Nicolas Fränkel

Nicolas Fränkel

Nicolas Fränkel is a technologist focusing on cloud-native technologies, DevOps, CI/CD pipelines, and system observability. His focus revolves around creating technical content, delivering talks, and engaging with developer communities to promote the adoption of modern software practices. With a strong background in software, he has worked extensively with the JVM, applying his expertise across various industries. In addition to his technical work, he is the author of several books and regularly shares insights through his blog and open-source contributions.

771 posts

Past, present and future

Dear readers, This week won’t be a detailed technical article: last week’s was the 250th post on this blog, time for a little introspection, and thinking about the past and future. Speaking about the past, my first post was written on this blog on April 7th 2008 - more than 6 years ago, to announce I had successfully passed the Sun Certified Java Developer 5 :-) At that time, I didn’t really know what a blog was for, I just wanted to have one and I used it sometimes like Twitt
JSTL security Spring MVC

Sanitizing webapp outputs as an an afterthought

For sure, software security should be part of every developer’s requirements: they should be explained and detailed before development. Unfortunately, it happens in real life that this is not always the case. Alternatively, even when it is, developers make mistakes and/or have to make with tight (read impossible) plannings. In the absence of security checks automated tools, sooner or later, an issue will appear. I’ve been thinking about a way to sanitize the output of a large-scale

owasp spring security

Session Fixation and how to fix it

These last few weeks, I’ve been tasked to fix a number of security holes in our software. Since I’m not a security expert, I’ve been extremely interested in this, and have learned quite a few things. Among them is the Session Fixation attack. The context is an online Java application. One part is avalailable through simple HTTP, where you can do simple browsing;  when you enter credentials and successfully log in, you’re switched to HTTPS. This is a very common setup fou
integration testing spring

Spring configuration modularization for Integration Testing

Object-Oriented Programming advocates for modularization in order to build small and reusable components. There are however other reasons for this. In the case of the Spring framework, modularization enables Integration Testing, the ability to test the system or parts of it, including assembly configuration. Why is it so important to test the system assembled with the final configuration? Let’s take a simple example, the making of a car. Unit Testing the car would be akin to testing every
security

Choosing a password manager

I’ve been thinking about having a more secure password management since ages. At first, my only concern was to share my bookmarks and history between my different computers (at that time, phones were conveniently left out of my scope). Since Firefox was my browser of choice, I decided to go for Foxmarks (now called XMarks and available for more browsers). However, it soon became apparent that my natural lazyness came back and I synchronized my passwords too…​ in the cloud. Aft
integration testing

First release of Integration Testing from the Trenches

My job as a software architect is to make sure the builds I provide have the best possible quality, and more specifically internal quality. While Unit Testing sure helps creating less regressions, relying only on it is akin to testing a car by testing its nuts and bolts. Integration Testing is about getting the car on a circuit. Last week, I finally released the fist version of Integration Testing from the Trenches.
bean context spring

The right bean at the right place

Among the different customers I worked for, I noticed a widespread misunderstanding regarding the use of Spring contexts in Spring MVC. Basically, you have contexts, in a parent-child relationship: The main context is where service beans are hosted. By convention, it is spawned from the /WEB-INF/applicationContext.xml file but this location can be changed by using the contextConfigLocation context parameter. Alternatively, one can use the AbstractAnnotationConfigDispatcherServletInitializer an
collections

Back to basics: encapsulating collections

Younger, I learned there were 3 properties of the Object-Oriented paradigm: EncapsulationInheritancePolymorphism In Java, encapsulation is implemented through usage of private attributes with accessors methods commonly known as getters and setters. Whether this is proper encapsulation is subject to debate and is outside the scope of this article. However, using this method to attain encapsulation when the attribute is a collection (of types java.util.Collection, java.util.Map and their subtypes
design exception

A single simple rule for easier Exception hierarchy design

Each new project usually requires setting up an Exception hierarchy, usually always the same. I will not go into details whether we should extend RuntimeException or directly Exception, or whether the hierarchy roots should be FunctionalException/TechnicalException or TransientException/PersistentException. Those will be rants for another time as my current problem is completely unrelated. The situation is the following: when something bad happens deep in the call layer (i.e. an authenticatio