Bo's blue blue sky: May 2013

5/31/2013

Central Session Management (Tomcat, Memcache/MongoDB, Non-Sticky Session)

For all application server clusters, there are two elementary issues that need to be resolved:

How to dispatch requests to the cluster nodes.
Use one session management strategy, to ensure that if one node fails, other nodes can still obtained the session data, to achieve fault-tolerant cluster (failover)

For the first issue, the easiest way is to use uniform hash function to dispatch the request to each node. But for application server, session is used. To make sure one session’s request is properly handled, normally we dispatch the requests related to one session to same node to process, this is “Sticky Session” load balance. And the way randomly dispatch request is called “non-sticky session” load balance.

The “sticky session” sometimes restricts the load balance and even the web app’s design and development. To avoid “sticky session”, we need to find appropriate session management strategy.

There are several options for session share.

Session Share Options

Tomcat Clustering

It simply copied session to all the tomcat instances. If there are many instances, this may cause a lot network traffic.

Save session related data to database

Actually some apps choose this way to make session management under control.

There are two ways to do this,

Customize 'session' in the app. In this case, "session" is not HTTP session any more, it just means data that used as session data.

Each Tomcat instances can access the central db to get the session related data and load the data into its own cache/session. Also each instances can write data into db for session share purposes.

Each request need to call the db for twice, one get session, one update session.

Good point: data is fully under control.
Bad point: database needs to be periodically clean up.
Extends Tomcat Manager class and customize your own session manager, backup your tomcat session data into MongoDB.

Reference implementation:
https://github.com/dawsonsystems/Mongo-Tomcat-Sessions
https://github.com/dwelch2344/mongo-tomcat-session-manager

Personally I like this way, because MongoDB is a mature product and in additional, its client lib(driver) is also robust. And it's fast. Although the speed is not that fast compared to backup method like memcache which backup session in memory, but it's still fast enough and the data is more safe. But still, old topic, all the decision should be made based on our own requirement.

Little Note: In this way, we do not need extra periodical job to clear the session in db. We can override the backgroundProcess() method inheritted from Tomcat's Manager class.

Session in Cookie

This way is to save session data in the client side instead of server side. Each time client make the request, send the session back to server. In this way, developers can make control on session consume. But known issues is security concern.

Central Cache (External Cache)

External Cache is a separate service that runs on the machine in the LAN. Use external cache can realize central session management.

It stores the session in memory and all the tomcat instances can access the central cache to read session and set session. There is only one copy of for each session and all the tomcat instances share the same one.

Normally, there should be at least one central cache node and one backup cache node.

There are some implementations for central cache, memcached (open-source) and Terracotta (open-source, commercial). Central cache has been proved to be fast and reliable, and many large web sites use central cache for session management.

But to set up central cache, may need professional system engineer to setup environment, maintain and monitor.

Summary

The core idea of using Central Cache and MongoDB is actually same, just backup session into one central place for reference. The only difference is cache saves data in memory and db saves data in hard drive.

We can pick one way based on requirement. Both ways have reference implementation on tomcat session manager.

Central Session Mangement - MongoDB Test Case

To test the central cache, I setup the environment and build one test web app.

central-session-management-mongo-test.zip

Structure:

Environment:

Tomcat 7,

Java Default Serializer,

mongodb-win32-x86_64-2.0.7 (Windows 64 bits version)

#Start mongodb

1. mongobin \>mongod.exe --dbpath=”DATA_PATH”

2. In another console start MongoDB client console by executing mongo.exe then execute the following commands.

use tomcatsessions

db.addUser("sessionadmin", "sessionadmin234")

3. Stop the MongoDB server (i.e. press Ctrl+C)

4. When the prompt shows, restart the MongoDB server with the --auth parameter:

mongobin\>mongod.exe --auth --dbpath=”DATA_PATH”

#Start two tomcat instances

1. Run tomcat-instance\apache-tomcat-7.0.29-1\bin\startup.bat

Port: 8080

1. Run tomcat-instance\apache-tomcat-7.0.29-2\bin\startup.bat

Port: 9080

Test Case:

#Put String in the session

Access:

http://localhost:8080/centralcache-test/SessionPage1

1. Get the session, if not exist, create a new one.

2. Add attribute "currentUser": "marym" into session

Page will show:

Current session Id: ${session id}

CurrentUser: marym

Then Access:

http://localhost:9080/centralcache-test/SessionPage2

1. Get the session, if not exist, create a new one.

2. Print attribute "currentUser" in the session.

Page will show:

Current session Id: ${session id}

CurrentUser: marym

#Put User Object in the session

User{username,password}

Access:

http://localhost:8080/centralcache-test/login

http://localhost:9080/centralcache-test/login

If user has not logged in, it will direct to login page.

