Use Item Templates with <vaadin-combo-box> to Customize the Item List

The Vaadin Elements team has just released a new update for <vaadin-combo-box> that enables custom item templates for combo box items. With custom templates, your combo box can consume the items array to display more complex HTML, such as including an index, adding an image, displaying multiple fields from the item data, or simply making the item bold or italic. Custom templates also allow you to display multiple fields from the data items, if you set the combo box’s items property to an array of objects.

For example:

<vaadin-combo-box items='[{"label": "Hydrogen", "value": "H"}]'>
    [[index]]: [[item.label]] <b>[[item.value]</b>

This will create a combo box where the items will be listed as:
1: Hydrogen **H**

Custom styles for item templates

With item templates, you can also style the displayed item. To do this, you need to create a new custom element with its own styles and template. You can also use any existing elements, such as <paper-item>, which is a natural fit for combo box items. The <paper-item> element can be easily used for this purpose.

For more information, see our docs page for Styling Combo Box Items with Custom Item Element.

Focused and Selected

There are several new variables you can bind from within the item template to further customize the displayed item. These variables are index, focused, and selected.

  • index displays the number index of that item, as shown in the first example above.
  • focused is true when the user is focused on that item, such as with keyboard navigation.
  • selected is true when the item is the selected item for the combo box.

Learn more about <vaadin-combo-box> at the Vaadin Elements page.

Enabling HTTPS in your Java server using a free certificate

Using HTTPS connections in web application client-server communication has grown to be more and more common nowadays. In fact, for some types of applications, it’s become a requirement. For example, if you want to use Geolocation API in a web app running in Chrome, you need to have HTTPS enabled. All big browser vendors require HTTPS if you want to use HTTP/2. Even your search rank in Google is higher, if you provide a secure connection. Besides, web app users today are expecting to see that green secure connection indicator in the URL bar. So how does one enable it? Luckily for you as a web app developer, making the web more secure means only a few easy steps, and it’s completely free when using a service called Let’s Encrypt.

What you need before starting

I assume you have a server somewhere and you are running some kind of Java server, such as Jetty or Tomcat. For obtaining and installing the certificate we’ll use a tool called Certbot. Certbot is an ACME (Automatic Certificate Management Environment) protocol client, which fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others. Let’s Encrypt is a relatively new CA aiming to lower the complexity of setting up and maintaining TLS (Transport Layer Security). You will need root access in your server to run Certbot.

I’ve tested the steps in this guide using Jetty, but the same steps work at least for Tomcat and WildFly (JBoss). I’ve written the guide to be applicable to practically any Java server. When testing, I used a dashboard web application written in Java using Vaadin Framework and Vaadin Charts.

Example Java web application using the Let's encrypt certificate

Installing Certbot ACME client

You can check if your OS distribution comes packaged with Certbot by visiting From the same address you’ll find more instructions for the specific environment, if you need them. If your OS doesn’t come with certbot, install it using certbot-auto. Certbot-auto is a wrapper script accepting the same control flags as certbot and updating the client code automatically. It requires root access.

chmod a+x ./certbot-auto
./certbot-auto --help

Obtaining a signed certificate

Certbot has a few plugins that can fetch and install certificates automatically. Unfortunately such a plugin is not available for Java servers. I recommend using either the standalone plugin or the webroot plugin. The standalone plugin starts a lightweight web server and binds it to port 80 or 443 and serves a verification for the Let’s Encrypt validation servers. This means that either port must be free while running the plugin i.e. the Java server must not be running if it uses those ports. To use the standalone plugin, run

certbot-auto certonly --standalone --standalone-supported-challenges http-01 -d

The --standalone-supported-challenges option value can also be tls-sni-01 to use port 443.

The other choice for the plugin is to use the webroot plugin, which uses an existing running server to serve the ACME protocol verification files. E.g. if your Jetty webapps directory is /opt/jetty/webapps/, run

certbot-auto certonly --webroot -w /opt/jetty/webapps/ROOT -d

With both webroot plugin and standalone plugin the certonly option certbot will fetch a certificate and store it to /etc/letsencrypt/live/<yourdomain>.

Certificates from Let’s Encrypt are short lived, only 90 days until they expire and must be renewed. Luckily certbot can do this renewal for you with the renew option.

certbot-auto renew

The renew command checks if the certificate actually needs to be updated, so it’s safe to run every day and doesn’t burn your ACME request rate limit. We’ll cover automating the renewal, but first let’s install the certificate to Java keystore.

Installing the certificate to Java keystore

The certificate now needs to be installed to the Java keystore. Before we can install the certificate, we need to combine the private key and the certificate to a PKCS12 format file.

openssl pkcs12 -export -in /etc/letsencrypt/live/ -inkey /etc/letsencrypt/live/ -out /etc/letsenscrypt/live/ -name mytlskeyalias -passout pass:mykeypassword

After the certificate is in PKCS12 format, we remove the previously stored certificate from the keystore. Of course, you need to do this step only if you have previously stored a certificate for your domain e.g. if you have just renewed a certificate and want to store an updated one.

keytool -keystore /path/to/my/keystore -delete -alias ‘mytlskeyalias’ -storepass ‘mystorepassword’

Import the .p12 file to keystore.

keytool -importkeystore -deststorepass mystorepassword -destkeypass mykeypassword -destkeystore /path/to/my/keystore -srckeystore /etc/letsencrypt/live/ -srcstoretype PKCS12 -srcstorepass mykeypassword -alias mytlskeyalias

Now the certificate is ready to be used in your Java server. It still needs to be configured though, but let’s automate the certificate renewal first.

Automating the certificate renewal

Obtaining and installing the certificate only once is not enough, as the certificate has an expiration date. Certificates from Let’s Encrypt are quite short lived - only 90 days. The certificates can also be revoked. For the above-mentioned reasons, you should check if your certificates need to be renewed every day. Let’s make a couple of scripts to automate this.

First let’s write a script ‘’ for running the validation and renewal of the certificate. You can then put this script into your crontab to be run once a day.

certbot-auto renew --no-self-upgrade --quiet --renew-hook ""

The certbot command is the same we used earlier, but now we’ll throw in options --no-self-upgrade to prevent the script updating itself, which is not necessarily wanted in production environment, and --quiet to disable output other than errors. Certbot checks if the certificate needs to be renewed before actually renewing it. We’ll use the --renew-hook option to specify a script or command to be executed in case of the certificate being renewed.

Now, let’s write the script that is run in certbot renew hook. Create a script called ‘’ and put in those certificate conversion and keystore commands we used earlier: first pkcs12 conversion, then removing the old key, and finally importing the new key. You can download a sample bash script file and edit it to your own settings.

After updating the certificate in the keystore, you need to restart your Java server. The restart command depends on what server you are using and how you are running it e.g. if you are running Jetty as a service, add service jetty restart to the end of ‘’.

Configuring SSL/TLS in your Java server

Putting your certificate in a keystore for the Java server is not enough. You need to configure your server to use the certificate. I’m not going to cover individual server configurations, but here are a few links to how to configure Tomcat 8, Jetty 9 and WildFly 10. After you have configured your Java server to use the certificate, everything should be ready. Good work.

Write your first secure web application with Vaadin—the open source Java web UI framework. Did you know that Vaadin applications are more secure by default?

Read about security in Vaadin

Using Oracle Databases and WebLogic with Vaadin 8

This guide walks you through the process of connecting to Oracle databases from Java EE web applications using JPA and Apache DeltaSpike Data. The application developed in this guide consists of a web UI with a list of employees loaded from an Oracle database and a filter to allow searching employees by their names.


This guide assumes you have:

  1. Installed Oracle Database. The syntax presented in this guide is compatible with Oracle Database Express Edition 11g Release 2 (11.2) which is a free-to-use entry-level version of Oracle Database 11g.
  2. Installed Java EE 7 server like Oracle WebLogic Server. This guide uses Oracle WebLogic Server 12cR2 (
  3. Installed your favorite IDE and Maven.

No previous experience with Java EE, JPA or Apache DeltaSpike is required to follow this guide.

