By Ben Galbraith
For many of us, XML has become a ubiquitous presence in application development, whether parsing, validating, or manipulating it. For many of us, all
that XML is coupled with pain, in the form of tedious APIs (like, say, the W3C DOM API) and confusing technologies (oh, I don't know, W3C XML
Schema?).

In this session, I share the following tips for making the XML in our lives a little easier to deal with:
- Use StAX instead of SAX
- Use StAX to create XML
- Use JDOM instead of W3C DOM
- Use XPath to select XML
- Use Jaxen to enable XPath over custom trees
- Use RELAX NG instead of DTD or WXS
- Use Trang when DTD/WXS output is required
- Use Sun's RELAX NG Converter when WXS input is required
- Consider RELAX NG's compact syntax
- Use Schematron to extend schema languages
- Consider XML namespaces for versioning
- Ignore unknown namespaces

By Ben Galbraith
Too often, Swing applications are slow, ugly, and hard-to-maintain. It turns out that it doesn't have to be this way. Swing can be used to create highly-responsive, beautiful applications that are very maintainable. If this isn't consistent with your own experience, don't feel bad; its not very obvious how to make Swing sing.

In this session, I explore three topics that lead to much better Swing applications:

- Proper Swing threading
- High-quality third-party Swing look-and-feels
- Good practices for coding Swing applications

In the threading portion of the session, I explain Swing's event handling architecture and its implications for Swing applications. Understanding this topic is crucial to creating highly-responsive Swing apps. I demonstrate how to use this knowledge in the form of many live-coded examples, and I show how frameworks like SwingWorker and FoxTrot can make this easier. Java's default look-and-feel, Metal, is awful (and in my opinion, the "Ocean" theme in JDK 5.0 doesn't do enough to improve it); you should stop using it immediately. But creating good-looking applications is sadly more than slapping in a look-and-feel; you must also take care to understand the principles behind attractive layouts. I spend the second part of this session exploring how to make your Swing applications look great through a combination of third-party look-and-feels and layout techniques.

By Ben Galbraith
Are you spending more time plumbing your Swing applications than solving business problems? Has your Swing application grown out of control? This session is for you.

In the first part of the presentation, I analyze the architectural problems that plague many Swing applications and present architectures that overcome these problems. These architectures are presented in terms of principles along with a reference implementation. You can therefore either adapt the principles to meet the needs of your existing applications, or incorporate the specific ideas of the reference implementation into your new projects. Fortunately, there are some existing frameworks that have done some of the architectural work already. I present some of these frameworks in the rest of the presentation.

By Ben Galbraith
The Eclipse project's SWT GUI toolkit provides one of the only viable alternatives to Swing for creating so-called rich client applications in Java. Whereas Swing paints its own widgets and has distinguished itself with a complex (and often obtuse) API, SWT relies on the host operating system for widget rendering and sports a simple, clean API. If your goal is to create a Java application that "looks" like a normal Windows application (or OS X, or Linux), SWT will revolutionize your world. In this session, I introduce SWT from the ground up. I start at a high-level, but quickly move into the details of SWT's API. By the presentation's end, attendees will have a solid understanding of SWT.


The Eclipse project's SWT GUI toolkit provides one of the only viable alternatives to Swing for creating so-called rich client applications in Java. Whereas Swing paints its own widgets and has distinguished itself with a complex (and often obtuse) API, SWT relies on the host operating system for widget rendering and sports a simple, clean API. If your goal is to create a Java application that "looks" like a normal Windows application (or OS X, or Linux), SWT will revolutionize your world. In this session, I introduce SWT from the ground up. I start at a high-level, but quickly move into the details of SWT's API. By the presentation's end, attendees will have a solid understanding of SWT.

By Ben Galbraith
This session picks up where SWT Fundamentals leaves off. Among the advanced topics I discuss are creating custom SWT widgets and exploring tight
native integration. I combine another compelling topic with the advanced SWT material: JFace. SWT is a more akin to AWT than Swing; its concerned
more with wrapping native functionality than providing any high-level abstractions. JFace is an API on top of SWT that provides such abstractions. The
combination of SWT and JFace is comparable to Swing. My coverage of JFace includes an introduction to several of its frameworks, such as the Viewer
and Window frameworks, along with many examples. Learning JFace will enable you to write complex SWT applications much faster.

