JPA Pitfalls – a Series of Serious JPA Obstacles

Most of our Java-based web-applications store their data in a relational database such as Oracle, PostgreSQL, MySQL, MariaDB or MS SQLServer. The standard way to access and modify the data is using an object-relational mapping as specified by the Java Persistence API (JPA). Over the years JPA has become a mature specification and there are a couple of JPA implementations with strong support such as Hibernate, EclipseLink, OpenJPA and DataNucleus. However, day-to-day project experience demonstrates there are number of pitfalls you might run into when using JPA.

pitfall

To avoid stumbling into the same pitfall again and again, we collected them with their solutions and presented these pairs of problems and solutions. This is a start of a series of blog articles each describing a pitfall and a way to circumvent it.

Continue reading

Java Optional and Kotlin Nullable

We are using Kotlin and Spring Boot in one of our projects. This includes Spring Boot Jpa Repositories. We are using a CrudRepository that provides basic functionalities like save(), delete(), findById() etc. This library is written in Java, hence method signatures look like this:

Optional<T> findById(ID var1); 

Using this API out of the box would force us to deal with cumbersome Java Optionals. Since we are implementing in Kotlin we would like to use Kotlin Nullables instead and as it turned out we can achieve this very easily.

Continue reading

commons-fileupload 1.3.3 resolves deserialisation vulnerability CVE-2016-1000031

CVE-2016-1000031 is a vulnerabilty in the extremely widely used Apache Commons library commons-fileupload – you might not even know you’re having it on your class path. It has a very nasty Remote Code Execution vulnerability with easy to use exploits publicly available up to version 1.3.2. What makes it even worse is that you do not even need to use the library – you only need to have it on your class path and to deserialise some data. The data is the attack vector. You can find a good in detail explanation of the vulnerability here.

It did take a while but with version 1.3.3 this vulnerability is finally closed (by default).

There is some stuff that you should know about the fix though:

Continue reading

Integration of JBake in Maven – Static Websites

JBake is a “Java based, open source, static site generator” (http://jbake.org/, on github https://github.com/jbake-org/jbake). It is a great choice if you want to create static HTML websites. No slow loading of dynamic content anymore. Additionally, if a site is created on load by JavaScript, issues with indexing and search engine optimization/SEO might occur. This is not a problem with static sites. At the same time different template engines like FreeMarker (http://freemarker.org/) help you modularize the website. You only have to define menu and footer once and they will be inserted automatically.

JBake was perfect for us to create a microsite with 15 different pages and lots of reappearing elements. We integrated JBake into Maven to create a comfortable release process. To do this we used the plug-in jbake-maven-plugin (https://github.com/ingenieux/jbake-maven-plugin). This sample project shows the fundamental integration: https://github.com/ingenieux/jbake-sample.

Continue reading