At the very beginning of last year, I decided to track my reading habits and share the best stuff here, on Baeldung. Haven't missed a review since.
Here we go…
1. Spring and Java
I still have a lot to go through here, but this is definitely a fantastic practical application of the strangler application pattern that I personally enjoy so much.
This pattern offers such a clear, sensible counter-balance to the unfortunate idea of the Big Rewrite, so this writeup is especially interesting.
A vulnerability found in sample code, clearly and transparently communicated to the community in case there are implementations out there that copy-pasted the sample.
This is why I like the Spring ecosystem.
Replaying the event stream in an Event Sourcing architecture is one of those things that takes a while to sink in.
But once you realize that you can actually do that, yeah – a whole lot of options open up.
A quick writeup analyzing an code example from the community – and then using jOOλ to make it better (and far cleaner).
I definitely like these kinds of in-depth and to the point looks at code that can be improved (especially when they happen to my code). Lots to learn from here.
A practical and no-fluff writeup covering and distilling the main take-aways in JUnit 5.
Testing with Spring and Boot is becoming better and better.
One good example is the segmentation of the Spring context that's bootstrapped by the test – I always used to do this manually. This is better.
Very interesting and rare scenario of an OAuth2 vulnerability in Spring Security – where a user has the same username as the clientId of the client. Quick and to the point writeup here.
Also worth reading:
Webinars and presentations:
Time to upgrade:
2. Technical
A very promising new draft, looking to update RFC6265 (the main HTTP State Management RFC) with a new type of cookie.
If accepted – this would go a long, long way towards mitigating a slew of CSRF attacks and vulnerabilities.
Very exciting proposal, and a great explanation of why we need it in this article.
Definitely interesting points on improving JSON (yeah, you read that right).
Lots of good nuggets here if you're doing microservices (well).
I think that by now we're all on the same page with the fact that code reviews are very beneficial. Of course that doesn't change that it's not an easy practice to pick up, especially inside an organization that doesn't have a culture that's especially open to new ideas.
In my experience, metrics help a lot here – when a team has a non-trivial jump in some key metrics, the adoption stops being something that needs to be “accepted” and becomes an decision that's internal to the team.
Either these big-time breaches are happening more and more these days, or I'm just noticing them more.
Either way, they happen a lot – so it's nice to read about a company that actually stores the credentials data intelligently, so that when it does happen, it's not a huge deal.
Also worth reading:
3. Musings
A good understanding of the testing ecosystem is oh-so valuable, not only when doing actual coding (half of my own coding work is testing), but generally, when releasing work into the hands of clients.
This writeup definitely has some good take-aways.
I am personally a lot more partial to Clojure than Scala; but, similar to the topic of this article – I've been doing some Scala work recently and have come to appreciate some of the nicer aspects of the language.
One thing that's definitely important to glean from this one is – if you don't have Scala experience but want to try it out, introduce it on a small, side-module, not in the main codebase of your project.
Software consulting is changing, no two ways about it. And, like most other things, really moving forward requires a shift in your mindset rather than an increase in your efficiency or skill. Very interesting read.
Wall of text? Sure. Good? Yeah.
Also worth reading:
4. Comics
And my favorite Dilberts of the week:
5. Pick of the Week
This book has been a long time coming – Vlad has been working on it for over a year.
It's finally out and will definitely be the reference book for learning JPA and Hibernate for a number of years to come.
So, if you're doing Hibernate work, definitely pick this one up, not only to read, but to come back to as reference material as you're actually doing work:
res – REST with Spring (eBook) (everywhere)