If user has logged in (session has valid attribute "currentUser"), it will display the logged in user's username.

If user logout, the "currentUser" in session will be removed. (Not destroy the whole session)

Two tomcats share the session. If shut down the first memcache node at port 11211,

the backup node at port 11212 will be used. Session will not be lost.

Note: Different client side apps do not share session. E.g. IE, Chrome, FireFox do not share session.

#Test Put 10K around session data into session

http://localhost:8080/testlargeusersession

http://localhost:9080/testlargeusersession

#Test Put 100bytes around session data into session

http://localhost:8080/testsmallusersession

http://localhost:9080/testsmallusersession

#Test Multi-thread Support

Open Jmeter Test Case.

Run.

I test 10000 concurrent threads with session data around 10K. Works pretty good.

Central Cache Test Case

To test the central cache, I setup the environment and build one test web app.

central-session-test.zip

Structure:

Environment:

Tomcat 7,
memcached-session-manager-1.6.4

memcached-amd64 (Windows 64 bits version)

#Start two memcache nodes

1. Run memcached-amd64\run-instance1.bat

Port: 11211

2. Run memcached-amd64\run-instance2.bat

Port: 11212

#Start two tomcat instances

1. Run tomcat-instance\apache-tomcat-7.0.29-1\bin\startup.bat

Port: 8080

1. Run tomcat-instance\apache-tomcat-7.0.29-2\bin\startup.bat

Port: 9080

Test Case:

#Put String in the session

Access:

http://localhost:8080/centralcache-test/SessionPage1

1. Get the session, if not exist, create a new one.

2. Add attribute "currentUser": "marym" into session

Page will show:

Current session Id: ${session id}

CurrentUser: marym

Then Access:

http://localhost:9080/centralcache-test/SessionPage2

1. Get the session, if not exist, create a new one.

2. Print attribute "currentUser" in the session.

Page will show:

Current session Id: ${session id}

CurrentUser: marym

#Put User Object in the session

User{username,password}

Access:

http://localhost:8080/centralcache-test/login

http://localhost:9080/centralcache-test/login

If user has not logged in, it will direct to login page.

If user has logged in (session has valid attribute "currentUser"), it will display the logged in user's username.

If user logout, the "currentUser" in session will be removed. (Not destroy the whole session)

Two tomcats share the session. If shut down the first memcache node at port 11211,

the backup node at port 11212 will be used. Session will not be lost.

Note: Different client side apps do not share session. E.g. IE, Chrome, FireFox do not share session.

Sample configuration:

1. Add dependencies (jars that should be placed under tomcat\lib):

For Tomcat 7

memcached-session-manager-1.6.4.jar
memcached-session-manager-tc7-1.6.4.jar
spymemcached-2.8.12.jar
couchbase-client-1.1.2.jar

For Tomcat 6

memcached-session-manager-1.6.4.jar
memcached-session-manager-tc6-1.6.4.jar
spymemcached-2.8.12.jar
couchbase-client-1.1.2.jar

I've put all these dependencies in the zip file central-session-test.zip

2. Tomcat /conf/context.xml (All instances use the same conf, non-sticky session)

#Use Javolution Serializer

Extra Dependencies(jars that should be placed under tomcat\lib):

javolution-5.4.3.1.jar
msm-javolution-serializer-1.6.4.jar

#Use Kryo Serializer

Extra Dependencies(jars that should be placed under tomcat\lib):

msm-kryo-serializer-1.6.4.jar
kryo-1.04.jar
kryo-serializers-0.10.jar
asm-3.2.jar
reflectasm-1.01.jar
minlog-1.2.jar

Configure Kryo's buffer size.
By default the initial buffer size is 100K, and maxium is 2M.
If the session data is big, then we need to update these two values by adding one system property.

In Tomcat's startup.bat file:

set JAVA_OPTS=%JAVA_OPTS% -Dmsm.kryo.buffersize.initial=10444800 -Dmsm.kryo.buffersize.max=104448000

3. Start MemCache

Unzip memcached-amd64.zip, Go to memcached-amd64 directory.

memcached -p 11211 -u memcached -m 64 -M -vv

memcached -p 11212 -u memcached -m 64 -M -vv

-vv tells memcached to write lots of stuff to console, so you'll see when a session is requested or stored in the output of memcached.

