By Bruce Tate
Most conferences will try to tell you that the secret to good software development lies with a process, or a technology, or an architecture. Here's a dirty little secret. You can build working software with an outdated two tier archtiecture, a waterfall process and COBOL. How? By building a great team. These techniques were used to build one of the most unique and complex up and coming Ruby on Rails sites.

By far, the biggest factor in the success or failure of a software project is the quality of your team. Build a great team first, and great software will follow. In this session, we'll explore ways to build effective teams for modern software development. Whether you're a project manager or a technical lead, you need to know how to build the most effective team possible. In this session, we'll look at all aspects of team building, including

- What team sizes are optimal for software projects?
- What tools can help your team communicate?
- How does development process come into play?
- How do you build better software faster?

By Bruce Tate
In this session, we'll review the new features of Spring 2.0. If you've been using Spring 1.x, you'll want to hear about the improvements.

This material comes directly from Interface21. The SpringFramework version 2.0 brings tremendous maturity to one of the most successful Java projects of our time. In this session, you'll see

- Radical improvements in the simplicity of context definitions
- Much better AspectJ integration
- Unified user interface strategies, and the continued emergence of WebFlow.

By Bruce Tate
Agile programming is a collection of core principles and techniques that allow software developers to create lighter, more responsive applications, and to have fun doing it. Many established organizations are either openly or sub-conciously hostile to many of the principles of Agile development.

We'll explore the intersection of these new practices and old-world sensibilities, relying on real-world case studies to illustrate some of the compromises that are necessary to bridge the gap. In addition to technical and process aspects, we'll also spend some time talking about the business aspects, such as how Agile development affects contracts.

By Bruce Tate
This session will help a Java developer choose a persistence framework. After the session, you will
• Understand the core strengths and weaknesses of the main persistence frameworks in the Java space
• Understand where marketing influences can impact persistence
• Know what’s going on behind the scenes to impact the persistence pictures
• Answer questions about persistence frameworks that might not be mainstream


This free-form session is intended to help attendees choose or validate a persistence framework. In it, the instructor will take questions from the audience, and tailor the session to the questions asked. Bruce will focus on three persistence frameworks: EJB, JDO and Hibernate. He’ll talk about the evolution of each of the frameworks. He’ll talk about the fundamental design philosophies of each, and what makes each unique and strong.

But understanding technical strengths is not enough in the area of persistence. To make the best possible choice, a developer or architect must also understand the politics of persistence, and the marketing pressures that lead to the success or failure of each framework. The proposed common standard across JDO and EJB will get special consideration.

This format has been very popular among nofluffjuststuff attendees. It’s highly tailored to each audience, but still flows with good structure. When the session is over, you’ll have a better understanding of the major persistence frameworks in the Java space, and what makes each valuable. You’ll also understand how much of a role market share and technology play in the success or failure of a persistence framework.

By Bruce Tate
The state of the art is progressing rapidly, and dynamic languages are driving the revolution. Find out about these topics that will be central to programming. We'll discuss continuation servers, metaprogramming frameworks and functional langauges.

Seaside provides a much richer web development experience than you can find in Java today. Learn how continuations can radically improve your web development experience, and learn what Java frameworks are doing about it.

The programming world is abuzz over the Rails framework, but how many of the ideas are exclusive to Rails? We'll look at Active Record, and discover the fundamental innovations that let it happen. What improvements might be made by Java persistence frameworks, and where does Active Record come up short?

Concurrent programming will come to a head with the introduction of multiprocessor systems. We'll discover just how broken conventional langauges are. Also, see how functional languages solve this problem.

By David Geary
In April 2005, annual growth rates for jobs in JavaServer Faces, Struts, and Ruby on Rails were all at about 0%. Today, Struts' growth rate still hovers around 0%, but JSF and Rails have taken off. At the end of 2007, both JSF and Rails were growing at a rate of between 400-500% annually (according to indeed.com).

