The serverless model can free technical teams from the more monotonous development work, allowing them to focus on innovation. And using a serverless database to build cloud-native apps amplifies such benefits due to its ability to scale without being hindered by fragmented data across independently deployed services.
This Refcard dives straight into building a serverless Java web application. You'll find a list of tools needed to follow the tutorial as well as comprehensive step-by-step instructions, code snippets, and a companion repository for the sample serverless application.
Java is the fifth most used programming language with a market share of 35.35%. It is a viable technology for enterprise, web, and mobile applications. Java has become the primary programming language for companies across multiple domains in recent years. It is powerful, scalable, and enterprise-grade. As a result, Java software development services are highly popular for such applications.
Today, Java has found applications in some of the leading technical industries of the world. From data science to AR & VR, Java is usable for all advanced programming applications. However, while enterprise Java development is the fastest-growing use case, web and mobile have been the long-standing winner for the technical applications of Java.
Apache Log4j is the popular open source logging library for Java developers that was recently caught up in a massive security-related breach. Due to its popularity, a large number of organizations were affected by the breach. For the latest news, refer to the official website about specific issues and patches. Here is an additional article that explains the core issues in detail.
List of Security Issues That Were Found in Log4j Version 2.x:
- CVE-2017-5645: Apache Log4j socket receiver deserialization vulnerability (Severity - Moderate)
- CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender (Severity - Low)
- CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI-related endpoints (Severity - Critical)
- CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations (Severity - Critical)
- CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation (Severity - Critical)
- CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration (Severity - Moderate)
4 Ways To Secure Your Java Application:
1. Detect if You Have Log4j 2.x in Your Code Base
Apache Log4j can be in your project directly or a dependency of a dependency. Thus, it's best to use a build tool such as Maven or Gradle to quickly scan for the same tree as follows:
In the video below, we take a closer look at how to run the Spring Boot application as a stand-alone Java application and RESTful Web Services. Let's get started!
When technology has existed for years, it is likely to appear irrelevant, uncompetitive, and even become obsolete to some people. That is not the case when it comes to Java, which turns 26 years this year.
Java is not a thing of the past — it is still very trendy, something which continues to surprise those who continue to cling to the idea that Java is old-fashioned. Even recent statistics and studies have show Java is still among the most demanded, used, and loved programming languages. But what still makes this a bit old technology remain competitive? Read on to learn more.
In this series of chaos engineering articles, we have been learning to simulate various performance problems. In this post, let’s discuss how to simulate deadlock.
What Is a Deadlock?
Deadlocks tend to happen in multi-threaded applications. The technical definition of a ‘deadlock’ is a situation where a set of processes are blocked because each process is holding a resource and waiting for another resource acquired by some other process. Here is a practical example that may help you understand deadlocks.
In this post, we are going to discuss how to find your Java application process ID quickly. For certain monitoring tools like yCrash, you need to pass your application process ID as input.
Finding Java Application Process ID in Linux
On any Linux/Unix flavor of operating system, issue the command:
Java applications tend to contain hundreds (sometimes thousands) of threads. The majority of these threads are in a WAITING or TIMED_WAITING (i.e., dormant) state, while only a small portion are actively executing lines of code. So, we were curious to know whether dormant threads consume less memory than active threads.
To figure out the answer to this question, we conducted a small study.
Troubleshoot your Java application, the Sherlock Holmes way.
Java application failure troubleshooting can be closely associated with the typical crime scene investigation. I read few Sherlock Holmes classic stories in recent times at home, while struggling to solve the Java application failure mysteries at the office.
Some of the Holmes' ways of solving the crime inspired me to do better in my troubleshooting. Java application failures can be painful at times when our application doesn't leave enough traces to help us to solve the mystery. In the next few paragraphs, I will share my experience on how our troubleshooting was done step by step.
You may also like: Troubleshooting Java Applications With Arthas
Migrating to the microservices roadmap.
You may also like:
Moving to Microservices
Migrating to Microservices — A Roadmap
Migrating to microservices often sounds like a huge and complex task. While there are complexities in the process, it's actually easier than you might think. This blog creates a basic roadmap for migrating to microservices using a standard J2EE application from a monolithic architecture to a microservice architecture. We will start by first containerizing our Java application and end with auto-deploying to a Kubernetes microservice environment.
Step 1: Containerize Your Java Application and Runtime
Start your migration journey by first containerizing your Java Application (.jar, .war or .ear). This will involve building a container that includes the Java runtime as well as your application. When you do this, remember the following:
Let me start this article with an interesting statistic (based on the research conducted by the JDK development team):
- 25 percent of Java applications memory is filled up with strings.
- 13.5 percent are duplicate strings in Java applications.
- Average string length is 45 characters.
Yes, you are right — 13.5 percent of memory is wasted due to duplicate strings. 13.5 percent is the average amount of duplicate strings present in Java application. To figure out how much memory your application is wasting because of duplicate strings, you may use tools like HeapHero, which can report how much memory is wasted because of duplicate strings and other inefficient programming practices.