4. Start Tomcat
->Tomcat Base/bin/start.bat

Reference:
---memcached-session-manager WIKI ---SetupAndConfiguration

---Various versions of Memcached for Windows

---memcached-session-manager Source Code

---Memcached on Windows and telnet interface

Friendly Reminder:

Please take care on the version number of extra lib that added into Tomcat's library. There are many difference versions of jar. If use wrong version, it may cause jar conflict or class missing.

In my above example. I use memcached-session-manager-1.6.4, then the extra dependency jar files that I listed is based on version 1.6.4 of memcached-session-manager. If use other different version of memcached-session-manager, please check the dependencies' version and adjust if needed.

Little Notes:

=====Issue 1=====

If you wanna to install the Memcached for Windows and the follow instruction in Memcached on Windows and telnet interface, it will throw exception. "Failed to ignore SIGHUP: Result too large". To resolve this, can follow below steps:

1) run CMD as an administrator
2) type SC create memcached binpath= "c:\memcached\145\memcached.exe -m 512
-d"
3) type NET START memcahed

Although you get an error, the program started (check task manager or connect to it using telnet).

=====Issue 2=====

If you configure like this:

Tomcat context.xml:

Error:

java.lang.NoSuchMethodError: net.spy.memcached.MemcachedClient.set(Ljava/lang/String;ILjava/lang/Object;)Lnet/spy/memcached/internal/OperationFuture;

at de.javakaffee.web.msm.BackupSessionTask.storeSessionInMemcached(BackupSessionTask.java:227)

at de.javakaffee.web.msm.BackupSessionTask.doBackupSession(BackupSessionTask.java:194)

at de.javakaffee.web.msm.BackupSessionTask.call(BackupSessionTask.java:119)

at de.javakaffee.web.msm.BackupSessionTask.call(BackupSessionTask.java:50)

at de.javakaffee.web.msm.BackupSessionService$SynchronousExecutorService.submit(BackupSessionService.java:346)

at de.javakaffee.web.msm.BackupSessionService.backupSession(BackupSessionService.java:205)

at de.javakaffee.web.msm.MemcachedSessionService.backupSession(MemcachedSessionService.java:1059)

at de.javakaffee.web.msm.RequestTrackingHostValve.backupSession(RequestTrackingHostValve.java:229)

at de.javakaffee.web.msm.RequestTrackingHostValve.invoke(RequestTrackingHostValve.java:154)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

at java.lang.Thread.run(Thread.java:619)

Solution:

Update memcached jar to spymemcached-2.8.12.jar or spymemcached-2.8.4.jar

=====Issue 3=====

memcached-session-manager provides several serializers. The testing of this part will be processed later, applicability, efficiency, performance, etc.

5/28/2013

Maven Study Note: Jar Packaging and Installation (maven-assembly-plugin & maven-install-plugin)

Maven is so powerful. As a new comer, I believe I only explored the very basic level of usage of Maven.
One of the most frequent usages of Maven is its packaging function. Recently I did a little bit research on this part and make several tests.

Main cmd: mvn clean install (-Dmaven.test.skip=true) everybody knows this...skip.

Besides the basic packaging function, there are a lot of extensions.

Package an executable jar with all the dependencies

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.3</version>
<executions>
<execution>
<id>assemblyApp</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<finalName>${project.artifactId}</finalName>
<appendAssemblyId>true</appendAssemblyId>
<archive>
<manifest>
<mainClass>
com.test.commons.App
</mainClass>
</manifest>
</archive>
<descriptors>
<descriptor>src/main/assembly/app-executable-jar.xml</descriptor>
<descriptor>src/main/assembly/app-executable-artifact.xml</descriptor>
</descriptors>
</configuration>
</execution>
</executions>
</plugin>

app-executable-jar.xml:

<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>with-dependencies</id>
<formats>
<format>jar</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<dependencySets>
<dependencySet>
<outputDirectory>/</outputDirectory>
<useProjectArtifact>true</useProjectArtifact>
<unpack>true</unpack>
<scope>runtime</scope>
</dependencySet>
</dependencySets>
</assembly>

app-executable-artifact.xml:

<assembly

   xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"

