By Stuart Halloway
(3 Hour Session)
One of Java's greatest strengths is its flexible deployment model. In this session you will learn how Class Loaders facilitate deployment, and how to troubleshoot Java and J2EE Class Loading problems.


We will begin by looking at the basic class loading model provided by the java launcher, including the classpath, extensions path, and bootstrap path. Next, we will see how J2EE, Ant, browsers, and other container applications extend this model, using SecureClassLoader and URLClassLoader to dynamically load new classes at runtime. These techniques allows side-by-side deployment of multiple versions of the same class, and redeployment of changed classes without shutting down the Java virtual machine.Java's class loader architecture provides a dynamic and extensible mechanism for building applications. You will learn how to use class loaders to deploy multiple versions of classes side-by-side in the same JVM, and how to redeploy components withtout shutting down servers. You will also learn how to troubleshoot class loading problems such as inversion. You will learn to use the context class loader to correctly implement factory methods, and how to load non-code resources.

By Stuart Halloway
(3 Hour Session)
One of Java's greatest strengths is its flexible deployment model. In this session you will learn how Class Loaders facilitate deployment, and how to troubleshoot Java and J2EE Class Loading problems.


We will begin by looking at the basic class loading model provided by the java launcher, including the classpath, extensions path, and bootstrap path. Next, we will see how J2EE, Ant, browsers, and other container applications extend this model, using SecureClassLoader and URLClassLoader to dynamically load new classes at runtime. These techniques allows side-by-side deployment of multiple versions of the same class, and redeployment of changed classes without shutting down the Java virtual machine.Java's class loader architecture provides a dynamic and extensible mechanism for building applications. You will learn how to use class loaders to deploy multiple versions of classes side-by-side in the same JVM, and how to redeploy components withtout shutting down servers. You will also learn how to troubleshoot class loading problems such as inversion. You will learn to use the context class loader to correctly implement factory methods, and how to load non-code resources.

By Stuart Halloway
For centuries people have used crypto to build (and break) secure systems. Computers have only raised the pitch of conflict, providing enormous cryptographic power at commodity prices. Most programmers do not write their own crypto libraries, instead relying on the services of an operating system or virtual machine. But even with all this support, building secure systems is a daunting task.

This talk will cover three things all programmers need to know:
1. the basic tools of computer crypto
2. the programmatic APIs to these tools
3. common programming mistakes that can undermine otherwise secure systems
You will learn the basics of hashing, message digests, public key encryption, symmetric key encryption, certificates, and key management. With each, you will see programmatic examples, with advice for correct usage.

By Stuart Halloway
The Java platform is built from the ground up with security in mind. This talk will introduce the security features of the J2SE, building quickly from the basic classes to realistic examples.

You will learn the core APIs:

SecurityManager, AccessController, Permissions and Policy

JAAS Subjects, Principals, and LoginModules

You will then see how to invoke these APIs in real application scenarios. You will learn how to:

Partition your applications to safely invoke downloaded code

Read and write Java policy files

Extend the architecture with custom permissions

Provide secure services through PrivilegedActions

Use JAAS to authenticate and authorize users

By Ben Galbraith
As recent high-profile web apps such as Google's GMail have shown, modern browsers are capable of natively rendering web apps with highly dynamic and compelling UIs - fetching server data without page refreshes, animating and manipulating page contents on-the-fly, even offline use. The line between web and "desktop" apps is blurring.

Experienced web developer Dion Almaer (editor of TheServerSide.com) and noted Java desktop expert Ben Galbraith will describe and demonstrate these new techniques, including how to adapt modern web frameworks such as JSF and Tapestry to ease both the creation and maintenance of these types of applications.

By Ben Galbraith
Too often, Swing applications are slow, ugly, and hard-to-maintain. It turns out that it doesn't have to be this way. Swing can be used to create highly-responsive, beautiful applications that are very maintainable. If this isn't consistent with your own experience, don't feel bad; its not very obvious how to make Swing sing.