This session picks up where SWT Fundamentals leaves off. Among the advanced topics I discuss are creating custom SWT widgets and exploring tight
native integration. I combine another compelling topic with the advanced SWT material: JFace. SWT is a more akin to AWT than Swing; its concerned
more with wrapping native functionality than providing any high-level abstractions. JFace is an API on top of SWT that provides such abstractions. The
combination of SWT and JFace is comparable to Swing. My coverage of JFace includes an introduction to several of its frameworks, such as the Viewer
and Window frameworks, along with many examples. Learning JFace will enable you to write complex SWT applications much faster.

By Ben Galbraith
You can do some pretty cool things with XML these days (despite what some curmudgeons in the technology world may claim). In the past few years,
XML has solidified its place as the lingua franca of data sharing and data manipulation. But XML as a data transfer language is only marginally
interesting. Things get really exciting when XML is dynamically transformed into other formats.
In this session, I focus on two XML formats which can be readily transformed into high-quality presentation-centric output formats. XSL-FO is a
typesetting format for XML that can be readily converted into PDF (or Postscript and some other formats). SVG is a vector graphics language in XML --
a sort of open-source version of the popular Macromedia Flash format. SVG files can be converted into beautiful, completely scalable -- and interactive -
- images.

You can do some pretty cool things with XML these days (despite what some curmudgeons in the technology world may claim). In the past few years,
XML has solidified its place as the lingua franca of data sharing and data manipulation. But XML as a data transfer language is only marginally
interesting. Things get really exciting when XML is dynamically transformed into other formats.
In this session, I focus on two XML formats which can be readily transformed into high-quality presentation-centric output formats. XSL-FO is a
typesetting format for XML that can be readily converted into PDF (or Postscript and some other formats). SVG is a vector graphics language in XML --
a sort of open-source version of the popular Macromedia Flash format. SVG files can be converted into beautiful, completely scalable -- and interactive -
- images.

By Ben Galbraith
As recent high-profile web apps such as Google's GMail have shown, modern browsers are capable of natively rendering web apps with highly dynamic and compelling UIs - fetching server data without page refreshes, animating and manipulating page contents on-the-fly, even offline use. The line between web and "desktop" apps is blurring.

Experienced web developer Dion Almaer (editor of TheServerSide.com) and noted Java desktop expert Ben Galbraith will describe and demonstrate these new techniques, including how to adapt modern web frameworks such as JSF and Tapestry to ease both the creation and maintenance of these types of applications.

By Bruce Tate
This session, for the Spring beginner, helps you:
• Understand dependency injection and inversion of control
• Know the meaning of lightweight containers and Spring
• Understand the basic pieces of Spring
• See core Spring modules in action, including Persistence, AOP, transactions.

Attendees need not know anything about Spring. This session does talk about integration with core J2EE frameworks like JDBC and transactions.

The Spring framework is one of the fastest growing open source frameworks. New job postings are gaining rapidly, and many customers are adopting Spring instead of heavier alternatives. In this session, we’ll introduce Spring. You’ll see how Spring can give you much of the power of EJB, without the complexity or pain.

Spring uses concepts like dependency injection and aspect oriented programming to ease standard enterprise development. Spring developers write plain, ordinary Java objects (POJOs), instead of sophisticated components. In this session, you’ll see a basic Spring application. You’ll also see some details about some of the enterprise integration strategies, including:

• Spring AOP
• Transactions
• Persistence
• Model/view/controller

When the session is over, you won’t be an expert, but you should have a much clearer understanding of what Spring does, what it doesn’t do, and why it’s growing so rapidly.

By Bruce Tate
Agile programming is a collection of core principles and techniques that allow software developers to create lighter, more responsive applications, and to have fun doing it. Many established organizations are either openly or sub-conciously hostile to many of the principles of Agile development.

