This article was originally posted on Snyk.io and is co-written by Kyle Suero and Brian Vermeer Before we dive into the details of this vulnerability, we want to make it clear that there’s no need for panic. Many systems permit the use of various types of code in configuration files, and there are legitimate use cases to include string and …
Read More »Faster Integration Tests with Reusable Testcontainers
In my job, I often need integration tests against a Neo4j database. My software is written in Java, and so is Neo4j. Neo4j is embeddable, too. So, in theory, I could just depend on the embedded version, open a connection, test my stuff and call it a day. It would not be a different engine, it would be – at …
Read More »Java Bytecode Simplified: Journey to the Wonderland (Part 2)
Our previous article introduced Bytecode and discussed what it includes. This article will delve a bit deeper into ConstantPool. Highlights: Bytecode is a representation that is abstract in nature. They are fictitious codes for a fictitious machine known as the Java Virtual Machine. The Java virtual machine is a piece of software that interprets Bytecode. The JVM is a stack-based …
Read More »Backend-for-Frontend: The Demo
In one of my earlier posts, I described the Backend-for-Frontend pattern. In short, it offers a single facade over multiple backend parts. Moreover, it provides each client type, e.g., desktop or mobile, exactly the data that it needs and not more in the format required by this client type. The use-case Imagine the following use-case. In an e-commerce shop, the …
Read More »When Disaster Strikes: Production Troubleshooting
Tom Granot and myself have had the privilege of Vlad Mihalcea’s online company for a while now. As a result we decided to do a workshop together talking about a lot of the things we learned in the process. This workshop would be pretty informal ad-hoc, just a bunch of guys chatting and showing off what we can do with …
Read More »Building Secure CI/CD Pipelines with GitHub Actions for Your Java Application
This article was originally post at Snyk.io and is used with permission GitHub Actions has made it easier than ever to build a secure continuous integration and continuous delivery (CI/CD) pipeline for your GitHub projects. By integrating your CI/CD pipeline and GitHub repository, GitHub Actions allows you to automate your build, test, and deployment pipeline. You can create workflows that …
Read More »Deploy a Multi-Datacenter Apache Cassandra Cluster in Kubernetes (Pt. 1)
The Get Started examples on the K8ssandra site are primarily concerned with spinning up a single Apache Cassandra datacenter in a single Kubernetes cluster. However, there are many situations that can benefit from other deployment options. In this series of articles, we’ll examine different deployment patterns and show how to implement them using K8ssandra. Flexible topologies with Cassandra From its earliest days, …
Read More »Ignore Infrastructure: Concentrate on Code with Jakarta EE and Payara Cloud
Java EE, now Jakarta EE, makes it possible for developers to focus purely on the development of a Java enterprise application, solving the business logic without needing to think about infrastructure and operations when writing code. Payara Cloud extends this philosophy by also eliminating the need to worry about infrastructure and operations when preparing your application to run in the …
Read More »Creating a GraphQL API for Neo4j with Quarkus and SmallRye GraphQL
In my first article on Foojay, I would like to present one of many possible approaches to create a GraphQL API. I work at Neo4j, so it should not be a big suprise that I will use the Graph database with the same name as a backend for the application. In this post I will cover a couple of things …
Read More »External Debugging Tools 1: dtrace and strace
Often when debugging, we need to step outside of the comforting embrace of the IDE to reproduce or track an issue. In this series, I’d like to go over some tools you might find useful for these cases. I’ll try to limit myself to tools that are 100% debugging tools and not those that are useful for development testing. E.g., …
Read More »