my blog. for you.

Reden wir über Digitales.

Ich bin selbständiger IT Berater und Unternehmer in der Internet und Software Branche. Ich beschäftige mich mit Design, Enterprise Applikationen, Web Apps und SaaS Produkten. Ich entwerfe und entwickle Business Lösungen und Anwendungen. Ich helfe Unternehmen in Sachen Software Qualität und Wissenstransfer, z.B. mit Angular und Spring Boot.

Stratospheric – 1.6 Released: AWS CDK Bootstrapping 🏗

Leider ist der Eintrag nur auf English verfügbar.This week, we released version 1.6 of Stratospheric - From Zero to Production with Spring Boot and AWS. The main reason behind this release is that we somehow entirely missed talking about an important topic: Bootstrapping an AWS environment for the AWS CDK. You may have already run into this issue when trying to deploy one of our AWS CDK stacks: Has the environment been bootstrapped? Please run 'cdk bootstrap' We've now added a dedicated section on the ...
3. April 2022 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

Spring Framework RCE Vulnerability With War File Deployments on Tomcat

Leider ist der Eintrag nur auf English verfügbar.Yesterday, an RCE vulnerability in the Spring Framework has been announced: Spring Framework RCE, Early Announcement CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ While, as of now, only WAR deployments of Spring Boot applications running under Apache Tomcat seem to be affected, it is still recommended to upgrade to Spring Boot 2.6.6 as soon as possible, even for Spring-based applications deployed as a JAR, because "the vulnerability is more general, and there may be ...
1. April 2022 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

Christopher Alexander – Patterns in Architecture

Leider ist der Eintrag nur auf English verfügbar.Sadly, a few days ago, seminal architect and design theorist Christopher Alexander passed away. Having coined the term "pattern language" Christopher Alexander is considered the father of the pattern language movement. It is this term we as software engineers - oftentimes quite casually - refer to when we're talking about design patterns. In 1996, Christopher Alexander gave this compelling talk at the 1996 ACM Conference on Object-Oriented Programs, Systems, Languages and Applications (OOPSLA): In this talk, Alexander ...
27. März 2022 by Bjoern in Software
Read more

Performing Effective Code Reviews – A Checklist

Leider ist der Eintrag nur auf English verfügbar.A few years ago, software architect Surender Reddy Gutha compiled a - still quite relevant - Code Review Checklist. All too often, when performing code reviews, we as software engineers tend to focus on minute details such as code formatting rather than the big picture, non-functional requirements, or architecture and security considerations. Perhaps, the problem already originates with the term code review: Rather than reviewing code we are - or should be - reviewing the ...
20. März 2022 by Bjoern in Software
Read more

Documenting REST APIs Provided by Express Applications

Leider ist der Eintrag nur auf English verfügbar.swagger-jsdoc is an NPM library that allows us to generate an OpenAPI specification for REST APIs provided by an Express application. swagger-jsdoc consumes YAML-formatted OpenAPI specification segments within JSDoc comments annotated with the @openapi annotation and turns those into a comprehensive OpenAPI specification for our API. This specification, in turn, can for example be used for automatically having a Swagger UI documentation page created for our REST APIs (using Swagger UI Express, for instance). While annotating Express ...
13. März 2022 by Bjoern in Software, Web Applikation
Read more

endoflife.date – Dataset with End-of-life Dates for Products

Leider ist der Eintrag nur auf English verfügbar.Recently, I came across endoflife.date, which is a quite useful database of product end-of-life dates. While it also includes hardware products (e.g., various iPhone models), its current main focus is software products, in particular those used in (enterprise) software development, such as Java, Spring, or Angular, or infrastructure and runtime environments like Docker or the Apache HTTP Server. A comprehensive, searchable collection of lifetimes for library and framework versions can come in handy when assessing ...
6. März 2022 by Bjoern in Enterprise Software, Software
Read more

Clearing the Spring Security Context During Unit Testing

Leider ist der Eintrag nur auf English verfügbar.Last week I wrote about a minimal Spring Security Context setup for unit testing. I'd like to add just a tiny, yet depending on your use case perhaps quite important, tidbit to that: In case you need to reset a SecurityContext setup, e.g., a mocked user authentication, because, for instance, other test methods from the same unit test class verify behaviour for an unauthenticated application state and hence expect an anonymous user, you can ...
27. Februar 2022 by Bjoern in Enterprise Software, Software
Read more

Minimal Spring Security Context Setup for Unit Testing

Leider ist der Eintrag nur auf English verfügbar.Creating a minimal Spring Security setup for JUnit unit tests can be a tedious as well as somewhat daunting task. With its Authentication, Principal, GrantedAuthority, and UserDetails classes Spring Security is extremely flexible and configurable and probably accommodates pretty much every authentication and authorization use case under the sun. However, in software architecture such flexibility often comes at price, the trade-off in this case being that simple use cases can require more implementation effort than ...
20. Februar 2022 by Bjoern in Enterprise Software, Software
Read more

Optimising Docker Image Sizes: “Self-extracting” Node.js Applications

Leider ist der Eintrag nur auf English verfügbar.As a follow-up on last week's article on tools for inspecting Docker images, and Docker image sizes in particular, today I'd like to introduce another - more custom - approach for reducing the size of Docker images for production deployments. As a means of shaving off an additional 50 MB from the packaged application in question I came up with an idea somewhat reminiscent of the self-extracting archives of yore (of the WinRAR and 7-Zip ...
13. Februar 2022 by Bjoern in Enterprise Software, Software, Web Applikation
Read more

Tools for Inspecting Docker Images

Leider ist der Eintrag nur auf English verfügbar.Recently, I needed to inspect a Docker image in order to optimize its size for distribution and deployment on an ARM-based industrial microcontroller with rather tight bandwidth constraints. Once deployed at customer sites, these controllers typically don't have an Internet connection but still need to be updated occasionally, via the local network in that case. Since there's no guaranteed minimum network speed in this type of environment, yet software updates still have to complete within ...
6. Februar 2022 by Bjoern in Enterprise Software, Software
Read more
« Vorherige SeiteNächste Seite »