A collection of high-performance Java utilities designed to enhance standard Java functionality. These utilities focus on:

• Memory efficiency and performance optimization
• Thread-safety and concurrent operations
• Enhanced collection implementations
• Simplified common programming tasks
• Deep object graph operations

Available on Maven Central. This library has no dependencies on other libraries for runtime. The.jarfile is ~600K and works with JDK 1.8 through JDK 24. The .jar file classes are version 52 (JDK 1.8)

As of version 3.6.0 the library is built with the -parameters compiler flag. Parameter names are now retained for tasks such as constructor discovery (increased the jar size by about 10K.)

Featured Utilities

🚀 DeepEquals - Complete Object Comparison

What: Compare any two Java objects for complete equality, handling all data types including cyclic references.

Why use it:

• ✅ Works with any objects - no equals() method needed
• ✅ Handles circular references and complex nested structures
• ✅ Perfect for testing, debugging, and data validation
• ✅ Secure error messages with automatic sensitive data redaction
• ✅ Detailed difference reporting with path to mismatch

Quick example:

boolean same = DeepEquals.deepEquals(complexObject1, complexObject2);

// With difference reporting
Map<String, Object> options = new HashMap<>();
boolean same = DeepEquals.deepEquals(obj1, obj2, options);
if (!same) {
    String diff = (String) options.get(DeepEquals.DIFF);
    System.out.println("Difference: " + diff);
}

📖 Full documentation and options →

---

🎯 Converter - Universal Type Conversion

What: Convert between many Java types with a single API - no more scattered conversion logic.

Why use it:

• ✅ 1000+ type conversions out of the box (use .allAllSupportedConversions() to list them out)
• ✅ Extensible - add your own custom conversions
• ✅ Handles complex types including temporal, arrays, and collections

Quick example:

Date date = Converter.convert("2024-01-15", Date.class);
Long number = Converter.convert("42.7", Long.class);  // Returns 43

📖 Full documentation and conversion matrix →

---

⏰ TTLCache - Self-Cleaning Time-Based Cache

What: A thread-safe cache that automatically expires entries after a time-to-live period, plus includes full LRU capability.

Why use it:

• ✅ Automatic memory management - no manual cleanup needed
• ✅ Prevents memory leaks from forgotten cache entries
• ✅ Perfect for session data, API responses, and temporary results

Quick example:

TTLCache<String, User> userCache = new TTLCache<>(5, TimeUnit.MINUTES);
userCache.put("user123", user);  // Auto-expires in 5 minutes
User cached = userCache.get("user123");  // Returns user or null if expired

📖 Full documentation and configuration →

---

🔄 CompactMap - Self-Optimizing Storage

What: A Map implementation that automatically switches between compact and traditional storage based on size.

Why use it:

• ✅ Significant memory reduction for small maps (under ~60 elements)
• ✅ Automatically scales up for larger datasets
• ✅ Drop-in replacement for HashMap - no code changes needed

Quick example:

Map<String, Object> map = new CompactMap<>();  // Starts compact
map.put("key", "value");  // Uses minimal memory
// Automatically expands when needed - completely transparent

📖 Full documentation and benchmarks →

---

🔑 MultiKeyMap - Composite Key Mapping

What: Index objects with unlimited keys (decision variables). Useful for pricing tables, configuration trees, decision tables, arrays and collections as keys, matrix as key.

Why use it:

• ✅ Composite keys without ceremony – Stop gluing keys into strings or writing boilerplate Pair/wrapper classes.
• ✅ Real-world key shapes – Use arrays, collections, jagged multi-dimensional arrays, matrices/tensors, etc., as key components; deep equality & hashing mean “same contents” truly equals “same key.”
• ✅ Cleaner, safer code – No more hand-rolled equals()/hashCode() on ad-hoc key objects. Fewer collision bugs, fewer “why doesn’t this look up?” moments.
• ✅ Beats nested maps – One structure instead of Map<A, Map<B, V>>. Simpler reads/writes, simpler iteration, simpler mental model.
• ✅ Follows same concurrency semantics as ConcurrentHashMap.
• ✅ Map-like ergonomics – Familiar put/get/contains/remove semantics; drop-in friendly alongside the rest of java.util collections.
• ✅ Fewer allocations – Avoid creating short-lived wrapper objects just to act as a key; reduce GC pressure versus “make-a-key-object-per-call.”
• ✅ Better iteration & analytics – Iterate entries once; no nested loops to walk inner maps when you just need all (k1,k2,…,v) tuples.
• ✅ Easier indexing patterns – Natural fit for multi-attribute lookups (e.g., (tenantId, userId), (type, region), (dateBucket, symbol)).
• ✅ Configurable case-insensitivity (case-retaining) – opt in to case-insensitive matching where you want it, keep exact matching where you don’t—all while preserving original casing for display/logging.

Quick examples:

Example 1 — Composite key that includes a small jagged array

// Composite key: [[1, 2], "some key"]  -> value
MultiKeyMap<String> map = new MultiKeyMap<>();

Object[] compositeKey = new Object[] { new int[]{1, 2}, "some key" };
map.put(compositeKey, "payload-123");

// Retrieve using a *new* array with the same contents (deep equality)
String v1 = map.get(compositeKey);  // v1 = "payload-123"

// Standard Map operations work with the composite array key
boolean present = map.containsKey(compositeKey);   // true
map.remove(compositeKey);
map.containsKey(compositeKey); // false

Example 2 — Var-args style (no ambiguity with Map.put/get)

// Var-args API: putMultiKey(value, k1, k2, k3) and getMultiKey(k1, k2, k3)
// Use this when you already have the distinct keys in hand.
MultiKeyMap<String> map = new MultiKeyMap<>();

String tenantId = "acme";
long userId = 42L;
String scope = "read:invoices";

// Value first by design (var-args must be last)
map.putMultiKey("granted", tenantId, userId, scope);

String perm = map.getMultiKey(tenantId, userId, scope);
System.out.println(perm); // prints: granted

boolean ok = map.containsMultiKey(tenantId, userId, scope);
System.out.println(ok); // true

map.removeMultiKey(tenantId, userId, scope);
System.out.println(map.containsMultiKey(tenantId, userId, scope)); // false

📖 Full documentation and use cases →

---

🎁 Plus Many More Utilities

From reflection helpers to graph traversal, concurrent collections to date utilities - java-util has you covered. Browse all utilities →

Why developers love these utilities:

• Zero dependencies - No classpath conflicts
• Null-safe - Handle edge cases gracefully
• High performance - Optimized for real-world usage
• JDK 8+ compatible - Works everywhere
• Production proven - Used in high-scale applications

Performance Benchmarks

java-util is engineered for performance-critical applications with optimizations that deliver measurable improvements:

📊 Memory Efficiency

CompactMap Dynamic Adaptation (it has one field):

• map.size() == 0 → Object field = null (Sentinel value)
• map.size() == 1 → Object field = Map.Entry<Key, Value>
• map.size() == 2 ... compactSize() → Object field = Object[2*size] containing keys (even) values (odd)
• map.size() > compactSize(): → Object field = map // delegates to wrapped map
• Great for applications with millions of small Maps

How java-util Compares

Feature	JDK Collections	Google Guava	Eclipse Collections	Apache Commons	java-util
Dependencies	None	3+ libraries	2+ libraries	Multiple	None
Jar Size	N/A	~2.7MB	~2.8MB	~500KB each	~600KB total
JDK Compatibility	8+	11+ (latest)	11+	8+	8+
Null-Safe Concurrent	❌	❌	❌	❌	✅ ConcurrentMapNullSafe
Memory-Adaptive Collections	❌	❌	✅	❌	✅ CompactMap/Set
Case-Preserving Maps	❌	❌	❌	Limited	✅ Retains original case
Universal Type Conversion	❌	Limited	❌	Limited	✅ 1000+ conversions
N-Dimensional Mapping	❌	⚠️ Table (2D only)	❌	⚠️ Limited	✅ MultiKeyMap (unlimited N-D)
Deep Object Comparison	❌	Limited	❌	❌	✅ Handles cycles
Runtime Configuration	❌	❌	❌	❌	✅ 70+ feature options
TTL Caching	❌	✅	❌	❌	✅ + LRU combo
Thread-Safe with Nulls	❌	❌	❌	❌	✅ All concurrent types
JPMS/OSGi Ready	✅	⚠️	✅	⚠️	✅ Pre-configured
Security Controls	❌	❌	❌	❌	✅ Input validation

Key Differentiators

🎯 Zero Dependencies: Unlike Guava (Checker Framework, Error Prone, J2ObjC) or Eclipse Collections (JUnit, SLF4J), java-util has zero runtime dependencies - no classpath conflicts ever.

🔒 Null-Safe Concurrency: java-util is the only library providing thread-safe collections that handle null keys and values safely (ConcurrentHashMapNullSafe, ConcurrentSetNullSafe).

🧠 Smart Memory Management: CompactMap and CompactSet automatically adapt from array-based storage (small size) to hash-based storage (large size) - optimal memory usage at every scale.

🔄 Universal Conversion: Convert between any meaningful Java types - primitives, collections, dates, enums, custom objects. Other libraries require multiple dependencies to achieve the same coverage.

⚙️ Production Flexibility: 70+ runtime configuration options allow zero-downtime security hardening and environment-specific tuning that enterprise applications demand.

🔒 Enterprise Security Features

java-util provides comprehensive security controls designed for enterprise environments where security compliance and threat mitigation are critical:

🛡️ Input Validation & DOS Protection

Configurable Resource Limits:

// Prevent memory exhaustion attacks
System.setProperty("deepequals.max.collection.size", "1000000");
System.setProperty("stringutilities.max.repeat.total.size", "10485760");
System.setProperty("mathutilities.max.array.size", "1000000");

// Protect against ReDoS (Regular Expression Denial of Service)
System.setProperty("dateutilities.regex.timeout.enabled", "true");
System.setProperty("dateutilities.regex.timeout.milliseconds", "1000");

🚫 Dangerous Class Protection

Block Access to Sensitive System Classes:

// Prevent reflection-based attacks
System.setProperty("reflectionutils.dangerous.class.validation.enabled", "true");
// Blocks: Runtime, ProcessBuilder, System, Unsafe, ScriptEngine

// Prevent sensitive field access
System.setProperty("reflectionutils.sensitive.field.validation.enabled", "true");  
// Blocks: password, secret, apikey, credential fields

🔐 Cryptographic Security

Enforce Strong Crypto Parameters:

// PBKDF2 iteration requirements
System.setProperty("encryptionutilities.min.pbkdf2.iterations", "100000");
System.setProperty("encryptionutilities.max.pbkdf2.iterations", "1000000");

// Salt and IV size validation
System.setProperty("encryptionutilities.min.salt.size", "16");
System.setProperty("encryptionutilities.min.iv.size", "12");

🌐 Network Security Controls

Protocol and Host Validation:

// Restrict allowed protocols
System.setProperty("io.allowed.protocols", "https");
System.setProperty("urlutilities.allowed.protocols", "https");

// Prevent SSRF (Server-Side Request Forgery)
System.setProperty("urlutilities.allow.internal.hosts", "false");
System.setProperty("urlutilities.max.download.size", "104857600"); // 100MB limit

🔍 Security Audit & Monitoring

Comprehensive Logging:

// Enable detailed security logging
System.setProperty("io.debug", "true");
System.setProperty("io.debug.detailed.urls", "true");
System.setProperty("io.debug.detailed.paths", "true");

🏢 Zero-Downtime Security Hardening

Production-Safe Configuration:

• Feature flags: Enable/disable security features without code changes
• Gradual rollout: Test security features in staging before production
• Environment-specific: Different limits for dev/staging/production
• Compliance ready: Meet OWASP, SOC 2, ISO 27001 requirements

Example: Progressive Security Enablement

# Development (permissive)
-Dreflectionutils.security.enabled=false

# Staging (warning mode)  
-Dreflectionutils.security.enabled=true
-Dreflectionutils.dangerous.class.validation.enabled=false

# Production (full security)
-Dreflectionutils.security.enabled=true
-Dreflectionutils.dangerous.class.validation.enabled=true
-Dreflectionutils.sensitive.field.validation.enabled=true

📋 Security Compliance

Security Standard	java-util Coverage
OWASP Top 10	✅ Injection prevention, DoS protection, Logging
CWE Mitigation	✅ CWE-22 (Path traversal), CWE-502 (Unsafe deserialization)
NIST Guidelines	✅ Input validation, Crypto parameter enforcement
SOC 2 Type II	✅ Audit logging, Access controls, Data protection

Default Secure: All security features are disabled by default for backward compatibility, but can be enabled system-wide with zero code changes.

Core Components

Component	Description
Sets
CompactSet	Memory-efficient Set that dynamically adapts its storage structure based on size.
CaseInsensitiveSet	Set implementation with case-insensitive String handling.
ConcurrentSet	Thread-safe Set supporting null elements.
ConcurrentNavigableSetNullSafe	Thread-safe NavigableSet supporting null elements.
ClassValueSet	High-performance Set optimized for fast Class membership testing using JVM-optimized ClassValue.
IntervalSet	Thread-safe interval set with O(log n) performance, automatically merges intervals, smart boundary handling for 20+ types, and you can add your own.
Maps
CompactMap	Memory-efficient Map that dynamically adapts its storage structure based on size.
CaseInsensitiveMap	A Map wrapper that provides case-insensitive, case-retentive keys and inherits the features of the wrapped map (e.g., thread-safety from ConcurrentMap types, multi-key support from MultiKeyMap, sorted, thread-safe, allow nulls from ConcurrentNavigableMapNullSafe).
LRUCache	Thread-safe Least Recently Used cache with configurable eviction strategies.
TTLCache	Thread-safe Time-To-Live cache with optional size limits.
TrackingMap	A Map wrapper that tracks key access. Inherits features from wrapped Map, including thread-safety (ConcurrentMap types), sorted, thread-safe, with null support (ConcurrentNavigableMapNullSafe)
ConcurrentHashMapNullSafe	Thread-safe HashMap supporting null keys and values.
ConcurrentNavigableMapNullSafe	Thread-safe NavigableMap supporting null keys and values.
ClassValueMap	High-performance Map optimized for fast Class key lookups using JVM-optimized ClassValue.
MultiKeyMap	Concurrent map supporting multiple keys.
Lists
ConcurrentList	High-performance bucket-based concurrent List and Deque with lock-free operations.
Utilities
ArrayUtilities	Comprehensive array manipulation operations.
ByteUtilities	Byte array and hexadecimal conversion utilities.
ClassUtilities	Class relationship and reflection helper methods.
Converter	An extensive and extensible conversion utility with thousands of built-in transformations between common JDK types (Dates, Collections, Primitives, EnumSets, etc.).
DateUtilities	Advanced date parsing and manipulation.
DeepEquals	Recursive object graph comparison.
EncryptionUtilities	Simplified encryption and checksum operations.
Executor	Streamlined system command execution.
GraphComparator	Object graph difference detection and synchronization.
IOUtilities	Enhanced I/O operations and streaming utilities.
MathUtilities	Extended mathematical operations.
ReflectionUtils	Optimized reflection operations.
StringUtilities	Extended String manipulation operations.
SystemUtilities	System and environment interaction utilities.
Traverser	Configurable object graph traversal.
TypeUtilities	Advanced Java type introspection and generic resolution utilities.
UniqueIdGenerator	Distributed-safe unique identifier generation.

## Integration and Module Support

JPMS (Java Platform Module System)

This library is fully compatible with JPMS, commonly known as Java Modules. It includes a module-info.class file that specifies module dependencies and exports.

OSGi

This library also supports OSGi environments. It comes with pre-configured OSGi metadata in the MANIFEST.MF file, ensuring easy integration into any OSGi-based application.

Using in an OSGi Runtime

The jar already ships with all necessary OSGi headers and a module-info.class. No Import-Package entries for java.* packages are required when consuming the bundle.

To add the bundle to an Eclipse feature or any OSGi runtime simply reference it:

<plugin id="com.cedarsoftware.java-util" version="4.1.0"/>

Both of these features ensure that our library can be seamlessly integrated into modular Java applications, providing robust dependency management and encapsulation.

Maven and Gradle Integration

To include in your project:

Gradle

implementation 'com.cedarsoftware:java-util:4.1.0'

Maven

<dependency>
  <groupId>com.cedarsoftware</groupId>
  <artifactId>java-util</artifactId>
  <version>4.1.0</version>
</dependency>

🚀 Framework Integration Examples

For comprehensive framework integration examples including Spring, Jakarta EE, Spring Boot Auto-Configuration, Microservices, Testing, and Performance Monitoring, see frameworks.md.

Key integrations include:

• Spring Framework - Configuration beans and case-insensitive property handling
• Jakarta EE/JEE - CDI producers and validation services
• Spring Boot - Auto-configuration with corrected cache constructors
• Microservices - Service discovery and cloud-native configuration
• Testing - Enhanced test comparisons with DeepEquals
• Monitoring - Micrometer metrics integration

Feature Options

Modern enterprise applications demand libraries that adapt to diverse security requirements, performance constraints, and operational environments. Following the architectural principles embraced by industry leaders like Google (with their extensive use of feature flags), Netflix (with their chaos engineering configurations), Amazon (with their service-specific tuning), and Meta (with their A/B testing infrastructure), java-util embraces a flexible feature options approach that puts control directly in the hands of developers and operations teams.

This approach aligns with current best practices in cloud-native development, including GitOps configurations, service mesh policies, and progressive delivery patterns that define the cutting edge of modern software architecture.

Rather than forcing a one-size-fits-all configuration, java-util provides granular control over every aspect of its behavior through system properties. This approach enables:

• Zero-downtime security hardening - Enable security features without code changes
• Environment-specific tuning - Different limits for development vs. production
• Gradual rollout strategies - Test new security features with feature flags
• Compliance flexibility - Meet varying regulatory requirements across deployments
• Performance optimization - Fine-tune resource limits based on actual usage patterns

All security features are disabled by default to ensure seamless upgrades, with the flexibility to enable and configure them per environment. This design philosophy allows java-util to serve both lightweight applications and enterprise-grade systems from the same codebase.

Fully Qualified Property Name	Allowed Values	Default Value	Description
ArrayUtilities
arrayutilities.security.enabled	true, false	false	Master switch for all ArrayUtilities security features
arrayutilities.component.type.validation.enabled	true, false	false	Block dangerous system classes in array operations
arrayutilities.max.array.size	Integer	2147483639	Maximum array size (Integer.MAX_VALUE-8)
arrayutilities.dangerous.class.patterns	Comma-separated patterns	java.lang.Runtime, java.lang.ProcessBuilder, java.lang.System, java.security.,javax.script., sun.,com.sun.,java.lang.Class	Dangerous class patterns to block
ByteUtilities
byteutilities.security.enabled	true, false	false	Master switch for all ByteUtilities security features
byteutilities.max.hex.string.length	Integer	0 (disabled)	Hex string length limit for decode operations
byteutilities.max.array.size	Integer	0 (disabled)	Byte array size limit for encode operations
DateUtilities
dateutilities.security.enabled	true, false	false	Master switch for all DateUtilities security features
dateutilities.input.validation.enabled	true, false	false	Enable input length and content validation
dateutilities.regex.timeout.enabled	true, false	false	Enable regex timeout protection
dateutilities.malformed.string.protection.enabled	true, false	false	Enable malformed input protection
dateutilities.max.input.length	Integer	1000	Maximum input string length
dateutilities.max.epoch.digits	Integer	19	Maximum digits for epoch milliseconds
dateutilities.regex.timeout.milliseconds	Long	1000	Timeout for regex operations in milliseconds
DeepEquals
deepequals.secure.errors	true, false	false	Enable error message sanitization
deepequals.max.collection.size	Integer	0 (disabled)	Collection size limit
deepequals.max.array.size	Integer	0 (disabled)	Array size limit
deepequals.max.map.size	Integer	0 (disabled)	Map size limit
deepequals.max.object.fields	Integer	0 (disabled)	Object field count limit
deepequals.max.recursion.depth	Integer	0 (disabled)	Recursion depth limit
Programmatic Options (via options Map): • ignoreCustomEquals (Boolean): Ignore custom equals() methods • stringsCanMatchNumbers (Boolean): Allow "10" to match numeric 10 • deepequals.include.diff_item (Boolean): Include ItemsToCompare object (for memory efficiency, default false) Output Keys: • diff (String): Human-readable difference path • diff_item (ItemsToCompare): Detailed difference object (when include.diff_item=true)
EncryptionUtilities
encryptionutilities.security.enabled	true, false	false	Master switch for all EncryptionUtilities security features
encryptionutilities.file.size.validation.enabled	true, false	false	Enable file size limits for hashing operations
encryptionutilities.buffer.size.validation.enabled	true, false	false	Enable buffer size validation
encryptionutilities.crypto.parameters.validation.enabled	true, false	false	Enable cryptographic parameter validation
encryptionutilities.max.file.size	Long	2147483647	Maximum file size for hashing operations (2GB)
encryptionutilities.max.buffer.size	Integer	1048576	Maximum buffer size (1MB)
encryptionutilities.min.pbkdf2.iterations	Integer	10000	Minimum PBKDF2 iterations
encryptionutilities.max.pbkdf2.iterations	Integer	1000000	Maximum PBKDF2 iterations
encryptionutilities.min.salt.size	Integer	8	Minimum salt size in bytes
encryptionutilities.max.salt.size	Integer	64	Maximum salt size in bytes
encryptionutilities.min.iv.size	Integer	8	Minimum IV size in bytes
encryptionutilities.max.iv.size	Integer	32	Maximum IV size in bytes
IOUtilities
io.debug	true, false	false	Enable debug logging
io.connect.timeout	Integer (1000-300000)	5000	Connection timeout (1s-5min)
io.read.timeout	Integer (1000-300000)	30000	Read timeout (1s-5min)
io.max.stream.size	Long	2147483647	Stream size limit (2GB)
io.max.decompression.size	Long	2147483647	Decompression size limit (2GB)
io.path.validation.disabled	true, false	false	Path security validation enabled
io.url.protocol.validation.disabled	true, false	false	URL protocol validation enabled
io.allowed.protocols	Comma-separated	http,https,file,jar	Allowed URL protocols
io.file.protocol.validation.disabled	true, false	false	File protocol validation enabled
io.debug.detailed.urls	true, false	false	Detailed URL logging disabled
io.debug.detailed.paths	true, false	false	Detailed path logging disabled
MathUtilities
mathutilities.security.enabled	true, false	false	Master switch for all MathUtilities security features
mathutilities.max.array.size	Integer	0 (disabled)	Array size limit for min/max operations
mathutilities.max.string.length	Integer	0 (disabled)	String length limit for parsing
