Java on Sven Ruppert

A Vaadin Starter Project with a Clear Focus

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 18 Mar 2026 07:05:00 +0000

Many example projects overload the starting point by covering too many topics at once. Routing, data access, security, forms, theme customisations, and other integrations will then be presented in a single demo. This makes it more difficult for readers to recognise the project’s actual structure.

Practical i18n in Vaadin: Resource Bundles, Locale Handling and UI Language Switching

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 11 Mar 2026 07:09:00 +0000

Modern web applications are rarely used only by users with the same language. Even internal tools often reach international teams or are used in different countries. A multilingual user interface is therefore not a luxury feature, but an important part of the user experience.

Separation of Concerns in Vaadin: Eliminating Inline Styles

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 04 Mar 2026 13:05:20 +0000

Vaadin Flow enables the development of complete web applications exclusively in Java. Components, layouts, navigation, and even complex UI structures can be modelled on the server side without working directly with HTML or JavaScript. This approach is one of the main reasons why Vaadin is especially popular in Java-centric projects.

An unexpectedly hassle-free upgrade

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 16 Feb 2026 11:22:56 +0000

The starting point for this article was not a strategic architecture workshop or a long-term planned migration path, but a comparatively unspectacular step: updating the version numbers in the existing project. As part of further developing my URL shortener project, a regular dependency update was due anyway. Vaadin 25 (was already available at that time, so it made sense to proceed.

The Importance of UI in Import Processes

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 09 Feb 2026 15:15:33 +0000

Why an import needs a UI at all
#

Import functions are often treated as purely technical details in applications. Data is read in, processed and then made available – ideally without further interaction. In practice, however, an import is rarely an invisible process. It marks a transition between existing system states, between old and new data, between trust and control. This is exactly where the need for a user interface arises.

JSON export in Vaadin Flow

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 05 Feb 2026 16:50:15 +0000

Export functions are often seen as a purely technical side task: one button, one download, done. In a Vaadin-based application, however, it quickly becomes apparent that exporting is much more than writing data to a file. It is a direct extension of the UI state, an infrastructural contract between frontend and backend, and a decisive factor for maintainability and predictability.

Advent Calendar 2025 - Extracting Components - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 22 Dec 2025 07:05:00 +0000

What has happened so far
#

In the first part, the focus was deliberately on the user interface’s structural realignment. The previously grown, increasingly monolithic OverviewView was analysed and specifically streamlined by outsourcing key functional areas to independent UI components. With the introduction of the BulkActionsBar and the SearchBar, clearly defined building blocks were created, each assuming a specific responsibility and freeing the view from operational details.

Advent Calendar 2025 - Extracting Components - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 21 Dec 2025 07:05:00 +0000

Today marks a crucial step in the evolution of the URL shortener’s user interface. After the focus in the past few days was mainly on functional enhancements – from filter and search functions to bulk operations – this day is dedicated to a structural fine-tuning: the refactoring of central UI components. This refactoring not only serves to clean up the code but also creates a clear, modular basis for future extensions as well as a significantly improved developer experience.

Advent Calendar 2025 - De-/Activate Mappings - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 20 Dec 2025 07:05:00 +0000

What has happened so far?
#

In the first part of this article, the new active/inactive model for shortlinks was introduced and anchored at the architectural level. Based on the technical rationale, it was shown that a pure expiration date is insufficient for modern use cases and that an explicit activity status is required.

Advent Calendar 2025 - De-/Activate Mappings - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 19 Dec 2025 07:05:00 +0000

Why an active/inactive model for shortlinks?
#

For many users – especially those who work in the field of software development – shortlinks are much more than simple URL shorteners. They act as flexible routing mechanisms for campaigns, feature controls, test scenarios, and internal tools. The requirements for transparency, controllability and clean lifecycle management are correspondingly high.

Advent Calendar 2025 - Basic Login Solution - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 18 Dec 2025 07:05:00 +0000

What has happened so far?
#

In the first part of “Basic Login Solution”, the foundation for a deliberately simple yet structurally clean admin login was laid. The starting point was the realisation that even a technically lean URL shortener requires a clear separation between public-facing functions and administrative operations. The goal was not complete user management, but rather a minimal access barrier that integrates seamlessly with the existing Java and Vaadin architectures.

Advent Calendar 2025 - Basic Login Solution - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 17 Dec 2025 07:05:00 +0000

Introduction
#

The administration interface of a URL shortener is a sensitive area where short links can be changed, removed, or assigned expiration dates. Although the system is often operated on an internal server or in a private environment, protecting this management interface remains a fundamental security concern. Accidental access by unauthorised users can not only lead to incorrect forwarding or data loss, but also undermine trust in the overall system.