In this session, I explore three topics that lead to much better Swing applications:

- Proper Swing threading
- High-quality third-party Swing look-and-feels
- Good practices for coding Swing applications

In the threading portion of the session, I explain Swing's event handling architecture and its implications for Swing applications. Understanding this topic is crucial to creating highly-responsive Swing apps. I demonstrate how to use this knowledge in the form of many live-coded examples, and I show how frameworks like SwingWorker and FoxTrot can make this easier. Java's default look-and-feel, Metal, is awful (and in my opinion, the "Ocean" theme in JDK 5.0 doesn't do enough to improve it); you should stop using it immediately. But creating good-looking applications is sadly more than slapping in a look-and-feel; you must also take care to understand the principles behind attractive layouts. I spend the second part of this session exploring how to make your Swing applications look great through a combination of third-party look-and-feels and layout techniques.

By Ben Galbraith
Are you spending more time plumbing your Swing applications than solving business problems? Has your Swing application grown out of control? This session is for you.

In the first part of the presentation, I analyze the architectural problems that plague many Swing applications and present architectures that overcome these problems. These architectures are presented in terms of principles along with a reference implementation. You can therefore either adapt the principles to meet the needs of your existing applications, or incorporate the specific ideas of the reference implementation into your new projects. Fortunately, there are some existing frameworks that have done some of the architectural work already. I present some of these frameworks in the rest of the presentation.

By Brian Sletten
Object-oriented code metrics are a little like Artificial Intelligence: those who did it twenty years ago roll their eyes at the thought and prophesy the same ultimate failure at applicability now. Those who grew up with Java are approaching the topic with new eyes and are finding useful ways of incorporating metrics into their projects. Come hear about tools and ways to measure properties of software, how they might be beneficial and where you are likely to go astray with this approach.


Attendees will learn about
Approaches to measuring software
The attempt to predict failure via software metrics (and the failure to do so)
Analyzing OO designs based on the "Martin Metrics"
Tools that allow developers to use metrics for themselves

Rating: Intermediate
Category: Architecture/Languages, Design, Core Java, .NET
Prerequisites: Basic Java or C# skills

By Brian Sletten
Just about every modern software developer has a copy of the Gang of Four "Design Patterns" book sitting on a shelf; many of them have actually read it. The dark secret of the patterns community is that there is often a large gulf between whiteboard simplicity and real-world complexity. Language choice plays a part in the design (and even importance) of patterns. The situation is made even more confusing by the fact that many of the core patterns have now been "voted off the island" for one reason or another. This talk will give a pragmatic overview of the motivations behind design patterns and will focus on applying a handful of the GOF patterns to example scenarios in Java, Ruby and C#. A quick introduction to the role AOP plays in changing the patterns landscape will also be covered.

Attendees will learn about
The benefits and history of patterns in software
How language choice affects pattern implementations
Applying a handful of GOF patterns in code examples
Why there is no DP4J available

Rating: Intermediate
Category: Architecture/Languages, Core Java, .NET
Prerequisites: Basic Java or C# skills

By Brian Sletten
Service-oriented architectures (SOAs) are all the rage. But how do you find all of these services once they are deployed? Configuration files are so 90's. Software of the 21st Century should be able to find related services and components without users having to specify particular configurations at start up. The IETF's ZeroConf multicast DNS protocol was designed to solve exactly this problem. JmDNS is Java-based open source implementation of this capability that allows local-link applications to find and use automagically discovered capabilities. Apple's Rendezvous technology is another open-source ZeroConf implementation behind many of the exciting applications it is building for OS X these days. Come learn how you can interact with these or your own service discovery-savvy applications without even having to learn how to spell UDDI. Bring your wireless notebooks to participate in a service-oriented environment (please have a working Java environment as we won't have time to debug installation issues).

Attendees will learn
- Why you don't need UDDI to find services
- The basics of multicast DNS and the ZeroConf protocol
- How to take advantage of Bonjour-enabled devices and software
- How to build their own applications that can be found without a central repository
Rating: Advanced
Category: Client or Server-side Java
Prerequisites: Basic to Intermediate Java skills, basic networking knowledge

By Bruce Tate
This session, for the Spring beginner, helps you:
• Understand dependency injection and inversion of control
• Know the meaning of lightweight containers and Spring
• Understand the basic pieces of Spring
• See core Spring modules in action, including Persistence, AOP, transactions.

