java-util

A collection of high-performance Java utilities designed to enhance standard Java functionality. These utilities focus on:

• Memory efficiency and performance optimization
• Thread-safety and concurrent operations
• Enhanced collection implementations
• Simplified common programming tasks
• Deep object graph operations

Available on Maven Central. This library has no dependencies on other libraries for runtime. The.jarfile is ~500K and works with JDK 1.8 through JDK 24. The .jar file classes are version 52 (JDK 1.8)

As of version 3.5.0 the library is built with the -parameters compiler flag. Parameter names are now retained for tasks such as constructor discovery (increased the jar size by about 10K.)

Quick Start

Experience the power of java-util with these popular utilities that solve common development challenges:

🔍 DeepEquals - Compare Complex Object Graphs

Perfect for testing and validation - handles cycles, collections, and deep nesting automatically:

// Compare complex test outputs without worrying about object cycles
List<User> expected = loadExpectedUsers();
List<User> actual = processUsers();

// Standard equals() fails with nested objects and cycles
// DeepEquals handles everything automatically
if (DeepEquals.deepEquals(expected, actual)) {
    System.out.println("Test passed!");
} else {
    // Get detailed diff for debugging
    Map<String, Object> options = new HashMap<>();
    DeepEquals.deepEquals(expected, actual, options);
    System.out.println("Differences: " + options.get("diff"));
}

Visual diff output makes debugging obvious:

// Object field mismatch - pinpoints exactly what's different
[field value mismatch] ▶ Person {name: "Jim Bob", age: 27} ▶ .age
  Expected: 27
  Found: 34

// Collection element differences with precise indexing  
[collection element mismatch] ▶ Container {strings: List(0..2), numbers: List(0..2)} ▶ .strings(0)
  Expected: "a"
  Found: "x"

// Complex nested structures with visual navigation
[array element mismatch] ▶ University {name: "Test University", departmentsByCode: Map(0..1)} ▶ 
  .departmentsByCode 《"CS" ⇨ Department {code: "CS", programs: List(0..2)}》.programs(0).requiredCourses
  Expected length: 2
  Found length: 3

// Map differences show key-value relationships clearly
[map value mismatch] ▶ LinkedHashMap(0..0) ▶ 《"user.email" ⇨ "[email protected]"》
  Expected: "[email protected]"  
  Found: "[email protected]"

🔄 Converter - Universal Type Conversion

Convert between any meaningful types with mind-bending intelligence:

// Multi-dimensional arrays ↔ nested collections (any depth, any size!)
String[][][] jagged = {
    {{"a", "b", "c"}, {"d"}},           // First sub-array: 3 elements, then 1 element  
    {{"e", "f"}, {"g", "h", "i", "j"}}, // Second sub-array: 2 elements, then 4 elements
    {{"k"}}                             // Third sub-array: just 1 element
};
List<List<List<String>>> nested = Converter.convert(jagged, List.class);  
// Result: [[[a, b, c], [d]], [[e, f], [g, h, i, j]], [[k]]]

char[][][] backToArray = Converter.convert(nested, char[][][].class);       // Preserves jagged structure perfectly!

// EnumSet magic - detects collections and creates EnumSet automatically  
String[] permissions = {"READ", "WRITE", "ADMIN"};  
EnumSet<Permission> perms = Converter.convert(permissions, Permission.class);  // Array → EnumSet<Permission>

List<String> statusList = Arrays.asList("ACTIVE", "PENDING", "COMPLETE");
EnumSet<Status> statuses = Converter.convert(statusList, Status.class);       // Collection → EnumSet<Status>

Map<String, Object> config = Map.of("DEBUG", true, "INFO", false, "WARN", true);
EnumSet<LogLevel> levels = Converter.convert(config, LogLevel.class);         // Map keySet() → EnumSet<LogLevel>

// UUID as 128-bit number - who even thinks of this?!
UUID uuid = UUID.randomUUID();
BigInteger bigInt = Converter.convert(uuid, BigInteger.class);
// Result: 340282366920938463463374607431768211456 (UUID as massive integer!)
UUID restored = Converter.convert(bigInt, UUID.class);                   // Back to UUID!

