By Neal Ford

Regular expressions should be an integral part of every developer?s toolbox, but most don?t realize what an important topic it is. Regular expressions have existed for decades, but many developers don't understand how to take full advantage of this powerful mechanism, either through command line tools and editors or in their development.

This session shows how to fully exploit regular expressions. It begins with the basic premise of how regular expressions work, then shows how to take advantage of the RegEx library built into the Java platform. This session shows how to use wildcards, escape characters, meta-tags, character class operators, look-aheads/look-behinds, and how to use the greedy operators effectively. It covers regular expressions from the beginning through to advanced usage, both in Java and in tools that support regular expressions. This session is packed with real examples of regular expressions (including a game show with no fabulous prizes).

Key Session Points:

Common Regex mistakes

By Neal Ford

This session talks about how to actually get XP done in the real world (and what to tell your boss).

Extreme programming sounds a little too ?ESPN2? for most managers, but there is a lot of sound engineering behind its principles. My employer, ThoughtWorks, has been extremely successful using the full XP stack and we have developed lots of experience with it. This session talks about how to do XP in the real world. XP is all about feedback loops, so I discuss how to replace the radical sounding ones with more palatable ones. I talk about the parts of XP that are absolutely vital (unit testing, collective ownership, continuous integration, etc) and the ones that you can introduce a little more slowly (pair programming, only a 40 hour work week). This session focuses on the practicality of XP and how you can adopt it at your organization. I also talk about political battles with managers, other departments, and barriers that pop up anytime you try to introduce change in a large enterprise. Discussion is encouraged (required) in this session.

Key Session Points: XP and Feedback Loops A pragmatic look at the XP practices     The planning game     Small releases     Metaphor     Simple design     Testing     Refactoring     Pair programming     Collective ownership     Continuous integration     40-hour week     On-site customer     Coding standards XP in the real world

By Neal Ford

This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.

Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!

Key Session Points:
* OWASP List of Vulnerabilities

1. Insecure configuration management
2. Denial of service
3. Insecure storage
4. Improper error handling
5. Injection flaws
6. Buffer overflows
7. Cross site scripting flaws
8. Broken authentication and session management
9. Broken access control

10. Unvalidated input

    • Security Tools and frameworks
    • Case Study: Hacking Oracle through a browser
    • Case Study: Cross-site scripting
    • Case Study: SQL Injection

By Neal Ford

This session discusses techniques and tools for debugging enterprise applications (without using System.out.println()!)

It's an interesting dilemma – we have the best tools for software development ever, yet developers are still debugging enterprise applications using ystem.out.println()! This session discusses techniques and tools for debugging enterprise applications. It shows how to perform remote debugging through all the major IDEs, either on the same machine or across a network. It also shows how to debug using the command-line jdb debugger (the only one guaranteed to always be available).This session shows how to debug web, EJB, and lightweight enterprise applications. It discusses class loaders, interactive enterprise debugging with Groovy, and how to automate repetitive tasks using JWebUnit and Selenium, making the computer do work for you instead of vice versa (how many times do you have to walk multiple pages through a web application to get to the point where you can debug it?). This session shows you how to automate these and other common debugging tasks. The goal is to make hunting and eliminating bugs in complex applications much easier.

Key Session Points: • Setting up remote debugging in IDE's    o Eclipse    o IntelliJ • Effective remote debugging • When it's all you've got: jdb and enterprise applications • Forensic debugging using loggers • Debugging web applications    o Inspector    o Bookmarklets • Debugging EJB • Debugging in lightweight frameworks • Interactive Debugging with Groovy • Automating debugging tasks    o JWebUnit    o Selenium

By Neal Ford

This session shows how to use Java as the building block for domain-specific languages. It discusses the next revolution in programming: language-oriented programming and the nascent tools that support it.

If you look at the way advanced programmers in highly dynamic languages (like Lisp, Smalltalk, Ruby, etc.) work, they tend to build domain specific languages on top of their low-level language. The language syntax itself becomes building blocks for languages that are highly specific to their problem domain. It’s not as easy to apply this technique to a static language (like Java), but it is possible. This session shows how to use Java as the building block for domain-specific languages. It discusses internal and external DSLs, with pros and cons for each. This session progresses from creating an internal DSL using Java syntactic elements as keywords through using compiler-building tools to create your own external DSL arriving ultimately at the new tools that allow you to build, edit, and deploy external DSL (language workbenches). This session covers the theory and practice of building DSL's and why this is an important step in the evolution of programming paradigm. It shows tools that are available now to build DSL's and discusses tools on the horizon that will make this much easier.