Attendees need not know anything about Spring. This session does talk about integration with core J2EE frameworks like JDBC and transactions.

The Spring framework is one of the fastest growing open source frameworks. New job postings are gaining rapidly, and many customers are adopting Spring instead of heavier alternatives. In this session, we’ll introduce Spring. You’ll see how Spring can give you much of the power of EJB, without the complexity or pain.

Spring uses concepts like dependency injection and aspect oriented programming to ease standard enterprise development. Spring developers write plain, ordinary Java objects (POJOs), instead of sophisticated components. In this session, you’ll see a basic Spring application. You’ll also see some details about some of the enterprise integration strategies, including:

• Spring AOP
• Transactions
• Persistence
• Model/view/controller

When the session is over, you won’t be an expert, but you should have a much clearer understanding of what Spring does, what it doesn’t do, and why it’s growing so rapidly.

By Bruce Tate
This session will help a Java developer choose a persistence framework. After the session, you will
• Understand the core strengths and weaknesses of the main persistence frameworks in the Java space
• Understand where marketing influences can impact persistence
• Know what’s going on behind the scenes to impact the persistence pictures
• Answer questions about persistence frameworks that might not be mainstream


This free-form session is intended to help attendees choose or validate a persistence framework. In it, the instructor will take questions from the audience, and tailor the session to the questions asked. Bruce will focus on three persistence frameworks: EJB, JDO and Hibernate. He’ll talk about the evolution of each of the frameworks. He’ll talk about the fundamental design philosophies of each, and what makes each unique and strong.

But understanding technical strengths is not enough in the area of persistence. To make the best possible choice, a developer or architect must also understand the politics of persistence, and the marketing pressures that lead to the success or failure of each framework. The proposed common standard across JDO and EJB will get special consideration.

This format has been very popular among nofluffjuststuff attendees. It’s highly tailored to each audience, but still flows with good structure. When the session is over, you’ll have a better understanding of the major persistence frameworks in the Java space, and what makes each valuable. You’ll also understand how much of a role market share and technology play in the success or failure of a persistence framework.

By Bruce Tate
All programming languages have a limited life span, and Java is no different. This is a philosophical session rather than a programming session. Sooner or later, Java will lose its leadership position. This session will explore Java's strengths and weaknesses. We'll try to understand whether conditions are ripe for alternatives to emerge, and what those alternatives may be.

The Java programming language has been tremendously successful. Many of the roots of its success may be surprising to the audience. But every major programming language has a limited life cycle. While it’s true that Java and .NET seem to be the only games in town, some alternatives are beginning to emerge.

In this session, we’ll discuss some of the limitations of the Java language, and the impact that they might have on the productivity of Java developers. We’ll then look at some of the innovations around other frameworks and languages, and some of the features of those languages that boost the productivity of other non-Java developers:

• Typing, and why it matters
• Code blocks and closures
• Regular expressions
• Innovative frameworks

Finally, we’ll take a look at where developers may look at using other languages. Clearly, most of the work that we do will be in Java for the foreseeable future, but certain project classifications may make it much easier to embrace alternatives, for good competitive effect.

By Dave Thomas
Ruby recently enjoyed its tenth birthday. Instead of cake and candles, the community celebrated by releasing a wave of new libraries and frameworks that make Ruby programming even easier. This talk features some of the best of these, as we explore Ruby.


We'll spend about half the session getting to know Ruby: the syntax, type system, blocks, iterators, and so on. Then we'll dive in and develop some real-world code using web services, RSS, and databases. If you want to come to the Rails talk, and you're not that familiar with Ruby, this talk is a good starting point.

By Dave Thomas
The Ruby on Rails framework has exploded onto the scene over the last few months. Propelled by some genuine benefits, and fueled by a whole lot of controversy, Rails seems here to stay. So, is it a Java killer? (No.) Is it a great way to develop certain classes of web application? (Yes.) Does it really deliver the 10-fold increase in developer productivity that some have claimed? (It depends...)