JSF has passed the adoption tipping point, and is now the Java-based framework of choice, as is evidenced by its ecosystem. From vendors such as MyEclipse and RedHat to open source projects such as Seam, Facelets, and Ajax4JSF, JSF is where the action is.

Come see why JSF is so popular. In this code- and demo-intensive session, I'll show you the fundamentals of JSF.

This session is taught by a member of the JSF Expert Group for JSF 1.0 and 2.0., and co-author of the best-selling book on JSF: Core JavaServer Faces. David will take you through a whirlwind introduction to JSF including what JSF is, how it was developed, and how you can best take advantage of the technology. Here is a list of topics:

Components, managed beans, value expressions, and static navigation
i18n, CSS, and actions
The Faces Context and Faces messages
The JSF Event Model
Using JavaScript with JSF

This introduction to JSF also contains 5 live-code demos, where David will develop a simple, but robust application during the course of the session.

Prerequisite: Some knowledge of Java-based web applications, such as Struts, is a plus, but is not required. If you have a significant experience with JSF, you probably already know most of what's covered in this session.

By David Geary
In 2005, JSF hit its stride, as evidenced from overwhelming support from both vendors and the open-source community. JSF 1.0 had plenty of holes, but open-source projects have arisen to address those needs. This session takes a look at three of those projects: Tomahawk (MyFaces component library) FaceletsSeam

MyFaces is an open-source implementation of the JSF spec. In addition, MyFaces developers got a little carried away and also developed a useful set of custom components that you can use in your own applications, regardless of whether you use MyFaces as your JSF implementation. Those components are now packaged separately from MyFaces under the name Tomahawk.

Facelets is an open-source project from java.net that lets you implement views with Tapestry-like HTML pages. That technique is a powerful feature that lets graphic designers and software developers work separately in parallel.

Seam is a framework from JBoss that provides a component model that unifies the EJB and JSF component models. Seam makes great use of annotations to meld EJBs and JSF components in a seamless fashion (thus the name).

Lots is happening in the JSF space. Come to this talk and learn about these three exciting open-source projects.

By David Geary
JavaServer Faces is a well designed user interface framework, but it lacks a number of features you might otherwise expect out of the box; for example, JSF does not explicitly provide support for client-side validation.

So, from the folks that brought you Struts, comes Shale, a collection of useful enhancements to JSF. A top-level Apache Software Foundation project, Shale adds some really cool features to vanilla JSF, including:

Web flow: script dialog flow
Remote Method Calls: easily call JavaBean methods from JavaScript
Tapestry-like views: code views in pure HTML
Use Apache Commons Validator validators on the client or server, or both
JSF testing framework: mocks for easy JSF testing

There's a lot of cool stuff in Shale that makes JSF a much more compelling proposition. Come see what it's all about.

This is a code-intensive, fast-paced look at Apache Shale. Forty-plus slides and five demos makes for an action packed session that illustrates the cool features that Shale provides.

By David Geary
JavaServer Faces is a perfect platform for implementing Web 2.0 interfaces with Ajax. This session explores how you can use these two potent technologies--JSF and Ajax--together to create applications that look and behave like desktop applications but run in the browser.

JavaServer Faces, with a mature component model and flexible lifecyle, is a perfect platform for implementing Web 2.0 user interfaces with Ajax. This session explores using JSF and Ajax to create applications that act like desktop applications but run in a browser.

We'll start with a quick look at implementing basic Ajax in a JSF application. Then, once your bloodthirst has been slaked, we'll dive deeper into Ajaxian Faces dynamics with a form completion demo that requires its implementor to understand two simple, but vital facts about JSF.

If you're savvy, you probably use client-side validation to augment your server side validation logic, which parenthetically, is no no-brainer in either of the leading web application frameworks, JSF or Rails. But anyway, client-side validation is old school. All the cool developers nowadays use Ajax to implement realtime validation, where you sneak a trip to the server as an unwary user types into your input fields. But to accomplish that, we'll have to dive even deeper into JSF, with concerns such as accessing view state and accounting for client-side state saving.

