Java Strings — Why == Broke Authentication in Production
Using == on Java strings caused a silent production failure.
20+ years shipping production Java in banking & fintech. Written from production experience, not tutorials.
- Core concept: A String is an immutable sequence of characters in Java — once created, its content never changes.
- Key component 1: String literals are interned and reused via the String Pool;
new String(...)bypasses it. - Key component 2: Use
.equals()for content comparison —==compares object references, not text. - Performance insight: Concatenating 10,000 strings with
+creates 10,000+ objects; StringBuilder uses one mutable buffer. - Production insight: Comparing strings with
==passes tests with literals but fails with user input — silent login bugs. - Biggest mistake: Calling
.trim().toLowerCase()without reassignment — the original string stays unchanged.
A Java String is an object that represents a sequence of characters, but it's not just a simple array of chars — it's a full-blown class with its own internal state, including a byte[] (or char[] in older JDKs), a coder flag for Latin-1 vs. UTF-16 encoding, and a hash cache.
You create strings via literals like "hello" or the new constructor, but these are not equivalent: literals are interned into the String Pool, while String()new always creates a new heap object. This distinction is the root cause of countless production bugs, including the authentication failure in the article's title, where String()== compares object references instead of logical equality.
Strings are immutable — once created, their internal byte array is final and never changes. Every method like , substring()toUpperCase(), or returns a new String object, leaving the original untouched. This immutability enables safe sharing, hash caching (so concat()hashCode() is O(1) after first call), and thread safety without synchronization, but it also means that string concatenation in loops can murder performance — use StringBuilder when building strings dynamically.
The String Pool is a JVM-managed cache of interned strings, stored in the heap's permanent generation (pre-Java 8) or metaspace (Java 8+). When you write String a = "hello"; String b = "hello";, both references point to the same object in the pool.
But String c = new String("hello") creates a distinct object on the heap, even though its value is identical. This is why a == b returns true but a == c returns false — and why using == to compare strings in production code (like checking a user's password hash) can silently fail, letting attackers bypass authentication.
The fix is always .equals() for value comparison, and Objects.equals() for null-safe checks.
Imagine you wrote a note on a Post-it and stuck it to a wall. That note has words on it — that's a String in Java. It's just text: a name, a sentence, an email address. Java lets you store that text in a variable, pass it around your program, and do things with it like checking its length, finding a word inside it, or sticking two pieces of text together. The only quirk? Once you write on that Post-it, the text is permanent — if you want to change it, Java secretly makes a brand-new Post-it.
Every real-world application deals with text. A login form needs your username. A chat app sends messages. A payment system prints your name on a receipt. In Java, all of that text lives inside something called a String — and mastering Strings is one of the first genuinely useful milestones you'll hit as a Java developer.
Before Strings existed in programming languages, developers had to manually track every single character in text using raw arrays — error-prone, tedious, and fragile. Java's String class wraps all that complexity away and gives you a clean, powerful toolbox for working with text. It handles the memory, the character encoding, and dozens of built-in operations so you don't have to reinvent the wheel every time you want to check whether two names match.
By the end of this article you'll know how to create Strings in Java, understand the critical difference between comparing Strings with == versus .equals(), use the most important built-in String methods with confidence, and avoid the three beginner mistakes that trip up almost everyone. You'll also walk away knowing exactly how to answer the String questions interviewers love to ask.
What a String Actually Is — and How to Create One
In Java, a String is an object that holds a sequence of characters. Characters are things like letters, digits, spaces, and symbols. The word 'Hello' is five characters. An email like 'jane@example.com' is sixteen characters. Java stores them all in the same type: String (capital S — it matters).
There are two ways to create a String in Java and they look similar but behave differently under the hood.
The first way is called a string literal. You just write the text inside double quotes and assign it to a variable. Java is smart enough to reuse the same object in memory if you create two identical literals — this is called the String Pool. Think of it like a shared whiteboard where Java writes each unique piece of text once and lets multiple variables point to it.