// Base64 string directly to ByteBuffer 
String base64Data = "SGVsbG8gV29ybGQ=";  // "Hello World" encoded
ByteBuffer buffer = Converter.convert(base64Data, ByteBuffer.class);
// Result: Ready-to-use ByteBuffer, no manual decoding!

// Map to Color - understands RGB semantics
Map<String, Object> colorMap = Map.of("red", 255, "green", 128, "blue", 0, "alpha", 200);
Color orange = Converter.convert(colorMap, Color.class);
// Result: java.awt.Color[r=255,g=128,b=0,a=200] - it even handles alpha!

// Calendar to atomic types - extracts time AND makes it thread-safe
Calendar cal = Calendar.getInstance(); 
AtomicLong atomicTime = Converter.convert(cal, AtomicLong.class);        // Thread-safe epoch millis
AtomicInteger atomicYear = Converter.convert(cal, AtomicInteger.class);  // Just the year, atomically

// Add your own exotic conversions
Converter converter = new Converter();
converter.addConversion(MyClass.class, String.class, obj -> obj.toJson());

// See ALL available conversions - the full power revealed!
Map<String, Set<String>> supported = Converter.getSupportedConversions();
// Result: {"String" -> ["Integer", "Long", "Date", "UUID", "BigInteger", ...], 
//          "UUID" -> ["String", "BigInteger", "Map", ...], ...}

Set<String> allConversions = Converter.allSupportedConversions();  
// Result: ["String -> Integer", "String -> Long", "UUID -> BigInteger", 
//          "Map -> Color", "Calendar -> AtomicLong", ...]

Beyond these 1000+ direct type conversions, Converter also handles:

• 📦 Collection ↔ Collection (List ↔ Set ↔ Queue, any combination)
• 📦 Collection ↔ Array (any collection to any array type, preserving elements)
• 📦 Collection → EnumSet (any collection to EnumSet<targetType> one-dimensional)
• 🧩 Array ↔ Array (int[] ↔ String[] ↔ Long[], automatic element conversion)
• 🧩 Array ↔ Collection (jagged arrays to nested collections, preserving structure)
• 🧩 Array → EnumSet (jagged arrays to nested collections, preserving structure)
• 🗺️ Map ↔ Map (HashMap ↔ LinkedHashMap ↔ ConcurrentHashMap, comparator-aware)
• 🗺️ Map → EnumSet (keySet() of Map to EnumSet<targetType>)
• 🌟 N-dimensional support (jagged arrays, nested collections, any depth)

🗝️ CaseInsensitiveMap - Fast, Case-Preserving Maps

High-performance maps that ignore case but preserve original key formatting:

// Default: acts like LinkedHashMap but case-insensitive
CaseInsensitiveMap<String, String> headers = new CaseInsensitiveMap<>();
headers.put("Content-Type", "application/json");
headers.put("User-Agent", "MyApp/1.0");

// Case-insensitive lookup, but keys retain original case
String contentType = headers.get("content-type");  // "application/json"
String userAgent = headers.get("USER-AGENT");      // "MyApp/1.0"

// Walking keySet() returns original case
for (String key : headers.keySet()) {
    System.out.println(key);  // "Content-Type", "User-Agent"
}

// Supports heterogeneous keys (String + non-String)
CaseInsensitiveMap<Object, String> mixed = new CaseInsensitiveMap<>();
mixed.put("StringKey", "value1");
mixed.put(42, "value2");           // Non-string keys work fine

// Wrap existing maps for thread-safety
Map<String, String> concurrent = new CaseInsensitiveMap<>(new ConcurrentHashMap<>());

⏰ TTLCache - Time-Based Caching with LRU

Automatic expiration with optional size limits - supports null keys and values:

// Cache with 30-second TTL
TTLCache<String, User> userCache = new TTLCache<>(Duration.ofSeconds(30));

// Add items - they auto-expire after TTL
userCache.put("user123", loadUser("123"));
userCache.put(null, defaultUser);  // Null keys supported

