Author: Matti Tahvonen

HTTPS (aka HTTP over TLS aka HTTP over SSL) is no longer optional for web sites. Even if your application wouldn’t handle critical data that attackers would be interested in, or it would be only used within a secure intranet, modern browsers show a scary “Not secure” warning to users accessing servers with plain http.

Sharing made simple: Integrating the Web Share API with Vaadin
The Web Share API is a modern browser feature that enables users to easily share content—like URLs, text, or files—via the operating system's native sharing dialog. This is especially handy on mobile and touch-based devices, where copy-paste workflows can feel clunky. As developers, we often rely ...

Which notifications are best for your Java app: web, Vaadin, or push?
Vaadin developers are no strangers to the Notification component. It has for almost two decades served as a reliable way to notify users about important events—whether it’s the success or failure of an operation or the completion of a time-consuming background task. But the web platform has evolved ...

New ElementRequestHandler gives Vaadin component developers more control
While it didn’t get much fanfare in the Vaadin 24.8.0 release notes, the new ElementRequestHandler is an impactful addition for advanced Flow component developers. It was introduced to support developing the revamped upload and download API. The feature quietly unlocks powerful capabilities for ...

5 tips for quick mobile optimizations
Progressive Web App (PWA) development with Vaadin makes it easy to build responsive, mobile-friendly business applications using Java. Vaadin components are built with responsiveness in mind, and by using tools like the AppLayout, your top-level navigation is already mobile-aware — adapting well to ...

How to draw a line between Vaadin components?
Interesting question, and I’m sure you are not the first one to have it, I answered a booth visitor at JCON 2025. The Vaadin developer wanted to show a connection between two UI components, to show some sort of relationship between those. I thought that using SVG it ought to be “straightforward” ...

Path to passkeys with Spring Security
There are many ways to utilize passkeys. Handling authentication internally within your app may not be the fanciest way to do it in 2025, but for legacy apps and when aiming for architectural simplicity, handling passkeys by yourself, like handling usernames and passwords, can still be a ...

True nerd stuff: Plotting vessel positions with AIS, MQTT & WebSockets
I recently blogged about my enhanced web UI for a ferry reservation system we use on my "home island." It has lately been gaining more users and feature requests. As an old orienteer, I desperately wanted to see where the ferry was in real time, so I could optimize those last couple of minutes in ...

Three methods to go passwordless in 2025
Passwords continue to be a persistent pain point in web security—tricky to implement safely and even harder to manage due to weak user practices and vulnerabilities like social engineering. Thankfully, we have a robust alternative available: Passkeys via the Web Authentication API (aka WebAuthn). ...

Enhancing Vaadin API for Spring Data and beyond
With the upcoming Vaadin 24.7 release, we’re introducing a couple of minor but impactful enhancements that embody our mission: making Java-based web development simpler and more productive. One of the key improvements in this release is an enhancement to the Grid API, allowing developers to ...