The second way uses the 'new' keyword, which forces Java to create a brand-new object in memory every single time — even if an identical string already exists in the pool. This matters more than it sounds, and it's the root cause of one of the most common beginner bugs in Java. Start with literals unless you have a specific reason to use 'new'.
package io.thecodeforge.strings; public class StringCreation { public static void main(String[] args) { // METHOD 1: String literal — stored in the String Pool // Java reuses this object if another variable holds the same text String firstName = "Alice"; String greeting = "Hello, World!"; // METHOD 2: Using 'new' — always creates a fresh object in heap memory // Avoid this unless you explicitly need a separate object String cityName = new String("London"); // Printing strings is straightforward — just pass the variable to println System.out.println(firstName); // prints: Alice System.out.println(greeting); // prints: Hello, World! System.out.println(cityName); // prints: London // .length() tells you how many characters are in the String // Spaces count as characters too System.out.println(greeting.length()); // prints: 13 // Strings can hold digits, symbols, spaces — anything in double quotes String productCode = "ITEM-00942"; String emptyString = ""; // valid — zero characters System.out.println(productCode); // prints: ITEM-00942 System.out.println(emptyString.length()); // prints: 0 } }
new String() bypasses the String Pool and doubles memory per literal.new String() creates a separate heap object.new String().Strings Are Immutable — What That Means and Why It Matters
Here's the single most important thing to understand about Java Strings: once a String object is created, its content can never be changed. This is called immutability. It sounds restrictive, but it's actually a deliberate design choice that makes Java programs safer and more efficient — especially in multi-threaded applications where multiple parts of your code run simultaneously.
Think of it this way: a String is like text carved into stone. You can read it, copy it, and compare it — but you can't erase and rewrite the carving. If you want 'modified' text, Java carves a brand-new stone and hands you a reference to that new one.
This means that every time you do something like concatenate (join) two strings together, Java isn't modifying the original — it's creating a new String object and storing the combined result. For a small number of operations that's fine. But if you're building a string inside a loop with thousands of iterations, you're silently creating thousands of throwaway objects. That's where StringBuilder comes in — we'll compare them shortly.
Understanding immutability also explains why Strings are safe to use as keys in HashMaps and why they can be shared freely between threads without race conditions.
package io.thecodeforge.strings; public class StringImmutability { public static void main(String[] args) { String originalMessage = "Good morning"; // This looks like we're changing originalMessage — we're NOT. // Java creates a brand-new String object "Good morning, Alice" // and makes the variable 'originalMessage' point to that new object. // The old "Good morning" string still exists in memory (briefly). originalMessage = originalMessage + ", Alice"; System.out.println(originalMessage); // prints: Good morning, Alice // PROOF OF IMMUTABILITY: // Assign the reference to a second variable BEFORE concatenating String part1 = "Java "; String part2 = part1; // part2 points to the SAME object as part1 // Now "modify" part1 by concatenating part1 = part1 + "is fun"; // part2 still holds the original value — it was NOT changed // This proves the original object was never touched System.out.println(part1); // prints: Java is fun System.out.println(part2); // prints: Java <-- original, untouched // UPPERCASE and LOWERCASE — these also return NEW strings String username = "alice_smith"; String upperUsername = username.toUpperCase(); // new object created System.out.println(username); // prints: alice_smith (unchanged) System.out.println(upperUsername); // prints: ALICE_SMITH } }
The Most Useful String Methods — With Real Examples
Java's String class comes with over 60 built-in methods. You don't need all of them right now — but there's a core set you'll use in nearly every project. These methods let you inspect, search, transform, and split text without writing any parsing logic yourself.
Every method here is called using dot notation: you take your String variable, add a dot, then call the method name with parentheses. Some methods need extra information (called arguments) inside the parentheses — like telling .substring() where to start and stop cutting.
Remember: because Strings are immutable, none of these methods change your original string. They always return a new String (or another type like int or boolean). Always capture the return value in a variable if you want to use it.
The examples below cover the methods you'll reach for most often: checking content, transforming case, trimming whitespace (critical when dealing with user input), finding substrings, replacing text, and splitting a string into parts. These eight methods alone will handle the majority of real-world string work you'll encounter as a beginner.