All of this Ajax development is great fun, but most of it is best relegated to components and frameworks, which are the topics that will wrap up our session. We'll see how to keep your JavaScript separate from your JSF components and how to pass JSP tag attributes all the way through to JavaScript. Finally, we'll take a look at Ajax4jsf, a JSF component library with a tag library that blends Ajax into JSF in a natural, intuitive way without having to write JavaScript.

As web developers, we've been handcuffed long enough by the shackles of Web 1.0 development. Come to this session and see the brave new world of Web 2.0 development with one of the hottest web application frameworks.

By David Geary
User interfaces are usually the most turbulent aspect of an application during development. Constant tinkering with the UI means constant changes to your code, so as a UI developer, you want to minimize the scope and effects of those code changes.

Open-source Java provides two powerful software packages that help you manage UI complexity: Tiles and Sitemesh. Tiles composes webpages from discrete regions of your user interface known as tiles. A tile contains a JSP page for layout and one or more JSP pages for content. Sitemesh decorates webpages with decorators that can be associated with URL patterns. Once you set up your decorators, you can decorate pages that match a decorator's URL pattern.

Come see how to use Tiles and Sitemesh with a guided tour from the inventor of Tiles, who has recently become a Sitemesh believer.

By Glenn Vanderburg
With the sudden importance of Ajax, it's time to take JavaScript seriously. That means learning it the right way: looking at the fundamentals of the language and surveying its strengths and weaknesses, instead of just copying other people's poorly written examples.

JavaScript got a bum rap. It's almost universally derided among serious programmers for being a toy language, or for its strange characteristics, or bugs, or slowness, or because it's only good for adding useless window dressing to web pages.

But JavaScript is actually a very nice little language which is popping up everywhere these days (not just in Ajax apps). Sure, JavaScript is quirky, but its problems are mostly due to history, association, and misunderstanding. Especially misunderstanding. Let's face it: most developers learned JavaScript by looking at examples in web pages they found online, and few of those examples are paragons of JavaScript style. Other developers learned JavaScript from books, but the typical JavaScript book ignores the fundamentals of the language, instead focusing on examples and the fastest ways to do fancy web page tricks.

In this talk, we'll go back to the basics that most JavaScript resources omit. We'll talk about JavaScript as a language, learning its fundamental concepts and the simple rules that underlie the sometimes bewildering behavior.

By Glenn Vanderburg
Building on part 1, this talk dives deep into JavaScript's object model. We'll see how it differs from more mainstream object-oriented languages, and why. We'll explore how to hide some of those differences, as well as the reasons you might not want to. Additionally, we'll cover useful tools for JavaScript testing, debugging, and profiling.

Ajax is not the focus of this talk, but a strong foundation in JavaScript is essential for working with Ajax.

By Glenn Vanderburg
The Java Collections framework is a cornerstone of Java development. It's been a part of J2SE for six years now. Every Java developer knows it—how to create Lists, Maps, and Sets, how to put things into them and take things out, and how to iterate over the contents. But there's a lot more to the collections framework than that -- and very few programmers really know how to exploit the power that's just under the surface.

The basics of the collections classes are so simple that many developers haven't even thought to look for the additional power that's there. And it's not just built-in capabilities, either. The design of the collections framework makes possible several powerful techniques and patterns that can magnify your productivity, as well as helping you build systems that are efficient and scalable.

It may seem strange to give a talk on a framework that every Java programmer already knows. But in every project I've worked on for the past six years, I've seen a lot of code that uses the collections poorly. More often than not, that code was written by skilled programmers with significant Java experience. In this talk, you'll learn how to use the collections well, exploiting their full power—the little-known capabilities, the extensibility features, and powerful patterns such as wrappers, adapters, and decorators. We'll also cover some new features that slipped into Java 1.5, plus a few especially useful third-party collection implementations.