We'll explore the intersection of these new practices and old-world sensibilities, relying on real-world case studies to illustrate some of the compromises that are necessary to bridge the gap. In addition to technical and process aspects, we'll also spend some time talking about the business aspects, such as how Agile development affects contracts.

By Bruce Tate
This session will help a Java developer choose a persistence framework. After the session, you will
• Understand the core strengths and weaknesses of the main persistence frameworks in the Java space
• Understand where marketing influences can impact persistence
• Know what’s going on behind the scenes to impact the persistence pictures
• Answer questions about persistence frameworks that might not be mainstream


This free-form session is intended to help attendees choose or validate a persistence framework. In it, the instructor will take questions from the audience, and tailor the session to the questions asked. Bruce will focus on three persistence frameworks: EJB, JDO and Hibernate. He’ll talk about the evolution of each of the frameworks. He’ll talk about the fundamental design philosophies of each, and what makes each unique and strong.

But understanding technical strengths is not enough in the area of persistence. To make the best possible choice, a developer or architect must also understand the politics of persistence, and the marketing pressures that lead to the success or failure of each framework. The proposed common standard across JDO and EJB will get special consideration.

This format has been very popular among nofluffjuststuff attendees. It’s highly tailored to each audience, but still flows with good structure. When the session is over, you’ll have a better understanding of the major persistence frameworks in the Java space, and what makes each valuable. You’ll also understand how much of a role market share and technology play in the success or failure of a persistence framework.

By Bruce Tate
All programming languages have a limited life span, and Java is no different. This is a philosophical session rather than a programming session. Sooner or later, Java will lose its leadership position. This session will explore Java's strengths and weaknesses. We'll try to understand whether conditions are ripe for alternatives to emerge, and what those alternatives may be.

The Java programming language has been tremendously successful. Many of the roots of its success may be surprising to the audience. But every major programming language has a limited life cycle. While it’s true that Java and .NET seem to be the only games in town, some alternatives are beginning to emerge.

In this session, we’ll discuss some of the limitations of the Java language, and the impact that they might have on the productivity of Java developers. We’ll then look at some of the innovations around other frameworks and languages, and some of the features of those languages that boost the productivity of other non-Java developers:

• Typing, and why it matters
• Code blocks and closures
• Regular expressions
• Innovative frameworks

Finally, we’ll take a look at where developers may look at using other languages. Clearly, most of the work that we do will be in Java for the foreseeable future, but certain project classifications may make it much easier to embrace alternatives, for good competitive effect.

By Dave Thomas
Ruby recently enjoyed its tenth birthday. Instead of cake and candles, the community celebrated by releasing a wave of new libraries and frameworks that make Ruby programming even easier. This talk features some of the best of these, as we explore Ruby.


We'll spend about half the session getting to know Ruby: the syntax, type system, blocks, iterators, and so on. Then we'll dive in and develop some real-world code using web services, RSS, and databases. If you want to come to the Rails talk, and you're not that familiar with Ruby, this talk is a good starting point.

By Dave Thomas
The Ruby on Rails framework has exploded onto the scene over the last few months. Propelled by some genuine benefits, and fueled by a whole lot of controversy, Rails seems here to stay. So, is it a Java killer? (No.) Is it a great way to develop certain classes of web application? (Yes.) Does it really deliver the 10-fold increase in developer productivity that some have claimed? (It depends...)



If you can't help thinking that there must be an easier way of developing web projects, come and join us as we construct an MVC-based Ruby on Rails application using the very latest libraries and tools. You'll get a taste of Ruby, and also a feel for some of the power and productivity gains offered by this remarkable framework. You'll need a grounding in Ruby to get the most from this talk; if you're not already a Ruby developer you might want to attend the Facets of Ruby talk before coming to this one.

By Dave Thomas
Are you frustrated by experts who can't tell you what to do, or by junior team members who refuse to see the big picture? How can you best develop careers: both yours and those of your teammates and managers? How can we learn to apply experience more effectively, and why do the many approaches designed to tame complexity actually end up increasing it?

Dave Thomas, of The Pragmatic Programmers, describes the solutions to these and other problems as he turns the Pragmatic Spotlight (and a good dose of twisted humor) on formal learning models, the Nursing profession, and streamlining sheep.

By Justin Gehtland
Web Services are message-oriented. This means that any application intention (the need for security, for transactionality, for reliability, etc.) must be
included in the message and not just assumed as external context. The WS-Security specifications are very advanced and currently being used in the wild to create robust, secure web services.

This session will examine these specifications, including:

• WS-Security
• WS-Policy - for sharing enforcement and encryption strategies
• WS-Privacy - for agreeing on privacy policy for service usage
• WS-Encryption - for encrypting or signing all or part of a message
• WS-Trust - for creating a single-sign-on solution
• WS-Federation - works with WS-Trust

These specifications, plus others like WS-Addressing and WS-Notification, provide a platform for communicating security intent across multiple network
layers and many platforms. Of course, these specifications only define modifications to the messagapplication author. We will demonstate these capabilities using the Axis toolkit and the J2SDK.

By Justin Gehtland
O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

By Justin Gehtland
Hibernate is easy to get started with, but can sometimes be hard to make efficient or secure. In fact, the default settings for Hibernate createapplications that will run slowly, cause unwanted round trips to the database, and may be more restrictive and/or permissive from a security standpointthan you would otherwise want.

This session will show advanced techniques for tuning performance, including:
• advanced collection mapping strategies
• lazy loading
• cascading update management
• lifecycle management
• Hibernate's interceptor layer
In addition, we'll examine the security considerations when using Hibernate. Often, single-credential data access isn't enough for sensitive data. We'll
walk through using per-user credentials for data access, logging security information about and through Hibernate, and accessing data sources through secure application servers.

By Justin Gehtland
Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.




In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module

• page level authorization

• method level authorization

• instance level authorization

• forcing HTTPS connections to secured sites

• impersonation using the RunAsManager

By Justin Gehtland
The Spring team, as in all things they do, have learned the valuable lessons of the past when introducing a Spring solution. Spring MVC is everything Struts should be, and more besides.

This talk will introduce you to the Spring web application framework. You'll find out about the Controller hierarchy, and how the different kinds of Controllers allow for a more manageable logic tier. We'll look at validation and exception handling, configuration, URL mapping and CommandControllers (Spring's answer to ActionForms). Finally, we'll look at Spring's integration with another powerful web framework, Tapestry.

By Kito Mann
JavaServer Faces (JSF) is a standard web user interface framework, developed under the Java Community Process (JSR 127), and released in March, 2004. JSF specifies a web user interface component model, complete with server-side event handling, validation, internationalization, page navigation, and declarative mapping between user interface components and Java objects.

This talk explains what JavaServer Faces is, and how it relates to Struts and other web frameworks currently on the market. It covers JSF's architecture and key concepts, and also show a sample application inside of an IDE such as Sun Java Studio Creator.

By Kito Mann
As JavaServer Faces (JSF), the new standard Java web application framework, grows in popularity, development teams are beginning to evaluate different strategies for migrating from Struts to JSF.

This session begins with a brief overview of JSF. Next, it examines different strategies for using Struts and JSF together as well as migrating from Struts to JSF, discussing the pros and cons of each approach. The session ends with an overview of future directions for JSF as well as Struts, and the Struts Shale project.

By Kito Mann
With the growing popularity of new Java web frameworks, such as JavaServer Faces, Tapestry, and WebWork, Struts 1.x has lost its competitive edge in the web framework landscape. Recently, Craig McClanahan, the founder of Struts, initiated Struts Shale, a proposed next-generation framework built on top of JavaServer Faces.

This session examines Shale in detail, looking at its current feature set, architecture, and future road map.

By Kito Mann
In late 2003, the Java Community Process released the Portlet API, designed to ease the progress of writing portlets for different portal environments. Using the Portlet API, developers can build reusable application components that work with portal servers from IBM, BEA, Oracle, Vignette, Apache, and other companies and open source organizations.

This session begins with an overview of the benefits of portal servers and portlets. It then explains how portlets relate to servlets, and provides examples of how to use the API. The session ends with a discussion of using well-known frameworks such as Struts and JSF within a portlet environment, and looks at future directions of the API.

By Neal Ford
Is Service Oriented Architecture the next wave of distributed computing or just the same old crap in a shiny new package? This session provides an overview of what most people agree is the definition of SOA. I talk about SOA, ESB, CORBA, your MOM, and a bunch of other acronyms.

This session is a pragmatic look at SOA from a developer perspective, including such (never talked about) topics like tranports, granularity, versioning services, transformations, and whether you should be doing this or not. I show lots of slides with diagrams and talk about how to evolve towards an SOA. SOA can work if you ignore the hype and focus on the real meat: building loosely coupled message-based applications. This session discusses just that.

By Neal Ford
This session discusses techniques and tools for debugging enterprise applications (without using System.out.println()!)

It's an interesting dilemma – we have the best tools for software development ever, yet developers are still debugging enterprise applications using ystem.out.println()! This session discusses techniques and tools for debugging enterprise applications. It shows how to perform remote debugging through all the major IDEs, either on the same machine or across a network. It also shows how to debug using the command-line jdb debugger (the only one guaranteed to always be available).This session shows how to debug web, EJB, and lightweight enterprise applications. It discusses class loaders, interactive enterprise debugging with Groovy, and how to automate repetitive tasks using JWebUnit and Selenium, making the computer do work for you instead of vice versa (how many times do you have to walk multiple pages through a web application to get to the point where you can debug it?). This session shows you how to automate these and other common debugging tasks. The goal is to make hunting and eliminating bugs in complex applications much easier.

Key Session Points:
• Setting up remote debugging in IDE's
   o Eclipse
   o IntelliJ
• Effective remote debugging
• When it's all you've got: jdb and enterprise applications
• Forensic debugging using loggers
• Debugging web applications
   o Inspector
   o Bookmarklets
• Debugging EJB
• Debugging in lightweight frameworks
• Interactive Debugging with Groovy
• Automating debugging tasks
   o JWebUnit
   o Selenium

By Neal Ford
This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran.

Even the most competent programmer falls into habits and coding ruts. This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran. It is derived from many sources, including other languages (Smalltalk, Lisp, Java, and others), and techniques and idioms we have developed teaching developers. It also consolidates information from books that delve into the craft of writing good software. The goal is to create code that is easier to read, maintain, debug, and enhance.

Key Session Points:

1. Names of Things


2. Composed Method


3. Apply the Unix Philosophies


4. Syntactic Stuff




• Constants


• Enumerations


• Common Methods: equals() && hashcode()




5. Orthogonality


6. Compactness


7. The Pragmatic Rules


8. Template Method


9. Bad Inheritance


10. Decoupling with Interfaces

By Neal Ford
Regular expressions should be an integral part of every developer?s toolbox, but most don?t realize what an important topic it is. Regular expressions have existed for decades, but many developers don't understand how to take full advantage of this powerful mechanism, either through command line tools and editors or in their development.

This session shows how to fully exploit regular expressions. It begins with the basic premise of how regular expressions work, then shows how to take advantage of the RegEx library built into the Java platform. This session shows how to use wildcards, escape characters, meta-tags, character class operators, look-aheads/look-behinds, and how to use the greedy operators effectively. It covers regular expressions from the beginning through to advanced usage, both in Java and in tools that support regular expressions. This session is packed with real examples of regular expressions (including a game show with no fabulous prizes).

Key Session Points:

Common Regex mistakes

By Neal Ford
This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.

Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!



Key Session Points:

* OWASP List of Vulnerabilities

10. Insecure configuration management
9. Denial of service
8. Insecure storage
7. Improper error handling
6. Injection flaws
5. Buffer overflows
4. Cross site scripting flaws
3. Broken authentication and session management
2. Broken access control
1. Unvalidated input

* Security Tools and frameworks
* Case Study: Hacking Oracle through a browser
* Case Study: Cross-site scripting
* Case Study: SQL Injection

By Neal Ford
This session shows how to use Java as the building block for domain-specific languages. It discusses the next revolution in programming: language-oriented programming and the nascent tools that support it.

