2023 Free / Open Source Software Accomplishments

I find it hard to believe, but it is true: another year has wrapped up. With the conclusion of 2023, I’m looking back at some of my free and open-source software accomplishments over those 12 months. My contributions are, once again, all over the place: different languages, industries, technology stacks, and architectural layers. I made … Continue reading 2023 Free / Open Source Software Accomplishments →

Improving the Reproducibility of Spring Boot’s Docker Image Builder

Reproducible builds are big wins for security, maintainability, and sanity. If you don’t like it when nothing has changed, yet your build suddenly breaks or doesn’t produce the same output, then improving reproducibility is for you. By default, Spring Boot’s Docker/OCI image building solutions, bootBuildImage (in Gradle) and spring-boot:build-image (in Maven), do not operate reproducibly. … Continue reading Improving the Reproducibility of Spring Boot’s Docker Image Builder →

Identifying, Reporting, and Fixing CVE-2021-22119: DoS Vulnerability in Spring Security OAuth 2.0

In March 2021, I observed troubling behavior in multiple applications I supported that are built using Spring Boot: they would occasionally stop responding. Eventually, I tracked down the root cause to a DoS (Denial of Service) vulnerability in Spring Security OAuth 2.0: a simple shell script could take down any affected web application. Respecting the … Continue reading Identifying, Reporting, and Fixing CVE-2021-22119: DoS Vulnerability in Spring Security OAuth 2.0 →

Cypress Testing Integrated with Gradle and Spring Boot

Cypress is a great testing framework for “anything that runs in a browser” allowing for clean, maintainable end to end tests. However, these tests can difficult and annoying to for developers to run, especially those who aren’t front end specialists. The following covers getting existing Cypress tests integrated and easily running within the Gradle-based build … Continue reading Cypress Testing Integrated with Gradle and Spring Boot →

Fixing a Bug in Java

I discovered a bug in how Java handles file paths on Windows that has existed for 22 years. I reported the bug, JDK-8262277, then I submitted a pull request fixing the bug which got accepted. I also submitted pull requests to Spring (which were accepted for version 5.3.5) working around the bug so users of … Continue reading Fixing a Bug in Java →

Lighthouse Performance Testing

Lighthouse is a great way to establish a build-measure-learn feedback loop resulting in continuous value creation by testing ideas in the areas of SEO, performance, accessibility, and more. In this article, I’ll cover what Lighthouse is and how to add it a project with examples covering pure Javascript (node) projects and Gradle projects (with any … Continue reading Lighthouse Performance Testing →

java-httpclient-webclient-spring-boot-starter: Powering Spring’s WebClient with Java 11’s HttpClient

java-httpclient-webclient-spring-boot-starter is a library that I created to provide a quick and easy way to use Java 11’s HttpClient as Spring’s WebClient’s client HTTP connector. If you’re using Spring Boot 2.3 or later, it’s worth checking out.

Reproducible Builds in Java

Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code. https://reproducible-builds.org/ Reproducible builds are important and provide benefits in many areas, including: Security. Because the same input source code always provides the same output binary artifact, you know that no attacker modified the toolchain to inject vulnerabilities … Continue reading Reproducible Builds in Java →

Version Controlling Database Schemas and Data with Liquibase

Version controlling database schemas facilitates repeatable deployments and consistent environments. The alternative is have a human manually perform database modifications; since humans are human, we tend to make mistakes especially when performing repetitive tasks, and our time is also very expensive compared to that of machines, so automating database schema changes is superior approach. More … Continue reading Version Controlling Database Schemas and Data with Liquibase →

Change the Spring Session JDBC Serialization Method to Improve Performance

Spring Session JDBC is a great way to allow an application to be stateless. By storing the session in the database, a request can be routed to any application server. This approach provides significant advantages such as automatic horizontal scaling, seamless failover, and no need for session affinity. By using JDBC, the database the application … Continue reading Change the Spring Session JDBC Serialization Method to Improve Performance →