Advent Calendar 2025 - Mass Grid Operations - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 16 Dec 2025 07:05:00 +0000

What has happened so far…
#

In the previous part, the URL shortener overview was significantly expanded. The starting point was the realisation that the last UI was heavily optimised for single operations and thus quickly reached its limits as soon as larger volumes of shortlinks needed to be managed. To resolve this bottleneck, the grid was consistently switched to multiple selection, creating the technical basis for actual mass operations.

Advent Calendar 2025 - Mass Grid Operations - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 15 Dec 2025 07:05:00 +0000

The next stage of the Advent calendar focuses on further development, which becomes immediately noticeable once more shortlinks are used. The previous interaction patterns in the Overview view were geared toward individual operations and yielded only limited efficiency gains when processing many objects simultaneously. Today, this paradigm is being deliberately broken up and replaced by an interplay of new UI concepts that, for the first time, enable true multi-operation, context-sensitive work, and a much more stringent user interface.

Advent Calendar 2025 - From UI Interactions to a Deterministic Refresh Architecture

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 14 Dec 2025 07:05:00 +0000

After the first part explained the conceptual basics and the new interactions among global search, search scopes, and advanced filters, the second part focuses on the technical mechanisms that enable these interactions. It is only the revised refresh architecture – above all the interaction of safeRefresh() and RefreshGuard – that ensures that the OverviewView remains calm, deterministic and predictable despite numerous potential triggers.

Advent Calendar 2025 - From Simple Search to Expert Mode: Advanced Filters and Synchronised Scopes for Power Users

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 13 Dec 2025 07:05:00 +0000

Since its inception, the URL shortener’s continuous development has focused on two core goals: a robust technical foundation without external frameworks and a modern, productive user interface that is both intuitive and efficient for power users. As part of the current development stage, an essential UI module has been revised – the OverviewView, i.e. the view in which users search, filter and manage all saved shortenings.

Advent Calendar 2025 - Introduction of multiple aliases - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 12 Dec 2025 07:05:00 +0000

Today’s update introduces another practical development step for the URL shortener. After the last few days were dedicated to UI refinement and the better structuring of detailed dialogues and form logic, the focus is now on an aspect that plays a significant role in the everyday life of many users: the flexible management of multiple aliases per target URL.

Advent Calendar 2025 - Introduction of multiple aliases - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 11 Dec 2025 07:05:00 +0000

Introduction: More convenience for users
#

With today’s development milestone for the URL Shortener project, a crucial improvement has been achieved, significantly enhancing the user experience. Up to this point, working with short URLs was functional, but in many ways it was still linear: each destination URL was assigned exactly one alias. This meant users had to create a new short URL for each context or campaign, even when the destination was identical. While this approach was simple, it wasn’t sufficiently flexible to meet real-world application requirements.

Advent Calendar - 2025 - From Grid to Detail: Understanding the User Experience in the Short-URL Manager

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 10 Dec 2025 10:32:12 +0000

The current UI from the user’s point of view
#

On the first call, the user lands in the overview. The site is built on a Vaadin grid, whose header contains a search bar, paging controls, and a small settings button with a gear icon. The most essential flow begins with the table displaying immediately understandable columns: the shortcode as a clearly typographically separated monospace value with copy action, the original URL as a clickable link, a creation time in local format, and an expiration badge that visually communicates semantic states such as “Expired”, “Today” or “in n days” via theme colours. The whole thing is designed for quick viewing and efficient one-handed operation: a click on a data record opens the detailed dialogue if required; a right-click or the context menu offers direct quick actions; and the gear button can be used to show or hide visible columns live.

Advent Calendar - 2025 - ColumnVisibilityDialog - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 09 Dec 2025 09:55:00 +0000

Server-Side Extension: PreferencesHandler and REST Interfaces
#

The server-side extension for dynamic column visibility follows the same design logic as the UI: simplicity, clear accountability, and a precise data flow. While the OverviewView and the ColumnVisibilityDialog form the interface for the interaction, several specialized REST handlers handle the processing and persistence of the user settings. Their job is to process incoming JSON requests, validate them, translate them into domain operations, and return or store the current state.

Advent Calendar - 2025 - ColumnVisibilityDialog - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 08 Dec 2025 22:42:05 +0000

From observer to designer: User control at a glance
#

With the fourth day of the Advent calendar, the perspective on the application changes fundamentally. While in the previous expansion stages users reacted primarily to prepared structures, an element of active design is now being added. The “Overview” has so far been a central mirror of the system state: It showed all saved short links, allowed them to be filtered and provided an in-depth insight into individual objects with the detailed dialog. But the structure and visibility of the columns were immutable up to this point. The user always saw the selection that the developer had defined as meaningful. With the introduction of dynamic column visibility, this state is removed.

Advent Calendar - 2025 - Detail Dialog - Part 2

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 07 Dec 2025 07:05:00 +0000

Client contract from a UI perspective
#

In this project, the user interface not only serves as a graphical layer on top of the backend, but is also part of the overall contract between the user, the client, and the server. This part focuses on the data flow from the UI’s perspective: how inputs are translated into structured requests, how the client forwards them, and what feedback the user interface processes.

