Yes, we're now running our Black Friday Sale. All Access and Pro are 33% off until 2nd December, 2025:
Java Web Weekly, Issue 140
Last updated: August 6, 2021
Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.
Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.
With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.
Try a 14-Day Free Trial of Orkes Conductor today.
Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.
Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.
With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.
Try a 14-Day Free Trial of Orkes Conductor today.
Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.
Get started with mocking and improve your application tests using our Mockito guide:
Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:
Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.
But these can also be overused and fall into some common pitfalls.
To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:
Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:
Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.
I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.
You can explore the course here:
Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.
Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.
With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.
Try a 14-Day Free Trial of Orkes Conductor today.
Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.
Get started with Spring Data JPA through the guided reference course:
Refactor Java code safely — and automatically — with OpenRewrite.
Refactoring big codebases by hand is slow, risky, and easy to put off. That’s where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.
Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions — one for newcomers and one for experienced users. You’ll see how recipes work, how to apply them across projects, and how to modernize code with confidence.
Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.
Regression testing is an important step in the release process, to ensure that new code doesn't break the existing functionality. As the codebase evolves, we want to run these tests frequently to help catch any issues early on.
The best way to ensure these tests run frequently on an automated basis is, of course, to include them in the CI/CD pipeline. This way, the regression tests will execute automatically whenever we commit code to the repository.
In this tutorial, we'll see how to create regression tests using Selenium, and then include them in our pipeline using GitHub Actions:, to be run on the LambdaTest cloud grid:
Yes, we're now running our Black Friday Sale. All Access and Pro are 33% off until 2nd December, 2025:
At the very beginning of last year, I decided to track my reading habits and share the best stuff here, on Baeldung. Haven’t missed a review since.
Here we go…
1. Spring and Java
>> Building Spring Cloud Microservices That Strangle Legacy Systems [kennybastani.com]
I still have a lot to go through here, but this is definitely a fantastic practical application of the strangler application pattern that I personally enjoy so much.
This pattern offers such a clear, sensible counter-balance to the unfortunate idea of the Big Rewrite, so this writeup is especially interesting.
>> Check your Spring Security SAML config – XXE security issue [spring.io]
A vulnerability found in sample code, clearly and transparently communicated to the community in case there are implementations out there that copy-pasted the sample.
This is why I like the Spring ecosystem.
>> Replaying Events in An Axon Framework Based Application [geekabyte.blogspot.com]
Replaying the event stream in an Event Sourcing architecture is one of those things that takes a while to sink in.
But once you realize that you can actually do that, yeah – a whole lot of options open up.
>> Using jOOλ to Combine Several Java 8 Collectors into One [jooq.org]
A quick writeup analyzing an code example from the community – and then using jOOλ to make it better (and far cleaner).
I definitely like these kinds of in-depth and to the point looks at code that can be improved (especially when they happen to my code). Lots to learn from here.
>> JUnit Cheat Sheet [zeroturnaround.com]
A practical and no-fluff writeup covering and distilling the main take-aways in JUnit 5.
>> Custom test slice with Spring Boot 1.4 [spring.io]
Testing with Spring and Boot is becoming better and better.
One good example is the segmentation of the Spring context that’s bootstrapped by the test – I always used to do this manually. This is better.
>> Spring Security OAuth2 – Client Authentication Issue [spring.io]
Very interesting and rare scenario of an OAuth2 vulnerability in Spring Security – where a user has the same username as the clientId of the client. Quick and to the point writeup here.