If you look at the way advanced programmers in highly dynamic languages (like Lisp, Smalltalk, Ruby, etc.) work, they tend to build domain specific languages on top of their low-level language. The language syntax itself becomes building blocks for languages that are highly specific to their problem domain. It’s not as easy to apply this technique to a static language (like Java), but it is possible. This session shows how to use Java as the building block for domain-specific languages. It discusses internal and external DSLs, with pros and cons for each. This session progresses from creating an internal DSL using Java syntactic elements as keywords through using compiler-building tools to create your own external DSL arriving ultimately at the new tools that allow you to build, edit, and deploy external DSL (language workbenches). This session covers the theory and practice of building DSL's and why this is an important step in the evolution of programming paradigm. It shows tools that are available now to build DSL's and discusses tools on the horizon that will make this much easier.

Key Session Points:
1. Why Dynamic languages?
2. Building domain languages
3. Language-oriented Programming
   a. Internal DSLs
   b. External DSLs
4. Internal DSL
   a. Characteristics
   b. Advantages
   c. Disadvantages
5. External DSL
   a. Characteristics
   b. Advantages
   c. Disadvantages
6. Case Study: Building your own language
   a. Building the parser
   b. Building the lexer
   c. Abstract Syntax Trees
7. Parsing other languages
   a. Parsing Java
   b. Parsing HTML, JavaScript, and others
8. Language Workbenches
   a. JetBrains MPS in Action

By Ramnivas Laddad
J2EE has become the main new platform for enterprise application deployment. Good performance is an important business requirement. Supporting this requirement needs application profiling during the development phases and performance monitoring after application deployment. Come to this session to understand challenges and choices in monitoring J2EE applications.

Performance monitoring solutions must work under constraints imposed by the environment. Further, they must balance conflicting requirements such as overhead vs. richness of information. All of these need careful understanding of both requirements and solutions as well as the costs of any tradeoff decisions.

This session presents various tools and techniques available for monitoring J2EE applications. We will consider requirements of performance monitoring solutions in different scenarios. We will also discuss underlying enabling technologies such as Java Virtual Machine Profiling Interface (JVMPI), Java Virtual Machine Tool Interface (JVMTI), JFluid, JMX, design patterns, and aspect-oriented programming (AOP). During the session, we will demonstrate many of the tools and technologies discussed.

By Ramnivas Laddad
Aspect Oriented Programming (AOP) enables modularizing implementation of crosscutting concerns that abound in practice: logging, tracing, dynamic profiling, error handling, service-level agreement, policy enforcement, pooling, caching, concurrency control, security, transaction management, business rules, and so forth. Traditional implementation of these concerns requires you to fuse their implementation with the core concern of a module. With AOP, you can implement each of the concerns in a separate module called aspect. The result of such modular implementation is simplified design, improved understandability, improved quality, reduced time to market, and expedited response to system requirement changes. Come to this session and learn all about how AOP can help you simplify developing complex systems.

AspectJ (http://eclipse.org/aspectj) is the leading implementation of AOP for the Java programming language. AspectJ is a new language as well as its implementation. The output produced by the AspectJ compiler is compatible with the Java byte code specification. Further, AspectJ is well integrated with the most commonly used IDEs, which makes the Java developer more productive.

This session is targeted at the developer with no or little familiarity with AOP and AspectJ. It will introduce AOP’s concepts and the AspectJ programming language, along with many examples and live coding to solidify the concepts learned. After attending the session, you will have a clear idea about AOP's value and its practical applications.

By Ramnivas Laddad
Aspect Oriented Programming (AOP) enables modularizing implementation of crosscutting concerns that abound in practice: logging, tracing, dynamic profiling, error handling, service-level agreement, policy enforcement, pooling, caching, concurrency control, security, transaction management, business rules, and so forth. Traditional implementation of these concerns requires you to fuse their implementation with the core concern of a module. With AOP, you can implement each of the concerns in a separate module called aspect. The result of such modular implementation is simplified design, improved understandability, improved quality, reduced time to market, and expedited response to system requirement changes. Come to this session and learn all about how AOP can help you simplify developing complex systems.