If you can't help thinking that there must be an easier way of developing web projects, come and join us as we construct an MVC-based Ruby on Rails application using the very latest libraries and tools. You'll get a taste of Ruby, and also a feel for some of the power and productivity gains offered by this remarkable framework. You'll need a grounding in Ruby to get the most from this talk; if you're not already a Ruby developer you might want to attend the Facets of Ruby talk before coming to this one.

By Dave Thomas
Are you frustrated by experts who can't tell you what to do, or by junior team members who refuse to see the big picture? How can you best develop careers: both yours and those of your teammates and managers? How can we learn to apply experience more effectively, and why do the many approaches designed to tame complexity actually end up increasing it?

Dave Thomas, of The Pragmatic Programmers, describes the solutions to these and other problems as he turns the Pragmatic Spotlight (and a good dose of twisted humor) on formal learning models, the Nursing profession, and streamlining sheep.

By David Bock
Pluggable application architectures are everywhere. Applications like Photoshop, Eclipse and other IDEs, and even application servers are all examples of applications that allow other developers to 'install' new functionality. There are plenty of reasons for wanting to install new functionality into an application that is already developed and deployed... from dynamic upgrading to the creation of a 'component marketplace', where end users can purchase components with 'extra' capability.

How can we design an application that will dynamically use new functionality that is written months, if not years, after the 'original' application has shipped? In what circumstances might we want to do this? Done right, pluggable application architectures allow you (and potentially others) to deploy new capabilities into your applications. Done wrong, they become a tightly coupled configuration management nightmare. Learn how to implement them properly in this presentation, and look at what is already available to build upon.

By David Bock
Most software engineers hate metrics... Why? Because we know the work we do is hard to quantify – any measurement of 'software engineering' is like trying to tell how tall someone is by how much they weigh... There may be some correlation, but there is so much deviation as to make the answer practically meaningless. As a result, we often see metrics used to justify improper conclusions. There are plenty of good metrics though, and plenty of ways to use them effectively.


In this presentation we will analyze what makes a 'good' metric, why some metrics are 'bad', and how you can use them to make meaningful measurements of your projects. We will look at several methods for gathering metrics too, including some open source tools you can put to use immediately.

By Dion Almaer
Rules engines are powerful beasts which allow you to program in a way in which you specific rules and facts, rather than a linear set of instructions.

Learn about how you can use Rules Engines in Java development to take care of complicated problems.

Rules engines are powerful beasts which allow you to program in a way in which you specific rules and facts, rather than a linear set of instructions.

It takes awhile to get used to "Thinking in Rules", but it gives you immense power for particular logical problems. You pass control HOW the rules are applied to the rules engine, and just give it the information it needs to get the job done.

Rules based systems are often great solutions for enterprise problems, and are uniquely useful for building so-called ""business rules"". Now you have an external view of your business, and can change behaviour via the rules rather than hard coding your application.

Learn about the power of Rules based thinking in this talk, as we go through and show real examples of how it can help you out in your daily toil.

By Dion Almaer
What do we really mean by "performance" and "scalability"? This talk gets into the meat of problems which cause our applications to degrade. We will focus on issues such as problems caused by the database being a bottleneck for our application, and see how we can architect our solutions to bypass the issues, resulting in a solid system which scales with the increased load.

Not only will we look at the factors, but I will delve into a couple of case studies to show how real world problems were solved!

What do we really mean by "performance" and "scalability"? This talk gets into the meat of problems which cause our applications to degrade. We will focus on issues such as problems caused by the database being a bottleneck for our application, and see how we can architect our solutions to bypass the issues, resulting in a solid system which scales with the increased load.

Not only will we look at the factors, but I will delve into a couple of case studies to show how real world problems were solved!

By Dion Almaer
Our build systems have migrated from make to Ant. While Ant does a good job in many ways, is it the right tool for the job? This session talks about taking builds to the next level, looking at tools such as Maven to make your life easier.

Our build systems have migrated from make to Ant. While Ant does a good job in many ways, is it the right tool for the job?

You often see a lot of copy 'n paste reuse as people jump from project to project, and we think there is a better way. Maven gives you reuse via its plugins.

Are you sick of having 25 copies of someapp.jar in various lib directories? Maven gives you a clean way to handle dependencies, and you will always know which version your project is using.