mathutilities.max.permutation.size	Integer	0 (disabled)	List size limit for permutations
ReflectionUtils
reflectionutils.security.enabled	true, false	false	Master switch for all ReflectionUtils security features
reflectionutils.dangerous.class.validation.enabled	true, false	false	Block dangerous class access
reflectionutils.sensitive.field.validation.enabled	true, false	false	Block sensitive field access
reflectionutils.max.cache.size	Integer	50000	Maximum cache size per cache type
reflectionutils.dangerous.class.patterns	Comma-separated patterns	java.lang.Runtime,java.lang.Process, java.lang.ProcessBuilder,sun.misc.Unsafe, jdk.internal.misc.Unsafe, javax.script.ScriptEngine, javax.script.ScriptEngineManager	Dangerous class patterns
reflectionutils.sensitive.field.patterns	Comma-separated patterns	password,passwd,secret,secretkey, apikey,api_key,authtoken,accesstoken, credential,confidential,adminkey,private	Sensitive field patterns
reflection.utils.cache.size	Integer	1500	Reflection cache size
StringUtilities
stringutilities.security.enabled	true, false	false	Master switch for all StringUtilities security features
stringutilities.max.hex.decode.size	Integer	0 (disabled)	Max hex string size for decode()
stringutilities.max.wildcard.length	Integer	0 (disabled)	Max wildcard pattern length
stringutilities.max.wildcard.count	Integer	0 (disabled)	Max wildcard characters in pattern
stringutilities.max.levenshtein.string.length	Integer	0 (disabled)	Max string length for Levenshtein distance
stringutilities.max.damerau.levenshtein.string.length	Integer	0 (disabled)	Max string length for Damerau-Levenshtein
stringutilities.max.repeat.count	Integer	0 (disabled)	Max repeat count for repeat() method
stringutilities.max.repeat.total.size	Integer	0 (disabled)	Max total size for repeat() result
SystemUtilities
systemutilities.security.enabled	true, false	false	Master switch for all SystemUtilities security features
systemutilities.environment.variable.validation.enabled	true, false	false	Block sensitive environment variable access
systemutilities.file.system.validation.enabled	true, false	false	Validate file system operations
systemutilities.resource.limits.enabled	true, false	false	Enforce resource usage limits
systemutilities.max.shutdown.hooks	Integer	100	Maximum number of shutdown hooks
systemutilities.max.temp.prefix.length	Integer	100	Maximum temporary directory prefix length
systemutilities.sensitive.variable.patterns	Comma-separated patterns	PASSWORD,PASSWD,PASS,SECRET,KEY, TOKEN,CREDENTIAL,AUTH,APIKEY,API_KEY, PRIVATE,CERT,CERTIFICATE,DATABASE_URL, DB_URL,CONNECTION_STRING,DSN, AWS_SECRET,AZURE_CLIENT_SECRET, GCP_SERVICE_ACCOUNT	Sensitive variable patterns
Traverser
traverser.security.enabled	true, false	false	Master switch for all Traverser security features
traverser.max.stack.depth	Integer	0 (disabled)	Maximum stack depth
traverser.max.objects.visited	Integer	0 (disabled)	Maximum objects visited
traverser.max.collection.size	Integer	0 (disabled)	Maximum collection size to process
traverser.max.array.length	Integer	0 (disabled)	Maximum array length to process
UrlUtilities
urlutilities.security.enabled	true, false	false	Master switch for all UrlUtilities security features
urlutilities.max.download.size	Long	0 (disabled)	Max download size in bytes
urlutilities.max.content.length	Long	0 (disabled)	Max Content-Length header value
urlutilities.allow.internal.hosts	true, false	true	Allow access to internal/local hosts
urlutilities.allowed.protocols	Comma-separated	http,https,ftp	Allowed protocols
urlutilities.strict.cookie.domain	true, false	false	Enable strict cookie domain validation
Converter
converter.modern.time.long.precision	millis, nanos	millis	Precision for Instant, ZonedDateTime, OffsetDateTime conversions
converter.duration.long.precision	millis, nanos	millis	Precision for Duration conversions
converter.localtime.long.precision	millis, nanos	millis	Precision for LocalTime conversions
Other
java.util.force.jre	true, false	false	Force JRE simulation (testing only)

Note: All security features are disabled by default for backward compatibility. Most properties accepting 0 disable the feature entirely. Properties can be set via system properties (-D flags) or environment variables.

Logging

Because java-util has no dependencies on other libraries, java-util uses the Java built-in java.util.logging for all output. See the user guide for ways to route these logs to SLF4J or Log4j 2.

User Guide

View detailed documentation on all utilities.

See changelog.md for revision history.