Advent Calendar - 2025 - Detail Dialog - Part 1

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 06 Dec 2025 07:05:00 +0000

Classification and objectives from a UI perspective
#

Today’s Advent Calendar Day focuses specifically on the interaction level prepared in the previous parts. While the basic structure of the user interface and the layout were defined at the beginning, and the interactive table view with sorting, filtering and dynamic actions was subsequently established, it is now a matter of making the transition from overview to detailed observation consistent. The user should no longer only see a tabular collection of data points, but should receive a view tailored to the respective object that enables contextual actions.

Advent Calendar - 2025 - Persistence – Part 02

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 05 Dec 2025 07:05:00 +0000

Today, we will finally integrate the StoreIndicator into the UI.

The source code for this version can be found on GitHub athttps://github.com/svenruppert/url-shortener/tree/feature/advent-2025-day-02

Advent Calendar - 2025 - Persistence – Part 01

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 04 Dec 2025 07:05:00 +0000

**Visible change: When the UI shows the memory state

With the end of the last day of the Advent calendar, our URL shortener was fully functional: the admin interface could filter, sort, and display data page by page – performant, cleanly typed, and fully implemented in Core Java. But behind this surface lurked an invisible problem: All data existed only in memory. As soon as the server was restarted, the entire database was lost.

Advent Calendar - 2025 - Filter & Search – Part 02

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 03 Dec 2025 07:05:00 +0000

In the previous part, we looked at the implementation on the server side. This part is now about the illustration on the user page.

The source code for the initial state can be found on GitHub under https://github.com/svenruppert/url-shortener/tree/feature/advent-2025-day-00 .

Advent Calendar - 2025 - Filter & Search – Part 01

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 02 Dec 2025 07:05:00 +0000

With the Vaadin interface described in [Part III], our URL shortener has a fully functional administration console available for the first time. It allows viewing existing short links in tabular form and managing them manually. But after just a few dozen entries, a clear limit becomes apparent: displaying all saved mappings is neither performant nor user-friendly. An efficient shortener must be able to scale – not only when generating, but also when searching through its data.

Introduction to the URL‑Shortener Advent Calendar 2025

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 01 Dec 2025 10:22:35 +0000

December 2025 is all about a project that has grown steadily in recent months: the Java-based URL Shortener, an open-source project implemented entirely with Core Java, Jetty, and Vaadin Flow. The Advent calendar accompanies users every day with a new feature, a technical deep dive, or an architectural improvement – from the basic data structure and REST handlers to UI components and security aspects.

Real-Time in Focus: Server-Sent Events in Core Java without Frameworks

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 05 Sep 2025 08:18:47 +0000

Chapter 1 – Introduction
#

1.1 Motivation: Real-time communication without polling
#

In modern applications, it is often necessary to provide new information to the client as quickly as possible. Classic polling , i.e. regularly querying a REST endpoint, is inefficient: it generates unnecessary network traffic and puts a load on both server and client, as requests continue even when there is no new data.

Core Java - Flow.Processor

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 04 Sep 2025 11:27:00 +0000

Reactive streams address a fundamental problem of modern systems: Producers (sensors, services, user events) deliver data at an unpredictable rate , while consumers (persistence, UI, analytics) can only process data at a limited speed. Without a flow control model , backlogs, storage pressure, and ultimately outages occur.

How and why to use the classic Observer pattern in Vaadin Flow

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 01 Sep 2025 11:32:18 +0000

1. Introduction and motivation
#

The observer pattern is one of the basic design patterns of software development and is traditionally used to decouple state changes and process them. Its origins lie in the development of graphical user interfaces, where a shift in the data model required synchronising several views immediately, without a direct link between these views. This pattern quickly established itself as the standard solution to promote loosely coupled architectures.

Password Security: Why Hashing is Essential

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 29 Aug 2025 14:53:27 +0000

Password security is an often underestimated but critical topic in software development. Databases containing millions of user logins are repeatedly compromised - and shockingly, often, it turns out that passwords have been stored in plain text. This gives attackers direct access to sensitive account data and opens the door to identity theft, account takeovers and other attacks.

What makes Vaadin components special?

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 19 Aug 2025 13:09:52 +0000

From my experience, Vaadin has always stood out from other Java frameworks. Of course, it enables the creation of modern web UIs, but the real difference lies in its component architecture. This is not conceived as a short-term aid, but is consistently designed for maintainability and flexibility. It creates the possibility of running applications stably for many years while still being able to extend them step by step.

