Java Web Weekly, Issue 140 – Java网络周刊》第140期

最后修改: 2016年 9月 1日

中文/混合/英文(键盘快捷键:t)

At the very beginning of last year, I decided to track my reading habits and share the best stuff here, on Baeldung. Haven’t missed a review since.

去年年初,我决定跟踪我的阅读习惯,并在这里分享最好的东西,在Baeldung上。从那时起,我没有错过任何一篇评论。

Here we go…

我们来了……

1. Spring and Java

1.Spring和Java

>> Building Spring Cloud Microservices That Strangle Legacy Systems [kennybastani.com]

I still have a lot to go through here, but this is definitely a fantastic practical application of the strangler application pattern that I personally enjoy so much.

我在这里还有很多东西要看,但这绝对是我个人非常喜欢的绞肉机应用模式的一个奇妙的实际应用。

This pattern offers such a clear, sensible counter-balance to the unfortunate idea of the Big Rewrite, so this writeup is especially interesting.

这种模式为 “大改写 “这一不幸的想法提供了如此清晰、合理的平衡,所以这篇报道特别有意思。

>> Check your Spring Security SAML config – XXE security issue [spring.io]

A vulnerability found in sample code, clearly and transparently communicated to the community in case there are implementations out there that copy-pasted the sample.

在样本代码中发现的漏洞,清楚透明地通报给社区,以防有复制样本的实现。

This is why I like the Spring ecosystem.

这就是为什么我喜欢Spring的生态系统。

>> Replaying Events in An Axon Framework Based Application [geekabyte.blogspot.com]

Replaying the event stream in an Event Sourcing architecture is one of those things that takes a while to sink in.

在事件源架构中重放事件流是那些需要花点时间来沉淀的事情之一。

But once you realize that you can actually do that, yeah – a whole lot of options open up.

但是,一旦你意识到你真的可以做到这一点,是的–一大堆选择打开了

>> Using jOOλ to Combine Several Java 8 Collectors into One [jooq.org]

A quick writeup analyzing an code example from the community – and then using jOOλ to make it better (and far cleaner).

一篇快速的文章分析了来自社区的一个代码例子–然后用jOOλ来使它变得更好(而且更干净)。

I definitely like these kinds of in-depth and to the point looks at code that can be improved (especially when they happen to my code). Lots to learn from here.

我绝对喜欢这种深入浅出地看可以改进的代码(尤其是当它们发生在我的代码上时)。从这里可以学到很多东西。

>> JUnit Cheat Sheet [zeroturnaround.com]

A practical and no-fluff writeup covering and distilling the main take-aways in JUnit 5.

一篇实用且不浮夸的文章,涵盖并提炼了JUnit 5的主要收获

>> Custom test slice with Spring Boot 1.4 [spring.io]

Testing with Spring and Boot is becoming better and better.

使用Spring和Boot进行测试越来越好了。

One good example is the segmentation of the Spring context that’s bootstrapped by the test – I always used to do this manually. This is better.

一个很好的例子是对测试所引导的Spring上下文进行分割–我以前总是手动做这个。这样做会更好。

>> Spring Security OAuth2 – Client Authentication Issue [spring.io]

Very interesting and rare scenario of an OAuth2 vulnerability in Spring Security – where a user has the same username as the clientId of the client. Quick and to the point writeup here.

在Spring Security中出现了非常有趣和罕见的OAuth2漏洞–用户的username与客户端的clientId相同。这里写的是快速且有针对性的内容。

Also worth reading:

还值得一读的是:

Webinars and presentations:

网络研讨会和演讲:

Time to upgrade:

升级的时间:

2. Technical

2.技术

>> Stop Cross-Site Timing Attacks with SameSite cookies [igvita.com]

A very promising new draft, looking to update RFC6265 (the main HTTP State Management RFC) with a new type of cookie.

一个非常有前途的新草案,希望用一种新类型的cookie来更新RFC6265(主要的HTTP状态管理RFC)。

If accepted – this would go a long, long way towards mitigating a slew of CSRF attacks and vulnerabilities.

如果被接受–这将对缓解一系列CSRF攻击和漏洞起到很大很大的作用。

Very exciting proposal, and a great explanation of why we need it in this article.

非常令人振奋的提议,并在这篇文章中对我们为什么需要它做了很好的解释。

>> The Fixing-JSON Conversation [tbray.org]

Definitely interesting points on improving JSON (yeah, you read that right).

