Java Web Weekly, Issue 140

At the very beginning of last year, I decided to track my reading habits and share the best stuff here, on Baeldung. Haven’t missed a review since.

Here we go…

1. Spring and Java

>> Building Spring Cloud Microservices That Strangle Legacy Systems [kennybastani.com]

I still have a lot to go through here, but this is definitely a fantastic practical application of the strangler application pattern that I personally enjoy so much.

This pattern offers such a clear, sensible counter-balance to the unfortunate idea of the Big Rewrite, so this writeup is especially interesting.

>> Check your Spring Security SAML config – XXE security issue [spring.io]

A vulnerability found in sample code, clearly and transparently communicated to the community in case there are implementations out there that copy-pasted the sample.

This is why I like the Spring ecosystem.

>> Replaying Events in An Axon Framework Based Application [geekabyte.blogspot.com]

Replaying the event stream in an Event Sourcing architecture is one of those things that takes a while to sink in.

But once you realize that you can actually do that, yeah – a whole lot of options open up.

>> Using jOOλ to Combine Several Java 8 Collectors into One [jooq.org]

A quick writeup analyzing an code example from the community – and then using jOOλ to make it better (and far cleaner).

I definitely like these kinds of in-depth and to the point looks at code that can be improved (especially when they happen to my code). Lots to learn from here.

>> JUnit Cheat Sheet [zeroturnaround.com]

A practical and no-fluff writeup covering and distilling the main take-aways in JUnit 5.

>> Custom test slice with Spring Boot 1.4 [spring.io]

Testing with Spring and Boot is becoming better and better.

One good example is the segmentation of the Spring context that’s bootstrapped by the test – I always used to do this manually. This is better.

>> Spring Security OAuth2 – Client Authentication Issue [spring.io]

Very interesting and rare scenario of an OAuth2 vulnerability in Spring Security – where a user has the same username as the clientId of the client. Quick and to the point writeup here.

Also worth reading:

• >> @NaturalId – A good way to persist natural IDs with Hibernate? [thoughts-on-java.org]

• >> Java, Unicode, and the Mysterious Compile Error [sitepoint.com]

• >> CQRS and ES with Akka [codecentric.de]

• >>Applying JDK 9 @Deprecated Enhancements [marxsoftware.blogspot.com]

• >> Instrumenting Hibernate Connection Providers [eng.fitbit.com]

• >> HTTP/2 Client – Java 9 [blog.oio.de]

• >> How to increment the parent entity version whenever a child entity gets modified with JPA and Hibernate [vladmihalcea.com]

• >> Integrating with RabbitMQ using Spring Cloud Stream [java-allandsundry.com]

• >> Lightbender at JavaOne 2016 [blog.eisele.net]

• >> Java 9 Modularity: O’Reilly Early Access Release [branchandbound.net]

Webinars and presentations:

• >> SpringOne Platform 2016 Technical Keynote – 1 [infoq.com]

• >> SpringOne Platform 2016 Technical Keynote – 2 [infoq.com]

• >> SpringOne Platform 2016 Technical Keynote – 3 [infoq.com]

• >> SpringOne Platform 2016 Technical Keynote – 5 [infoq.com]

• >> 12 Factor, or Cloud Native Apps – What Exactly Does that Mean for Spring Developers? [infoq.com]

• >> Apache Tomcat Roadmap [infoq.com]

• >> Modern Java Component Design with Spring 4.3 [infoq.com]

• >> Cloud Native Java [infoq.com]

Time to upgrade:

• >> Spring Cloud Data Flow for Cloud Foundry goes 1.0 GA [spring.io]

• >> Spring Web Services 2.3.1/2.4.0 are released [spring.io]

• >> Spring REST Docs 1.1.2.RELEASE [spring.io]

• >> Spring Cloud Data Flow for Mesos 1.0 RC2 released [spring.io]

• >> Spring Cloud Stream Brooklyn.M1 is available [spring.io]

• >> Spring Cloud Camden M1 is available [spring.io]

• >> Dropwizard Java REST Framework Version 1.0.0 Features Updated Library Support, Scala, and Java 8 [infoq.com]

2. Technical

>> Stop Cross-Site Timing Attacks with SameSite cookies [igvita.com]

A very promising new draft, looking to update RFC6265 (the main HTTP State Management RFC) with a new type of cookie.

If accepted – this would go a long, long way towards mitigating a slew of CSRF attacks and vulnerabilities.

Very exciting proposal, and a great explanation of why we need it in this article.

>> The Fixing-JSON Conversation [tbray.org]

Definitely interesting points on improving JSON (yeah, you read that right).

>> A Proposed Recipe for Designing, Building and Testing Microservices [specto.io]

Lots of good nuggets here if you’re doing microservices (well).

>> How Code Review Saves You Time [daedtech.com]

I think that by now we’re all on the same page with the fact that code reviews are very beneficial. Of course that doesn’t change that it’s not an easy practice to pick up, especially inside an organization that doesn’t have a culture that’s especially open to new ideas.

In my experience, metrics help a lot here – when a team has a non-trivial jump in some key metrics, the adoption stops being something that needs to be “accepted” and becomes an decision that’s internal to the team.

>> The Dropbox hack is real [troyhunt.com]

Either these big-time breaches are happening more and more these days, or I’m just noticing them more.

Either way, they happen a lot – so it’s nice to read about a company that actually stores the credentials data intelligently, so that when it does happen, it’s not a huge deal.

Also worth reading:

• >> CloudFlare, SSL and unhealthy security absolutism [troyhunt.com]

• >> Benchmarking Carbon and Whisper 0.9.15 on AWS [obfuscurity.com]

• >> What’s New in Docker? The Top 5 Features You Should Know [takipi.com]

• >> When configuration settings from development wreak havoc in production [apmblog.dynatrace.com]

3. Musings

>> Some thoughts on the future of test automation [ontestautomation.com]

A good understanding of the testing ecosystem is oh-so valuable, not only when doing actual coding (half of my own coding work is testing), but generally, when releasing work into the hands of clients.

This writeup definitely has some good take-aways.

>> Why I Introduced Scala In Our Project [techblog.bozho.net]

I am personally a lot more partial to Clojure than Scala; but, similar to the topic of this article – I’ve been doing some Scala work recently and have come to appreciate some of the nicer aspects of the language.

One thing that’s definitely important to glean from this one is – if you don’t have Scala experience but want to try it out, introduce it on a small, side-module, not in the main codebase of your project.

>> My Realizations about Software Consulting [daedtech.com]

Software consulting is changing, no two ways about it. And, like most other things, really moving forward requires a shift in your mindset rather than an increase in your efficiency or skill. Very interesting read.

>> Innovation as a Fringe Activity [lemire.me]

Wall of text? Sure. Good? Yeah.

Also worth reading:

• >> Can Software Make You Less Racist? [codinghorror.com]

• >> Is Your Codebase a Hotel Room or a Home? [mattblodgett.com]

• >> Takipi is Now OverOps [takipi.com]

• >> How to Actually Reduce Software Defects [daedtech.com]

4. Comics

And my favorite Dilberts of the week:

>> The problem is in the part of your brain that handles intelligence [dilbert.com]

>> This is a magic button … [dilbert.com]

>> My faults are suspiciously alphabetical [dilbert.com]

5. Pick of the Week

This book has been a long time coming – Vlad has been working on it for over a year.

It’s finally out and will definitely be the reference book for learning JPA and Hibernate for a number of years to come.

So, if you’re doing Hibernate work, definitely pick this one up, not only to read, but to come back to as reference material as you’re actually doing work:

>> High Performance Java Persistence [leanpub.com]