fidzu : Java

The security audit report landed unexpectedly. It highlighted a critical vulnerability in our payment processing module. We had passed all unit tests. We had passed all integration tests. The code review looked clean. Yet the auditors found a hardcoded API key hidden in a utility class. This key allowed access to our third-party payment gateway. Anyone with access to the repository could see it. We were lucky the auditors found it before a malicious actor did. This incident was a wake-up call. We realized manual code reviews were not enough. We needed automated static analysis. We needed SonarQube.

In this article, I will share how we integrated SonarQube into our Java development workflow. I will explain the specific rules that exposed our vulnerabilities. I will detail how we configured quality gates to prevent future regressions. This is not a generic installation guide. It is a record of how we shifted security left in our pipeline. Static analysis is not just about finding bugs. It is about building a culture of quality.

20 May 2026 6:00pm GMT

Modern software systems rarely fail due to poor coding skills. Most failures occur when teams lose sight of the business problem they are addressing. As systems evolve, requirements shift, teams expand, and new integrations are added, codebases often become collections of technical decisions that lack business context. Classes become generic managers and services, methods devolve into procedural scripts, and communication between developers and domain experts diminishes. Tactical Domain-Driven Design (DDD) addresses this issue by emphasizing software that directly reflects business language in code, rather than focusing solely on infrastructure or frameworks.

The term "semantic" comes from the Greek semantikos, meaning "significant" or "meaningful," which is central to Tactical DDD. The objective is not just to reorganize classes, but to ensure code communicates intent clearly to both engineers and business experts. In modern Java systems, where complexity increases due to distributed architectures, integrations, and ongoing business changes, this clarity is essential for long-term maintainability.

20 May 2026 3:30pm GMT

Executive Summary

Modern health data analytics increasingly leverage AI agent software components that process information and make decisions, often using large language models (LLMs) or machine learning models. In Java, you can build agentic systems using libraries like DJL (Deep Java Library), Spring AI, or by integrating LLM APIs. This document includes Maven setup, minimal Spring Boot code (controllers and services), a simple agent example, diagrams, and a comparison of different agent approaches.

Flowchart

20 May 2026 3:00pm GMT

"Do the simplest thing that could possibly work."

- Kent Beck, creator of Extreme Programming and pioneer of Test-Driven Development.

19 May 2026 6:00pm GMT

This is not "just another article about Springdoc," I promise. This is a ready-to-use recipe I was struggling to find one day, and had to build it from scratch.

Have you ever needed to generate OpenAPI documentation directly from your code and, more importantly, do it in a way that fits cleanly into a CI pipeline? Swagger UI is commonly used in Spring Boot applications to visualize and test APIs from the browser. It can also expose the generated OpenAPI definition through a configurable endpoint, and that endpoint is exactly what we will use in this article.

19 May 2026 2:00pm GMT

Image classification is now a key part of many applications. Whether you're automating photo organization, filtering uploaded content, or enriching product catalogs with visual tags, knowing what's in an image can be just as important as knowing what a user typed.

For Java developers, the challenge is familiar: most computer vision examples live in Python notebooks, while the systems that actually need image classification run on the JVM. Bridging that gap usually means standing up a separate Python microservice, managing REST calls, and dealing with serialization overhead. That's a lot of ceremony for what should be a single processing step.

15 May 2026 8:00pm GMT

API testing has become increasingly popular in recent times. Since it doesn't involve a UI, it is generally faster and easier to execute. This makes API testing a preferred choice for validating end-to-end system functionality. Additionally, integrating automated API tests into CI/CD pipelines enables teams to receive quicker feedback on their builds.

In this tutorial, we will explore DELETE API requests and learn how to handle them with Rest-Assured in Java for automated testing. The following topics will be covered:

14 May 2026 2:30pm GMT

Testing is an essential step in the API development process to ensure that APIs are working correctly. There are multiple HTTP methods in RESTful APIs, including POST, GET, PUT, PATCH, and DELETE. In our earlier articles, we learned how to perform automated testing of POST, PUT, and GET APIs using Rest-Assured Java.

In this tutorial article, we will discuss and cover the following points:

13 May 2026 1:30pm GMT

The Problem

You're running a Java application in a Docker container on your M1 Mac. Everything works fine, but you notice something strange: The resident set size (RSS) keeps growing, even though your heap usage is stable. After hours of investigation, you find mysterious rwxp memory regions, each exactly 128 MB, accumulating in your process memory map.

