my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

Spring Boot Tip: A Simplified Way of Creating ArgumentCaptors with Mockito 5.7.0

Martin Hock recently published this tip on a simplified way of creating Mockito ArgumentCaptors with Spring Boot 3.2.x: 💡 Mockito 5.7.0 (included in Spring Boot 3.2) introduced simplified way for creating argument captors: pic.twitter.com/MEdJ3dlwum— Maciej Walkowiak 🍃 (@maciejwalkowiak) December 13, 2023 Read more

Spring Boot Tip: HTTP Request Logging with CommonsRequestLoggingFilter

Martin Hock recently published this tip on how to enable HTTP "request logging using CommonsRequestLoggingFilter to capture detailed information about incoming request": 🚀 Advanced Spring Tip 🚀HTTP Request Logging with CommonsRequestLoggingFilterEnable request logging using CommonsRequestLoggingFilter to capture detailed information about incoming requests. 🔥https://t.co/Sb1QyJ4GY6#SpringTip #Java— Martin Hock (@mnhocktweets) December 14, 2023 Read more

HTTP Status Codes in a Nutshell

Recently, full-stack developer Parik tweeted this slide from a talk that neatly - if in a somewhat flippant manner - summarises HTTP status codes: https://twitter.com/parik36/status/1521467121720598536 1**: "Hold on!" 2** "Here you go!" 3**: "Go away!" 4**: "You fucked up." 5**: "I fucked up." In other - only slightly more technical - terms, HTTP status codes can be categorised as: 1**: Informational 2** Successful 3**: Redirects 4**: Client errors 5**: Server error Read more

The Richardson Maturity Model for REST APIs

On his website about software design patterns Martin Fowler provides an in-depth explanation of the Richardson Maturity Model for HTTP-based REST APIs by Leonard Richardson. According to that model REST APIs come in 4 levels of sophistication: Level 0, aka the "Everything is a POST request" model for example propagated by SOAP. This is basically tantamount to remote procedure invocation. Level 1 - Resources: Every resource is accessed through its own canonical URL. Level 2 - HTTP Verbs: Verbs such as GET, PUT, PATCH and ... Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication information although they aren't particularly well-suited to ... Read more

HTTP and REST Standards, Protocols and Headers for More Secure and More Robust Applications

Standards.REST is a website that helps you create better, more robust HTTP- and REST-based applications by providing an overview of existing, proven standards that allow you to build on existing solutions rather than re-invent the wheel yourself. The list of standards mentioned includes OAuth 2.0, the HTTP Caching standard and Application-Level Profile Semantics (ALPS), which - among others - is used extensively in Spring Data REST and Spring HATEOAS. On a closely related note, Stefan Judis published an article on HTTP headers ... Read more

Running A Local Angular Development Environment Behind A Spring Cloud Gateway Service

Having multiple microservices running behind a reverse proxy / API gateway in lieu of a single monolithic back-end application is a common pattern these days. With such an architecture it often comes in handy to have an Angular application that serves as a front-end for such a modularised back-end be served from behind a reverse proxy running locally as well in order to treat it is if it were running on the same host and port as the back-end. Not only will ... Read more

Observatory by Mozilla: Security Checkup for Your Websites and Web Apps

Observatory by Mozilla is a security checkup tool for websites and web apps that both assesses your website in terms of HTTP security measures and best practices and also suggests approaches and techniques for further improving security. Observatory's goal is to provide developers with insights as to their applications' security standards as well as to educate developers about HTTP security options such as the Content Security Policy or HTTP Strict Transport Security headers and the respective standards and policies they implement. Observatory is ... Read more

Jeremy Keith About Resilience In Web Applications @ beyond tellerrand 2016

At this year's beyond tellerrand conference in Düsseldorf web developer Jeremy Keith gave a talk on resilience in web applications: Resilience - Jeremy Keith - btconfDUS 2016 from beyond tellerrand on Vimeo. The World Wide Web - or the Internet for that matter - since its inception always was designed as a resilient, fault-tolerant medium. This not just applies in a technical sense but in a social or even political way, too. As John Gilmore is famously quoted: "The Net interprets censorship as ... Read more