Also worth reading:
-
>> @NaturalId – A good way to persist natural IDs with Hibernate? [thoughts-on-java.org]
-
>> Java, Unicode, and the Mysterious Compile Error [sitepoint.com]
-
>> CQRS and ES with Akka [codecentric.de]
-
>>Applying JDK 9 @Deprecated Enhancements [marxsoftware.blogspot.com]
-
>> Instrumenting Hibernate Connection Providers [eng.fitbit.com]
-
>> HTTP/2 Client – Java 9 [blog.oio.de]
-
>> How to increment the parent entity version whenever a child entity gets modified with JPA and Hibernate [vladmihalcea.com]
-
>> Integrating with RabbitMQ using Spring Cloud Stream [java-allandsundry.com]
-
>> Lightbender at JavaOne 2016 [blog.eisele.net]
-
>> Java 9 Modularity: O’Reilly Early Access Release [branchandbound.net]
Webinars and presentations:
-
>> SpringOne Platform 2016 Technical Keynote – 1 [infoq.com]
-
>> SpringOne Platform 2016 Technical Keynote – 2 [infoq.com]
-
>> SpringOne Platform 2016 Technical Keynote – 3 [infoq.com]
-
>> SpringOne Platform 2016 Technical Keynote – 5 [infoq.com]
-
>> 12 Factor, or Cloud Native Apps – What Exactly Does that Mean for Spring Developers? [infoq.com]
-
>> Apache Tomcat Roadmap [infoq.com]
-
>> Modern Java Component Design with Spring 4.3 [infoq.com]
-
>> Cloud Native Java [infoq.com]
Time to upgrade:
-
>> Spring Cloud Data Flow for Cloud Foundry goes 1.0 GA [spring.io]
-
>> Spring Web Services 2.3.1/2.4.0 are released [spring.io]
-
>> Spring REST Docs 1.1.2.RELEASE [spring.io]
-
>> Spring Cloud Data Flow for Mesos 1.0 RC2 released [spring.io]
-
>> Spring Cloud Stream Brooklyn.M1 is available [spring.io]
-
>> Spring Cloud Camden M1 is available [spring.io]
-
>> Dropwizard Java REST Framework Version 1.0.0 Features Updated Library Support, Scala, and Java 8 [infoq.com]
2. Technical
>> Stop Cross-Site Timing Attacks with SameSite cookies [igvita.com]
A very promising new draft, looking to update RFC6265 (the main HTTP State Management RFC) with a new type of cookie.
If accepted – this would go a long, long way towards mitigating a slew of CSRF attacks and vulnerabilities.
Very exciting proposal, and a great explanation of why we need it in this article.
>> The Fixing-JSON Conversation [tbray.org]
Definitely interesting points on improving JSON (yeah, you read that right).
>> A Proposed Recipe for Designing, Building and Testing Microservices [specto.io]
Lots of good nuggets here if you’re doing microservices (well).
>> How Code Review Saves You Time [daedtech.com]
I think that by now we’re all on the same page with the fact that code reviews are very beneficial. Of course that doesn’t change that it’s not an easy practice to pick up, especially inside an organization that doesn’t have a culture that’s especially open to new ideas.
In my experience, metrics help a lot here – when a team has a non-trivial jump in some key metrics, the adoption stops being something that needs to be “accepted” and becomes an decision that’s internal to the team.
>> The Dropbox hack is real [troyhunt.com]
Either these big-time breaches are happening more and more these days, or I’m just noticing them more.
Either way, they happen a lot – so it’s nice to read about a company that actually stores the credentials data intelligently, so that when it does happen, it’s not a huge deal.
Also worth reading:
-
>> CloudFlare, SSL and unhealthy security absolutism [troyhunt.com]
-
>> Benchmarking Carbon and Whisper 0.9.15 on AWS [obfuscurity.com]
-
>> What’s New in Docker? The Top 5 Features You Should Know [takipi.com]
-
>> When configuration settings from development wreak havoc in production [apmblog.dynatrace.com]
3. Musings
>> Some thoughts on the future of test automation [ontestautomation.com]
A good understanding of the testing ecosystem is oh-so valuable, not only when doing actual coding (half of my own coding work is testing), but generally, when releasing work into the hands of clients.
This writeup definitely has some good take-aways.
>> Why I Introduced Scala In Our Project [techblog.bozho.net]
I am personally a lot more partial to Clojure than Scala; but, similar to the topic of this article – I’ve been doing some Scala work recently and have come to appreciate some of the nicer aspects of the language.
One thing that’s definitely important to glean from this one is – if you don’t have Scala experience but want to try it out, introduce it on a small, side-module, not in the main codebase of your project.
>> My Realizations about Software Consulting [daedtech.com]
Software consulting is changing, no two ways about it. And, like most other things, really moving forward requires a shift in your mindset rather than an increase in your efficiency or skill. Very interesting read.
>> Innovation as a Fringe Activity [lemire.me]
Wall of text? Sure. Good? Yeah.
Also worth reading:
-
>> Can Software Make You Less Racist? [codinghorror.com]
-
>> Is Your Codebase a Hotel Room or a Home? [mattblodgett.com]
-
>> Takipi is Now OverOps [takipi.com]
-
>> How to Actually Reduce Software Defects [daedtech.com]
4. Comics
And my favorite Dilberts of the week:
>> The problem is in the part of your brain that handles intelligence [dilbert.com]
>> This is a magic button … [dilbert.com]
>> My faults are suspiciously alphabetical [dilbert.com]
5. Pick of the Week
This book has been a long time coming – Vlad has been working on it for over a year.
It’s finally out and will definitely be the reference book for learning JPA and Hibernate for a number of years to come.
So, if you’re doing Hibernate work, definitely pick this one up, not only to read, but to come back to as reference material as you’re actually doing work:
