Skip to content
๐Ÿ‡ช๐Ÿ‡บ Made in the European Union ยท Independently built ยท Released under EUPL 1.2

Consulting

Consulting

I help teams secure Vaadin Flow and lightweight REST applications โ€” using Security for Flow or any equivalent stack. Direct, code-level work with your engineers. No slide decks, no audits-for-the-sake-of-audits.

Get in touch: contact@sven-ruppert.com โ€” short description of the project, current pain points, target stack, preferred timeframe.

Where I can help

Architecture review
Threat model your auth and authorization design before you ship โ€” roles, permissions, session handling, REST surface, audit gaps.
SPI integration
Wire AuthenticationService, AuthorizationService, custom annotations, and AccessEvaluator into your existing Vaadin or REST application.
Bootstrap hardening
First-run admin setup, password policy, PBKDF2 tuning, secrets handling, operator workflow. Production-grade, not demo-grade.
Permission model design
Move from role-only to fine-grained permissions without breaking existing views and handlers. Migration plan included.
REST authorization
Subject resolution, bearer-token strategies, server-side operation filtering, 401/403 mapping that doesn’t leak internals.
Security review of changes
Pre-merge review of security-sensitive PRs โ€” login flow, role mapping, evaluator logic, error handling.

How it works

Initial call (free, ~30 min)

Quick scope alignment โ€” what’s the application, what’s the security posture today, what are the open questions. We decide together if consulting is the right shape, or if a self-service walkthrough of the docs is enough.

Written proposal

Concrete deliverables, time estimate, and a fixed budget or hourly rate. You decide whether it’s a one-shot review, a defined sprint, or on-demand support.

Engagement

Pair-programming sessions, async PR reviews, or dedicated workshop days โ€” whichever fits your team. Output is your code in your repo, plus a short written summary at the end.

Follow-up

One free 30-min check-in 4โ€“6 weeks after delivery to make sure the recommendations stuck and answer follow-up questions.

Engagement formats

Security review
Fixed-scope review of an existing application or a planned design. Written report + walkthrough.
Integration sprint
1โ€“2 weeks of focused integration work. SPI wiring, bootstrap hardening, custom permissions โ€” together with your team.
On-demand support
Retainer for ad-hoc questions, PR reviews, and incident support. Slack/email/PR comments.
Workshop
On-site or remote workshop on Vaadin/REST security for your engineering team. 1โ€“2 days.

Why me

  • Author of Security for Flow โ€” I built the library, I know its sharp edges and the design choices behind them.
  • Long track record of Java/Vaadin work, including production systems with strict security requirements.
  • Direct, no-fluff communication. If something is wrong, I say so. If the right fix is “use the framework you already have”, I say that too.
  • Independent โ€” no upsell to a platform, no vendor lock-in agenda.

Contact

Send a short email to contact@sven-ruppert.com with:

  • a one-paragraph description of your application,
  • the current security stack (Spring Security, Jakarta Security, in-house, none),
  • what you’d like to achieve in the next 4โ€“8 weeks.

I usually reply within two business days.