Mutation testing in Maven & Sonarqube


You might have heard about Mutation Testing before. In the last 5 or 6 years it’s been a reasonably hot (“warm”?) topic to discuss in blogs and dev talks. So what is the added value over code coverage with just Unit Testing? Even if you could pride yourself with over 90% line and branch coverage, that coverage means nothing apart from that unit tests are touching production code. It says nothing about how well that code is tested, it doesn’t care whether any asserts exist in your tests. Imagine an engineer that tests a power drill he designed on a sheet of paper, and declaring that it does exactly what it was designed for: drilling holes. It’s obvious that this test is meaningless for a power drill that is meant to be used on wood, steel or stone.

Mutation tests aim to expose tests that cover the lines they’re meant to cover but are insufficient in testing the intent of the code. The idea behind this is fairly simple: introduce “mutants” in the code that is being tested, and check whether the unit tests that cover these mutants still succeed or start to fail. If a test still succeeds, that means the test falls short of verifying the complete intent of the code!

Continue Reading

Spring Boot: LocalDateTime not parsing to JSON correctly

When creating a Spring Boot Rest service, you can configure Spring to convert a LocalDateTime to display as a ISO-8601 date string when returning a JSON response. To get this working you have to do a few things. Firstly, you need the following dependency:

This dependency has all the JSON serialisers and deserialisers for the Java 8 time API, and when you use Spring Boot with auto configuration, it should load all the correct serialisers. Secondly, you need to add the following to your application properties:

Continue Reading

Production-safe Docker Tomcat image

Some time ago, I was working on a project where I had to fix an issue that was raised by our OWASP Zap scanner, which is a free security tool that runs in the test phase of the Jenkins build of the project. It checks for security vulnerabilities that you want to prevent from going to Production.

The error / warning that was raised looked like this:

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.

That’s pretty generic and anything could’ve cause that. The odd thing was that we actually had anti-clickjacking libraries in place for our service, so where was this coming from?

Continue Reading

Spring Cloud Messaging using Kafka

“What is this Kafka I’ve been hearing about?”

In short, Kafka is a horizontally scalable streaming platform. In other words, Kafka is a message broker which can be run on multiple servers as a cluster. Different data streams are called topics. Producers can place messages on a topic whereas consumers can subscribe to topics. Topics can be configured for single- and multiple delivery of messages. Consumers can be grouped in so called consumer-groups, which makes it possible for multiple consumers to act as one when it comes to single-delivery.

But don’t take my word for it. There’s a lot more to Kafka than I can get into in this post and the original documentation is much clearer, so check out the documentation at

“How do I use Kafka in my Spring applications?”

Among all the abstractions Spring Boot delivers there is also an abstraction layer for using Kafka, called Spring Cloud Stream. The use of the cloud messaging API makes it very easy to produce messages to Kafka and to consume them.

Continue Reading

Modify Java 8 final behaviour with Annotations

How I started this project

Some time ago I went to a Meetup session Death To Null by Ties van de Ven from JDriven. During the presentation it became clear that it wasnt so much about null checks and NullPointerExceptions but more about Immutability and how it can help keep your software free of bugs and NullPointerExceptions. One of the statements that got me thinking was (something along the lines of): Java chose the wrong default. Instead of making everything explicitly final when we want an immutable variable, everything should be implicitly final unless the developer makes it explicitly mutable.
Not knowing that much about the implementation of annotations I thought it would be fun to try to write an annotation which would do exactly that. The first bump I encountered is that annotations cannot modify the programmers source code, or the classes generated from this source code; they can generate new sources or validate code. This quickly turned my attention to project Lombok which does that already. If you use project Lombok for the generation of getters and setters these never show up in your source code. How can your IDE still hint at the existence of the getters and setters?

It turns out that the Java compiler is an iterative process. First the compiler parses your source code into something which is called an AST or Abstract Syntax Tree. Then annotation processors are run to generate extra sources or do some extra validation based on your annotations. Compilation errors, such as invalid classes or invalid method calls, are done in phase 3. If, however, an annotation processor generates new sources, the compiler repeats step 1 and 2 before going to step 3.

Project Lombok, and my proof of concept, will use a bit of a hack. Instead of generating new sources with the annotation processor, it modifies the generated AST. This will allow the processor to change the code without touching the source code or the byte code.

A more detailed explanation can be found here. It is a bit dated, but informative.

Building a PoC

For my proof of concept Ive decided to create a new maven project. It will have two sub projects, one of them contains the annotation itself and the processor which will process it, the other one contains a test class which uses the annotation.

Continue Reading