Isolated unit testing of Java EE and Spring components

When developing modern Spring or Jakarta EE based applications and micro services there is a need for fine-granular component testing. I.e. you do not want to test your code in a full-blown environment only, because such tests will be slow.

Instead, you might want to write tests at the component level using a mixture of mocked dependencies and real assets like the (in-memory) database.

needle4k is a Kotlin-based relaunch and upgrade of the well-known needle4j framework. It may be used with any JVM-based language and allows to develop modular tests with minimal effort.

Continue reading

What Perfect Forward Secrecy means

Let’s say you had an encrypted conversation with Bob yesterday. Today Bob accidentally posts his secret key on the internet. You still want your conversation to be private, right? So what can you do? You can use a cryptographic protocol with perfect forward secrecy (PFS). That will protect you against similar blunders by your conversation partners and even your own blunders of this type. Sounds pretty desirable, right?

Since the Snowden leaks, we know for sure that a variety of state run intelligence services record your communication – some of them with the explicit intent to decrypt it later when possible. And with many protocols you just need to break one key to be able to decipher many messages. PFS also protects against that: you usually need to break every single message individually.

So both blunder, as well as outright malice, pose a sizeable threat, which therefore we need to consider when designing our threat models.

Continue reading

Untyped Typescript or Error Prone Covariance

Some time ago I wrote this short article about co- and controvariance in Kotlin and how these features help the developer to write less error prone code. When I talked with some colleagues about TypeScript, I recognized that, despite some experiences I made with small pet projects, I do no know about type variance in TypeScript. Thus, I decided to take a look and was surprised. TypeScript is not that well-typed as I thought…

Continue reading

Enhancing Hibernate’s metadata model

Hibernate internally uses an abstract metadata model to validate the data model defined by the declared entities. The framework also offers entry points to enhance this metadata model with custom code.

In this article we show how to extend the generated metadata model using annotations. Our example is to implement a convenient way to define common table prefixes for subclasses of a “@MappedSuperclass” entity.

Continue reading

Creating “inherited” indexes with JPA/Hibernate

For optimal performance developers often define database indexes in the JPA data model classes. While this is relatively easy at entity class level, it becomes quite cumbersome if you your model consists of a deeply nested inheritance hierarchy using “mapped” super classes. I.e., there is no direct way that indexes defined for super classes will be added to entities automatically. Instead you have to repeat them every time.

In this article we show how to to circumvent this problem using Hibernate’s MetadataBuilderImplementor SPI.

Continue reading

Creating coherent Networks for docker development

Docker is a great tool for developing micro services that may be composed together in order to form a larger application. However, Docker containers run in a network apart from the host machine. That makes it sometimes cumbersome and complicated to use common host names within the Docker network and the host network. In this article we’ll show a simple knack that may be applied in order to use identical host names in both networks.

Continue reading