AspectJ (http://eclipse.org/aspectj) is the leading implementation of AOP for the Java programming language. AspectJ is a new language as well as its implementation. The output produced by the AspectJ compiler is compatible with the Java byte code specification. Further, AspectJ is well integrated with the most commonly used IDEs, which makes the Java developer more productive.

This session is targeted at the developer with no or little familiarity with AOP and AspectJ. It will introduce AOP’s concepts and the AspectJ programming language, along with many examples and live coding to solidify the concepts learned. After attending the session, you will have a clear idea about AOP's value and its practical applications.

By Ramnivas Laddad
Design patterns -- object oriented, concurrency control, and J2EE -- all have certain crosscutting elements present. The obvious result of conventional implementation is unclear implementation that is tedious to implement and tough to change. Aspect-oriented programming (AOP) offers a way to simplify implementation of these design patterns. Further, AOP offers new design patterns of its own that allow for new ways of implementing functionalities. This session shows how the use of AOP can simplify implementation of design pattern.

Implementing design patterns using AOP offers multiple benefits. First, like other applications of AOP, it modularizes the implementation of the design patterns. The modularization localizes any changes, such as introducing optimization and switching from one concurrency control scheme to another without system-wide re-implementation. Second, new design patterns can be introduced in systems without invasive changes. Third, use of AOP to implement design patterns results in reusable code components. In effect, AOP transforms the reusable concepts in design patterns into reusable code. Further, use of AOP does not modify the intent and philosophy of the target design patterns, thus preserving the investment in understanding the value and consequences of those design patterns.

In this session, we will discuss how fundamentally AOP transforms the pattern implementation. We will look at examples from all the kinds of design patterns mentioned -- object-oriented (GoF), concurrency control, J2EE, as well as aspect-oriented design patterns.

By Scott Davis
The full title of this talk is, "The Sound of One Hand Clapping, or How to Pair Program with a Single Programmer -- Scaling XP to Small Projects." Everyone talks about using J2EE for massive projects, but what about the lone wolf developer? Can they still apply the lessons learned from agile development methodologies to their everyday work?

XP is an ideal methodology for dealing with small business owners and entrepreneurs. Often times small projects suffer from the complete lack of good programming practices because heavy-weight methodologies don't scale down well. Heavy-weight methodologies can also be intimidating to the non-computer professional. XP scales well to small projects and allows the domain experts to participate in good programming practices (sometimes for the very first time).

By Scott Davis
Frameworks? We don't need no stinkin' web frameworks. OK, so maybe that's overstating the case. Web frameworks do plenty of good things, but sometimes they can also be golden handcuffs. Too many web developers fall into the trap of thinking, "If it can't be done by my web framework, then it simply can't be done."


This presentation focuses on the cool things that you can accomplish by stepping out of your web framework and getting closer to the underlying technology. We'll take a detailed look at what really goes on during the request/response cycle, and how new techniques like AJAX allow you to break the mold. We'll look at the clever things you can do with MIME types, User-Agents, and HTTP Headers in general.

Old technologies like CSS, DOM, and JavaScript are experiencing a renaissance under the guise of new names like DHTML and AJAX. Google Maps and GMail are literally redefining our expectations of how rich a web application can be by using these technologies to their fullest potential. Come see what makes these sites tick, and how you can utilize the same techniques in your own site.

By Scott Davis
Hopefully your test plan involves more than, "Well, it compiled..." JUnit is fast becoming a required part of the modern Java developer's toolkit. Unit testing your Java classes is a great start, but your test plan shouldn't stop there.

This talk will introduce several additional testing tools for the web developer -- HttpUnit, Canoo WebTest, and JMeter. These tools allow you to test a live website with no changes to the production code. Even better, you can test sites that have been implemented in technologies other than Java.

You will see code examples and live demos of these tools in action. We'll talk about the differences between unit testing, functional testing, and performance/load testing. Come get "test infected" -- you'll never look at the development process the same way.

By Scott Davis
In this presentation, we'll explore the top four mapping sites and show you how to take advantage of their free services. MapQuest, Yahoo Maps, Google Maps, and MSN Virtual Earth all bring slightly different capabilities to the table. These sites allow you to create your own interactive maps with minimum effort and no previous mapping experience. They take care of hosting the mapping data and making it easy to manipulate -- all you have to do is bring a little bit of know-how to the party.