// Optional: Add LRU eviction with max size
TTLCache<String, String> sessionCache = new TTLCache<>(
    Duration.ofMinutes(15),  // 15-minute TTL
    1000                     // Max 1000 items (LRU eviction)
);

// Use like any Map - items auto-expire
sessionCache.put("session-abc", "user-data");
String userData = sessionCache.get("session-abc");  // null if expired

// Perfect for caching expensive operations
TTLCache<String, Result> resultCache = new TTLCache<>(Duration.ofMinutes(5));
public Result getExpensiveResult(String key) {
    return resultCache.computeIfAbsent(key, k -> performExpensiveOperation(k));
}

Why developers love these utilities:

• Zero dependencies - No classpath conflicts
• Null-safe - Handle edge cases gracefully
• High performance - Optimized for real-world usage
• JDK 8+ compatible - Works everywhere
• Production proven - Used in high-scale applications

Performance Benchmarks

java-util is engineered for performance-critical applications with optimizations that deliver measurable improvements:

📊 Memory Efficiency

CompactMap Dynamic Adaptation (it has one field):

• map.size() == 0 → Object field = null (Sentinel value)
• map.size() == 1 → Object field = Map.Entry<Key, Value>
• map.size() == 2 ... compactSize() → Object field = Object[2*size] containing keys (even) values (odd)
• map.size() > compactSize(): → Object field = map // delegates to wrapped map
• Great for applications with millions of small Maps

How java-util Compares

Feature	JDK Collections	Google Guava	Eclipse Collections	Apache Commons	java-util
Dependencies	None	3+ libraries	2+ libraries	Multiple	None
Jar Size	N/A	~2.7MB	~2.8MB	~500KB each	~500KB total
JDK Compatibility	8+	11+ (latest)	11+	8+	8+
Null-Safe Concurrent	❌	❌	❌	❌	✅ ConcurrentMapNullSafe
Memory-Adaptive Collections	❌	❌	✅	❌	✅ CompactMap/Set
Case-Preserving Maps	❌	❌	❌	Limited	✅ Retains original case
Universal Type Conversion	❌	Limited	❌	Limited	✅ 1000+ conversions
Deep Object Comparison	❌	Limited	❌	❌	✅ Handles cycles
Runtime Configuration	❌	❌	❌	❌	✅ 70+ feature options
TTL Caching	❌	✅	❌	❌	✅ + LRU combo
Thread-Safe with Nulls	❌	❌	❌	❌	✅ All concurrent types
JPMS/OSGi Ready	✅	⚠️	✅	⚠️	✅ Pre-configured
Security Controls	❌	❌	❌	❌	✅ Input validation

Key Differentiators

🎯 Zero Dependencies: Unlike Guava (Checker Framework, Error Prone, J2ObjC) or Eclipse Collections (JUnit, SLF4J), java-util has zero runtime dependencies - no classpath conflicts ever.

🔒 Null-Safe Concurrency: java-util is the only library providing thread-safe collections that handle null keys and values safely (ConcurrentHashMapNullSafe, ConcurrentSetNullSafe).

🧠 Smart Memory Management: CompactMap and CompactSet automatically adapt from array-based storage (small size) to hash-based storage (large size) - optimal memory usage at every scale.

🔄 Universal Conversion: Convert between any meaningful Java types - primitives, collections, dates, enums, custom objects. Other libraries require multiple dependencies to achieve the same coverage.

⚙️ Production Flexibility: 70+ runtime configuration options allow zero-downtime security hardening and environment-specific tuning that enterprise applications demand.

🔒 Enterprise Security Features

java-util provides comprehensive security controls designed for enterprise environments where security compliance and threat mitigation are critical:

🛡️ Input Validation & DOS Protection

Configurable Resource Limits:

// Prevent memory exhaustion attacks
System.setProperty("deepequals.max.collection.size", "1000000");
System.setProperty("stringutilities.max.repeat.total.size", "10485760");
System.setProperty("mathutilities.max.array.size", "1000000");

// Protect against ReDoS (Regular Expression Denial of Service)
System.setProperty("dateutilities.regex.timeout.enabled", "true");
System.setProperty("dateutilities.regex.timeout.milliseconds", "1000");