Maven is built to be simple to get up and running for small projects, yet flexible enough to manage multiple sub projects. It builds on Ant, so you can drop down to that level to tweak the builds for your needs.

Check out this session if you wish to explore a better way to progress on your own builds.

By Dion Almaer
Aspect-oriented programming (AOP) has become a hot topic for enterprise development, with recent news of support by IBM, JBoss, BEA, Oracle, Eclipse, and IntelliJ.

Behind the news headlines, however, are critical questions: How real is AOP for the enterprise? What problems can it solve today? How does it apply to enterprise applications? How can one make an informed decision about trying to use AOP? What is the best adoption strategy? What are the long term possibilities for AOP in the enterprise?

This sessions tries to tackle those questions.

Aspect-oriented programming (AOP) has become a hot topic for enterprise development, with recent news of support by IBM, JBoss, BEA, Oracle, Eclipse, and IntelliJ.

Behind the news headlines, however, are critical questions: How real is AOP for the enterprise? What problems can it solve today? How does it apply to enterprise applications? How can one make an informed decision about trying to use AOP? What is the best adoption strategy? What are the long term possibilities for AOP in the enterprise?

This session tackles these questions and show developers, architects, and technical managers how AOP can be used for enterprise Java application development. We provide a refresher of AOP concepts and show enterprise examples of how AOP works and where it can be beneficial, as well as discussing anti-patterns (i.e., how not to use AOP).

Examples discussed include error handling, policy enforcement, tracing, systems management with JMX, and more. The examples are implemented in the AspectJ programming language (a popular and seamless aspect-oriented extension to Java) and incorporate major J2EE technologies such as servlets, JSPs, and EJBs. We will also demonstrate using the AspectJ tools to work in an enterprise environment. At the end of the tutorial, participants will have a better understanding of both the potential and the pitfalls for applying AOP in a J2EE context. The tools used in the tutorial are all freely available as open source software, so participants will be able to use the techniques shown in their own projects.

By Dion Almaer
What? Another programming language? Are you kidding me? That is what we often feel when something new comes around, and is something you may be feeling about Groovy. However, Groovy could fit a niche for you in your daily toil. It is the swiss army nice that Perl/Ruby are, yet lets you work in a more structured way, and plays nice with the millions of lines of code already written on top of the Java Virtual Machine.

What? Another programming language? Are you kidding me? That is what we often feel when something new comes around, and is something you may be feeling about Groovy. However, Groovy could fit a niche for you in your daily toil. It is the swiss army nice that Perl/Ruby are, yet lets you work in a more structured way, and plays nice with the millions of lines of code already written on top of the Java Virtual Machine.

This talk discusses a pragmatic view of Groovy where we start off going into detail on the Groovy language, and how it fits into the Java world. Then we will move to examples of how it can help you with tasks such as file IO, SQL access, the web tier, GUIs, Unit Testing, Web Services, and more. If nothing else, you will also see how it has changed the way I program in Java!

By Justin Gehtland
Web Services are message-oriented. This means that any application intention (the need for security, for transactionality, for reliability, etc.) must be
included in the message and not just assumed as external context. The WS-Security specifications are very advanced and currently being used in the wild to create robust, secure web services.

This session will examine these specifications, including:

• WS-Security
• WS-Policy - for sharing enforcement and encryption strategies
• WS-Privacy - for agreeing on privacy policy for service usage
• WS-Encryption - for encrypting or signing all or part of a message
• WS-Trust - for creating a single-sign-on solution
• WS-Federation - works with WS-Trust

These specifications, plus others like WS-Addressing and WS-Notification, provide a platform for communicating security intent across multiple network
layers and many platforms. Of course, these specifications only define modifications to the messagapplication author. We will demonstate these capabilities using the Axis toolkit and the J2SDK.

By Justin Gehtland
The Spring team, as in all things they do, have learned the valuable lessons of the past when introducing a Spring solution. Spring MVC is everything Struts should be, and more besides.

This talk will introduce you to the Spring web application framework. You'll find out about the Controller hierarchy, and how the different kinds of Controllers allow for a more manageable logic tier. We'll look at validation and exception handling, configuration, URL mapping and CommandControllers (Spring's answer to ActionForms). Finally, we'll look at Spring's integration with another powerful web framework, Tapestry.

By Justin Gehtland
Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.




In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module

• page level authorization

• method level authorization

• instance level authorization

• forcing HTTPS connections to secured sites

• impersonation using the RunAsManager

By Justin Gehtland
O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

By Justin Gehtland
Hibernate is easy to get started with, but can sometimes be hard to make efficient or secure. In fact, the default settings for Hibernate createapplications that will run slowly, cause unwanted round trips to the database, and may be more restrictive and/or permissive from a security standpointthan you would otherwise want.

This session will show advanced techniques for tuning performance, including:
• advanced collection mapping strategies
• lazy loading
• cascading update management
• lifecycle management
• Hibernate's interceptor layer
In addition, we'll examine the security considerations when using Hibernate. Often, single-credential data access isn't enough for sensitive data. We'll
walk through using per-user credentials for data access, logging security information about and through Hibernate, and accessing data sources through secure application servers.

By Keith Donald
In this interactive session Keith walks you through the experience of building a simple Spring-powered application from the ground up.

You will learn how to use Spring to assemble an application system from a set of focused, loosely-coupled components. You'll see how Spring enables agile development by allowing you to start simple, validate architectural choices early, and scale up infrastructure as requirements demand.

Expect live coding with a supporting business case. This "big picture" session focuses on teaching how to get the most mileage out of the Spring Framework as you can.

By Keith Donald
Spring 1.2 is out--Spring 1.3 is right on the horizon. As a broad, user-driven project with a large community, the newest releases offer a wealth of new features to be taken advantage of. This session focuses on demonstrating the most important, and how you can start leveraging them in your projects immediately.


You'll learn how to use Spring's JMX support to add manageability to your apps. You'll see how to use Spring Web Flow to create robust web applications atop business process workflows. You'll learn about Spring Security (Acegi), Hibernate 3 integration, JDK 1.5 transactional annotations, and the latest core container and utility enhancements.

By Mark Richards
Although Spring and EJB isolate us from most of the complexities involving transaction management, there are still a number of things we need to be aware of when dealing with transactions in Enterprise Java Applications. Too often transaction management is an afterthought in the design and development process, which leads to applications that have problems with data integrity, data consistency, and overall stability and reliability. In this session we will explore the three transaction models that both Spring and EJB support (Local, Programmatic, and Declarative), and discuss the advantages, disadvantages, and pitfalls within each of these models, when it makes sense to use each transaction model, and under what situations these models are appropriate and inappropriate. We will spend most of our time on the Declarative Transaction Model. Within this model we will explore some common pitfalls and look at the best practices within this model. Through coding examples in both EJB and Spring using real-world scenarios, you will learn how to properly handle exceptions, how to correctly use transaction attributes, and how the isolation level can affect transaction and application behavior. This session is the first part of a 3 hour transaction management session.

Agenda:
- Introduction
- Local Transaction Model
- Programmatic Transaction Model
- Declarative Transaction Model
- Best Practices and Pitfalls

By Mark Richards
This session is the second part of a 3 hour transaction management session. In this session we will explore some of the more advanced features of transaction management within EJB and Spring. We will pick up where we left off from the first session by taking a detailed look at XA and distributed transaction processing, and how to coordinate multiple resources within a single business transaction. Within the XA discussion you will learn what XA is, what the relationship is between JTA and XA, when you should use XA within EJB and Spring applications, and how to enable JMS and DBMS resources to run under XA. In the second part of this session we will look at how to build an effective transaction design strategy by reviewing three primary transaction design patterns. Within each pattern we will look at the context, forces, solution, and the pattern implementation in both EJB and Spring. We will also see how each transaction pattern fits into variousl application architectures.