package io.thecodeforge.strings; public class StringMethods { public static void main(String[] args) { String userEmail = " Alice@Example.COM "; // simulating messy user input // --- CLEANING INPUT --- // .trim() removes leading and trailing whitespace // Essential when handling form input — users often hit spacebar by accident String cleanEmail = userEmail.trim(); System.out.println(cleanEmail); // prints: Alice@Example.COM // .toLowerCase() converts every character to lowercase // Standardising before storing in a database is best practice String normalisedEmail = cleanEmail.toLowerCase(); System.out.println(normalisedEmail); // prints: alice@example.com // --- INSPECTING CONTENT --- String productDescription = "Java is a powerful, versatile language."; // .length() — number of characters (spaces included) System.out.println(productDescription.length()); // prints: 39 // .contains() — checks if a piece of text exists inside the string // Returns true or false (a boolean) boolean mentionsJava = productDescription.contains("Java"); System.out.println(mentionsJava); // prints: true // .startsWith() and .endsWith() — check the beginning or end System.out.println(productDescription.startsWith("Java")); // prints: true System.out.println(productDescription.endsWith("language.")); // prints: true // .indexOf() — finds the position (index) of the first match // Returns -1 if the text is not found at all int positionOfPowerful = productDescription.indexOf("powerful"); System.out.println(positionOfPowerful); // prints: 10 // --- EXTRACTING PARTS --- String orderCode = "ORD-20240915-UK"; // .substring(startIndex) — cuts from that index to the end // Indexes start at 0, just like a numbered shelf starting at slot zero String datePart = orderCode.substring(4, 12); // characters at index 4 up to (not including) 12 System.out.println(datePart); // prints: 20240915 // --- REPLACING AND SPLITTING --- String rawCsvRow = "Alice,30,Engineer,London"; // .split() breaks a String into an array of parts using a separator // The separator itself is not included in the results String[] fields = rawCsvRow.split(","); System.out.println(fields[0]); // prints: Alice System.out.println(fields[1]); // prints: 30 System.out.println(fields[2]); // prints: Engineer System.out.println(fields[3]); // prints: London // .replace() swaps every occurrence of one piece of text for another String updatedDescription = productDescription.replace("powerful", "fast"); System.out.println(updatedDescription); // prints: Java is a fast, versatile language. // .isEmpty() — true if the string has zero characters // .isBlank() — true if the string is empty OR only whitespace (Java 11+) String emptyInput = ""; String blankInput = " "; System.out.println(emptyInput.isEmpty()); // prints: true System.out.println(blankInput.isBlank()); // prints: true } }
input.trim().toLowerCase().length(), trim(), toLowerCase(), contains(), substring(), split(), replace(), isEmpty(), isBlank().Comparing Strings the Right Way — == vs .equals()
This is the single most common source of confusion for Java beginners — and it still catches experienced developers off guard. When you compare two Strings in Java, you have two options: the == operator and the .equals() method. They look similar in purpose but they check completely different things.
The == operator checks whether two variables point to the exact same object in memory — the same physical location. It's asking 'are these two variables literally the same object?' not 'do they contain the same text?'
The .equals() method checks whether the content of two String objects is identical, character by character. This is almost always what you actually want when comparing text.
Because of the String Pool, == will sometimes appear to work correctly for string literals (since Java reuses the same object). But the moment you introduce a String created with 'new', or a String that arrives from user input, a file, or a network call, == will fail silently and give you wrong results. This is the textbook definition of a bug that's invisible until it's in production.
Use .equals() every single time you compare String content. No exceptions.
package io.thecodeforge.strings; public class StringComparison { public static void main(String[] args) { // Two string literals — Java stores both in the String Pool // Because they're identical, Java reuses the SAME object String cityA = "Paris"; String cityB = "Paris"; // == checks if they're the same OBJECT in memory // Here it returns true — but only because of the String Pool System.out.println(cityA == cityB); // prints: true (don't rely on this!) System.out.println(cityA.equals(cityB)); // prints: true (correct and reliable) // Now create one using 'new' — this forces a new object in heap memory // cityC holds "Paris" as text, but it's a DIFFERENT object to cityA String cityC = new String("Paris"); // == fails here — different objects, even though the text is identical System.out.println(cityA == cityC); // prints: false <-- WRONG result for intent System.out.println(cityA.equals(cityC)); // prints: true <-- CORRECT // Real-world scenario: input coming from a scanner or database // would behave like the 'new String(...)' case above // ALWAYS use .equals() for string comparison in real code // BONUS: Case-insensitive comparison // .equalsIgnoreCase() is great for usernames, commands, country codes String inputCountry = "united kingdom"; String storedCountry = "United Kingdom"; System.out.println(inputCountry.equals(storedCountry)); // prints: false System.out.println(inputCountry.equalsIgnoreCase(storedCountry)); // prints: true // COMPARING AGAINST A KNOWN CONSTANT: // Put the known string FIRST to avoid a NullPointerException // if the variable is null String userStatus = null; // userStatus.equals("active") <-- DANGER: NullPointerException! boolean isActive = "active".equals(userStatus); // safe — no crash System.out.println(isActive); // prints: false } }
== on a token from external API — passed tests because JVM interned literals.== on String objects; always .equals().== checks reference equality — not content..equals() compares characters."value".equals(variable).Handling Null Strings Gracefully — Avoiding NullPointerException
A String variable can hold the value null — meaning it points to no object at all. The moment you call any method on a null String, your program crashes with a NullPointerException. This is the most common runtime crash in Java, and it's almost always triggered by string operations.
The fix is not to avoid null — null is a valid state that often means 'no data yet'. The fix is to handle it safely before calling methods. Two patterns dominate production code.
First: swap the comparison order. Instead of variable.equals("value"), write "value".equals(variable). If variable is null, the method is called on the literal, which is always non‑null, and returns false gracefully.
Second: use Objects.equals(a, b) — it’s null‑safe on both sides and returns true only if both are null or both are equal.
For transforming strings, use a ternary or Optional to provide a default: String safe = (input != null) ? .input.trim() : "";
Don't assume external input is never null — it will be. Defend against it explicitly.
package io.thecodeforge.strings; import java.util.Objects; public class NullSafeString { public static void main(String[] args) { String userInput = null; // simulate missing input // BAD: crashes with NullPointerException // boolean match = userInput.equals("admin"); // GOOD: put the constant first boolean match1 = "admin".equals(userInput); System.out.println("match1 = " + match1); // prints: false (no crash) // GOOD: use Objects.equals() — null-safe on both sides boolean match2 = Objects.equals(userInput, "admin"); System.out.println("match2 = " + match2); // prints: false // Safe default for transformed strings String trimmed = (userInput != null) ? userInput.trim() : ""; System.out.println("trimmed = '" + trimmed + "'"); // prints: '' // Alternative with Optional and map String result = Optional.ofNullable(userInput) .map(String::toUpperCase) .orElse("DEFAULT"); System.out.println("result = " + result); // prints: DEFAULT } }
"value".equals(variable) instead of variable.equals("value") will save you from countless NPEs. It costs nothing and protects against the most common production crash. Make it muscle memory.Objects.equals(a, b) for null-safe comparison."expected".equals(input).String Pool Internals — Why Your Memory Just Doubled
Every string literal you write lands in the String Pool, a dedicated heap region. That's good — duplicates share the same object. But call new String("password") and you force a second object outside the pool. On a high-throughput login endpoint, that doubles memory for every auth token.
Here's the kicker: String.intern() returns the pooled version. Use it when parsing thousands of repeated strings (like HTTP headers or JSON keys). The cost is a hash table lookup; the payoff is massive heap savings.
Watch out: pooling user-supplied strings is a denial-of-service vector. An attacker can craft infinite unique strings, filling your pool and exhausting memory. Only intern strings from bounded sources — enums, configs, or validated token types.
// io.thecodeforge — java tutorial public class StringPoolMemoryDebug { public static void main(String[] args) { char[] tokenChars = {"A", "B", "C", "-", "T", "O", "K", "E", "N"}; // Dangerous: creates a new String every time String rawToken = new String(tokenChars); String anotherRaw = new String(tokenChars); System.out.println("Two new objects: " + (rawToken != anotherRaw)); // true // Safe: uses the pool — only one object exists on heap String pooledToken = new String(tokenChars).intern(); String anotherPooled = new String(tokenChars).intern(); System.out.println("Same pooled object: " + (pooledToken == anotherPooled)); // true } }
intern() for bounded, repeated strings only — never user input.Why StringBuilder Wins Every Join — and When It Doesn't
String concatenation with + looks innocent. In a loop, it's a quadratic disaster. Each + allocates a new StringBuilder, copies both operands, then trashes the old objects. Over 10,000 iterations, that's 10,000 allocations and ~50 million char copies.
StringBuilder gives you one mutable buffer. writes directly without copying. Always use it for loops, CSV construction, or any path where you combine more than 5 pieces.append()
But one case where + beats StringBuilder: compile-time constants. Java optimizes "Hello " + "World" into a single literal. For 2-3 static pieces, let the compiler do the work. For dynamic content or loops, create a StringBuilder outside the loop — never inside.