   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

   xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">

   <id>bin</id>

   <formats>

       <format>dir</format>

       <format>zip</format>

   </formats>

   <includeBaseDirectory>false</includeBaseDirectory>

   <fileSets>

       <fileSet>

           <directory>${basedir}/src/main/assembly/app-bin</directory>

           <outputDirectory>/</outputDirectory>

           <filtered>true</filtered>

       </fileSet>

       <fileSet>

           <directory>${project.build.directory}</directory>

           <outputDirectory>/</outputDirectory>

           <includes>

               <include>${artifact.artifactId}-with-dependencies.jar</include>

           </includes>

       </fileSet>

   </fileSets>

</assembly>

In directory ${basedir}/src/main/assembly/app-bin, there is one batch file for execution:

Run.bat:

java -jar XXXXX(${artifact.artifactId})-with-dependencies.jar

Build Result:
In target:
there will be two jar files:
${project.artifactId}-${project.version}.jar
${project.artifactId}-with-dependencies.jar
there will be one zip file:
${project.artifactId}-bin.zip
there will be one directory, which holds the extracted files of the zip file.
${project.artifactId}-bin

If you do not want to specify main class. Then remove the archive config in the maven-assembly-plugin, and in Run.bat:

java -jar XXXXX(${artifact.artifactId})-with-dependencies.jar com.test.commons.App

Useful.

Sometimes, we may want to package the src to differect jar file for different support. In this case, we may want to realize flexible packaging using maven. Here comes the second scenario:

Package Src into different jar file, can customize to include/exclude any dependencies or class files.

For example, I want to develop one encryption and decryption service provider. For encryption consumer, I do not want to expose decryption method to them. And vise verse, for decryption consumer, I do not want to expose encryption method to them. So in this case, I need different jar file for encryption and decryption. And I do not want to separate the source code. Then we can config maven to surpport this kind of packaging.

To remove class in the jar file, we can use maven shade plugin, but personally I don't like it. I prefer maven assembly plugin because I think it is more flexible. Personal Opinion.

Here I only introduce the maven assembly plugin usage:

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<prerequisites>
<maven>3.0.3</maven>
</prerequisites>

<properties>
<java.version>1.6</java.version>
<spring.version>3.1.0.RELEASE</spring.version>
<commons-codec.version>1.6</commons-codec.version>
<commons-lang.version>2.6</commons-lang.version>
<jasypt.version>1.7.1</jasypt.version>
<log4j.version>1.2.16</log4j.version>
<log4j-extras.version>1.1</log4j-extras.version>
<junit.version>4.8.2</junit.version>

<sonar.host.url>
http://localhost/sonar
</sonar.host.url>

</properties>

<groupId>com.test.commons</groupId>
<artifactId>test-common-security</artifactId>
<packaging>jar</packaging>
<version>1.0.0</version>
<name>test-common-security</name>

<dependencies>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>${commons-codec.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>

<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>apache-log4j-extras</artifactId>
<version>${log4j-extras.version}</version>
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
<version>${jasypt.version}</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>${commons-lang.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
<scope>test</scope>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.1</version>
<configuration>
<source>${java.version}</source>
<target>${java.version}</target>
</configuration>
</plugin>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.1.2</version>
</plugin>

<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>2.0</version>
</plugin>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.3</version>
<executions>
<execution>
<id>assemblyEncoder</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<finalName>${project.artifactId}</finalName>
<appendAssemblyId>true</appendAssemblyId>
<archive>
<manifest>
<mainClass>
com.test.commons.security.EncoderApp
</mainClass>
</manifest>
</archive>
<descriptors>
<descriptor>src/main/assembly/encoder-executable-jar.xml</descriptor>
<descriptor>src/main/assembly/encoder-executable-artifact.xml</descriptor>
</descriptors>
</configuration>
</execution>
<execution>
<id>assemblyKeyPairGen</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<finalName>${project.artifactId}</finalName>
<appendAssemblyId>true</appendAssemblyId>
<archive>
<manifest>
<mainClass>
com.test.commons.security.util.KeyPairGenApp
</mainClass>
</manifest>
</archive>
<descriptors>
<descriptor>src/main/assembly/keypairgen-executable-jar.xml</descriptor>
<descriptor>src/main/assembly/keypairgen-executable-artifact.xml</descriptor>
</descriptors>
</configuration>
</execution>
<execution>
<id>assemblyEncryptionJar</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<finalName>${project.artifactId}</finalName>
<appendAssemblyId>true</appendAssemblyId>
<descriptors>
<descriptor>src/main/assembly/encryption-jar.xml</descriptor>
</descriptors>
</configuration>
</execution>
<execution>
<id>assemblyDecryptionJar</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<finalName>${project.artifactId}</finalName>
<appendAssemblyId>true</appendAssemblyId>
<descriptors>
<descriptor>src/main/assembly/decryption-jar.xml</descriptor>
</descriptors>
</configuration>
</execution>
</executions>
</plugin>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>2.4</version>
<executions>
<execution>
<id>install-encryption</id>
<phase>package</phase>
<goals>
<goal>install-file</goal>
</goals>
<configuration>
<file>target/${project.artifactId}-encryption-${project.version}.jar</file>
<groupId>${project.groupId}</groupId>
<artifactId>${project.artifactId}-encryption</artifactId>
<version>${project.version}</version>
<packaging>jar</packaging>
</configuration>
</execution>
<execution>
<id>install-decryption</id>
<phase>package</phase>
<goals>
<goal>install-file</goal>
</goals>
<configuration>
<file>target/${project.artifactId}-decryption-${project.version}.jar</file>
<groupId>${project.groupId}</groupId>
<artifactId>${project.artifactId}-decryption</artifactId>
<version>${project.version}</version>
<packaging>jar</packaging>
</configuration>
</execution>
</executions>
</plugin>