Create the database objects

Connect to the Oracle database and create the following table:

CREATE TABLE employee(
  name VARCHAR(255),
  email VARCHAR(255)

Create the following sequence which is going to be used as a generator of the values in the id column of the previous table:


Add some test data, such as the following:

INSERT INTO employee(id, name, email) VALUES(employee_seq.nextval, 'John Volga', '');
INSERT INTO employee(id, name, email) VALUES(employee_seq.nextval, 'Matti Tahvonen', '');
INSERT INTO employee(id, name, email) VALUES(employee_seq.nextval, 'Sami Ekblad', '');
INSERT INTO employee(id, name, email) VALUES(employee_seq.nextval, 'Nicolas Frankel', '');
INSERT INTO employee(id, name, email) VALUES(employee_seq.nextval, 'Alejandro Duarte', '');

Remember to commit the changes to the database if necessary.

Create a new DataSource

If you haven’t, create a new WebLogic domain (make sure you add an Administration Server when creating the domain and take note of the path to the created domain). Start the WebLogic server, login into the Administration Console (available at http://localhost:7001/console by default), and add a new generic JDBC DataSource. Make sure to use the following configuration when creating the DataSource:

  • Name: DemoDS

  • Scope: Global

  • JNDI Name: demoDS

  • Database Type: Oracle

Configure the database name, hostname, port, database user name, and password to connect to your Oracle Database Server instance. You don’t need to specify any additional connection properties.

Make sure you select a target to deploy the new DataSource (AdminServer, for example) in the last step of the DataSource creation wizard.

Install the WebLogic Maven Plugin

The WebLogic Maven Plugin allows you to perform several operations such as starting the WebLogic server and deploying applications to it. In order to use the plugin, you need to install it into your local Maven repository first. Execute the following commands in a terminal:

cd ORACLE_HOME/oracle_common/plugins/maven/com/oracle/maven/oracle-maven-sync/12.2.1

mvn install:install-file -DpomFile=oracle-maven-sync-12.2.1.pom -Dfile=oracle-maven-sync-12.2.1.jar

mvn -DoracleHome=ORACLE_HOME

Replace ORACLE_HOME with the full path of the directory where you installed WebLogic and HOME with the full path of your home directory.

Create a Java EE application using Maven

An easy way to create a new Java EE application is by using the webapp-javaee7 Maven archetype. Execute the following command to create a new Java EE application:

mvn -B archetype:generate -DarchetypeGroupId=org.codehaus.mojo.archetypes -DarchetypeArtifactId=webapp-javaee7 -DarchetypeVersion=1.1 -DgroupId=com.example -DartifactId=demo -Dversion=1.0-SNAPSHOT

You should get a Maven project you can import into your favorite IDE.

Add the following into the <build> section of the pom.xml file:


This configures the name of the generated WAR file to demo.war instead of something like demo-1.0-SNAPSHOT.war. This makes the web application available at localhost:7001/demo without any version information in the URI.

Add the WebLogic Maven Plugin

Add the following into the <plugins> section of the pom.xml file:


Change PATH_TO_YOUR_DOMAIN_DIRECTORY with the full path of the WebLogic domain you previously created. Also change YOUR_WEBLOGIC_USER and YOUR_WEBLOGIC_PASSWORD with the actual values required to connect to your WebLogic instance.

Add the required dependencies

Add the Apache DeltaSpike Data and Vaadin dependencies in the pom.xml file:




Note that WebLogic includes the Oracle JDBC drivers and you don’t need to add the dependency in the pom.xml file. If you are not using WebLogic, you have to download the Oracle JDBC driver from and install it to your Java EE server or include it in your war package. The easiest way to do this is to install the downloaded JAR file into your local Maven repository and then include it as a standard dependency in the pom.xml file.

Configure the database connection

This guide uses JPA as a persistence technology, thus, a persistence unit must be defined. Define the following persistence unit in a new persistence.xml file in the resources/META-INF/ directory:

<?xml version="1.0"?>
<persistence version="1.0" xmlns="">
    <persistence-unit name="demodb">

The previous persistence unit points to the DataSource previously defined in the application server by using the jta-data-source element.