// io.thecodeforge — java tutorial public class StringBuilderVsConcat { public static void main(String[] args) { String[] headers = {"Host", "User-Agent", "Accept", "Connection"}; // Bad: allocates 4+ intermediate strings String badJoin = ""; for (String h : headers) { badJoin += h + ","; } // Good: single StringBuilder, zero extra allocations StringBuilder goodJoin = new StringBuilder(); for (String h : headers) { goodJoin.append(h).append(","); } System.out.println(goodJoin.toString()); } }
new StringBuilder(headers.length * 20) — to avoid internal resizing.+ are a memory leak. Use StringBuilder for any multi-step string assembly.Regex on Strings — The Hidden CPU Spiral
String.split() and String.replaceAll() use regex under the hood. That's fine for one-off calls. But drop them inside a hot loop processing 100K records — your latency spikes to seconds.
Regex compilation is the culprit. Pattern.compile() is called implicitly every time you call . The fix: compile once and reuse. or switch to split()StringBuilder.indexOf() and manual character loops for simple delimiters.
Real scenario: parsing CSV rows with line.split(",") — each row recompiles the pattern. Replace with Pattern.compile(",").split(line) and your throughput doubles. For even faster, use indexOf(',') and if you only need first few fields. Don't pull out regex for something a one-liner substring()charAt() can do.
// io.thecodeforge — java tutorial import java.util.regex.Pattern; public class RegexCompilationFix { private static final Pattern COMMA = Pattern.compile(","); // compiled once public static void main(String[] args) { String csvLine = "alice,30,engineer"; // Slow: compiles pattern every call String[] naive = csvLine.split(","); // Fast: precompiled pattern String[] fast = COMMA.split(csvLine); // Even faster for first field only int firstComma = csvLine.indexOf(','); String name = (firstComma == -1) ? csvLine : csvLine.substring(0, firstComma); System.out.println(name); // alice } }
split() inside a loop is a textbook performance trap. Precompile Pattern once as a static final constant.StringBuffer vs StringBuilder: thread-safe vs fast
Both StringBuffer and StringBuilder build strings without creating new objects each time. Their only difference: thread safety. StringBuffer synchronizes every method, making it safe for multiple threads but slower. StringBuilder removes all locks, running two to three times faster. Before Java 5, StringBuffer was the only choice. When StringBuilder arrived, the documentation advised using it whenever thread safety is unnecessary. In practice, almost all string building happens inside a single thread — inside a method or a loop. Synchronization adds overhead without benefit. Choose StringBuilder by default. Reserve StringBuffer for static variables or collections accessed by multiple threads, which is rare. Modern codebases rarely need StringBuffer because developers prefer StringBuilder or simpler alternatives like String.join or text blocks. The thread safety argument often hides a deeper truth: most thread safety problems require broader design fixes, not synchronized string operations.
// io.thecodeforge — java tutorial public class StringBuilderVsBuffer { public static void main(String[] args) { // Fast: single-threaded StringBuilder sb = new StringBuilder(); sb.append("Hello").append(" ").append("World"); System.out.println(sb); // Thread-safe but slower StringBuffer buffer = new StringBuffer(); buffer.append("Hello").append(" ").append("World"); System.out.println(buffer); } }
StringTokenizer vs split(): legacy class still in old codebases
StringTokenizer splits a string into tokens based on delimiters. It was introduced in Java 1.0, before the Collections framework existed. It implements Enumeration, not Iterator, meaning older iteration style. The class does not support regular expressions — it only splits on literal characters. For example, StringTokenizer("a,b;c", ",;") treats both comma and semicolon as delimiters. Java 1.4 introduced String.split(), which uses regex. split() is more flexible: split("[,;]+") handles multiple delimiters and empty tokens. StringTokenizer skips empty tokens silently; split() includes them unless you trim. In legacy code, StringTokenizer remains because it was the only option for years, and old code rarely gets refactored. New code should use String.split() or Pattern.compile().split() for performance with repeated calls. StringTokenizer has no advantage today and hides edge cases with empty values.