Part III - WebUI with Vaadin Flow for the URL Shortener

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 15 Aug 2025 10:46:10 +0000

1. Introduction and objectives
#

The first two parts of this series established the theoretical and practical foundations of a URL shortener in pure Java. We discussed the semantic classification of short URLs, the architecture of a robust mapping system, and the implementation of a REST-based service based on the JDK HTTP server. These efforts resulted in a functional, modularly extensible backend that creates, manages, and efficiently resolves short links. However, a crucial component was missing-a visual interface for direct user interaction with the system. This interface is essential for tasks such as manual link creation, viewing existing mappings, and analysing individual redirects.

Connecting REST Services with Vaadin Flow in Core Java

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 24 Jun 2025 09:39:25 +0000

1. Introduction
#

Why REST integration in Vaadin applications should not be an afterthought
#

In modern web applications, communication with external services is no longer a special function, but an integral part of a service-oriented architecture. Even if Vaadin Flow, as a UI framework, relies on server-side Java logic to achieve a high degree of coherence between view and data models, the need to communicate with systems outside the application quickly arises. These can be simple public APIs—for example, for displaying weather data or currency conversions—as well as internal company services, such as license verification, user management, or connecting to a central ERP system.

Part II - UrlShortener - first Implementation

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 20 Jun 2025 12:36:28 +0000

1. Introduction to implementation
#

1.1 Objectives and differentiation from the architectural part
#

The first part of this series focused on theory: We explained why a URL shortener is not just a convenience tool, but a security-relevant element of digital infrastructure. We discussed models for collision detection, entropy distribution, and forwarding logic, as well as analysed architectural variants – from stateless redirect services to domain-specific validation mechanisms.

Short links, clear architecture – A URL shortener in Core Java

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 10 Jun 2025 22:43:22 +0000

A URL shortener seems harmless – but if implemented incorrectly, it opens the door to phishing, enumeration, and data leakage. In this first part, I’ll explore the theoretical and security-relevant fundamentals of a URL shortener in Java – without any frameworks, but with a focus on entropy, collision tolerance, rate limiting, validity logic, and digital responsibility. The second part covers the complete implementation: modular, transparent, and as secure as possible.

If hashCode() lies and equals() is helpless

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 06 Jun 2025 20:53:34 +0000

A deep look into Java’s HashMap traps – visually demonstrated with Vaadin Flow.

The silent danger in the standard library
#

The use of HashMap and HashSet is a common practice in everyday Java development. These data structures offer excellent performance for lookup and insert operations, as long as their fundamental assumptions are met. One of them is hashCode() of a key remains stable. But what if that’s not the case?

Creating a simple file upload/download application with Vaadin Flow

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 20 May 2025 17:34:15 +0000

Vaadin Flow is a robust framework for building modern web applications in Java, where all UI logic is implemented on the server side. In this blog post, we’ll make a simple file management application step by step that allows users to upload files, save them to the server, and download them again when needed. This is a great way to demonstrate how to build protection against CWE-22, CWE-377, and CWE-778 step by step.

Open-hearted bytecode: Java Instrumentation API

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 11 Apr 2025 17:06:44 +0000

What is the Java Instrumentation API?
#

The Java Instrumentation API is part of the java.lang.instrument package and allows you to change or analyse class bytecode at runtime. It is particularly intended for the development of profilers, agents, monitoring tools, or even dynamic security mechanisms that need to intervene deeply in a Java application’s behaviour without changing the source code itself.

Synchronous in Chaos: How Parallel Collectors Bring Order to Java Streams

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 08 Apr 2025 20:25:45 +0000

Sometimes it’s not enough for something to work - it has to work under load. In modern applications that process large amounts of data, the Streams API in Java provides developers with an elegant, declarative tool to transform, filter, and aggregate data in pipelines. Describing complex data operations with just a few lines is seductive and realistic. But what happens when these operations encounter millions of entries? When should execution be done in multiple threads in parallel to save time and effectively use multi-core systems?

Java Cryptography Architecture (JCA) - An Overview

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 03 Apr 2025 12:22:30 +0000

The Java Cryptography Architecture (JCA) is an essential framework within the Java platform that provides developers with a flexible and extensible interface for cryptographic operations. It is a central component of the Java Security API and enables platform-independent implementation of security-critical functions.

Rethinking Java Streams: Gatherer for more control and parallelism

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 02 Apr 2025 20:58:21 +0000

Since version 8, Java has introduced an elegant, functional approach to processing data sets with the Streams API. The terminal operation collect(…) represents the bridge from the stream to a targeted aggregation - in the form of lists, maps, strings or more complex data structures. Until Java 20 the processing was done Collector-Instances were regulated, which internally consisted of a supplier, an accumulator, a combiner and optionally a finisher. This model works well for simple accumulations but has noticeable limitations, particularly for complex, stateful, or conditional aggregations.

