A Java geek

Sep 7, 2014

The best there is at what it does

Before anything else, please check the reference to the title if you didn’t get it. This week, Vaadin released its version 7.3 with the new easily configurable Valo theme. I just had to blog about this on my other blog, morevaadin.com, which uses Jekyll as static-site generation engine. The problem I had to tackle is that not only did I not use Jekyll since 5 months, my laptop had been remastered and I had to re-install the software. Now, with the help of my friend Google, I managed to

Aug 31, 2014 design exception spring

Using exceptions when designing an API

Many knows the tradeoff of using exceptions while designing an application: On one hand, using try-catch block nicely segregates between regular code and exception handling codeOn the other hand, using exceptions has a definite performance cost for the JVM Every time I’ve been facing this quandary, I’ve ruled in favor of the former, because 'premature optimization is evil'. However, this week has proved me that exception handling in designing an API is a very serious decision. I&#

Aug 17, 2014

Past, present and future

Dear readers, This week won’t be a detailed technical article: last week’s was the 250th post on this blog, time for a little introspection, and thinking about the past and future. Speaking about the past, my first post was written on this blog on April 7th 2008 - more than 6 years ago, to announce I had successfully passed the Sun Certified Java Developer 5 :-) At that time, I didn’t really know what a blog was for, I just wanted to have one and I used it sometimes like Twitt

Aug 10, 2014 JSTL security Spring MVC

Sanitizing webapp outputs as an an afterthought

For sure, software security should be part of every developer’s requirements: they should be explained and detailed before development. Unfortunately, it happens in real life that this is not always the case. Alternatively, even when it is, developers make mistakes and/or have to make with tight (read impossible) plannings. In the absence of security checks automated tools, sooner or later, an issue will appear. I’ve been thinking about a way to sanitize the output of a large-scale

Aug 3, 2014 owasp spring security

Session Fixation and how to fix it

These last few weeks, I’ve been tasked to fix a number of security holes in our software. Since I’m not a security expert, I’ve been extremely interested in this, and have learned quite a few things. Among them is the Session Fixation attack. The context is an online Java application. One part is avalailable through simple HTTP, where you can do simple browsing; when you enter credentials and successfully log in, you’re switched to HTTPS. This is a very common setup fou

Jul 27, 2014 integration testing spring

Spring configuration modularization for Integration Testing

Object-Oriented Programming advocates for modularization in order to build small and reusable components. There are however other reasons for this. In the case of the Spring framework, modularization enables Integration Testing, the ability to test the system or parts of it, including assembly configuration. Why is it so important to test the system assembled with the final configuration? Let’s take a simple example, the making of a car. Unit Testing the car would be akin to testing every

Jul 20, 2014 security

Choosing a password manager

I’ve been thinking about having a more secure password management since ages. At first, my only concern was to share my bookmarks and history between my different computers (at that time, phones were conveniently left out of my scope). Since Firefox was my browser of choice, I decided to go for Foxmarks (now called XMarks and available for more browsers). However, it soon became apparent that my natural lazyness came back and I synchronized my passwords too… in the cloud. Aft

Jul 6, 2014 maven spring

Easier Spring version management

Earlier on, Spring migrated from a monolithic approach - the whole framework, to a modular one - bean, context, test, etc. so that one could decide to use only the required modules. This modularity came at a cost, however: in the Maven build configuration (or the Gradle one for that matter), one had to specify the version for each used module.

Jun 29, 2014 integration testing

First release of Integration Testing from the Trenches

My job as a software architect is to make sure the builds I provide have the best possible quality, and more specifically internal quality. While Unit Testing sure helps creating less regressions, relying only on it is akin to testing a car by testing its nuts and bolts. Integration Testing is about getting the car on a circuit. Last week, I finally released the fist version of Integration Testing from the Trenches.

Jun 22, 2014 bean context spring

The right bean at the right place

Among the different customers I worked for, I noticed a widespread misunderstanding regarding the use of Spring contexts in Spring MVC. Basically, you have contexts, in a parent-child relationship: The main context is where service beans are hosted. By convention, it is spawned from the /WEB-INF/applicationContext.xml file but this location can be changed by using the contextConfigLocation context parameter. Alternatively, one can use the AbstractAnnotationConfigDispatcherServletInitializer an