// io.thecodeforge — java tutorial import java.util.StringTokenizer; public class StringTokenizerVsSplit { public static void main(String[] args) { String data = "a,,b,c"; // Legacy: skips empty tokens StringTokenizer st = new StringTokenizer(data, ","); while (st.hasMoreTokens()) { System.out.print(st.nextToken() + " "); } System.out.println(); // Modern: includes empty token for (String s : data.split(",")) { System.out.print("'" + s + "' "); } } }
split() reveals the data — StringTokenizer hides bugs.split(); treat StringTokenizer as a legacy reader-only pattern.The Case of the Silent Login Failure: Why == Broke Authentication
== was safe because it worked in local tests with literal strings.==. Frontend sent a token received from the backend as a new String object via HTTP. The == check failed because the references didn't match, even though the content was identical.== with .equals() for all string comparisons in the authentication module. Also refactored to use a constant for the expected token to avoid null pointer.- Always use .equals() for string content comparison.
- Do not rely on the String Pool for external data.
- Enforce code review rules to flag
==on String objects.
new String(). Use System.identityHashCode() to see they are different objects."expected".equals(input) or Objects.equals() to swap the constant first.str = str.trim();. These methods return a new string, they don't modify the original.+ with StringBuilder. Profile memory usage before and after to confirm improvement.System.out.println(System.identityHashCode(str1));System.out.println(System.identityHashCode(str2));"expected".equals(input)Objects.equals(input, "expected")System.out.println("'" + str + "'"); // shows original stringstr = str.trim(); // reassignstr.trim();| Aspect | String | StringBuilder |
|---|---|---|
| Mutability | Immutable — content cannot change after creation | Mutable — content can be modified in place |
| Thread Safety | Thread-safe — safe to share between threads | Not thread-safe — use StringBuffer if you need thread safety |
| Performance (concatenation) | Slow in loops — creates a new object every join | Fast in loops — modifies a single buffer in place |
| Memory usage (many joins) | High — discarded objects pile up for garbage collection | Low — one object is reused throughout |
| Readability | Very readable for simple values and literals | Slightly more verbose — requires .append() calls |
| When to use | Fixed text, labels, keys, comparisons, parameters | Building strings dynamically, especially inside loops |
| Key method for joining | + operator or .concat() | .append() followed by .toString() |
| Part of Java since | Java 1.0 | Java 1.5 |
Key takeaways
Common mistakes to avoid
3 patternsComparing Strings with == instead of .equals()
Forgetting that String methods return a new String and ignoring the result
email.trim() but the variable stays unchanged when you use it later. Because Strings are immutable, these methods don't modify the original — they return a new String that you have to capture.Concatenating Strings inside a loop with the + operator
StringBuilder() before the loop, use result.append(piece) inside it, and call result.toString() once after the loop ends.Interview Questions on This Topic
Why is String immutable in Java, and what are the practical benefits of that design decision?
What is the difference between comparing Strings with == and with .equals()? Can you give an example where == gives the wrong answer?
new String(), or comes from user input, a file, or a network call. For example: String a = "hello"; String b = new String("hello"); System.out.println(a == b); // false even though the content is identical. Always use .equals() for content comparison, and for null safety use "value".equals(variable).What is the String Pool, and how does it relate to memory efficiency? When does a String bypass the pool entirely?
String s = "hello", the JVM checks the pool first; if "hello" already exists, it returns that reference. This avoids duplicating identical strings, saving memory. A String created with new String("hello") always creates a new object on the regular heap, bypassing the pool. Strings that are the result of concatenation or method calls (like .toUpperCase()) are also not interned automatically. You can manually intern a String using .intern(), but that's rarely needed.Frequently Asked Questions
Because String is a class in Java, not a primitive type like int or boolean. In Java, class names start with a capital letter by convention. String is part of java.lang package and is automatically available in every Java program without needing an import statement.
Yes, a String variable can hold the value null, which means it points to no object at all. If you try to call any method on a null String — like name.length() — Java throws a NullPointerException and your program crashes. Always check if a String could be null before calling methods on it, or use a null-safe pattern like 'hello'.equals(userInput) where the known constant is on the left side.
String is immutable — its content can't change after creation, making it safe and memory-efficient for fixed text. StringBuilder is mutable and fast, designed for building or modifying text dynamically in a single thread. StringBuffer is like StringBuilder but all its methods are synchronised, making it thread-safe at the cost of some performance. In most everyday code you'll use String for storing text and StringBuilder when you need to assemble it piece by piece.
20+ years shipping production Java in banking & fintech. Written from production experience, not tutorials.
That's Strings. Mark it forged?
8 min read · try the examples if you haven't