Key Session Points: 1. Why Dynamic languages? 2. Building domain languages 3. Language-oriented Programming    a. Internal DSLs    b. External DSLs 4. Internal DSL    a. Characteristics    b. Advantages    c. Disadvantages 5. External DSL    a. Characteristics    b. Advantages    c. Disadvantages 6. Case Study: Building your own language    a. Building the parser    b. Building the lexer    c. Abstract Syntax Trees 7. Parsing other languages    a. Parsing Java    b. Parsing HTML, JavaScript, and others 8. Language Workbenches    a. JetBrains MPS in Action

By Ted Neward

There's a set of fallacies that every enterprise developer has fallen for at some point in their enterprise development lives, and unless they've come to realize it early enough, all cause big trouble and painful learning experiences in the long run.

In this talk, we'll go over the Enterprise Fallacies, discuss why they're so insidious and easy to fall into, and how developers can go about making sure they avoid them in the future. Discussions will be relative to both .NET and Java, as well as the emerging Web services stack, as the Fallacies know no technical boundaries.

By Ted Neward

Security's become a hot topic among enterprise developers in recent years, but to many developers, security is still the white elephant in the middle of the room. Discussions about security usually begin with, "Uh, we'll worry about that later", or, "Start with two really large prime numbers.....". Security isn't as hard as developers make it out to be, but it is something that developers need to face and recognize.

In this talk, we'll extract the 10 Items on Security from Effective Enterprise Java and talk about them, giving developers the basic heads-up they need to have when building enterprise systems in Java.

By Ted Neward

Bring all of your enterprise Java questions to this open forum discussion hosted by the author of “Effective Enterprise Java”, Ted Neward.

This session will be a great opportunity to listen & participate in a discussion on all things relating to enterprise Java.

By Dion Almaer

What do we really mean by "performance" and "scalability"? This talk gets into the meat of problems which cause our applications to degrade. We will focus on issues such as problems caused by the database being a bottleneck for our application, and see how we can architect our solutions to bypass the issues, resulting in a solid system which scales with the increased load.

Not only will we look at the factors, but I will delve into a couple of case studies to show how real world problems were solved!

What do we really mean by "performance" and "scalability"? This talk gets into the meat of problems which cause our applications to degrade. We will focus on issues such as problems caused by the database being a bottleneck for our application, and see how we can architect our solutions to bypass the issues, resulting in a solid system which scales with the increased load.

Not only will we look at the factors, but I will delve into a couple of case studies to show how real world problems were solved!

By Dion Almaer

Rules engines are powerful beasts which allow you to program in a way in which you specific rules and facts, rather than a linear set of instructions.

Learn about how you can use Rules Engines in Java development to take care of complicated problems.

Rules engines are powerful beasts which allow you to program in a way in which you specific rules and facts, rather than a linear set of instructions.

It takes awhile to get used to "Thinking in Rules", but it gives you immense power for particular logical problems. You pass control HOW the rules are applied to the rules engine, and just give it the information it needs to get the job done.

Rules based systems are often great solutions for enterprise problems, and are uniquely useful for building so-called ""business rules"". Now you have an external view of your business, and can change behaviour via the rules rather than hard coding your application.

Learn about the power of Rules based thinking in this talk, as we go through and show real examples of how it can help you out in your daily toil.

By Dion Almaer

Our build systems have migrated from make to Ant. While Ant does a good job in many ways, is it the right tool for the job? This session talks about taking builds to the next level, looking at tools such as Maven to make your life easier.

Our build systems have migrated from make to Ant. While Ant does a good job in many ways, is it the right tool for the job?

You often see a lot of copy 'n paste reuse as people jump from project to project, and we think there is a better way. Maven gives you reuse via its plugins.

Are you sick of having 25 copies of someapp.jar in various lib directories? Maven gives you a clean way to handle dependencies, and you will always know which version your project is using.

Maven is built to be simple to get up and running for small projects, yet flexible enough to manage multiple sub projects. It builds on Ant, so you can drop down to that level to tweak the builds for your needs.

Check out this session if you wish to explore a better way to progress on your own builds.

By Dion Almaer

What? Another programming language? Are you kidding me? That is what we often feel when something new comes around, and is something you may be feeling about Groovy. However, Groovy could fit a niche for you in your daily toil. It is the swiss army nice that Perl/Ruby are, yet lets you work in a more structured way, and plays nice with the millions of lines of code already written on top of the Java Virtual Machine.

What? Another programming language? Are you kidding me? That is what we often feel when something new comes around, and is something you may be feeling about Groovy. However, Groovy could fit a niche for you in your daily toil. It is the swiss army nice that Perl/Ruby are, yet lets you work in a more structured way, and plays nice with the millions of lines of code already written on top of the Java Virtual Machine.

