There’s more to migrating a complex site to HTTPS than just enabling TLS in your web server or reverse proxy. All links to embedded resources like style sheets, images, or scripts need to be served via HTTPS and potentially have to be rewritten. In a well-designed site that’s not an issue, but in most peoples’ organically grown setups it can be a huge effort.
Sometimes it’s useful to check whether a local JAR file is available from Maven Central, for example when converting an old build system to Maven. In many old systems, JARs aren’t named consistently and versioning info isn’t available. Fortunately, Maven Central has a search interface that supports lookup by a JAR file’s SHA-1 checksum. And even better, there is a REST API to automate things.
I have followed the HTTP/2 specification process closely and I like how the new protocol improves web performance and makes old workarounds obsolete. One drawback of deploying HTTP/2 is that most browser vendors only implement it on top of TLS. Since I’ve seen a lot of broken TLS configurations lately, I thought it would be interesting to set up TLS on my private server and share the resources I used in the process.
Despite all its shortcomings as a programming language, JavaScript isn’t a dirty word anymore. A decade ago, most self-respecting developers would refuse to even touch it, so it was left to web designers and junior developers who spiced up a few HTML pages with dispensable functionality. It’s amazing how the advent of AJAX changed things.
Once in a while I see misguided attempts at normalizing text to make it suitable for use in URLs, file names, or other situations where a plain ASCII representation is desired. This can be tricky but with Java’s excellent Unicode support and some background knowledge it is pretty easy to implement. At least if your input uses the Latin alphabet – otherwise you’re out of luck.
As a developer, I’ve used lots of web services and also implemented plenty myself. I’ve seen services with IP-based security provided by network firewalls, services protected by standard HTTP Authentication, TLS with client and server certificates and custom mechanisms using API keys. Recently, OAuth 2.0 has been added to the mix. Time for a little tour with links to the most important resources.