Agenda:
- What is XA?
- What is the relationship between XA and JTA?
- When is XA required?
- When should we use XA Drivers?
- Client Owner Transaction Design Pattern
- Domain Service Owner Transaction Design Pattern
- Server Delegate Owner Transaction Design Pattern
- Applying Transaction Design Patterns (Spring and EJB)

By Mark Richards
As companies continue to change the way they do business, so must the IT systems that support the business. Changes due to regulatory requirements, competitive advantage, mergers, acquisitions, and industry trends require flexible IT systems to meet the demands of the business. Software Architects must therefore make their architectures more agile to meet the flexible demands of today's business. Through real-world examples and scenarios we will explore some of the challenges facing Software Architecture and discuss several concrete techniques for applying agility to both the architecture process and the technical architecture itself. We will also look at various architecture refactoring techniques, and discuss the pros and cons of each. By attending this session you will learn how to apply various agile techniques to improve your architectures and overcome some of the challenges facing software architecture in today's ever-changing market.

Agenda:
- Introduction
- Part One: Applying Agility to Architecture (Interactive)
- Part Two: Agile Methodologies - FDD
- Part Three: Agility and Architectural Refactoring

By Neal Ford
This session discusses techniques and tools for debugging enterprise applications (without using System.out.println()!)

It's an interesting dilemma – we have the best tools for software development ever, yet developers are still debugging enterprise applications using ystem.out.println()! This session discusses techniques and tools for debugging enterprise applications. It shows how to perform remote debugging through all the major IDEs, either on the same machine or across a network. It also shows how to debug using the command-line jdb debugger (the only one guaranteed to always be available).This session shows how to debug web, EJB, and lightweight enterprise applications. It discusses class loaders, interactive enterprise debugging with Groovy, and how to automate repetitive tasks using JWebUnit and Selenium, making the computer do work for you instead of vice versa (how many times do you have to walk multiple pages through a web application to get to the point where you can debug it?). This session shows you how to automate these and other common debugging tasks. The goal is to make hunting and eliminating bugs in complex applications much easier.

Key Session Points:
• Setting up remote debugging in IDE's
   o Eclipse
   o IntelliJ
• Effective remote debugging
• When it's all you've got: jdb and enterprise applications
• Forensic debugging using loggers
• Debugging web applications
   o Inspector
   o Bookmarklets
• Debugging EJB
• Debugging in lightweight frameworks
• Interactive Debugging with Groovy
• Automating debugging tasks
   o JWebUnit
   o Selenium

By Neal Ford
Regular expressions should be an integral part of every developer?s toolbox, but most don?t realize what an important topic it is. Regular expressions have existed for decades, but many developers don't understand how to take full advantage of this powerful mechanism, either through command line tools and editors or in their development.

This session shows how to fully exploit regular expressions. It begins with the basic premise of how regular expressions work, then shows how to take advantage of the RegEx library built into the Java platform. This session shows how to use wildcards, escape characters, meta-tags, character class operators, look-aheads/look-behinds, and how to use the greedy operators effectively. It covers regular expressions from the beginning through to advanced usage, both in Java and in tools that support regular expressions. This session is packed with real examples of regular expressions (including a game show with no fabulous prizes).

Key Session Points:

Common Regex mistakes

By Neal Ford
This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.

Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!



Key Session Points:

* OWASP List of Vulnerabilities

10. Insecure configuration management
9. Denial of service
8. Insecure storage
7. Improper error handling
6. Injection flaws
5. Buffer overflows
4. Cross site scripting flaws
3. Broken authentication and session management
2. Broken access control
1. Unvalidated input

* Security Tools and frameworks
* Case Study: Hacking Oracle through a browser
* Case Study: Cross-site scripting
* Case Study: SQL Injection

By Neal Ford
This session shows how to use Java as the building block for domain-specific languages. It discusses the next revolution in programming: language-oriented programming and the nascent tools that support it.

If you look at the way advanced programmers in highly dynamic languages (like Lisp, Smalltalk, Ruby, etc.) work, they tend to build domain specific languages on top of their low-level language. The language syntax itself becomes building blocks for languages that are highly specific to their problem domain. It’s not as easy to apply this technique to a static language (like Java), but it is possible. This session shows how to use Java as the building block for domain-specific languages. It discusses internal and external DSLs, with pros and cons for each. This session progresses from creating an internal DSL using Java syntactic elements as keywords through using compiler-building tools to create your own external DSL arriving ultimately at the new tools that allow you to build, edit, and deploy external DSL (language workbenches). This session covers the theory and practice of building DSL's and why this is an important step in the evolution of programming paradigm. It shows tools that are available now to build DSL's and discusses tools on the horizon that will make this much easier.

