining properties in Spring:

@ConfigurationProperties(prefix="conference")
public class ConferenceProperties {
    ...
}

In application.properties:
conference.name=Spring One Platform conference.location=Aria Hotel, Las Vegas

Spring Actuator

Provides various health and configuration metrics about your Spring application.

/health
/metrics
/env

Spring Boot Starter Security

Default username is ‘user’ and password is generated

Of course, can be configured:

@Configuration
public class SecurityConfig extends GlobalAuthenticationConfigurerAdapter {
    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication...
    }
}

SpringOne Platform 2016: Testing Spring Boot Applications

Speaker: Phil Webb, @phillip_webb
Project: github.com/philwebb/testing-spring-boot-applications

Spring requires no-arg constructors, but there’s no reason that these have to be public: make them protected if it makes sense.

You need tests for:

Domain Layer
Service Layer
Web Layer

@RunWith(SpringRunner.class)

Service Layer Testing

@JSonTest to test JSON format
@MockBean to mock a dependency

Web Layer testing

Test class annotation:
@WebMvcTest

@Autowired private MockMvc mvc

@MockBean

@AutoConfigureMockMvc
@AutoConfigureTestDatabase

SpringOne Platform 2016: Wall St. Derivative Risk Solutions Using Apache Geode

Speaker: Andre Langevin, CIBC
Speaker: Mike Stolz, Pivotal
White Paper: http://pivotal.io/building-wall-street-risk-applications
Geode: http://geode.incubator.apache.org

GemFire is the commercial offering of Geode

Design

Input: Trades
Input: Market Data
Output: Risk
Where the Magic Happens: Risk Calculations
Geode is the backbone infrastructure

A Crash Course in Wall Street

Big Wall Street firms have “FICC” trading business organized by market
- Each business will trade “cash” and derivative products, but traders specialize in one or the other
- There may be a team of traders working to trade a single product
Trading systems are product specific and often highly specialized
Managing these businesses requires a consolidated view of risk

Calculating Risk

What is the “risk” that we are trying to measure?
Markets are represented using curves
Consistency is paramount

Technology Solutions that Work Badly

The easiest thing to do is just book all your trades using one trading system
How about booking all of the hedges into the primary trading system?
How about adding up all of the risk from each trading system into a report

Designing and Naming Data Objects

The trade data model serves 2 distinct purposes
Market data should follow the calculation design
Use “dot” notation to give business-friendly keys to object (i.e., USD.LIBOR.3M)

Region Design

Trade and market data regions
Typically a curve embeds a list for rates — leave it denormalized if rates are updated slowly
Computational results and aggregation
Regions: Rates, Trades, Curves, Built Curves, FX, Trade Risk, Risks, Agg

Placing Regions on the Cluster

Region placement optimizes the solution’s performance
Partition the trades regions to balance the cluster
Partition or replicate market data to optimize computations

PDX Integration Glue

PDX serialization is an effective cross-language bridge
Structure PDX objects to optimize performance
JSON is a good message format

Getting Trade Data into Geode

Message formats vary by product type
Broker messages in an application server
Trade data capture is transactional: Best practive is to make end-to-end process a transaction, but may need to split into two legs based on source of messages

Getting Market Data into Geode

Market data feeds have many proprietary formats
Market data is often exceptionally fast moving
Market data can also be very slow moving: i.e., LIBOR
Conflate fast market data by sampling
Gate market data into batches

Crunching Numbers on a Shared Grid

Most trading firms have a proprietary math library
Pushing Geode events to an external compute grid: Asynchronous Event Queue (AEQ)
Caching locally on the grid to accelerate performance: Wildcards on keys

Crunching Numbers Inside Geode

Running the math inside Geode is dramatically faster
Using the Geode grid as a compute grid
Using cache listeners to propagate valuation events

Ticking Risk Views

Roll-your-own client applications to view ticking risk
Integrating packaged products: ION Enterprise Risk, Armanta Theatre, Active Pivot…
The Traders always want spreadsheets: Write an Excel plug-in

SpringOne Platform 2016: Building Applications with Angular JS and Spring Security

Speaker: Dave Syer, @david_syer

Agenda

Real quick intro to Spring Security, Spring Session, Angular JS
Focus on features to build secure, modern, single-page applications
High level view of sample apps presented in tutorial (from blog series)
More Details look at some features of the apps