By Glenn Vanderburg
The support infrastructure for your software project is a crucial factor for success. A new generation of tools offers significant benefits over their predecessors. This talk discusses how to choose the right mix of tools for a top-shelf project infrastructure.

The support infrastructure for your software project is a crucial factor for success. Many projects waste enormous amounts of time fighting through projects without the help of good tools. Other projects are on the right track, but could be even more successful by filling some crucial infrastructure gaps or by moving to improved tools, or by implementing policies that maximize the tools' power.

This talk looks at the latest generation of infrastructure tools, what makes them better, and how to use them well. Additionally, we'll examine the role of the infrastructure on projects and identify principles that help us understand what kinds of infrastructure we need. Tools examined will include CruiseControl, Rake, Subversion, Trac, and others.

By Glenn Vanderburg
Performance myths about the Java platform abound, from the general "Java is slow", to the more specific "reflection is slow", "allocation is slow", "synchronization is slow", "garbage collection is slow", etc. Many of these myths have their root in fact (in JDK 1.0, everything was slow); today, not only are many of these statements not true, but Java performance has surpassed that of C in many areas, such as memory management.

In this class, we'll look at some common Java performance myths, identify where they came from, and explore the platform changes that have rendered them no longer true. Many common performance hacks don't actually help, and some can seriously hurt performance. The result is that clean code that follows common usage patterns generally shows far better behavior on modern JVMs than code laden with tweaks designed to "help" the JIT or garbage collector. More often than not, this well-intentioned assistance has the unfortunate effect of undermining many common JIT optimizations, resulting in slower -- not faster -- code.

By Jared Richardson
a.. Do you spend more time fighting your tools than writing code?
b.. Do you avoid merging your code with your teammates because of “Integration Hell”?
c.. Do the same bugs keep sneaking back into your product?
d.. Do your builds depend on the roll of the dice?

A good set of infrastructure tools can go a long way toward smoothing out these and other problems. Come see how to make your toolset work seamlessly in the background so you can Just Work. We'll cover source code management (SCM), build scripts, automated test harnesses, automatic builds, feature tracking and issue tracking.



As part of the session, we'll set up Subversion, create a project, and then add code for the SCM section ... just to obliterate the "it takes too much time to set up and use" argument. For build scripts, we'll add an Ant script. Let's throw in a few JUnits to demonstrate test automation, and then I'll put it all together in CruiseControl. The live demo will include breaking the build, then breaking the JUnit test, and then finally fixing it and seeing it all work.

For this first session, we'll look at Subversion, Ant, and start the Cruise Control discussion.

By Jared Richardson
This talk is a continuation of Part One of the Tools talk. During Part Two we'll cover Continuous Integration, automated testing, bug tracking, and feature tracking.

We'll set up CruiseControl and walk through it's functionality, then look at JUnit and how it fits into CruiseControl and the Continuous Intregration idea. Finally, we'll talk about tracking features and bugs.

If you don't make Part One you can still attend and benefit.

By Jared Richardson
Throughout our software careers we learn habits from our coworkers, from books we've read, and occasionally, from conferences we attend. Much of our competence comes from the tips and tricks we pick up as we go.


In this session, learn five of the techniques I've borrowed along the way. We'll discuss The List, code reviews, code change notifications, daily meetings, and tech leads. These techniques are often abused, but when used properly they can make a huge difference in how you develop software. Take this opportunity to add these practices to your toolkit.

By Jared Richardson
Are your product designs hit or miss? Do you have trouble building a loosely coupled system? Is your code incestuous? Refactoring not an option with your code base? Tracer Bullets help keep your project out of the fire.

Tracer Bullet Development:

* helps you create great software
* lends itself to an iterative cycle
* can be used for demos early and often
* is easily refactored
* allows your teams to work in parallel
* makes a very testable system



Tracer Bullets can coexist with nearly any other development methodology. Come see how easy it is!