🚫 Dangerous Class Protection

Block Access to Sensitive System Classes:

// Prevent reflection-based attacks
System.setProperty("reflectionutils.dangerous.class.validation.enabled", "true");
// Blocks: Runtime, ProcessBuilder, System, Unsafe, ScriptEngine

// Prevent sensitive field access
System.setProperty("reflectionutils.sensitive.field.validation.enabled", "true");  
// Blocks: password, secret, apikey, credential fields

🔐 Cryptographic Security

Enforce Strong Crypto Parameters:

// PBKDF2 iteration requirements
System.setProperty("encryptionutilities.min.pbkdf2.iterations", "100000");
System.setProperty("encryptionutilities.max.pbkdf2.iterations", "1000000");

// Salt and IV size validation
System.setProperty("encryptionutilities.min.salt.size", "16");
System.setProperty("encryptionutilities.min.iv.size", "12");

🌐 Network Security Controls

Protocol and Host Validation:

// Restrict allowed protocols
System.setProperty("io.allowed.protocols", "https");
System.setProperty("urlutilities.allowed.protocols", "https");

// Prevent SSRF (Server-Side Request Forgery)
System.setProperty("urlutilities.allow.internal.hosts", "false");
System.setProperty("urlutilities.max.download.size", "104857600"); // 100MB limit

🔍 Security Audit & Monitoring

Comprehensive Logging:

// Enable detailed security logging
System.setProperty("io.debug", "true");
System.setProperty("io.debug.detailed.urls", "true");
System.setProperty("io.debug.detailed.paths", "true");

🏢 Zero-Downtime Security Hardening

Production-Safe Configuration:

• Feature flags: Enable/disable security features without code changes
• Gradual rollout: Test security features in staging before production
• Environment-specific: Different limits for dev/staging/production
• Compliance ready: Meet OWASP, SOC 2, ISO 27001 requirements

Example: Progressive Security Enablement

# Development (permissive)
-Dreflectionutils.security.enabled=false

# Staging (warning mode)  
-Dreflectionutils.security.enabled=true
-Dreflectionutils.dangerous.class.validation.enabled=false

# Production (full security)
-Dreflectionutils.security.enabled=true
-Dreflectionutils.dangerous.class.validation.enabled=true
-Dreflectionutils.sensitive.field.validation.enabled=true

📋 Security Compliance

Security Standard	java-util Coverage
OWASP Top 10	✅ Injection prevention, DoS protection, Logging
CWE Mitigation	✅ CWE-22 (Path traversal), CWE-502 (Unsafe deserialization)
NIST Guidelines	✅ Input validation, Crypto parameter enforcement
SOC 2 Type II	✅ Audit logging, Access controls, Data protection

Default Secure: All security features are disabled by default for backward compatibility, but can be enabled system-wide with zero code changes.

Core Components

Sets

• CompactSet - Memory-efficient Set that dynamically adapts its storage structure based on size
• CaseInsensitiveSet - Set implementation with case-insensitive String handling
• ConcurrentSet - Thread-safe Set supporting null elements
• ConcurrentNavigableSetNullSafe - Thread-safe NavigableSet supporting null elements
• ClassValueSet - High-performance Set optimized for fast Class membership testing using JVM-optimized ClassValue

Maps

• CompactMap - Memory-efficient Map that dynamically adapts its storage structure based on size
• CaseInsensitiveMap - Map implementation with case-insensitive String keys
• LRUCache - Thread-safe Least Recently Used cache with configurable eviction strategies
• TTLCache - Thread-safe Time-To-Live cache with optional size limits
• TrackingMap - Map that monitors key access patterns for optimization
• ConcurrentHashMapNullSafe - Thread-safe HashMap supporting null keys and values
• ConcurrentNavigableMapNullSafe - Thread-safe NavigableMap supporting null keys and values
• ClassValueMap - High-performance Map optimized for fast Class key lookups using JVM-optimized ClassValue

Lists

• ConcurrentList - Thread-safe List implementation with flexible wrapping options

