Encryption Context (AAD) with AWS KMS

Introduction - AAD  AWS KMS API supports authenticated encryption using additional authentication data (AAD). The concept of AAD is explained in AWS’ documentation. However, as this is not trivial, I have decided to put that into a live example in this blog post and a simple web application example (available at this GitHub repository).

A Vargrant file to kick a Docker Swarm Mode cluster

Lately I wanted to quickly setup a Docker Swarm Mode cluster using Vagrant. I was looking for the simplest configuration - just something to be a sandbox to play with. Looking around most of the Swarm related Vagrant files were in the ‘old swarm way’ – that is: not the Swarm Mode – so I created one and uploaded to Github. Feel free to use it from: See for details.

Base64 Encoding in Java 8

The lack of Base64 encoding API in Java is, in my opinion, by far one of the most annoying holes in the libraries. Finally Java 8 includes a decent API for it in the java.util package. Here is a short introduction of this new API (apparently it has a little more than the regular encode/decode API).

Java 8 APIs: java.util.time - Instant, LocalDate, LocalTime, and LocalDateTime

I started to experience the Java 8 new APIs (still Early Access at the moment of writing this post) and the first thing I looked into was the new date and time API (JSR 310). As there is much to cover in this new long awaited API I think it worth few posts with some examples. This post would be the first in a series, starting with some basic classes of the package: Instant, LocalDate, LocalTime, and LocalDateTime.

Try-Catch-Resource and the Exception.getSuppressed() Method

Java 7 is out there for such a long time now so this post is even not fashionably late but still there is one aspect of the try-with-resource construct which, in my opinion, is sometimes overlooked: In this post I would like to point out some behavioral change related to exception suppression which might affect code migrating from older Java versions.

How to Override Java Security Configuration per JVM Instance

Introduction Lately I encountered a configuration tweak I was not aware of, the problem: I had a single Java installation on a Linux machine from which I had to start two JVM instances - each using a different set of JCE providers. A reminder: the JVM loads its security configuration, including the JCE providers list, from a master security properties file within the JRE folder (JRE_HOME/lib/security/, the location of that file is fixed in the JVM and cannot be modified. Going over the documentation (not too much helpful, I must admit) and the code (more helpful, look for, for example here) reveled the secret.

New in Spring MVC 3.1: CSRF Protection using RequestDataValueProcessor

IntroductionAs a software architect one of the common tasks I have to deal with is web applications security. Usually I would try to make sure that security is automatically enforced by the infrastructure, however this is not always that easy – sometimes the underlying frameworks don’t provide any built in support or configuration which globally turns on a security attribute. This is why the new interface in Spring MVC 3.1 seems to be very interesting: it provides a clean way to implement automatic CSRF protection.