From Java 8 to 24: The evolution of the Streams API

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 29 Mar 2025 13:08:23 +0000

The introduction of the Stream API in Java marked a crucial step in the development of functional programming paradigms within the language. With Java 24, stream processing has been further consolidated and is now a central tool for declarative data processing Stream not about an alternative form of Collection, but rather an abstract concept that describes a potentially infinite sequence of data that is transformed and consumed through a pipeline of operations. While a Collection is a data structure that stores data, Stream is a carrier of a computing model: It does not store any data but instead allows the description of data flows.

TornadoVM - Boosting the Concurrency

sven.ruppert@gmail.com (Sven Ruppert) — Sat, 23 Nov 2024 19:40:08 +0000

TornadoVM is an open-source framework that extends the Java Virtual Machine (JVM) to support hardware accelerators such as Graphics Processing Units (GPUs), Field-Programmable Gate Arrays (FPGAs), and multi-core central processing units (CPUs). This allows developers to accelerate their Java programs on heterogeneous hardware without needing to rewrite their code in low-level languages such as CUDA or OpenCL.

Cache Poisoning Attacks on Dependency Management Systems like Maven

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 13 Nov 2024 14:15:16 +0000

Cache poisoning on Maven Caches is a specific attack that targets how Maven Caches manages packages and dependencies in a software development process. It’s essential to understand how Maven works before we look at the details of cache poisoning.

JUnit annotations in focus: The connection between @Test and @Testable

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 08 Nov 2024 09:12:39 +0000

The annotations @Test and @Testable have played an important role in the Java ecosystem regarding application testing. They are essential tools that help developers make unit and automated testing more effective. In this paper, we will explore the differences and connections between @Test and @Testable analyze and the motivation behind the introduction of @Testable understand. We will also play the role of @Testable in developing your test engines and discuss their importance for the flexibility and expandability of tests.

The Risks of Mocking Frameworks: How Too Much Mocking Leads to Unrealistic Tests

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 05 Nov 2024 17:49:33 +0000

Extensive use of mocking frameworks such as Mockito in software development can lead to unrealistic tests. This is because mocking frameworks simulate dependencies of classes or methods in order to test them in isolation. However, when too many mock objects are used, the test often loses touch with reality, which can affect the validity and reliability of the tests. It is important to use mocking carefully to find the right balance between isolated testing and realistic simulation.

What is CWE-1007: Insufficient visual discrimination of homoglyphs for you as a user?

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 04 Nov 2024 12:34:27 +0000

The world of cybersecurity is full of threats, many of which are surprisingly subtle and challenging to detect. One such threat is the problem of so-called homoglyphs. CWE-1007, also known as “Insufficient Visual Distinction of Homoglyphs Presented to User”, is a vulnerability often used by attackers to deceive and compromise your systems or data. In this blog article, you will get a deep insight into CWE-1007, understand its mechanisms, and how to protect yourself from such attacks. We will discuss examples, technical challenges, and best practices that can help you as a developer understand and mitigate this threat.

The History of Parallel Processing in Java: From Threads to Virtual Threads

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 01 Nov 2024 22:02:37 +0000

Since the early days of computer science, parallel processing has represented one of the greatest challenges and opportunities. Since its inception in 1995, Java has undergone a significant journey in the world of parallel programming to provide developers with ever-better tools. This story is a fascinating journey through threads, the executor framework, fork/join, parallel streams, CompletableFuture and the latest developments in Project Loom. In this blog post, we take a detailed look at the evolution of parallel processing in Java and the innovations that came with it.

CWE-778: Lack of control over error reporting in Java

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 18 Oct 2024 14:07:20 +0000

Learn how inadequate control over error reporting leads to security vulnerabilities and how to prevent them in Java applications.
#

Safely handling error reports is a central aspect of software development, especially in safety-critical applications. CWE-778 describes a vulnerability caused by inadequate control over error reports. This post will analyse the risks associated with CWE-778 and show how developers can implement safe error-handling practices to avoid such vulnerabilities in Java programs.

Code security through unit testing: The role of secure coding practices in the development cycle

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 16 Oct 2024 22:17:04 +0000

Unit testing is an essential software development concept that improves code quality by ensuring that individual units or components of a software function correctly. Unit testing is crucial in Java, one of the most commonly used programming languages. This article will discuss what unit testing is, how it has evolved, and what tools and best practices have been established over the years.

BLD - a lightweight Java Build Tool

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 26 Sep 2024 17:31:17 +0000

What is a dependency management tool?
#

A dependency management tool is a software system or utility that automates the process of identifying, retrieving, updating, and maintaining the external libraries or packages (referred to as dependencies) required by a software project. It ensures that all necessary dependencies are included and managed in a standardised way, which helps prevent version conflicts, missing libraries, and manual errors during software development.

What are component-based web application frameworks for Java Developers?

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 25 Sep 2024 17:04:18 +0000

Tapestry, Wicket, and Vaadin
#

A component-oriented Java web application framework is a development framework that enables the construction of web applications in a modular way, using reusable, encapsulated components that manage their state, behaviour, and presentation. This approach allows developers to build complex user interfaces by assembling pre-built or custom components, like building blocks, each handling specific functionalities within the application.