By Justin Gehtland
The Spring framework is one of the fastest growing open source frameworks. New job postings are gaining rapidly, and many customers are adopting Spring instead of heavier alternatives. In this session, we’ll introduce Spring. You’ll see how Spring can give you much of the power of EJB, without the complexity or pain.

Spring uses concepts like dependency injection and aspect oriented programming to ease standard enterprise development. Spring developers write plain, ordinary Java objects (POJOs), instead of sophisticated components. In this session, you’ll see a basic Spring application. You’ll also see some details about some of the enterprise integration strategies, including:

• Spring AOP
• Transactions
• Persistence
• Model/view/controller

When the session is over, you won’t be an expert, but you should have a much clearer understanding of what Spring does, what it doesn’t do, and why it’s growing so rapidly.


This session, for the Spring beginner, helps you:
• Understand dependency injection and inversion of control
• Know the meaning of lightweight containers and Spring
• Understand the basic pieces of Spring
• See core Spring modules in action, including Persistence, AOP, transactions.

Attendees need not know anything about Spring. This session does talk about integration with core J2EE frameworks like JDBC and transactions.

By Justin Gehtland
Dependency Injection (DI) is the cornerstone of Spring. The core concept is quite simple, but (surprise!) actual practice can become complex. To take full advantage of Spring DI, you need to understand not only the basics on configuration, but also the container lifecycle model and the various hooks provided by the framework.





Topics will include




The difference between DI and Continuous Integration

Setter Injection

Constructor Injection

Factory Injection

Bean lifecycle

Method Injection

Using the ApplicationContext

Custom PropertyEditors

By Justin Gehtland
Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.




In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module

• page level authorization

• method level authorization

• instance level authorization

• forcing HTTPS connections to secured sites

• impersonation using the RunAsManager

By Justin Gehtland
O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

By Justin Gehtland
Hibernate is easy to get started with, but can sometimes be hard to make efficient or secure. In fact, the default settings for Hibernate createapplications that will run slowly, cause unwanted round trips to the database, and may be more restrictive and/or permissive from a security standpointthan you would otherwise want.

This session will show advanced techniques for tuning performance, including:
• advanced collection mapping strategies
• lazy loading
• cascading update management
• lifecycle management
• Hibernate's interceptor layer
In addition, we'll examine the security considerations when using Hibernate. Often, single-credential data access isn't enough for sensitive data. We'll
walk through using per-user credentials for data access, logging security information about and through Hibernate, and accessing data sources through secure application servers.

By Justin Gehtland
Ajax applications have unique architectural challenges and opportunities. This presentation will show you how to take advantage of the Ajax's strengths, and work around its quirks.




Topics covered will include

Selecting an Ajax toolkit

Dealing with browser differences

Handling the "Back" button

Degrading gracefully

Marshalling data

Managing XML

Minimizing roundtrips--or not!

When Ajax isn't enough

Packaging and deployment


Prior exposure to Ajax and JavaScript is very useful, but not required.

By Justin Gehtland
The Java platform is built from the ground up with security in mind. This talk will introduce the security features of the J2SE, building quickly from the basic classes to realistic examples. You will learn the core APIs: SecurityManager, AccessController, Permissions and Policy JAAS Subjects, Principals,
and LoginModules

You will then see how to invoke these APIs in real application scenarios. You will learn how to:
• Partition your applications to safely invoke downloaded code
• Read and write Java policy files
• Extend the architecture with custom permissions

By Kirk Knoernschild
Why is software so difficult to change? When you establish your initial vision for the software’s design and architecture, you imagine a system that is easy to modify, extend, and maintain. Unfortunately, as time passes, changes trickle in that exercise your design in unexpected ways. Unlike what you had anticipated, each change begins to resemble nothing more than another hack, until finally the system becomes a tangled web of code that few developers care to venture through. Eventually, modifications to the software intended to improve the system have the opposite affect of breaking other parts of the system. The software is beginning to rot.

The most common cause of rotting software is tightly coupled code with a heavy dependency graph. This session explores the most common symptoms of rotting design, examine their root cause, and present techniques and patterns that have been used on a number of real world projects to help manage dependencies across classes, packages, and the binary units of deployment.

By Kirk Knoernschild
Traditionally, we attempt to make the right architectural decisions early due to the significant anticipated cost affiliated with making incorrect decisions. But this contradicts agile practices which have taught us to embrace change. So how do agile and architecture come together? Conceptually, the goal of agile architecture must be to eliminate the architectural significance of change by crafting software that can easily adapt to change. In practice, developing agile architecture is much more difficult.


Software architecture is organic. The architectural goals you set to achieve early in the development effort differ from those you'll need to satisfy later. Change occurring throughout the software development lifecycle impacts architecture. The ability to accommodate shifts in architecture is directly related to the dependencies between software modules. In this session, we examine patterns and principles that lead to agile architecture. Extensive discussion is devoted to modularizing units of deployment, and how code can be created and organized to create more flexible, reusable, maintainable, extensible, and testable software components. Topics of discussion range from coupling between classes to the dependency structure between your modules of deployment. Examples gleaned from real world J2EE development effort will be used in a pragmatic case study that examines the evolution of a system from its initial deployment through a number of refactorings that positively influenced the architectural resiliency of the final product.allow you to apply many of these concepts immediately.

By Kirk Knoernschild
Agile processes such as XP and RUP advocate continuous integration, where shorter iterations produce an incremental and functional growth of the system. The fundamental component of any Continuous Integration strategy is an automated and repeatable build. In addition to ensuring your application is always in a functional state, a robust build strategy enables a number of other important lifecycle activities.

This session explores the important characteristics of Continuous Integration, including the development of an automated and repeatable build, and numerous other utilities that enrich the build process. We will also explore the important long term of Continuous Integration by examining it's use on a real world project. Multiple examples using CruiseControl, Ant, and other third party utilities will be shown, and tales from a project experienced in CI will be shared.

By Kirk Knoernschild
Design Patterns are proven and powerful techniques that can help improve the resiliency, maintainability, and extensibility of your applications. However, overusing or misapplying patterns is a common mistake often times resulting in applications that are over-architected, and resemble a tangled web of classes. How can patterns be applied to achieve the goal of better software?

This session offers a gentle introduction to design patterns by examining a small, yet very usable framework designed using 7 common GOF patterns. We?ll examine the framework, and explore how each pattern is used as well as how each pattern emerged based on real, instead of perceived need. Less flexible alternatives to the chosen patterns will also be discussed. To conclude, we?ll examine how the patterns are applied in conjunction with each other, forming more complex compound patterns. Each pattern will be presented with accompanying source code, and all examples are gleaned from real world scenarios.

By Mark Richards
There has been a significant amount of buzz in the community and industry about the definition and role of an Enterprise Service Bus (ESB), particularly within the area of Service-Oriented Architecture (SOA). In this product-agnostic high energy session we will take a step back and consider whether we really need an ESB. Through real-world application and architecture scenarios we will see where an ESB would be helpful and where it would be overkill. We will take a look under the hood and find out just what an ESB is really doing, and take a quick look at JBI (JSR-208) and see the impact it has on the ESB worls. Then, using product-agnostic coding examples we will learn what an Enterprise Service Bus is supposed to do, then answer the question about whether the ESB is just a bunch of hype or if we really need it.

Agenda
- Introduction
- Handling Distributed Services Today
- ESB Alternatives
- Services
- ESB Capabilities
- Rolling Your Own: Possible Java Implementations
- ESB Use Cases
- JBI (JSR-208)
- Summary and Q&A

By Mark Richards
Tired of dealing with EJBs but cannot use other frameworks like Spring? How would you like to replace all of your remote Stateless Session Beans with POJOs and still access them remotely within Java EE? By using the Java EE Command Pattern we can write EJBs as POJOs and solve many of the issues facing EJB, including testability, configuration complexity, and performance, and still remain within the boundaries of the Java EE container. The Java EE Command Pattern is a simple pattern that can significantly reduce the complexity of large-scale Java EE enterprise applications. In this session we will explore the numerous issues facing a typical EJB architecture and learn how the use of the Java EE Command Pattern can solve these issues. We will walk through the different design alternatives and see how the command pattern is implemented in both EJB3 and in Spring. Through interactive coding examples you will learn what components make up the Command Pattern framework and what simple coding changes are required to convert a complex remote EJB-based application to a much simpler remote POJO-based application.

