Vaadin recently released new research on the state of Java in the enterprise. Combined with other sources, this survey offers a good look into Java’s evolution. The overall view is one of vitality, and even a resurgence of interest in Java, as it continues to provide a solid foundation for building applications of a wide range of sizes and uses.
I dug into Vaadin's 2023 State of Java in the Enterprise Report, along with a few others. This article summarises what I think are the most significant developments in enterprise Java today.
Keeping up with Java
Java has seen a long succession of incremental improvements over the last decade. We're currently on the cusp of more significant changes through the Java language refactor in Project Valhalla and Java concurrency updates in Project Loom. Those forthcoming changes, combined with security considerations, make staying up to date with Java versions especially important.
Vaadin's research indicates that developers using Java have kept up with version updates so far. Twenty-six percent of respondents report they are on version 17 or newer; 21% are in the process of upgrading; and 37% are planning to upgrade.
These results jive with research from New Relic showing that Java 11 is becoming the current LTS (long-term support) standard, gradually supplanting Java 8. Java 17 is the newest LTS release, replacing Java 11 under the two-year release cadence, and will soon become the baseline upgrade for Java. The next LTS release will be Java 21, currently targeted for September 2023.
The cybersecurity threat
Survey results indicate that security is a major concern for Java developers, and for good reason. Discovering the Log4j vulnerability shined a glaring spotlight on code vulnerabilities in Java applications and elsewhere. Cybersecurity is a slow-moving hurricane that seems to only gather strength as time goes on.
The Vaadin report indicates that 78% of Java developers see “ensuring app security” as a core concern; 24% describe it as a significant challenge; and 54% say it is somewhat of a challenge.
Java by itself is a very secure platform. But like any other language, it is open to third-party vulnerabilities. Writing and deploying secure Java applications requires maintaining good security practices across the entire application life cycle and technology stack. Even the federal government, through CISA, is taking securing open source software and tracking vulnerabilities seriously, and urging the adoption of zero-trust architectures.
Because Java is a solid, evolving platform, Java developers are well-positioned to take on the very real and changing universe of threats facing web applications. We just need to be aware of security concerns and integrate cybersecurity into our daily development activities.
According to the Vaadin research, 76% of respondents see hiring and retaining developers as either a significant challenge or somewhat of a challenge. This is, of course, an industry-wide problem, with developer burnout and dissatisfaction causing major difficulty in both attracting and retaining good software developers.
Perhaps the best way to think about developer retention is in light of the developer experience (or DX). Like other coders, Java programmers want to work in an environment that supports our efforts and allows us to use our skills and creativity. A supportive environment encompasses the development tools and processes and the overall culture of the organisation.
One way to improve developer experience is through a robust devops infrastructure, which streamlines and brings consistency to otherwise stressful development phases like deployment. There is an interplay between devops and developer experience. Improving the tools and processes developers use makes it easier for us to maintain them and ensure adaptive correctness.
Cloud-native vs. self-hosted deployments
Deployment figures large in the Vaadin research. Cloud infrastructure and serverless platforms—cloud-native environments—are seen as an essential evolution for Java applications. Right now, 55% of Java applications are deployed to public clouds. On-prem and private hosting still account for 70% of application deployments. Kubernetes and serverless account for 56% of deployments, spread between public cloud, on-prem and PaaS.
Of serverless providers, Amazon Web Services (AWS) leads the space, with 17% of respondents saying they deploy their Java applications using AWS Lambda. Microsoft Azure and Google Cloud Platform serverless both account for 4% of all deployments, according to survey responses.
After on-prem servers and virtual machines, on-prem Kubernetes is the most prevalent style of deployment, used by 29% of respondents.
These numbers point to a Java ecosystem that has continued to move toward cloud-native technology but still has a big chunk of functionality running on self-hosted servers. Many Java shops feel a sense of urgency to adopt cloud platforms. But some developers continue to prefer self-hosted platforms and frameworks to being locked into a cloud provider's compute-for-rent business model.
Java application types
Not surprisingly, the lion’s share of Java applications are web applications, with desktop applications accounting for only 18% of all products in development at the time of the survey. As for the composition of new and existing applications that use Java, it’s a diverse group. The Vaadin research further distinguishes between current technology stacks and planned changes to the stack.
The continued strong focus on full-stack Java applications is particularly interesting. Fully 70% of respondents indicated that new full-stack Java applications were planned for upcoming projects.
Just behind full-stack applications is back-end development. Back-end APIs accounted for 69% of new investment plans, according to respondents.
The survey also gives a sense for what front-end frameworks Java developers currently favor. Angular (37%) and React (32%) are in the lead, followed by Vue (16%). This is in contrast to the general industry where React is the most popular framework. Other frameworks like Svelte didn’t make a strong enough showing to appear in the survey.
Given its popularity and utility, it is unsurprising that Spring is heavily used by Java developers. Of respondents, 79% reported using Spring Boot and 76% were using the general Spring framework. The forecast among developers is for them both to continue being used.
Modernisation and maintainability
Fifty-seven percent of respondents to the Vaadin survey indicated that modernisation was a chief concern for planned investment. The highest ranked reason given for modernisation was maintainability.
Maintainability is a universal and perennial concern for developers of all stripes and stacks. With the huge volume of what we might term “legacy” code—that is, anything that’s already been built—in Java, there is a strong sense that we need to upgrade our existing systems so that they can be worked on and brought into the future. It's a healthy impulse. To find the will and money to refactor and strengthen what is already there is key in any long-term project.
After maintainability comes security, which we’ve already discussed. In this case, though, security is seen as another reason for modernisation, with 20% of respondents ranking security as their number one cause, 16% in second place, and 21% in third. Security is once again a reasonable and healthy focus among developers.
Java and the UI
Among all the challenges identified by Java developers, building an “intuitive and simple UX” appears to be the greatest. It is a significant challenge for 30% and somewhat of a challenge for 51% of developers.
The UI is a tricky part of any application. I get the sense that Java developers are strong with building back-end APIs and middleware and longing for a way to use their familiar technology to build across the stack—just notice the heavy emphasis on full-stack Java applications. One respondent commented in the survey, “We want to use Java both for backend and frontend.” Maybe with WASM that will be possible someday.
Java's integration with other tools
With the industry as a whole, Java developers have moved toward better devops practices like CI/CD as well as adopting third-party integrations. The Vaadin report identifies logging, observability, and single sign-on (SSO) solutions as the most popular tools in use. Kubernetes, business tools like enterprise resource planning (ERP) and customer relationship management (CRM), devops, and multi-factor authentication (MFA) solutions round out the rest of the most-used third-party tools in the Java ecosystem.