my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

New Java Features From Java 8 to Java 17: A Comprehensive Overview (Including Examples)

This useful article on Java Features from Java 8 to Java 17 (published on Reflectoring) provides a comprehensive overview of Java language features for each of the major Java versions that have ben released since 2014. Such a list comes in handy not only when dealing with different Java versions for different applications or projects but, especially due to the examples provided, can also serve as a conducive starting point for (re-)familiarising oneself with the features added to the core language with ... Read more

Performing Effective Code Reviews – A Checklist

A few years ago, software architect Surender Reddy Gutha compiled a - still quite relevant - Code Review Checklist. All too often, when performing code reviews, we as software engineers tend to focus on minute details such as code formatting rather than the big picture, non-functional requirements, or architecture and security considerations. Perhaps, the problem already originates with the term code review: Rather than reviewing code we are - or should be - reviewing the resulting software and the impact code changes ... Read more

Documenting REST APIs Provided by Express Applications

swagger-jsdoc is an NPM library that allows us to generate an OpenAPI specification for REST APIs provided by an Express application. swagger-jsdoc consumes YAML-formatted OpenAPI specification segments within JSDoc comments annotated with the @openapi annotation and turns those into a comprehensive OpenAPI specification for our API. This specification, in turn, can for example be used for automatically having a Swagger UI documentation page created for our REST APIs (using Swagger UI Express, for instance). While annotating Express routes with syntactically and semantically correct OpenAPI ... Read more

Clearing the Spring Security Context During Unit Testing

Last week I wrote about a minimal Spring Security Context setup for unit testing. I'd like to add just a tiny, yet depending on your use case perhaps quite important, tidbit to that: In case you need to reset a SecurityContext setup, e.g., a mocked user authentication, because, for instance, other test methods from the same unit test class verify behaviour for an unauthenticated application state and hence expect an anonymous user, you can clear the SecurityContext (for example, in your ... Read more

Minimal Spring Security Context Setup for Unit Testing

Creating a minimal Spring Security setup for JUnit unit tests can be a tedious as well as somewhat daunting task. With its Authentication, Principal, GrantedAuthority, and UserDetails classes Spring Security is extremely flexible and configurable and probably accommodates pretty much every authentication and authorization use case under the sun. However, in software architecture such flexibility often comes at price, the trade-off in this case being that simple use cases can require more implementation effort than one would expect. One such use case ... Read more

Optimising Docker Image Sizes: “Self-extracting” Node.js Applications

As a follow-up on last week's article on tools for inspecting Docker images, and Docker image sizes in particular, today I'd like to introduce another - more custom - approach for reducing the size of Docker images for production deployments. As a means of shaving off an additional 50 MB from the packaged application in question I came up with an idea somewhat reminiscent of the self-extracting archives of yore (of the WinRAR and 7-Zip flavours, for instance) for reducing the size ... Read more

Tools for Inspecting Docker Images

Recently, I needed to inspect a Docker image in order to optimize its size for distribution and deployment on an ARM-based industrial microcontroller with rather tight bandwidth constraints. Once deployed at customer sites, these controllers typically don't have an Internet connection but still need to be updated occasionally, via the local network in that case. Since there's no guaranteed minimum network speed in this type of environment, yet software updates still have to complete within a relatively short period of time, optimizing ... Read more

A Concise Overview of Java’s Instant, LocalDateTime, ZonedDateTime and When to Use Which

The authoritative answer to a question on Stack Overflow on the difference between Instant and LocalDateTime covers various classes from the Java 8 Date/Time API and how those are actually meant to be used. Names such as LocalDateTime can be misleading in that they suggest a specific locale or locality rather than any locality (as that name is intended). This, in turn, can give rise to problems with inaccurate date and time values if timezones or even just daylight saving time have ... Read more

Keeping a Record of Software Architecture Decisions

The need for asynchronous communication in organisations has become particularly obvious since 2020, when remote work and distributed work environments rapidly became the default setting for knowledge workers. Asynchronous communication essentially means that instead of exclusively communicating objectives, goals and the way by which to achieve them in-person (i.e. synchronously with everyone involved present at the same time - whether on-site or in a virtual space such as Slack or Zoom) we try and keep a digital record of decisions, the decision ... Read more

Blogumentation Revisited

Some time ago I wrote about a process called "blogumentation": Derived from the insight that arguably the best way to learn something and to internalise knowledge is to write about it and to try and explain that knowledge to others, blogumentation essentially means writing about a subject matter (e.g. a solution to a particular programming problem or a new practice you've just learned about) that you consider worth documenting and publishing the result. It means that instead of documenting something just for ... Read more
Next Page »