Most valuable links

Spring Security

Generic Filter based solution for Servlet applications
Authentication (a.k.a. identity) and Authorization (a.k.a. access decisions)
OAuth2 module useful for SSO and token-based API authentication
lots of other features
http://projects.spring.io/spring-security

Angular JS

Javascript Framework
“Magic” binding (dependency injection and MVC)
Has a lot of traction in the enterprise
Nothing about the architecture of the apps presented here requires Angular JS
Really basic usage in sample, but representative

Security Features in Modern Browsers

HTTP Basic
X.509 authentication
Kerberos
Kerberos
Cookies
CORS (Common Origin Resource Sharing)
HSTS (HTTP Strict Transport Security
CSP (Content Security Policy)

Sub-text: “use them, they’re reliable and free…”

Spring Session

Not tied to Spring Security, but works well with it
Easy, declarative, distributed sessions
Redis works out of the box, other backends easy to add
Servlet Filter
http://cloud.spring.io

Add HTTP Basic Security

Add spring-boot-starter-security dependency
Set security.user.password=password to application.properties
Add SecurityConfiguration extends WebSecurityConfigurerAdapter
Suppress the Browser Dialog by adding X-Requested-With XmlHttpRequest in HTTP request

Cross Site Request Forgery (CSRF)

Spring Security and Angular JS both have good support for CSRF protection
HTTP Request Header: X-CSRF-TOKEN

CORS

Use @CrossOrigin on your @RequestMapping and this: http.cors()
Tip: there is also CorsUtils::isCorsRequest method you can use in a request matcher

Spring MVC and JSTL MessageSource Configuration

I’ve been working on a new web application over the last month whenever I can find some spare time. I had initially started the project using Grails, but I had difficulty getting past the scaffolding. Besides, my reading seems to always come back to Grails performance issues so I figured I’d just start with a tried & true Java Enterprise stack: Spring, Hibernate, Spring MVC, and MySQL.

I spent the last few weeks dealing with the model, DAO, service, and controller layers. I’m aiming for a solid RESTful API consuming and producing JSON from the onset. I got all that to work seemingly well and am now actually ready to focus on views so I wrote my first JSP in about 10 years yesterday:

    <%@ include file="taglibs.jsp"%>
    <head>
        <title><fmt:message key="home.title"/></title>
    </head>
    <body class="home">
        <fmt:message key="home.heading"/>
    </body>

Now in my maven /src/main/resources directory, I have a message.properties file containing the following:

    home.properties=Home
    home.heading=Hello World!

Finally, I added the following to my MVC Configuration file (I’m using JavaConfig as opposed to the old school Spring XML):

    @Bean
    public MessageSource getMessageSource() {
        ResourceBundleMessageSource source = new ResourceBundleMessageSource();
        source.setBasename("messages");
        return source;
    }

Not really any rocket science here, folks… This is pretty much standard based on the Spring documentation and about half a dozen blog entries. The only difference with my configuration and what I found online was that the MessageSource was being configured using XML.

I spent several hours trying to get this to work but the view would render with ???home.title??? and ???home.heading??? and I couldn’t for the life of me figure out what the problem was. I know that the bean was getting instantiated because I added a breakpoint there… Finally I tried actually retrieving the MessageSource bean in the controller from the ApplicationContext. Instead, I got a big fat exception that the bean was not found. So I changed my configuration to retrieve the bean by name instead of by class:

    @Bean(name="messageSource")
    public MessageSource getMessageSource() {
         ResourceBundleMessageSource source = new ResourceBundleMessageSource():
         source.setBasename("messages"):
         return source;
     }

Just like magic, the JSP view now rendered just fine! Simply naming the bean ‘messageSource’ resolved a problem I had been tackling for several hours. I realize this blog doesn’t have an insane amount of traffic, but hopefully this will help somebody who runs into the same problem I did.

TSSJS2011: How to Reap the Benefits of Agile-Based TDD

I attended a breakout session on jQuery right after lunch, but I didn’t have my laptop up and, honestly, it was a pretty high-level presentation of jQuery in any case. The technology certainly looks promising and I’ll have to find a way to play with it one of these days. Then again, I’m still trying to play with Scala and Mule, technologies I heard and read about after last year’s TSSJS. Aaaah…. where does the time go?