关于改进JSON(是的,你没看错),绝对是有趣的观点。

>> A Proposed Recipe for Designing, Building and Testing Microservices [specto.io]

Lots of good nuggets here if you’re doing microservices (well).

如果你正在做微服务(好),这里有很多好的锦囊。

>> How Code Review Saves You Time [daedtech.com]

I think that by now we’re all on the same page with the fact that code reviews are very beneficial. Of course that doesn’t change that it’s not an easy practice to pick up, especially inside an organization that doesn’t have a culture that’s especially open to new ideas.

我想,现在我们都已经认识到,代码审查是非常有益的。当然,这并不能改变它是不容易掌握的做法,特别是在一个没有对新想法特别开放的文化的组织内。

In my experience, metrics help a lot here – when a team has a non-trivial jump in some key metrics, the adoption stops being something that needs to be “accepted” and becomes an decision that’s internal to the team.

根据我的经验,指标在这里有很大的帮助–当一个团队在一些关键指标上有了非同小可的跳跃时,采用就不再是需要被 “接受 “的东西,而是成为团队内部的决定。

>> The Dropbox hack is real [troyhunt.com]

Either these big-time breaches are happening more and more these days, or I’m just noticing them more.

要么是这些大的违规事件最近发生得越来越多,要么是我刚刚注意到它们。

Either way, they happen a lot – so it’s nice to read about a company that actually stores the credentials data intelligently, so that when it does happen, it’s not a huge deal.

无论如何,这种情况经常发生–因此,很高兴读到一个公司真正智能地存储凭证数据,因此,当它发生时,它不是一个大问题。

Also worth reading:

还值得一读的是:

3. Musings

3.思索

>> Some thoughts on the future of test automation [ontestautomation.com]

A good understanding of the testing ecosystem is oh-so valuable, not only when doing actual coding (half of my own coding work is testing), but generally, when releasing work into the hands of clients.

对测试生态系统的良好理解是非常有价值的,不仅是在进行实际编码时(我自己的编码工作有一半是测试),而且一般来说,在将工作发布到客户手中时。

This writeup definitely has some good take-aways.

这篇报道肯定有一些好的启示。

>> Why I Introduced Scala In Our Project [techblog.bozho.net]

I am personally a lot more partial to Clojure than Scala; but, similar to the topic of this article – I’ve been doing some Scala work recently and have come to appreciate some of the nicer aspects of the language.

我个人更偏爱Clojure,而不是Scala;但是,与本文的主题类似,我最近在做一些Scala的工作,并开始欣赏这种语言的一些好的方面。

One thing that’s definitely important to glean from this one is – if you don’t have Scala experience but want to try it out, introduce it on a small, side-module, not in the main codebase of your project.

从中可以看出,有一点肯定是很重要的–如果你没有Scala的经验,但又想尝试一下,在一个小的副模块上引入,而不是在你项目的主代码库中引入。

>> My Realizations about Software Consulting [daedtech.com]

Software consulting is changing, no two ways about it. And, like most other things, really moving forward requires a shift in your mindset rather than an increase in your efficiency or skill. Very interesting read.

软件咨询正在发生变化,这一点毋庸置疑。而且,像大多数其他事情一样,真正向前迈进需要转变你的心态,而不是提高你的效率或技能。非常有趣的阅读。

>> Innovation as a Fringe Activity [lemire.me]

Wall of text? Sure. Good? Yeah.

文字墙?当然,好吗?是的。

Also worth reading:

还值得一读的是:

4. Comics

4.漫画

And my favorite Dilberts of the week:

还有本周我最喜欢的Dilberts。

>> The problem is in the part of your brain that handles intelligence [dilbert.com]

>> This is a magic button … [dilbert.com]

>> My faults are suspiciously alphabetical [dilbert.com]

5. Pick of the Week

5 本周精选

This book has been a long time coming – Vlad has been working on it for over a year.

这本书已经出版了很久–弗拉德已经为它工作了一年多。

It’s finally out and will definitely be the reference book for learning JPA and Hibernate for a number of years to come.

这本书终于出来了,它肯定会成为未来若干年内学习JPA和Hibernate的参考书

So, if you’re doing Hibernate work, definitely pick this one up, not only to read, but to come back to as reference material as you’re actually doing work:

所以,如果你在做Hibernate的工作,一定要拿起这本书,不仅要读,而且要在实际工作中作为参考材料回来看。

>> High Performance Java Persistence [leanpub.com]