</plugins>
</build>

<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.12</version>
</plugin>
</plugins>
</reporting>
</project>

The assemblyEncryptionJar and assemblyDecryptionJar execution in assembly plug in, package the src to different jar files for encryption and decryption.

encryption-jar.xml

<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>encryption-${project.version}</id>
<formats>
<format>jar</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<dependencySets>
<dependencySet>
<outputDirectory>/</outputDirectory>
<useProjectArtifact>true</useProjectArtifact>
<includes>
<include>${project.groupId}:${project.artifactId}</include>
</includes>
<unpack>true</unpack>
<unpackOptions>
<excludes>
<exclude>com/test/commons/security/text/TextDecryptor.class</exclude>
<exclude>com/test/commons/m/aes/AESDecryptor.class</exclude>
</excludes>
</unpackOptions>
<scope>runtime</scope>
</dependencySet>
</dependencySets>
</assembly>

Basically, we add dependency ${project.groupId}:${project.artifactId}, unpack it, exclude several classes that we do not want to add.

decryption-jar.xml

<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>decryption-${project.version}</id>
<formats>
<format>jar</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<dependencySets>
<dependencySet>
<outputDirectory>/</outputDirectory>
<useProjectArtifact>true</useProjectArtifact>
<includes>
<include>${project.groupId}:${project.artifactId}</include>
</includes>
<unpack>true</unpack>
<unpackOptions>
<excludes>
<exclude>com/test/commons/security/BasicAuthUtil.class</exclude>
<exclude>com/test/commons/security/Encoder.class</exclude>
<exclude>com/test/commons/security/EncoderApp.class</exclude>
<exclude>com/test/commons/security/EncryptionSSOConfig.class</exclude>
<exclude>com/test/commons/security/EncryptionSSOException.class</exclude>
<exclude>com/test/commons/security/EncryptionSSOUtil.class</exclude>
<exclude>com/test/commons/security/util/*</exclude>
<exclude>com/test/commons/security/text/TextEncryptor.class</exclude>
<exclude>com/test/commons/security/aes/AESEncryptor.class</exclude>
</excludes>
</unpackOptions>
<scope>runtime</scope>
</dependencySet>
</dependencySets>
</assembly>

In this way, five jar files will be generated.

-test-common-security-2.0.1.jar
-test-common-security-encryption-2.0.1.jar
-test-common-security-decryption-2.0.1.jar
-test-common-security-with-dependencies.jar
-test-common-security-keypairgen-with-dependencies.jar

two zip files will be generated:
-test-common-security-bin.zip
-test-common-security-keypairgen-bin.zip

two directory will be generated:
-test-common-security-bin
-test-common-security-keypairgen-bin

To install test-common-security-encryption-2.0.1.jar and test-common-security-decryption-2.0.1.jar into maven's repository and into specified folder. We need to config the installation of maven using maven install plugin. Configuration as above.

Useful Reference:

http://maven.apache.org/plugins/maven-assembly-plugin/component.html

http://maven.apache.org/plugins/maven-install-plugin/install-file-mojo.html

The maven official manual book is enough and if you read the component of maven plugins, you can easily find out ways to config maven based on your own requirement.