Thanks largely to Google, web mapping is experiencing a renaissance. Google's mission statement is, "... to organize the world's information and make it universally accessible and useful". They aren't specifically talking about web mapping, but the sentiment certainly applies. If you have data that naturally has a geographic element (a customer list with addresses, sales reports by regions, even a collection of favorite restaurants), today's websites make it easier than ever to display them on a map.

Even if you aren't specifically interested in creating your own maps, this presentation gives real-world examples of many industry hot-button topics -- SOAP vs. RESTful web services, JavaScript and AJAX, and a clear distinction between first generation web technology (Web 1.0) and what the pundits are calling "Web 2.0".

By Stuart Halloway
JUnit is great. Jython and JRuby are even better. Unit testing libraries look the same everywhere, so why not use the one that lets you get your job done faster?

Unit testing has taken the world by storm. Almost every major language has a JUnit-like library. And here's the good news: These libraries are so similar that once you learn one, you can use any of them.

Given that many languages interoperate directly with Java, you aren't limited to JUnit. You can pick the library that provides the best language level support for writing concise, easily maintainable unit tests. Circa late 2005, there are good arguments for the unittest module in Jython, and Test::Unit in JRuby.

The talk is divided into three parts:

1. A crash introduction to unit testing Java code. We'll cover test-driven development, test cases, assertions, fixtures, and test suites. We'll be using Jython and JRuby but the concepts are exactly the same in any language


2. A look at the Python and Ruby features that make Jython and JRuby compelling choices. We'll see how tests are faster to develop and easier to maintain than JUnit tests. And perhaps surprisingly, we'll also see how tests scale better when applications get large.


3. A candid comparison of Jython, JRuby, and JUnit, including advantages and disadvantages of each. One size does not fit all.

By Stuart Halloway
Java has always provided a model for concurrency and threads. With Java 1.5, this model received a major facelift. Learn how to use the new concurrency utilities to build responsive, scalable, and correct concurrent applications.


Java's support for threads is broad and deep. From the early days of the platform, programmers have used threads, synchronized blocks, and monitors to build safe multi-threaded applications. Java 1.5's new concurrency utilities greatly reduce the need to use these primitives directly. Now, Java provides a set of lock classes and task scheduling tools that provide much more leverage in writing real applications. We'll explore java.util.concurrent, and also see how the Java Memory Model has been corrected in 1.5.

Most of the advantages of java.util.concurrent can also be had in previous version of Java. We'll discuss Doug Lea's concurrency utilities and the backport of java.util.concurrent to 1.4. Both of these are appropriate for production use.

Finally, we'll look at common mistakes in multi-threaded programming. The most common mistake is using threads when you don't need them. We'll look at alternatives to threads, and how to choose between them.

By Stuart Halloway
For centuries people have used crypto to build (and break) secure systems. Computers have only raised the pitch of conflict, providing enormous cryptographic power at commodity prices. Most programmers do not write their own crypto libraries, instead relying on the services of an operating system or virtual machine. But even with all this support, building secure systems is a daunting task.

This talk will cover three things all programmers need to know:
1. the basic tools of computer crypto
2. the programmatic APIs to these tools
3. common programming mistakes that can undermine otherwise secure systems
You will learn the basics of hashing, message digests, public key encryption, symmetric key encryption, certificates, and key management. With each, you will see programmatic examples, with advice for correct usage.

By Stuart Halloway
The Java platform is built from the ground up with security in mind. This talk will introduce the security features of the J2SE, building quickly from the basic classes to realistic examples.

You will learn the core APIs:

SecurityManager, AccessController, Permissions and Policy

JAAS Subjects, Principals, and LoginModules

You will then see how to invoke these APIs in real application scenarios. You will learn how to:

Partition your applications to safely invoke downloaded code

Read and write Java policy files

Extend the architecture with custom permissions

Provide secure services through PrivilegedActions

Use JAAS to authenticate and authorize users

By Ted Neward
There's a set of fallacies that every enterprise developer has fal