CWE-1123: Excessive Use of Self-Modifying Code for Java Developers

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 12 Sep 2024 11:19:19 +0000

Self-modifying code refers to a type of code that alters its own instructions while it is executing. While this practice can offer certain advantages, such as optimisation and adaptability, it is generally discouraged due to the significant risks and challenges it introduces. For Java developers, using self-modifying code is particularly problematic because it undermines the codebase’s predictability, readability, and maintainability, and Java as a language does not natively support self-modification of its code.

IoT with TinkerForge and Java

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 04 Sep 2024 12:37:30 +0000

Introduction
#

TinkerForge is an innovative and modular hardware system that allows users to build electronic devices quickly and flexibly. Whether you’re an experienced engineer, a hobbyist, or a complete newbie, TinkerForge offers a range of components that can be easily connected and programmed, allowing for rapid prototyping and the creation of custom electronics projects. Since its launch, TinkerForge has gained popularity in various areas, including education, research, and industrial automation, due to its user-friendly design and extensive feature set.

Building More Complex Apps with Flow

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 22 Aug 2024 12:20:26 +0000

In this part of the series about Vaadin Flow, I will show how I can create the basic framework for the graphic design of a work application. The focus here is on the design of the work area and the organisation of the individual logical application groups. In other words, we create the application layout that can be used for an industrial project.

Vaadin Flow - How to start

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 19 Jun 2024 15:34:50 +0000

We will now create a new Vaadin Flow application step by step and create a basic framework for our own projects with this component-based open-source web framework. So, right from the start, the question arises: How can you start with as little effort as possible without avoiding the usual expenses that sometimes come with creating projects?

Comparing Code Coverage Techniques: Line, Property-Based, and Mutation Testing

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 31 May 2024 09:20:30 +0000

What is Test Coverage?
#

Test coverage is a metric used in software testing to measure the testing performed on a piece of software. It indicates how thoroughly a software program has been tested by identifying which parts of the code have been executed (covered) during testing and which have not. Here are the key aspects of test coverage:

Securing Apache Maven: Understanding Cache-Related Risks

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 27 May 2024 14:30:22 +0000

What is a Package Manager - Bird-Eye View
#

A package manager is a tool or system in software development designed to simplify the process of installing, updating, configuring, and removing software packages on a computer system. It automates managing dependencies and resolving conflicts between different software components, making it easier for developers to work with various libraries, frameworks, and tools within their projects.

CWE-22: Best practices to use Java NIO

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 22 May 2024 10:30:27 +0000

In today’s digital landscape, ensuring the security of your applications is paramount. One critical vulnerability developers must guard against is CWE-22, Path Traversal. This vulnerability can allow attackers to access files and directories outside the intended scope, potentially leading to unauthorised access and data breaches.

CWE-22: Improper Limitation of a Pathname to a Restricted Directory

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 21 May 2024 14:33:53 +0000

CWE-22, commonly called “Path Traversal,” is a vulnerability when an application fails to appropriately limit the paths users can access through a user-provided input. This can allow attackers to access directories and files outside the intended directory, leading to unauthorised access and potential system compromise. This vulnerability is particularly significant in Java applications due to the ubiquitous use of file handling and web resources. This document will delve into the nature of CWE-22, its implications, exploitation methods, and, most importantly, strategies to mitigate such vulnerabilities in Java applications.

CWE-416: Use After Free Vulnerabilities in Java

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 17 May 2024 12:17:30 +0000

CWE-416: Use After Free
#

Use After Free (UAF) is a vulnerability that occurs when a program continues to use a pointer after it has been freed. This can lead to undefined behaviour, including crashes, data corruption, and security vulnerabilities. The problem arises because the memory referenced by the pointer may be reallocated for other purposes, potentially allowing attackers to exploit the situation.

CWE-787 - The Bird-Eye View for Java Developers

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 15 May 2024 12:19:10 +0000

The term “CWE-787: Out-of-bounds Write " likely refers to a specific security vulnerability or error in software systems. Let’s break down what it means:

Out-of-bounds Write : This is a type of vulnerability where a program writes data outside the boundaries of pre-allocated fixed-length buffers. This can corrupt data, crash the program, or lead to the execution of malicious code.

Mastering Secure Error Handling in Java: Best Practices and Strategies

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 07 May 2024 12:43:21 +0000

What is ErrorHandling?
#

Error handling refers to the programming practice of anticipating, detecting, and responding to exceptions or errors in software during its execution. Errors may occur for various reasons, such as invalid user inputs, hardware failures, or bugs in the code. Proper error handling helps ensure that the program can handle such situations gracefully by resolving the Error, compensating for it, or failing safely.