Utilities

• ArrayUtilities - Comprehensive array manipulation operations
• ByteUtilities - Byte array and hexadecimal conversion utilities
• ClassUtilities - Class relationship and reflection helper methods
• Converter - Robust type conversion system
• DateUtilities - Advanced date parsing and manipulation
• DeepEquals - Recursive object graph comparison
• EncryptionUtilities - Simplified encryption and checksum operations
• Executor - Streamlined system command execution
• GraphComparator - Object graph difference detection and synchronization
• IOUtilities - Enhanced I/O operations and streaming utilities
• MathUtilities - Extended mathematical operations
• ReflectionUtils - Optimized reflection operations
• StringUtilities - Extended String manipulation operations
• SystemUtilities - System and environment interaction utilities
• Traverser - Configurable object graph traversal
• TypeUtilities - Advanced Java type introspection and generic resolution utilities
• UniqueIdGenerator - Distributed-safe unique identifier generation

Integration and Module Support

JPMS (Java Platform Module System)

This library is fully compatible with JPMS, commonly known as Java Modules. It includes a module-info.class file that specifies module dependencies and exports.

OSGi

This library also supports OSGi environments. It comes with pre-configured OSGi metadata in the MANIFEST.MF file, ensuring easy integration into any OSGi-based application.

Using in an OSGi Runtime

The jar already ships with all necessary OSGi headers and a module-info.class. No Import-Package entries for java.* packages are required when consuming the bundle.

To add the bundle to an Eclipse feature or any OSGi runtime simply reference it:

<plugin id="com.cedarsoftware.java-util" version="3.6.0"/>

Both of these features ensure that our library can be seamlessly integrated into modular Java applications, providing robust dependency management and encapsulation.

Maven and Gradle Integration

To include in your project:

Gradle

implementation 'com.cedarsoftware:java-util:3.6.0'

Maven

<dependency>
  <groupId>com.cedarsoftware</groupId>
  <artifactId>java-util</artifactId>
  <version>3.6.0</version>
</dependency>

🚀 Framework Integration Examples

For comprehensive framework integration examples including Spring, Jakarta EE, Spring Boot Auto-Configuration, Microservices, Testing, and Performance Monitoring, see frameworks.md.

Key integrations include:

• Spring Framework - Configuration beans and case-insensitive property handling
• Jakarta EE/JEE - CDI producers and validation services
• Spring Boot - Auto-configuration with corrected cache constructors
• Microservices - Service discovery and cloud-native configuration
• Testing - Enhanced test comparisons with DeepEquals
• Monitoring - Micrometer metrics integration

Feature Options

Modern enterprise applications demand libraries that adapt to diverse security requirements, performance constraints, and operational environments. Following the architectural principles embraced by industry leaders like Google (with their extensive use of feature flags), Netflix (with their chaos engineering configurations), Amazon (with their service-specific tuning), and Meta (with their A/B testing infrastructure), java-util embraces a flexible feature options approach that puts control directly in the hands of developers and operations teams.

This approach aligns with current best practices in cloud-native development, including GitOps configurations, service mesh policies, and progressive delivery patterns that define the cutting edge of modern software architecture.

Rather than forcing a one-size-fits-all configuration, java-util provides granular control over every aspect of its behavior through system properties. This approach enables:

• Zero-downtime security hardening - Enable security features without code changes
• Environment-specific tuning - Different limits for development vs. production
• Gradual rollout strategies - Test new security features with feature flags
• Compliance flexibility - Meet varying regulatory requirements across deployments
• Performance optimization - Fine-tune resource limits based on actual usage patterns

All security features are disabled by default to ensure seamless upgrades, with the flexibility to enable and configure them per environment. This design philosophy allows java-util to serve both lightweight applications and enterprise-grade systems from the same codebase.

