Sunday, December 20, 2015

Agile culture at spotify

Here are some interesting vid's showing the development culture at spotify, a very interesting variation of scrum organizing development teams.

I think this could work great for companies continuously improving a product or suite of products. But does this also work work for single independent projects? Perhaps its better to stick with the pre defined scrum practise in those cases.

Monday, November 02, 2015

Unit testing a Spring MVC REST service

Properly testing a Spring MVC based REST service controller is made easy using MockMvc.
Validating the results is made easy using both JsonPath and XmlUnit

Tuesday, June 09, 2015

Removing files from svn without removing from the file system

Every now and then it happens that I have shared a project to subversion and noticed that while committing a number of files have been added (albeit not yet committed) to subversion.
Excluding these files from the commit only solves that problem temporarily, with the next commit these same files are again presented as changed files.

Removing these files from the local subversion administration is not hard, but each time I find myself searching again for the correct command, so today I decided to spent a blog on it, although the actual content is just a one-liner:

svn rm --keep-local

This will remove the file from subversion but will leave the files on the file system. This is quite useful with IDE files for instance.

Wednesday, November 19, 2014

Installing a JDK on windows without admin rights

Here at the office I do not have admin rights.
This is a pain because I cannot update the JDK to a version I'd like/have to use.
Well there is an option.

Download the desired JDK from the regular location.
Open the executable file using 7-zip or something similar. The executable contains only a single file named Unzip that file to a location where you want the JDK installed and you have write access to, for instance c:\development\jdk-8.20.
This will create the installation structure, although many of the jar file components are still compressed. These must be de compressed using a tool provided with the JDK itself, unpack200, that is found in jre\bin.
Locate all .pack files using dir *.pack /s/b and de-compress each of them using upack200:

c:\development\jdk-8.20\jre\bin\unpack200.exe -v -r path\file.pack path\file.jar.
The '-v' option provides for verbose output and the '-r' option removes the original pack file afterwards.

Tuesday, August 05, 2014

Mocking the InitialContext

Unit testing with JNDI

One of the issue's with unit tests is that it is not always easy to control the java.naming.InitialContext provided to the object under test.
Mock frameworks cannot create mocks for JRE classes like InitialContext, so how can we solve this challenge?

One solution could be to create a simple implementation for the javax.naming.spi.InitialContextFactory that returns a mock implementation provided by mockito. Through configuration, our implementation is then used.

public class InitialContextFactoryMock implements InitialContextFactory {

  private static Context mockContext;

    * The mockContext is created here to be able to use the {@link Context}
    * mock object while defining the expectations.
    * Remember to call this method each time a new test case is run.
    * @return a fresh {@link Context} mock.
  public static Context getMockContext() {
    mockContext = mock(Context.class);

    return mockContext;

    * This factory returns the {@link Context} mock created earlier.
  public Context getInitialContext(Hashtable environment) throws NamingException {
    return mockContext;

To use the InitialContextFactoryMock you need to specify it in the


Friday, November 09, 2012

Free IT related ebooks

From a post on the LinkedIn Open Source Group, I've got this link pointing to a lot of free IT related ebooks, without to go through data-harvesting sites:

I hope this is helpfull to anyone else.

Tuesday, April 12, 2011

Fine grained authorization with Spring Security 3

For a project I'm currently working on the authorization requuirements are such that we need method level authorization.
The projects will create a REST service whoes functionality I will not describe here, but it is based on Spring MVC, requires authentication based on Kerberos and user ID/password and fine grained authorization based on roles. The roles are taken from the Active Directory.

Since Spring is already used and because we need two distinct manners for authentication, spring security seems to be the best choice for this.
Using spring security, the authorization checks can be configured using annotations on the MVC controller using @PreAuthorize("hasRole('ROLE_USER')") and the like.

Starting with spring security works like a breeze, until you try to step outside of the boundaries.
Setting up simple authentication based on hard coded user ID's with hard coded password and hard coded roles goes like this:
<beans xmlns=""


    <sec:http auto-config="true">
        <sec:intercept-url pattern="/*" access="ROLE_USER" />

    <sec:authentication-manager alias="authenticationManager">
                    <sec:user authorities="ROLE_USER"
                        name="jim" password="morisson"/>
                    <sec:user authorities="ROLE_USER,ROLE_OPERATOR"
                        name="stevie" password="vaughan"/>
                    <sec:user authorities="ROLE_USER,ROLE_OPERATOR,ROLE_DEPLOYMENT_ENGINEER"
                        name="brian" password="jones"/>

According to the documentation, all you need to do to enable the @PreAuthorize annotation is adding <sec:global-method-security pre-post-annotations="enabled"/>
So I did, but the authorization checks did not kick in at all.
I have been struggling with this for a while until I stumbled over this post on stackoverflow. The solution is as simple as it is strange, I only needed to move the line <sec:global-method-security pre-post-annotations="enabled"/> from the security-context.xml to the dispatcher-servlet.xml. Nowhere else can I find this suggestion, even in Peter Mularien's book its written as:
Instructing Spring Security to use method annotations
We'll also need to make a one-time change to dogstore-security.xml, where we've got the rest of our Spring Security configuration. Simply add the following element right before the <http> declaration:

<global-method-security pre-post-annotations="enabled"/>

It seems that the above declaration registers a bean post-processor that is applied to the context in which it is declared, that means that declaring it in the security context, the post-processor is not applied to beans declared in the web context.