Agile based TDD sounds like a good session. As much as I keep wanting to move to TDD, I have a really difficult time doing so. Hopefully the more exposed I am to it, the easier it’ll become to actually use the methodology.

What is TDD?
Test-Driven Development is a software development process.

The TDD Process:
1. Write a failing test for the target behavior
2. Implement the behavior as simple as possible to get the test to pass
3. Refactor the implementation

TDD is a Design Activity

TDD treats Tests as VIP Artifacts: You need to treat your tests as first-class citizens

TDD is an “Agile” Practice:
1. Working software is the primary measure of progress
2. Continuous Attention to technical excellence and good design enhances agility
3. Welcome changing requirements, even late in development

Types of Tests:
1. Unit Testing: Verification of Design
2. Acceptance Testing: Verification of Features

What is a Unit Test?
Exercises a small testable piece of software
Tests a specific object behavior in isolation
Assumes that external dependencies work according to their contracts
Defines the assumptions that can be made of the target unitHow is unit test independent of its dependencies? Mock Objects

Tools and Frameworks

JUnit
Openpojo: a framework for validating that POJOs are adhering to a standard contract
Mockito: Mocking Framework – Declare dependencies with @org.mockito.Mock

The Benefits of TDD

Test-Driven Development improves Design

SOLID Design
* Single responsibility principle: Can do one thing really well, loosely coupled
* Open/close Principle: Encapsulation – What, not how?
* Liskov substitution principle: Contract first Design. Avoid inheritance unless “is a” …
* Interface Segregation Principle: Interface clients should only depend on methods they need
* Dependency Inversion Principle: Depend on Abstractions instead of mocking

TDD Follows Law of Demeter

TDD avoids Static Helper Classes: Procedural programming, not OO programming.

TDD Measures Progress, provides Documentation, and provides code coverage

How to Make it Work

* Flip Your Perspective – become a user, not a developer
* Always See Your Test Fail – make sure your tests have clear messages
* Listen to Your Tests – Urge to share test fixture state, setup, … => need to refactor
* Use an Interface Driven Approach
* Learn it well – TDD by Kent Beck

KATA

TDD Kata – Exercise in coding, refactoring and test-first, that you should apply daily for at least 15 minutes. -Roy Osherove

http://www.osherove.com/tdd-kata-1/

TSSJS2011: Do You Really Know Class Loaders?

I’m back at The Server Side Java Symposium this year and this is the first breakout session I’m attending. I think I’ve got good knowledge of ClassLoaders and Java Reflection API, but we’ll see if Jevgeni Kabanov, the speaker, can enlighten me with some new nuggets of knowledge. He’s Founder & CTO of ZeroTurnaround, a company I know next to nothing about, although I have heard of JRebel, one of their products. Anyway, enough background info… Let’s jump into the meat of the presentation.

Basics

public class A {
    public void do() {
        B b = new B();
        b.do():
    }
}

Instantiating Object B causes the following:  A.class.getClassLoader().loadClass("B");

Problems & Solutions

1. Class Not Found
You build some code and get a NoClassDefFound exception when deploying and trying to run the servlet. How do we find out what the problem is?

Some solutions:
* IDE Class Lookup
* find *.jar -exec jar -tf ‘{}’ \; | grep MyClass
* URLClassLoader.getURLs()

2. Wrong Class Found
What if you get a NoSuchMethodError? What’s happening there? Well, the Class is found, but there’s something wrong with the class.

Solution:
* Get ClassLoader().getResource(Util2.class.replace(‘.’,’/’) + “.class” to find out where the ClassLoader is getting the class. Then you can use javap -private Util2 to inspect the contents of the file.

3. More than One Class Found
That error will typically occur if 2 different ClassLoaders are used and find different classes for the same name. They are not the same.

Helpful: -verbose:class, as well as ClassLoader.getResource() to identify the different classes.

Leaking ClassLoaders

If a Class has a reference to its ClassLoader, that object has a reference to all of its classes. To leak a ClassLoader, it’s enough to leak just one object loaded by that ClassLoader.

Hierarchy is not enough?

* Isolation: Difference versions of the same library
* Performance: Class lookup is very slow
* Restricted: Why can’t siblings see each other’s classes?
* OSGI, JBoss, NetBeans and others implement a different system

Follow the speaker on Twitter: @ekabanov