This talk discusses a pragmatic view of Groovy where we start off going into detail on the Groovy language, and how it fits into the Java world. Then we will move to examples of how it can help you with tasks such as file IO, SQL access, the web tier, GUIs, Unit Testing, Web Services, and more. If nothing else, you will also see how it has changed the way I program in Java!

By Scott Davis

In this presentation, we'll explore the top four mapping sites and show you how to take advantage of their free services. MapQuest, Yahoo Maps, Google Maps, and MSN Virtual Earth all bring slightly different capabilities to the table. These sites allow you to create your own interactive maps with minimum effort and no previous mapping experience. They take care of hosting the mapping data and making it easy to manipulate -- all you have to do is bring a little bit of know-how to the party.

Thanks largely to Google, web mapping is experiencing a renaissance. Google's mission statement is, "... to organize the world's information and make it universally accessible and useful". They aren't specifically talking about web mapping, but the sentiment certainly applies. If you have data that naturally has a geographic element (a customer list with addresses, sales reports by regions, even a collection of favorite restaurants), today's websites make it easier than ever to display them on a map.

Even if you aren't specifically interested in creating your own maps, this presentation gives real-world examples of many industry hot-button topics -- SOAP vs. RESTful web services, JavaScript and AJAX, and a clear distinction between first generation web technology (Web 1.0) and what the pundits are calling "Web 2.0".

By Scott Davis

Frameworks? We don't need no stinkin' web frameworks. OK, so maybe that's overstating the case. Web frameworks do plenty of good things, but sometimes they can also be golden handcuffs. Too many web developers fall into the trap of thinking, "If it can't be done by my web framework, then it simply can't be done."

This presentation focuses on the cool things that you can accomplish by stepping out of your web framework and getting closer to the underlying technology. We'll take a detailed look at what really goes on during the request/response cycle, and how new techniques like AJAX allow you to break the mold. We'll look at the clever things you can do with MIME types, User-Agents, and HTTP Headers in general.

Old technologies like CSS, DOM, and JavaScript are experiencing a renaissance under the guise of new names like DHTML and AJAX. Google Maps and GMail are literally redefining our expectations of how rich a web application can be by using these technologies to their fullest potential. Come see what makes these sites tick, and how you can utilize the same techniques in your own site.

By Scott Davis

Hopefully your test plan involves more than, "Well, it compiled..." JUnit is fast becoming a required part of the modern Java developer's toolkit. Unit testing your Java classes is a great start, but your test plan shouldn't stop there.

This talk will introduce several additional testing tools for the web developer -- HttpUnit, Canoo WebTest, and JMeter. These tools allow you to test a live website with no changes to the production code. Even better, you can test sites that have been implemented in technologies other than Java.

You will see code examples and live demos of these tools in action. We'll talk about the differences between unit testing, functional testing, and performance/load testing. Come get "test infected" -- you'll never look at the development process the same way.

By Scott Davis

JUnit is more than a Java testing tool -- it is a testing framework that can be extended to test non-Java resources as well. In the first presentation in this series, we examined three JUnit extensions that allow you to functionally test your website. In this talk, we'll look at three more tools that web developers should have in their toolkit: JsUnit, DbUnit, and the W3C Markup Validation Service.

JsUnit allows you to test your JavaScript. Anyone who has done JavaScript development knows that cross-browser support of JavaScript is a tricky proposition. Rather than emulating a specific browser, JsUnit can literally launch different browsers and execute the test suite to ensure that the JavaScript code you wrote actually works.

DbUnit allows you to stage your database tables for unit testing purposes. You can insert and delete information as a part of your test suite. While the database isn't technically a part of the web tier, we'll show how the proper use of this tool allows you to test the other parts of the web tier with ease.

HTML compliance is difficult if not impossible to see just by looking at raw HTML. Browsers are reasonably permissive in terms of the HTML they'll render, but writing valid HTML ensures the widest possible audience for your site. We'll show you how to incorporate this free online service with JUnit.

By Ben Galbraith

Too often, Swing applications are slow, ugly, and hard-to-maintain. It turns out that it doesn't have to be this way. Swing can be used to create highly-responsive, beautiful applications that are very maintainable. If this isn't consistent with your own experience, don't feel bad; its not very obvious how to make Swing sing.

