my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

Self-Publishing a Book With (Almost) Complete Strangers: A Recap of Our Writing Process for Stratospheric

This week, Philip Riecks - one of the co-authors with whom I wrote Stratospheric - From Zero to Production with Spring Boot and AWS - published this article about our writing process for that ebook on his new blog about subjects such as freelancing, motivation, indie hacking, or productivity: Self-Publishing a Book With (Almost) Complete Strangers This highly detailed documentation of our writing process not only describes how we went about writing, publishing, and marketing Stratospheric but also gives a slew of suggestions, ... Read more

Stratospheric – 1.6 Released: AWS CDK Bootstrapping 🏗

This week, we released version 1.6 of Stratospheric - From Zero to Production with Spring Boot and AWS. The main reason behind this release is that we somehow entirely missed talking about an important topic: Bootstrapping an AWS environment for the AWS CDK. You may have already run into this issue when trying to deploy one of our AWS CDK stacks: Has the environment been bootstrapped? Please run 'cdk bootstrap' We've now added a dedicated section on the AWS environment bootstrapping and explained the why ... Read more

Spring Framework RCE Vulnerability With War File Deployments on Tomcat

Yesterday, an RCE vulnerability in the Spring Framework has been announced: Spring Framework RCE, Early Announcement CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ While, as of now, only WAR deployments of Spring Boot applications running under Apache Tomcat seem to be affected, it is still recommended to upgrade to Spring Boot 2.6.6 as soon as possible, even for Spring-based applications deployed as a JAR, because "the vulnerability is more general, and there may be other ways to exploit it that have ... Read more

Clearing the Spring Security Context During Unit Testing

Last week I wrote about a minimal Spring Security Context setup for unit testing. I'd like to add just a tiny, yet depending on your use case perhaps quite important, tidbit to that: In case you need to reset a SecurityContext setup, e.g., a mocked user authentication, because, for instance, other test methods from the same unit test class verify behaviour for an unauthenticated application state and hence expect an anonymous user, you can clear the SecurityContext (for example, in your ... Read more

Minimal Spring Security Context Setup for Unit Testing

Creating a minimal Spring Security setup for JUnit unit tests can be a tedious as well as somewhat daunting task. With its Authentication, Principal, GrantedAuthority, and UserDetails classes Spring Security is extremely flexible and configurable and probably accommodates pretty much every authentication and authorization use case under the sun. However, in software architecture such flexibility often comes at price, the trade-off in this case being that simple use cases can require more implementation effort than one would expect. One such use case ... Read more

Stratospheric – 1.4 Released: Migration to AWS CDK v2 🏗

On Tuesday this week, we released another update of Stratospheric - From Zero to Production with Spring Boot and AWS, which includes these changes and updates: The AWS CDK (Cloud Development Kit) project, which we use to manage and deploy our AWS infrastructure, moves fast. Last year in December, AWS announced that the CDK v2 is now generally available. As one of our main goals for Stratospheric is to stay up-to-date with the latest tools and frameworks, we took the effort to update ... Read more

Revisiting More Popular Posts: Angular Development Environments & Analysing the Complexity of Angular Apps

Just a few weeks ago, I revisited two of the most popular posts on this blog. Continuing my blog housekeeping efforts, this time around I'd like to point you to two more blog posts that have been quite popular in recent years. If you're working on at least moderately complex Angular applications, these articles might be of interest to you: Running A Local Angular Development Environment Behind A Spring Cloud Gateway Service Analysing the Complexity of Angular Apps Read more

The Recent Log4j2 Vulnerability and How to Address it in Spring Boot Applications

By now, you probably will have heard about the Log4Shell 0-day exploit in Log4j 2 already. Since this is relevant to every Java developer and potentially every Java and hence - by extension - every Spring Boot application out there, I'd like to address this issue and how to mitigate it in Spring Boot applications. When using the default settings without any other dependencies, Spring Boot applications in general won't be vulnerable because Spring Boot uses Logback in its starter dependencies. However, if your ... Read more

Stratospheric – 1.3 Released: 🔒SSL Setup Made Easy

After a minor update last month, which was largely about migrating to Spring Cloud AWS 2.3.2 and various configuration improvements, Tuesday we released a major update of Stratospheric - From Zero to Production with Spring Boot and AWS! Apart from general housekeeping efforts, revision 1.3 of the ebook contains these major improvements: A consistent SSL and (optional) custom domain setup: The previous order in which we introduced various infrastructure components caused problems with duplicate HTTP listeners in our ELB configuration and an SSL ... Read more
Next Page »