Java Web Weekly, Issue 140 – Java网络周刊》第140期

最后修改: 2016年 9月 1日


At the very beginning of last year, I decided to track my reading habits and share the best stuff here, on Baeldung. Haven’t missed a review since.


Here we go…


1. Spring and Java


>> Building Spring Cloud Microservices That Strangle Legacy Systems []

I still have a lot to go through here, but this is definitely a fantastic practical application of the strangler application pattern that I personally enjoy so much.


This pattern offers such a clear, sensible counter-balance to the unfortunate idea of the Big Rewrite, so this writeup is especially interesting.

这种模式为 “大改写 “这一不幸的想法提供了如此清晰、合理的平衡,所以这篇报道特别有意思。

>> Check your Spring Security SAML config – XXE security issue []

A vulnerability found in sample code, clearly and transparently communicated to the community in case there are implementations out there that copy-pasted the sample.


This is why I like the Spring ecosystem.


>> Replaying Events in An Axon Framework Based Application []

Replaying the event stream in an Event Sourcing architecture is one of those things that takes a while to sink in.


But once you realize that you can actually do that, yeah – a whole lot of options open up.


>> Using jOOλ to Combine Several Java 8 Collectors into One []

A quick writeup analyzing an code example from the community – and then using jOOλ to make it better (and far cleaner).


I definitely like these kinds of in-depth and to the point looks at code that can be improved (especially when they happen to my code). Lots to learn from here.


>> JUnit Cheat Sheet []

A practical and no-fluff writeup covering and distilling the main take-aways in JUnit 5.

一篇实用且不浮夸的文章,涵盖并提炼了JUnit 5的主要收获

>> Custom test slice with Spring Boot 1.4 []

Testing with Spring and Boot is becoming better and better.


One good example is the segmentation of the Spring context that’s bootstrapped by the test – I always used to do this manually. This is better.


>> Spring Security OAuth2 – Client Authentication Issue []

Very interesting and rare scenario of an OAuth2 vulnerability in Spring Security – where a user has the same username as the clientId of the client. Quick and to the point writeup here.

在Spring Security中出现了非常有趣和罕见的OAuth2漏洞–用户的username与客户端的clientId相同。这里写的是快速且有针对性的内容。

Also worth reading:


Webinars and presentations:


Time to upgrade:


2. Technical


>> Stop Cross-Site Timing Attacks with SameSite cookies []

A very promising new draft, looking to update RFC6265 (the main HTTP State Management RFC) with a new type of cookie.


If accepted – this would go a long, long way towards mitigating a slew of CSRF attacks and vulnerabilities.


Very exciting proposal, and a great explanation of why we need it in this article.


>> The Fixing-JSON Conversation []

Definitely interesting points on improving JSON (yeah, you read that right).


>> A Proposed Recipe for Designing, Building and Testing Microservices []

Lots of good nuggets here if you’re doing microservices (well).


>> How Code Review Saves You Time []

I think that by now we’re all on the same page with the fact that code reviews are very beneficial. Of course that doesn’t change that it’s not an easy practice to pick up, especially inside an organization that doesn’t have a culture that’s especially open to new ideas.


In my experience, metrics help a lot here – when a team has a non-trivial jump in some key metrics, the adoption stops being something that needs to be “accepted” and becomes an decision that’s internal to the team.

根据我的经验,指标在这里有很大的帮助–当一个团队在一些关键指标上有了非同小可的跳跃时,采用就不再是需要被 “接受 “的东西,而是成为团队内部的决定。

>> The Dropbox hack is real []

Either these big-time breaches are happening more and more these days, or I’m just noticing them more.


Either way, they happen a lot – so it’s nice to read about a company that actually stores the credentials data intelligently, so that when it does happen, it’s not a huge deal.


Also worth reading:


3. Musings


>> Some thoughts on the future of test automation []

A good understanding of the testing ecosystem is oh-so valuable, not only when doing actual coding (half of my own coding work is testing), but generally, when releasing work into the hands of clients.


This writeup definitely has some good take-aways.


>> Why I Introduced Scala In Our Project []

I am personally a lot more partial to Clojure than Scala; but, similar to the topic of this article – I’ve been doing some Scala work recently and have come to appreciate some of the nicer aspects of the language.


One thing that’s definitely important to glean from this one is – if you don’t have Scala experience but want to try it out, introduce it on a small, side-module, not in the main codebase of your project.


>> My Realizations about Software Consulting []

Software consulting is changing, no two ways about it. And, like most other things, really moving forward requires a shift in your mindset rather than an increase in your efficiency or skill. Very interesting read.


>> Innovation as a Fringe Activity []

Wall of text? Sure. Good? Yeah.


Also worth reading:


4. Comics


And my favorite Dilberts of the week:


>> The problem is in the part of your brain that handles intelligence []

>> This is a magic button … []

>> My faults are suspiciously alphabetical []

5. Pick of the Week

5 本周精选

This book has been a long time coming – Vlad has been working on it for over a year.


It’s finally out and will definitely be the reference book for learning JPA and Hibernate for a number of years to come.


So, if you’re doing Hibernate work, definitely pick this one up, not only to read, but to come back to as reference material as you’re actually doing work:


>> High Performance Java Persistence []