Create the following CdiConfig class:

package com.example;

import javax.enterprise.context.Dependent;
import javax.enterprise.inject.Produces;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;

public class CdiConfig {

    @PersistenceContext(unitName = "demodb")
    public EntityManager entityManager;

In JPA, the interaction with this persistence unit is done through an EntityManager object. In Java EE servers you typically inject an EntityManager with the @PersistenceContext annotation. However, this guide uses Apache DeltaSpike Data, a plain CDI library, to define queries. To make the EntityManager and other CDI objects available to it through the @Inject annotation, the EntityManager must be exposed as a CDI bean as configured in the previous class.

Create an Employee class

Create the following Employee class to encapsulate the data from the employee table:

package com.example;

import javax.persistence.*;

public class Employee {

    @SequenceGenerator(name = "EmployeeSeq", sequenceName = "employee_seq")
    @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "EmployeeSeq")
    private Long id;

    private String name;

    private String email;

    ... setters and getters ...

Create a repository interface

Create the following EmployeeRepository interface:

package com.example;


import javax.transaction.Transactional;
import java.util.List;

public interface EmployeeRepository extends EntityRepository<Employee, Long> {

    List<Employee> findByNameLikeIgnoreCase(String name);


This interface is annotated with @Repository to allow declaring query methods. It also extends Apache DeltaSpike’s EntityRepository which defines several ready-to-use methods such as findAll, save, remove, and others. Apache DeltaSpike Data Module derives the actual queries from the methods’ names. In the previous example the "findBy..." part indicates that a list of entities is returned, the "...byName..." part refers to the name of the Java field used to filter the result, and the "...LikeIgnoreCase" part makes the filter to use the like operator. For more information about Apache DeltaSpike Data Module, see the documentation at

Note how the repository interface is annotated with @Transactional. This makes all the methods in the interface to be transactional. In real-life applications a service layer is typically added between the UI and the data access layers. Usually, the classes (or methods) in this service layer are Stateless EJBs or CDI beans annotated with @Transactional and can use several repositories to modify different entity instances in the same transactional scope.

Because a JTA datasource was previously defined in the persistence.xml file, it’s required to configure a transaction strategy. Create an file in the resources/META-INF/ directory with the following contents:

There are several strategies available. This tutorial uses ContainerManagedTransactionStrategy which means Apache DeltaSpike won’t control transactions at all. Instead this guide uses CDI the @Transactional annotation and the CDI container will automatically intercept the methods. You can also use Stateless EJBs which are transactional by default.

Also, create an empty beans.xml file in the webapp/WEB-INF/ directory as it is required by CDI.

Implement the UI

Create a Vaadin UI by implementing the following VaadinUI class:

package com.example;

import com.vaadin.cdi.CDIUI;
import com.vaadin.server.VaadinRequest;
import com.vaadin.ui.Grid;
import com.vaadin.ui.TextField;
import com.vaadin.ui.UI;
import com.vaadin.ui.VerticalLayout;

import javax.inject.Inject;
import java.util.List;

public class VaadinUI extends UI {

    private EmployeeRepository repository;

    private Grid<Employee> grid = new Grid<>();

    protected void init(VaadinRequest vaadinRequest) {
        TextField filter = new TextField("Filter by name:");
        filter.addValueChangeListener(e -> updateGrid(e.getValue()));


        VerticalLayout layout = new VerticalLayout(filter, grid);

    private void updateGrid(String filter) {
        List<Employee> employees = repository.findByNameLikeIgnoreCase("%" + filter + "%");

This class creates a web UI containing a Grid component to show all the employees in the database and a TextField to filter the list of employees by their name. Notice how the VaadinUI class is annotated with @CDIUI. This allows Vaadin to use instances of this class when the application is opened in the web browser. Also notice how the @Inject annotation is used to inject an instance of the repository class previously created.

Running the application

Execute the following command to build and run the application (WebLogic must be running before deploying the application):

mvn clean package weblogic:deploy -Dname=demo -Dsource=target/demo.war

By default, the application should be reachable at http://localhost:7001/demo. The following is a screenshot of the running application:

Screen Shot

See the complete source code on GitHub