my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

New Stratospheric Blog Post on Faster Amazon ECS Container Deployments

This week, we published a new Stratospheric blog post on how we achieved faster Amazon ECS Container deployments. So, if you're running containerized applications on AWS you might want to check this out. While that specific example uses the AWS CDK in its Java incarnation the general ideas and settings are generally applicable and therefore should easily translate to other languages and environments, too. Read more

Stratospheric Online Course: Early-Bird Offer

Earlier his week, we finally released the first iteration of the Stratospheric Online Course - a companion course to our ebook "Stratospheric - From Zero to Production with Spring Boot and AWS"! Having just returned from Spring I/O 2022 in Barcelona - where, incidentally, the authors of Stratospheric met in person for the first time - I can say there are quite a few exciting things in store for Spring Boot and Spring in the near future, particularly when it comes to ... Read more

New Java Features From Java 8 to Java 17: A Comprehensive Overview (Including Examples)

This useful article on Java Features from Java 8 to Java 17 (published on Reflectoring) provides a comprehensive overview of Java language features for each of the major Java versions that have ben released since 2014. Such a list comes in handy not only when dealing with different Java versions for different applications or projects but, especially due to the examples provided, can also serve as a conducive starting point for (re-)familiarising oneself with the features added to the core language with ... Read more

Stratospheric – 1.6 Released: AWS CDK Bootstrapping 🏗

This week, we released version 1.6 of Stratospheric - From Zero to Production with Spring Boot and AWS. The main reason behind this release is that we somehow entirely missed talking about an important topic: Bootstrapping an AWS environment for the AWS CDK. You may have already run into this issue when trying to deploy one of our AWS CDK stacks: Has the environment been bootstrapped? Please run 'cdk bootstrap' We've now added a dedicated section on the AWS environment bootstrapping and explained the why ... Read more

Spring Framework RCE Vulnerability With War File Deployments on Tomcat

Yesterday, an RCE vulnerability in the Spring Framework has been announced: Spring Framework RCE, Early Announcement CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ While, as of now, only WAR deployments of Spring Boot applications running under Apache Tomcat seem to be affected, it is still recommended to upgrade to Spring Boot 2.6.6 as soon as possible, even for Spring-based applications deployed as a JAR, because "the vulnerability is more general, and there may be other ways to exploit it that have ... Read more

endoflife.date – Dataset with End-of-life Dates for Products

Recently, I came across endoflife.date, which is a quite useful database of product end-of-life dates. While it also includes hardware products (e.g., various iPhone models), its current main focus is software products, in particular those used in (enterprise) software development, such as Java, Spring, or Angular, or infrastructure and runtime environments like Docker or the Apache HTTP Server. A comprehensive, searchable collection of lifetimes for library and framework versions can come in handy when assessing - and potentially improving - the future ... Read more

Clearing the Spring Security Context During Unit Testing

Last week I wrote about a minimal Spring Security Context setup for unit testing. I'd like to add just a tiny, yet depending on your use case perhaps quite important, tidbit to that: In case you need to reset a SecurityContext setup, e.g., a mocked user authentication, because, for instance, other test methods from the same unit test class verify behaviour for an unauthenticated application state and hence expect an anonymous user, you can clear the SecurityContext (for example, in your ... Read more

Minimal Spring Security Context Setup for Unit Testing

Creating a minimal Spring Security setup for JUnit unit tests can be a tedious as well as somewhat daunting task. With its Authentication, Principal, GrantedAuthority, and UserDetails classes Spring Security is extremely flexible and configurable and probably accommodates pretty much every authentication and authorization use case under the sun. However, in software architecture such flexibility often comes at price, the trade-off in this case being that simple use cases can require more implementation effort than one would expect. One such use case ... Read more

Optimising Docker Image Sizes: “Self-extracting” Node.js Applications

As a follow-up on last week's article on tools for inspecting Docker images, and Docker image sizes in particular, today I'd like to introduce another - more custom - approach for reducing the size of Docker images for production deployments. As a means of shaving off an additional 50 MB from the packaged application in question I came up with an idea somewhat reminiscent of the self-extracting archives of yore (of the WinRAR and 7-Zip flavours, for instance) for reducing the size ... Read more

Tools for Inspecting Docker Images

Recently, I needed to inspect a Docker image in order to optimize its size for distribution and deployment on an ARM-based industrial microcontroller with rather tight bandwidth constraints. Once deployed at customer sites, these controllers typically don't have an Internet connection but still need to be updated occasionally, via the local network in that case. Since there's no guaranteed minimum network speed in this type of environment, yet software updates still have to complete within a relatively short period of time, optimizing ... Read more
Next Page »