It’s best practice to not assign to a method parameter in the body of your method. You can find lots of opinions about this but here’s a good summary on Stack Overflow.

Great tip from a colleague for setting up your git repo for git flow. This is designed to be run on a brand new project folder before you start adding source code. It will initialize git and ensure that you’re on the develop branch to begin your work. Nothing elaborate, just a nice alias that I don’t want to lose track of when setting up a new machine.

Please stop using XmlGregorianCalendar as the default type to model xs:date or xs:dateTime in a JAXB class. If you’re on Java 8 or later then you should be using the new java.time classes like LocalDate, LocalDateTime, and ZonedDateTime. If you’re on an earlier version of Java and are unable or unwilling to upgrade then you can map the xs:date and xs:datetime types to joda-time classes.

I’ve been trying out a new approach for helping students debug their Abstract Syntax Trees in the Compiler Design and Implementation class where I’m a TA. The compiler they’re building is for a subset of C89 and the first two assignments are flex and bison which culminate in an AST for their compiler to perform the compilation.

Jetty is a great way of testing your web-apps that are destined for a simple web server as opposed to a J2EE server. If you’re deploying to an app server like JBOSS then you should check out Arquillian but if you’re deploying to Tomcat or Jetty then you should look into Jetty for your testing.

A colleague recently schooled me on performance testing with some links to posts and videos about Gil Tene’s “coordinated omission” problem. I started incorporating the HdrHistogram library into my analysis of performance results and while there are some helpful intros into how to use this library and visualize the results, I didn’t find a detailed explanation into what the raw data was so I’ve added a note here.

Most of my REST services accept simple JSON payloads and are easy to test via Swagger. However, I found that adding support for a multi-part upload service wasn’t entirely obvious so I figured I’d make a note of it here.

Veracode provides static and dynamic analysis of your application code. There are a couple of scripts out there for automating the deployment to their scanning service but I didn’t see anything for providing push button deployments via Bamboo so here we go.

I use IntelliJ’s shortcut for generating getters and setters for my classes all the time. Since this code is generated, I like to mark it as such with an @Generated annotation.

I seem to be in the shrinking minority of people that still use Apache CXF. I used this library in my SOAP / Web Services days and it seemed like a natural choice for my foray into REST. One problem though is that a lot of the latest cool libraries like swagger are focused on Jersey and ignore CXF in favor of detailed confg walk thrus for dropwizard/Jersey.

I’ve found myself settling on a multi-module maven structure for my web-apps as a matter of habit. The Maven Book offers an introduction to the multi-module structure in its Best Practices section but it’s quite dense and a lot to get through. The Apache Maven tutorial offers a gentler introduction. There’s also some good SO questions on this topic which show some strong opinions about complexity and raise some good points about versioning. I arrived at this structure slowly over time so I thought I’d provide a few simple points on why I prefer this for my web-apps.

I was recently reminded of a SO answer I posted a while ago in response to a user asking about making Java 7’s JPA core interfaces extend AutoCloseable. I thought I’d post a little bit of the code here for future reference.

The JSSE TrustManager is used to establish trust with a peer when making an TLS/SSL connection. The only implementation I’ve ever worked with is the X509TrustManager which uses X509 certificates to establish trust. Typically, applications are deployed with a TrustStore which contains one or more certificate chains and when making a connection, they’ll accept any of the certs from that store or ones they see that are signed by certificates in the store.