Fully Qualified Property Name	Allowed Values	Default Value	Description
ArrayUtilities
arrayutilities.security.enabled	true, false	false	Master switch for all ArrayUtilities security features
arrayutilities.component.type.validation.enabled	true, false	false	Block dangerous system classes in array operations
arrayutilities.max.array.size	Integer	2147483639	Maximum array size (Integer.MAX_VALUE-8)
arrayutilities.dangerous.class.patterns	Comma-separated patterns	java.lang.Runtime, java.lang.ProcessBuilder, java.lang.System, java.security.,javax.script., sun.,com.sun.,java.lang.Class	Dangerous class patterns to block
ByteUtilities
byteutilities.security.enabled	true, false	false	Master switch for all ByteUtilities security features
byteutilities.max.hex.string.length	Integer	0 (disabled)	Hex string length limit for decode operations
byteutilities.max.array.size	Integer	0 (disabled)	Byte array size limit for encode operations
DateUtilities
dateutilities.security.enabled	true, false	false	Master switch for all DateUtilities security features
dateutilities.input.validation.enabled	true, false	false	Enable input length and content validation
dateutilities.regex.timeout.enabled	true, false	false	Enable regex timeout protection
dateutilities.malformed.string.protection.enabled	true, false	false	Enable malformed input protection
dateutilities.max.input.length	Integer	1000	Maximum input string length
dateutilities.max.epoch.digits	Integer	19	Maximum digits for epoch milliseconds
dateutilities.regex.timeout.milliseconds	Long	1000	Timeout for regex operations in milliseconds
DeepEquals
deepequals.secure.errors	true, false	false	Enable error message sanitization
deepequals.max.collection.size	Integer	0 (disabled)	Collection size limit
deepequals.max.array.size	Integer	0 (disabled)	Array size limit
deepequals.max.map.size	Integer	0 (disabled)	Map size limit
deepequals.max.object.fields	Integer	0 (disabled)	Object field count limit
deepequals.max.recursion.depth	Integer	0 (disabled)	Recursion depth limit
EncryptionUtilities
encryptionutilities.security.enabled	true, false	false	Master switch for all EncryptionUtilities security features
encryptionutilities.file.size.validation.enabled	true, false	false	Enable file size limits for hashing operations
encryptionutilities.buffer.size.validation.enabled	true, false	false	Enable buffer size validation
encryptionutilities.crypto.parameters.validation.enabled	true, false	false	Enable cryptographic parameter validation
encryptionutilities.max.file.size	Long	2147483647	Maximum file size for hashing operations (2GB)
encryptionutilities.max.buffer.size	Integer	1048576	Maximum buffer size (1MB)
encryptionutilities.min.pbkdf2.iterations	Integer	10000	Minimum PBKDF2 iterations
encryptionutilities.max.pbkdf2.iterations	Integer	1000000	Maximum PBKDF2 iterations
encryptionutilities.min.salt.size	Integer	8	Minimum salt size in bytes
encryptionutilities.max.salt.size	Integer	64	Maximum salt size in bytes
encryptionutilities.min.iv.size	Integer	8	Minimum IV size in bytes
encryptionutilities.max.iv.size	Integer	32	Maximum IV size in bytes
IOUtilities
io.debug	true, false	false	Enable debug logging
io.connect.timeout	Integer (1000-300000)	5000	Connection timeout (1s-5min)
io.read.timeout	Integer (1000-300000)	30000	Read timeout (1s-5min)
io.max.stream.size	Long	2147483647	Stream size limit (2GB)
io.max.decompression.size	Long	2147483647	Decompression size limit (2GB)
io.path.validation.disabled	true, false	false	Path security validation enabled
io.url.protocol.validation.disabled	true, false	false	URL protocol validation enabled
io.allowed.protocols	Comma-separated	http,https,file,jar	Allowed URL protocols
io.file.protocol.validation.disabled	true, false	false	File protocol validation enabled
io.debug.detailed.urls	true, false	false	Detailed URL logging disabled
io.debug.detailed.paths	true, false	false	Detailed path logging disabled
MathUtilities
mathutilities.security.enabled	true, false	false	Master switch for all MathUtilities security features
mathutilities.max.array.size	Integer	0 (disabled)	Array size limit for min/max operations
mathutilities.max.string.length	Integer	0 (disabled)	String length limit for parsing