Key Session Points:
1. Why Dynamic languages?
2. Building domain languages
3. Language-oriented Programming
   a. Internal DSLs
   b. External DSLs
4. Internal DSL
   a. Characteristics
   b. Advantages
   c. Disadvantages
5. External DSL
   a. Characteristics
   b. Advantages
   c. Disadvantages
6. Case Study: Building your own language
   a. Building the parser
   b. Building the lexer
   c. Abstract Syntax Trees
7. Parsing other languages
   a. Parsing Java
   b. Parsing HTML, JavaScript, and others
8. Language Workbenches
   a. JetBrains MPS in Action

By Paul Duvall
Design Patterns became part of the software development industry mainstream in the mid-1990s with the release of the Go4 Design Patterns book. Since then, architecture, design, and more recently, organizational patterns have become a part of our nomenclature. But, what about the software that helps us develop and deliver the software to our users: the software development infrastructure?

Paul will introduce you to patterns such as the Robot, Detector, Kitchen Sink, and Scorched Earth patterns that will help you build a robust software development infrastructure. The implementation of these patterns will help reduce common risks on your projects and allow you to focus on the interesting work of solving the unique problems of your users.

By Paul Duvall
Increase feedback on your project by building your software with every change applied to your source code repository. The practice of Continuous Integration (CI) can be used to decrease the time between when a defect is introduced and when it is fixed.

You will learn how to get the CruiseControl CI server and a source code management repository to work together in a CI system. From a working reference implementation in Java, you will learn the attributes that make up an effective development platform for CI. Learn how to use the CI system as the centerpiece to your software development activities to create automated code reviews, generate diagrams and documentation, and detect anomalies on a continual basis. Paul will use CruiseControl, Subversion, Ant, JUnit, and other tools that can help you implement a powerful CI system.

By Ramnivas Laddad
J2EE has become the main new platform for enterprise application deployment. Good performance is an important business requirement. Supporting this requirement needs application profiling during the development phases and performance monitoring after application deployment. Come to this session to understand challenges and choices in monitoring J2EE applications.

Performance monitoring solutions must work under constraints imposed by the environment. Further, they must balance conflicting requirements such as overhead vs. richness of information. All of these need careful understanding of both requirements and solutions as well as the costs of any tradeoff decisions.

This session presents various tools and techniques available for monitoring J2EE applications. We will consider requirements of performance monitoring solutions in different scenarios. We will also discuss underlying enabling technologies such as Java Virtual Machine Profiling Interface (JVMPI), Java Virtual Machine Tool Interface (JVMTI), JFluid, JMX, design patterns, and aspect-oriented programming (AOP). During the session, we will demonstrate many of the tools and technologies discussed.

By Ramnivas Laddad
Aspect Oriented Programming (AOP) enables modularizing implementation of crosscutting concerns that abound in practice: logging, tracing, dynamic profiling, error handling, service-level agreement, policy enforcement, pooling, caching, concurrency control, security, transaction management, business rules, and so forth. Traditional implementation of these concerns requires you to fuse their implementation with the core concern of a module. With AOP, you can implement each of the concerns in a separate module called aspect. The result of such modular implementation is simplified design, improved understandability, improved quality, reduced time to market, and expedited response to system requirement changes. Come to this session and learn all about how AOP can help you simplify developing complex systems.

AspectJ (http://eclipse.org/aspectj) is the leading implementation of AOP for the Java programming language. AspectJ is a new language as well as its implementation. The output produced by the AspectJ compiler is compatible with the Java byte code specification. Further, AspectJ is well integrated with the most commonly used IDEs, which makes the Java developer more productive.

This session is targeted at the developer with no or little familiarity with AOP and AspectJ. It will introduce AOP’s concepts and the AspectJ programming language, along with many examples and live coding to solidify the concepts learned. After attending the session, you will have a clear idea about AOP's value and its practical applications.