Decoding the Logs: Essential Insights for Effective Software Debugging

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 06 May 2024 21:12:46 +0000

Logging is essential to software development, recording information about the software’s operation. This can help developers understand the system’s behaviour, troubleshoot issues, and monitor the system in production. Here’s a basic overview of logging in software development:

Secure Coding Practices - Access Control

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 03 May 2024 10:41:23 +0000

Access control is a security measure that determines who can access resources or perform actions within a system. It involves defining and enforcing policies restricting unauthorised access while allowing authorised users to perform their intended tasks. Access control mechanisms are commonly used in various domains, including computer systems, buildings, and physical assets.

The Hidden Dangers of Bidirectional Characters

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 19 Apr 2024 10:12:58 +0000

Discover the hidden dangers of bidirectional control characters! We dive deep into how these essential text-rendering tools can be exploited to manipulate digital environments. Learn about their security risks, from filename spoofing to deceptive URLs, and uncover the crucial strategies to safeguard against these subtle yet potent threats. Understand how to protect your systems in a multilingual world. Join to ensure your digital security is not left to chance!

Beyond the Visible: Exploring the Depths of Steganography

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 28 Mar 2024 14:02:52 +0000

Steganography is the practice of concealing a message, file, image, or video within another message, file, image, or video. Unlike cryptography, which focuses on making a message unreadable to unauthorised parties, steganography aims to hide the message’s existence. The word “steganography " is derived from the Greek words “steganos ,” meaning “covered ,” and “graphein ,” meaning “to write.”

The Compensating Transaction Pattern

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 12 Feb 2024 12:40:41 +0000

The Bird-Eye View
#

A Compensating Transaction Pattern is a technique used to ensure consistency when multiple steps are involved in a process, and some steps may fail. It essentially consists in having “undo” transactions for each successful step, so if something goes wrong later on, you can reverse the changes made earlier and maintain data integrity.

Serialising in Java - Birds Eye View

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 11 Feb 2024 13:46:53 +0000

Serialisation in Java is implemented to convert the state of an object into a byte stream, which can be quickly persisted to a file or sent over a network. This process is essential for persisting object data, supporting network communication, and facilitating sharing of objects between different parts of a distributed system.

What is a Common Weakness Enumeration - CWE

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 10 Jan 2024 17:24:15 +0000

CWE stands for Common Weakness Enumeration. It is a community-developed list of software and hardware weakness types that can serve as a common language for describing, sharing, and identifying security vulnerabilities in software systems. CWE aims to provide a standardized way of identifying and categorizing vulnerabilities, making it easier for software developers, testers, and security professionals to discuss and address security issues.

Secure Coding Practices - Input Validation

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 13 Dec 2023 07:52:24 +0000

What is - Input Validation?
#

Input validation is a process used to ensure that the data provided to a system or application meets specific criteria or constraints before it is accepted and processed. The primary goal of input validation is to improve the reliability and security of a system by preventing invalid or malicious data from causing errors or compromising the system’s integrity.

EclipseStore High-Performance-Serializer

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 09 Oct 2023 21:59:54 +0000

I will introduce you to the serializer from the EclipseStore project and show you how to use it to take advantage of a new type of serialization.

Since I learned Java over 20 years ago, I wanted to have a simple solution to serialize Java-Object-Graphs, but without the serialization security and performance issues Java brought us. It should be doable like the following…

EclipseStore - Storing more complex data structures

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 06 Oct 2023 12:22:50 +0000

How to store complex data structures using EclipseStore? Are there any restrictions? How can you work more efficiently on such structures? We will now get to the bottom of these questions here.

How to start with EclipseStore - 01

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 04 Oct 2023 10:00:04 +0000

We will take the first steps with the Eclipse Store here. I will show what the Eclipse Store is, how you can integrate it into your project and what the first steps look like from a developer’s perspective. All in all, it is a practical introduction.

Pattern from the practical life of a software developer

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 09 Mar 2021 21:28:00 +0000

Builder-Pattern
#

The book from the “gang of four” is part of the essential reading in just about every computer science branch. The basic patterns are described and grouped to get a good start on the topic of design patterns. But how does it look later in use?
Here we will take a closer look at one pattern and expand it.

Java on Sven Ruppert

A Vaadin Starter Project with a Clear Focus

Practical i18n in Vaadin: Resource Bundles, Locale Handling and UI Language Switching

Separation of Concerns in Vaadin: Eliminating Inline Styles

An unexpectedly hassle-free upgrade

The Importance of UI in Import Processes

Why an import needs a UI at all #

JSON export in Vaadin Flow

Advent Calendar 2025 - Extracting Components - Part 2

What has happened so far #

Advent Calendar 2025 - Extracting Components - Part 1

Advent Calendar 2025 - De-/Activate Mappings - Part 2

What has happened so far? #

Advent Calendar 2025 - De-/Activate Mappings - Part 1

Why an active/inactive model for shortlinks? #

Advent Calendar 2025 - Basic Login Solution - Part 2

What has happened so far? #

Advent Calendar 2025 - Basic Login Solution - Part 1

Introduction #

Advent Calendar 2025 - Mass Grid Operations - Part 2

What has happened so far… #

Advent Calendar 2025 - Mass Grid Operations - Part 1

Advent Calendar 2025 - From UI Interactions to a Deterministic Refresh Architecture