Agenda
- Issues with J2EE
- Java EE Command Pattern Introduction
- Java EE Command Pattern Core Components
- The Command Pattern Framework Implementation (EJB)
- The Command Pattern Framework Implementation (Spring/RMI)
- Applying the Command Pattern to a Typical EJB Application

By Mark Richards
EJB3 (JSR-220) offers some great improvements over the prior EJB specs in terms of development simplicity and new features. In this session we will explore in detail some of the new features of the core EJB 3 specification. Included in this session will be defining and accessing session beans, dependency injection, declarative security, interceptors (aop), and Message-Driven Beans (MDB). For those of you who still like to write XML, I will also discuss and show how we can use XML rather than annotations within EJB3. During the session I will demonstrate the new features of EJB 3 through interactive coding examples. Note: this session does not cover the new Java Persistence API (JPA) - only the core specification.

Agenda
- Introduction
- Constructing and Accessing EJB 3 Session Beans
- Dependency Injection
- Declarative Security
- Interceptors (AOP)
- Message-Driven Beans (MDB)
- Using XML instead of Annotations
- Summary and Discussion

By Mark Richards
In addition to providing a simplified API, the new EJB3 specification (JSR-220) defines a standard ORM Java Persistence API (JPA) that is rapidly gaining in popularity. As you will see in this session, JPA bears a striking resemblance to popular ORM solutions like Hibernate and Toplink. In this session we will explore in detail the new Java Persistence API offered by JSR-220. We will start by discussing the overall design and architecture of the JPA and how the major components within JPA interact. We will then look at defining mapping objects (entities) and how to use the EntityManager to manage these entities. Through interactive coding examples we will investigate the pros and cons of detached entities and merging, how to map and use entity relationships (1-1, 1-N, N-1, and N-N), discuss Lazy Loading, and finally see how to use XML mappings rather than annotations. More advanced features of JPA will be covered in a separate session.

Agenda
- Introduction
- JPA Framework Overview
- Defining and Mapping Entity Objects
- Managing Entity Objects (EntityManager)
- Detached Entities and Merging
- Entity Relationships
- Lazy Loading
- Using XML Mappings
- Summary

By Neal Ford
Lots of developers want to use Agile development technique but don't know where to start. This session discusses how to get started with Agility, the key benefits you can expect, and the pitfalls to avoid.

There's the perfect world, and then there's the world you have to live in. Lots of organizations would like to reap the benefits of Agile development techniques but don't know how to get started. This session discusses the key benefits you can derive from Agile software development so that you can decide for yourself how many agile techniques will work within your organization. I discuss project planning and estimation, how to benefit from pair programming when you aren't allowed to pair, how to measure your progress, and other project milestones. Agile software development isn't just an unrelated set of activities, it is a discipline. Once you understand the component parts of the discipline, you can apply them to your less-than-perfect world.

Key Session Points

• What makes Agile tick?
  
• Flavors of agility
  
• Selectively applying agile practices
  
• Enforcing code quality
  
• Measuring progress
  
• Iterating over the waterfall
  
• Lessons learned

By Neal Ford
This session shows you how to become a more productive programmer every day by using tools that you didn't know you already had.

