Uncategorized on Sven Ruppert

Signal via SSE, data via REST – a Vaadin demonstration in Core Java

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 03 Sep 2025 13:05:56 +0000

1. Introduction
#

1.1 Motivation: Event-driven updating without polling
#

In classic web applications, the pull principle still dominates: Clients repeatedly make requests to the server to detect changes. This polling is simple, but it leads to unnecessary load on the server and network side, especially if the data stock changes only sporadically. Server-Sent Events (SSE) is a standardised procedure that allows the server to signal changes to connected clients actively. This avoids unnecessary requests, while updates reach the interface promptly.

Connecting REST Services with Vaadin Flow in Core Java

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 24 Jun 2025 09:39:25 +0000

1. Introduction
#

Why REST integration in Vaadin applications should not be an afterthought
#

In modern web applications, communication with external services is no longer a special function, but an integral part of a service-oriented architecture. Even if Vaadin Flow, as a UI framework, relies on server-side Java logic to achieve a high degree of coherence between view and data models, the need to communicate with systems outside the application quickly arises. These can be simple public APIs—for example, for displaying weather data or currency conversions—as well as internal company services, such as license verification, user management, or connecting to a central ERP system.

Short links, clear architecture – A URL shortener in Core Java

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 10 Jun 2025 22:43:22 +0000

A URL shortener seems harmless – but if implemented incorrectly, it opens the door to phishing, enumeration, and data leakage. In this first part, I’ll explore the theoretical and security-relevant fundamentals of a URL shortener in Java – without any frameworks, but with a focus on entropy, collision tolerance, rate limiting, validity logic, and digital responsibility. The second part covers the complete implementation: modular, transparent, and as secure as possible.

If hashCode() lies and equals() is helpless

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 06 Jun 2025 20:53:34 +0000

A deep look into Java’s HashMap traps – visually demonstrated with Vaadin Flow.

The silent danger in the standard library
#

The use of HashMap and HashSet is a common practice in everyday Java development. These data structures offer excellent performance for lookup and insert operations, as long as their fundamental assumptions are met. One of them is hashCode() of a key remains stable. But what if that’s not the case?

Creating a simple file upload/download application with Vaadin Flow

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 20 May 2025 17:34:15 +0000

Vaadin Flow is a robust framework for building modern web applications in Java, where all UI logic is implemented on the server side. In this blog post, we’ll make a simple file management application step by step that allows users to upload files, save them to the server, and download them again when needed. This is a great way to demonstrate how to build protection against CWE-22, CWE-377, and CWE-778 step by step.

Java Cryptography Architecture (JCA) - An Overview

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 03 Apr 2025 12:22:30 +0000

The Java Cryptography Architecture (JCA) is an essential framework within the Java platform that provides developers with a flexible and extensible interface for cryptographic operations. It is a central component of the Java Security API and enables platform-independent implementation of security-critical functions.

TornadoVM - Boosting the Concurrency

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 23 Nov 2024 19:40:08 +0000

TornadoVM is an open-source framework that extends the Java Virtual Machine (JVM) to support hardware accelerators such as Graphics Processing Units (GPUs), Field-Programmable Gate Arrays (FPGAs), and multi-core central processing units (CPUs). This allows developers to accelerate their Java programs on heterogeneous hardware without needing to rewrite their code in low-level languages such as CUDA or OpenCL.

Cache Poisoning Attacks on Dependency Management Systems like Maven

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 13 Nov 2024 14:15:16 +0000

Cache poisoning on Maven Caches is a specific attack that targets how Maven Caches manages packages and dependencies in a software development process. It’s essential to understand how Maven works before we look at the details of cache poisoning.

What is CWE-1007: Insufficient visual discrimination of homoglyphs for you as a user?

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 04 Nov 2024 12:34:27 +0000

The world of cybersecurity is full of threats, many of which are surprisingly subtle and challenging to detect. One such threat is the problem of so-called homoglyphs. CWE-1007, also known as “Insufficient Visual Distinction of Homoglyphs Presented to User”, is a vulnerability often used by attackers to deceive and compromise your systems or data. In this blog article, you will get a deep insight into CWE-1007, understand its mechanisms, and how to protect yourself from such attacks. We will discuss examples, technical challenges, and best practices that can help you as a developer understand and mitigate this threat.

BLD - a lightweight Java Build Tool

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 26 Sep 2024 17:31:17 +0000

What is a dependency management tool?
#

A dependency management tool is a software system or utility that automates the process of identifying, retrieving, updating, and maintaining the external libraries or packages (referred to as dependencies) required by a software project. It ensures that all necessary dependencies are included and managed in a standardised way, which helps prevent version conflicts, missing libraries, and manual errors during software development.

Introduction to the Linux Foundation's SLSA project

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 10 Dec 2022 21:56:43 +0000

Supply Chain Security is a hot topic these days. And more and more, we as developers are dealing with this daily. But what does this mean for us, and how is this influencing our job? I want to give an overview of common attacks against the Software Supply Chain from the developer’s view and will introduce the Open Source project SLSA from the Linux Foundation.

Uncategorized on Sven Ruppert

Signal via SSE, data via REST – a Vaadin demonstration in Core Java

1. Introduction #

1.1 Motivation: Event-driven updating without polling #

Connecting REST Services with Vaadin Flow in Core Java

1. Introduction #

Why REST integration in Vaadin applications should not be an afterthought #

Short links, clear architecture – A URL shortener in Core Java

If hashCode() lies and equals() is helpless

The silent danger in the standard library #

Creating a simple file upload/download application with Vaadin Flow

Java Cryptography Architecture (JCA) - An Overview

TornadoVM - Boosting the Concurrency

Cache Poisoning Attacks on Dependency Management Systems like Maven

What is CWE-1007: Insufficient visual discrimination of homoglyphs for you as a user?

BLD - a lightweight Java Build Tool

What is a dependency management tool? #

Introduction to the Linux Foundation's SLSA project

1. Introduction
#

1.1 Motivation: Event-driven updating without polling
#

1. Introduction
#

Why REST integration in Vaadin applications should not be an afterthought
#

The silent danger in the standard library
#

What is a dependency management tool?
#