mathutilities.max.permutation.size	Integer	0 (disabled)	List size limit for permutations
ReflectionUtils
reflectionutils.security.enabled	true, false	false	Master switch for all ReflectionUtils security features
reflectionutils.dangerous.class.validation.enabled	true, false	false	Block dangerous class access
reflectionutils.sensitive.field.validation.enabled	true, false	false	Block sensitive field access
reflectionutils.max.cache.size	Integer	50000	Maximum cache size per cache type
reflectionutils.dangerous.class.patterns	Comma-separated patterns	java.lang.Runtime,java.lang.Process, java.lang.ProcessBuilder,sun.misc.Unsafe, jdk.internal.misc.Unsafe, javax.script.ScriptEngine, javax.script.ScriptEngineManager	Dangerous class patterns
reflectionutils.sensitive.field.patterns	Comma-separated patterns	password,passwd,secret,secretkey, apikey,api_key,authtoken,accesstoken, credential,confidential,adminkey,private	Sensitive field patterns
reflection.utils.cache.size	Integer	1500	Reflection cache size
StringUtilities
stringutilities.security.enabled	true, false	false	Master switch for all StringUtilities security features
stringutilities.max.hex.decode.size	Integer	0 (disabled)	Max hex string size for decode()
stringutilities.max.wildcard.length	Integer	0 (disabled)	Max wildcard pattern length
stringutilities.max.wildcard.count	Integer	0 (disabled)	Max wildcard characters in pattern
stringutilities.max.levenshtein.string.length	Integer	0 (disabled)	Max string length for Levenshtein distance
stringutilities.max.damerau.levenshtein.string.length	Integer	0 (disabled)	Max string length for Damerau-Levenshtein
stringutilities.max.repeat.count	Integer	0 (disabled)	Max repeat count for repeat() method
stringutilities.max.repeat.total.size	Integer	0 (disabled)	Max total size for repeat() result
SystemUtilities
systemutilities.security.enabled	true, false	false	Master switch for all SystemUtilities security features
systemutilities.environment.variable.validation.enabled	true, false	false	Block sensitive environment variable access
systemutilities.file.system.validation.enabled	true, false	false	Validate file system operations
systemutilities.resource.limits.enabled	true, false	false	Enforce resource usage limits
systemutilities.max.shutdown.hooks	Integer	100	Maximum number of shutdown hooks
systemutilities.max.temp.prefix.length	Integer	100	Maximum temporary directory prefix length
systemutilities.sensitive.variable.patterns	Comma-separated patterns	PASSWORD,PASSWD,PASS,SECRET,KEY, TOKEN,CREDENTIAL,AUTH,APIKEY,API_KEY, PRIVATE,CERT,CERTIFICATE,DATABASE_URL, DB_URL,CONNECTION_STRING,DSN, AWS_SECRET,AZURE_CLIENT_SECRET, GCP_SERVICE_ACCOUNT	Sensitive variable patterns
Traverser
traverser.security.enabled	true, false	false	Master switch for all Traverser security features
traverser.max.stack.depth	Integer	0 (disabled)	Maximum stack depth
traverser.max.objects.visited	Integer	0 (disabled)	Maximum objects visited
traverser.max.collection.size	Integer	0 (disabled)	Maximum collection size to process
traverser.max.array.length	Integer	0 (disabled)	Maximum array length to process
UrlUtilities
urlutilities.security.enabled	true, false	false	Master switch for all UrlUtilities security features
urlutilities.max.download.size	Long	0 (disabled)	Max download size in bytes
urlutilities.max.content.length	Long	0 (disabled)	Max Content-Length header value
urlutilities.allow.internal.hosts	true, false	true	Allow access to internal/local hosts
urlutilities.allowed.protocols	Comma-separated	http,https,ftp	Allowed protocols
urlutilities.strict.cookie.domain	true, false	false	Enable strict cookie domain validation
Other
java.util.force.jre	true, false	false	Force JRE simulation (testing only)

Note: All security features are disabled by default for backward compatibility. Most properties accepting 0 disable the feature entirely. Properties can be set via system properties (-D flags) or environment variables.

Logging

Because java-util has no dependencies on other libraries, java-util uses the Java built-in java.util.logging for all output. See the user guide for ways to route these logs to SLF4J or Log4j 2.

User Guide

View detailed documentation on all utilities.

See changelog.md for revision history.

---

By: John DeRegnaucourt and Kenny Partlow