Advent Calendar 2025 - From Simple Search to Expert Mode: Advanced Filters and Synchronised Scopes for Power Users

Advent Calendar 2025 - Introduction of multiple aliases - Part 2

Advent Calendar 2025 - Introduction of multiple aliases - Part 1

Introduction: More convenience for users #

Advent Calendar - 2025 - From Grid to Detail: Understanding the User Experience in the Short-URL Manager

The current UI from the user’s point of view #

Advent Calendar - 2025 - ColumnVisibilityDialog - Part 2

Server-Side Extension: PreferencesHandler and REST Interfaces #

Advent Calendar - 2025 - ColumnVisibilityDialog - Part 1

From observer to designer: User control at a glance #

Advent Calendar - 2025 - Detail Dialog - Part 2

Client contract from a UI perspective #

Advent Calendar - 2025 - Detail Dialog - Part 1

Classification and objectives from a UI perspective #

Advent Calendar - 2025 - Persistence – Part 02

Advent Calendar - 2025 - Persistence – Part 01

Advent Calendar - 2025 - Filter & Search – Part 02

Advent Calendar - 2025 - Filter & Search – Part 01

Introduction to the URL‑Shortener Advent Calendar 2025

Real-Time in Focus: Server-Sent Events in Core Java without Frameworks

Chapter 1 – Introduction #

1.1 Motivation: Real-time communication without polling #

Core Java - Flow.Processor

How and why to use the classic Observer pattern in Vaadin Flow

1. Introduction and motivation #

Password Security: Why Hashing is Essential

What makes Vaadin components special?

Part III - WebUI with Vaadin Flow for the URL Shortener

1. Introduction and objectives #

Connecting REST Services with Vaadin Flow in Core Java

1. Introduction #

Why REST integration in Vaadin applications should not be an afterthought #

Part II - UrlShortener - first Implementation

1. Introduction to implementation #

1.1 Objectives and differentiation from the architectural part #

Short links, clear architecture – A URL shortener in Core Java

If hashCode() lies and equals() is helpless

The silent danger in the standard library #

Creating a simple file upload/download application with Vaadin Flow

Open-hearted bytecode: Java Instrumentation API

What is the Java Instrumentation API? #

Synchronous in Chaos: How Parallel Collectors Bring Order to Java Streams

Java Cryptography Architecture (JCA) - An Overview

Rethinking Java Streams: Gatherer for more control and parallelism

From Java 8 to 24: The evolution of the Streams API

TornadoVM - Boosting the Concurrency

Cache Poisoning Attacks on Dependency Management Systems like Maven

JUnit annotations in focus: The connection between @Test and @Testable

The Risks of Mocking Frameworks: How Too Much Mocking Leads to Unrealistic Tests

What is CWE-1007: Insufficient visual discrimination of homoglyphs for you as a user?

The History of Parallel Processing in Java: From Threads to Virtual Threads

CWE-778: Lack of control over error reporting in Java

Learn how inadequate control over error reporting leads to security vulnerabilities and how to prevent them in Java applications. #

Code security through unit testing: The role of secure coding practices in the development cycle

BLD - a lightweight Java Build Tool

What is a dependency management tool? #

What are component-based web application frameworks for Java Developers?

Why an import needs a UI at all
#

What has happened so far
#

What has happened so far?
#

Why an active/inactive model for shortlinks?
#

What has happened so far?
#

Introduction
#

What has happened so far…
#

Introduction: More convenience for users
#

The current UI from the user’s point of view
#

Server-Side Extension: PreferencesHandler and REST Interfaces
#

From observer to designer: User control at a glance
#

Client contract from a UI perspective
#

Classification and objectives from a UI perspective
#

Chapter 1 – Introduction
#

1.1 Motivation: Real-time communication without polling
#

1. Introduction and motivation
#

1. Introduction and objectives
#

1. Introduction
#

Why REST integration in Vaadin applications should not be an afterthought
#

1. Introduction to implementation
#

1.1 Objectives and differentiation from the architectural part
#

The silent danger in the standard library
#

What is the Java Instrumentation API?
#

Learn how inadequate control over error reporting leads to security vulnerabilities and how to prevent them in Java applications.
#

What is a dependency management tool?
#

Tapestry, Wicket, and Vaadin
#

Introduction
#

What is Test Coverage?
#

What is a Package Manager - Bird-Eye View
#

CWE-416: Use After Free
#

What is ErrorHandling?
#

The Bird-Eye View
#

What is - Input Validation?
#

Builder-Pattern
#