<grizzled-programmer>
Why, in my day, we didn't have any fancy Gooey tools -- we did everything from the command line and we liked it. And, we got a lot more done than all you point-and-click monkeys
<grizzled-programmer>
Have you ever noticed that some old-school developers can run rings around you at the keyboard? Have you ever seen a 2 week problem become a 2 hour solution because someone knew a better way to solve it? This session is about all the command line and other tools that are extremely powerful yet widely neglected in today's graphical environments. This session shows you how to take advantage of those tools whether you run Windows, *Nix, or Mac. It focuses on specific recipes to make your job easier. I'll show you how to get around your computer in a hurry (no more clicking around in trees), how to find anything fast, how to manage projects and artifacts from the command line, how to automate the repetative tasks you find yourself doing every single day, how to stop repeating yourself, and how to stop repeating yourself. This session is guaranteed to improve your developer productivity by an order of magnitude.



Key Session Points

• Creating a common environment
  
• The Unix philosophy (without Granola or sandals)
  
• Automating common programming tasks
  
• Getting around in a hurry
  
• Searching techniques
  
• Text techniques
  
• Project management from the command line
  
• Stop repeating yourself
  
• Tying it together

By Neal Ford
This session describes the use and workings of Selenium, the open source web user interface testing tool.

Selenium is one of the most powerful functional testing frameworks to come from the open source world in a long time. This session covers all aspects of Selenium, starting from its origins as an internal user-acceptance testing tool through testing Ajax applications. This session covers Selenium functionality, syntax of the test scripts (both HTML and the scripting language), keywords, testing techniques, recording tests, creating extensions, and testing Ajax applications. Selenium is the premiere testing tool for Ajax, so I show several examples of the power of Selenium combined with Ajax.

Key Session Points

• Selenium origins and background


• Installation


• Building tests


• API overview


• The Selenium IDE


• Testing Ajax Applications


• Future directions

By Neal Ford
This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.

Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!



Key Session Points:

* OWASP List of Vulnerabilities

10. Insecure configuration management
9. Denial of service
8. Insecure storage
7. Improper error handling
6. Injection flaws
5. Buffer overflows
4. Cross site scripting flaws
3. Broken authentication and session management
2. Broken access control
1. Unvalidated input

* Security Tools and frameworks
* Case Study: Hacking Oracle through a browser
* Case Study: Cross-site scripting
* Case Study: SQL Injection

By Neal Ford
This session delves into details about building web applications with Tapestry, covering configuration, templates, and separation of concerns.

Tapestry is the most radical web framework available, and arguably the most powerful. This session delves into the details of how to use Tapestry. It covers configuration, templates, separation of concerns, components, dendency injection, testing, and other topics. This talk is
designed to jump-start experienced web developers with enough information about Tapestry to start building applications with it right away.

Key Session Points

• Understanding Tapestry's structure
  
• Building a simple Tapestry application
  
• Templates
  
• Components
  
• The Tapestry engine
  
• Dependency injection and HiveMind
  
• Testing
  

By Neal Ford
This session begins a detailed discussion about how to actually get XP done in the real world (and what to tell your boss). This session includes artifacts (project tracking sheets, code coverage reports, etc.) from real XP projects.

Extreme programming sounds a little too “ESPN2” for most managers, but there is a lot of sound engineering behind its principles. My employer, ThoughtWorks, has been extremely successful using the full XP stack and we have developed lots of experience with it. This session talks about how to do XP in the real world. XP is all about feedback loops, so I discuss how to replace the radical sounding ones with more palatable ones. I talk about the parts of XP that are absolutely vital (unit testing, collective ownership, continuous integration, etc) and the ones that you can introduce a little more slowly (pair programming, only a 40 hour work week). This session focuses on the practicality of XP and how you can adopt it at your organization. I also talk about political battles with managers, other departments, and barriers that pop up anytime you try to introduce change in a large enterprise. Discussion is encouraged (required) in this session.

Key Session Points:
XP and Feedback Loops
A pragmatic look at the XP practices
    The planning game
    Small releases
    Metaphor
    Simple design
    Testing
    Refactoring
    Pair programming
    Collective ownership
    Continuous integration
    40-hour w