What's causing this? Is it a memory leak? A JVM bug? Something else entirely?

12 May 2026 7:00pm GMT

Modern Java applications require robust observability and automated intelligence to ensure reliability at scale. Dynatrace's AI-driven platform continuously learns application behavior, establishes statistical baselines and applies deterministic, causation based analysis to detect anomalies and pinpoint root causes.

By correlating metrics, logs, traces, and topology context across applications, services and infrastructure, Dynatrace can automatically highlight the true source of problems and assess their impact. This drastically reduces alert noise and MTTR .

11 May 2026 12:00pm GMT

Building real-time applications means balancing user responsiveness with heavy backend processing. A proven solution is to decouple heavy workloads using events and asynchronous processing. In this approach, a Spring Boot application quickly publishes events to Kafka instead of processing requests inline. Then Kafka consumers (with AI/ML logic) handle the data in the background, and the results are pushed to clients in real time via WebSockets. This article highlights three key patterns enabling this architecture:

1. Event Production with Spring Boot and Kafka
2. AI-Driven Processing in Kafka Consumers
3. Real-Time WebSocket Delivery to the Frontend

Event Production with Spring Boot and Kafka

The first step is capturing an event and publishing it to Kafka. By offloading work to Kafka the application can respond immediately to the user without waiting for processing. Spring Boot's integration with Apache Kafka provides a KafkaTemplate to send messages to topics.

08 May 2026 2:00pm GMT

PUT requests are typically used for updating an existing resource. This means replacing the current data for the target resource with the data sent in the API request body.

Just like POST requests, the content-type header is important because it tells the server how to interpret the data we're sending.

07 May 2026 2:30pm GMT

Java has always been a serious language for production systems, and in 2026, the Generative AI ecosystem has finally caught up. For years, Java developers watched from the sidelines as Python and TypeScript accumulated framework after framework for building LLM-powered applications. Today, the picture is very different. Java has multiple mature, actively maintained AI frameworks, each with its own philosophy and trade-offs.

This article covers the four frameworks I have personally used to ship Java AI applications: Genkit Java, Spring AI, LangChain4j, and Google ADK Java. Each one represents a meaningfully different bet on what a Java AI framework should be, and understanding those differences will save you from picking the wrong tool.

07 May 2026 12:30pm GMT

Recently at IBM Software Labs, I worked on a task that forced me to understand something many Java developers rarely think about - how Java interacts with the operating system.

Most of our daily work happens safely inside the JVM. Memory management, threads, and file handling - the JVM abstracts these away nicely.

30 Apr 2026 5:00pm GMT

We moved our monolithic Java application to Kubernetes last year. The promise was scalability and resilience. The reality was a series of silent failures during deployments. Users reported dropped connections every time we pushed a new version. Our monitoring showed zero downtime, but the customer experience told a different story. Requests vanished into the void during rolling updates. We spent weeks chasing network ghosts before finding the root cause. The issue was not the network. It was how our Java application handled termination signals.

In this article, I will share how we adapted our Java backend for container orchestration. I will explain the specific lifecycle issues we encountered. I will detail the configuration changes that solved the dropout problem. This is not a guide on writing Dockerfiles. It is a record of the operational friction we faced when Java met Kubernetes. Building cloud-native Java apps requires more than just packaging a JAR. It requires understanding how the orchestration layer interacts with the JVM.

28 Apr 2026 4:00pm GMT

There is a specific kind of frustration reserved for Java developers who have just containerized their application. You spend hours optimizing your Spring Boot microservice, ensuring your logic is sound and that your tests pass. You wrap it in a Docker container, push it to the registry, and deploy. Then the reality sets in. Your image is 800MB, your startup time is 40 seconds, and during load testing, the container is killed silently by the OS.

In my recent work, migrating a monolithic Java application to a microservices architecture, we faced this exact triad of issues. We were treating Docker containers like lightweight virtual machines and ignoring the nuances of how the JVM interacts with container boundaries. The result was bloated infrastructure costs, slow CI/CD pipelines, and unstable production pods.

28 Apr 2026 2:00pm GMT