In this session, I explore three topics that lead to much better Swing applications:

• Proper Swing threading
• High-quality third-party Swing look-and-feels
• Good practices for coding Swing applications

In the threading portion of the session, I explain Swing's event handling architecture and its implications for Swing applications. Understanding this topic is crucial to creating highly-responsive Swing apps. I demonstrate how to use this knowledge in the form of many live-coded examples, and I show how frameworks like SwingWorker and FoxTrot can make this easier. Java's default look-and-feel, Metal, is awful (and in my opinion, the "Ocean" theme in JDK 5.0 doesn't do enough to improve it); you should stop using it immediately. But creating good-looking applications is sadly more than slapping in a look-and-feel; you must also take care to understand the principles behind attractive layouts. I spend the second part of this session exploring how to make your Swing applications look great through a combination of third-party look-and-feels and layout techniques.

By Ben Galbraith

Are you spending more time plumbing your Swing applications than solving business problems? Has your Swing application grown out of control? This session is for you.

In the first part of the presentation, I analyze the architectural problems that plague many Swing applications and present architectures that overcome these problems. These architectures are presented in terms of principles along with a reference implementation. You can therefore either adapt the principles to meet the needs of your existing applications, or incorporate the specific ideas of the reference implementation into your new projects. Fortunately, there are some existing frameworks that have done some of the architectural work already. I present some of these frameworks in the rest of the presentation.

By Ben Galbraith

For many of us, XML has become a ubiquitous presence in application development, whether parsing, validating, or manipulating it. For many of us, all that XML is coupled with pain, in the form of tedious APIs (like, say, the W3C DOM API) and confusing technologies (oh, I don't know, W3C XML Schema?).

In this session, I share the following tips for making the XML in our lives a little easier to deal with: - Use StAX instead of SAX - Use StAX to create XML - Use JDOM instead of W3C DOM - Use XPath to select XML - Use Jaxen to enable XPath over custom trees - Use RELAX NG instead of DTD or WXS - Use Trang when DTD/WXS output is required - Use Sun's RELAX NG Converter when WXS input is required - Consider RELAX NG's compact syntax - Use Schematron to extend schema languages - Consider XML namespaces for versioning - Ignore unknown namespaces

By Ben Galbraith

You can do some pretty cool things with XML these days (despite what some curmudgeons in the technology world may claim). In the past few years, XML has solidified its place as the lingua franca of data sharing and data manipulation. But XML as a data transfer language is only marginally interesting. Things get really exciting when XML is dynamically transformed into other formats. In this session, I focus on two XML formats which can be readily transformed into high-quality presentation-centric output formats. XSL-FO is a typesetting format for XML that can be readily converted into PDF (or Postscript and some other formats). SVG is a vector graphics language in XML -- a sort of open-source version of the popular Macromedia Flash format. SVG files can be converted into beautiful, completely scalable -- and interactive - - images.

You can do some pretty cool things with XML these days (despite what some curmudgeons in the technology world may claim). In the past few years, XML has solidified its place as the lingua franca of data sharing and data manipulation. But XML as a data transfer language is only marginally interesting. Things get really exciting when XML is dynamically transformed into other formats. In this session, I focus on two XML formats which can be readily transformed into high-quality presentation-centric output formats. XSL-FO is a typesetting format for XML that can be readily converted into PDF (or Postscript and some other formats). SVG is a vector graphics language in XML -- a sort of open-source version of the popular Macromedia Flash format. SVG files can be converted into beautiful, completely scalable -- and interactive - - images.

By Ben Galbraith

As recent high-profile web apps such as Google's GMail have shown, modern browsers are capable of natively rendering web apps with highly dynamic and compelling UIs - fetching server data without page refreshes, animating and manipulating page contents on-the-fly, even offline use. The line between web and "desktop" apps is blurring.

Experienced web developer Dion Almaer (editor of TheServerSide.com) and noted Java desktop expert Ben Galbraith will describe and demonstrate these new techniques, including how to adapt modern web frameworks such as JSF and Tapestry to ease both the creation and maintenance of these types of applications.

By Ben Galbraith

The Eclipse project's SWT GUI toolkit provides one of the only viable alternatives to Swing for creating so-called rich client applications in Java. Whereas Swing paints its own widgets and has distinguished itself with a complex (and often obtuse) API, SWT relies on the host operating system for widget rendering and sports a simple, clean API. If your goal is to create a Java application that "looks" like a normal Windows application (or OS X, or Linux), SWT will revolutionize your world. In this session, I introduce SWT from the ground up. I start at a high-level, but quickly move into the details of SWT's API. By the presentation's end, attendees will have a solid understanding of SWT.

The Eclipse project's SWT GUI toolkit provides one of the only viable alternatives to Swing for creating so-called rich client applications in Java. Whereas Swing paints its own widgets and has distinguished itself with a complex (and often obtuse) API, SWT relies on the host operating system for widget rendering and sports a simple, clean API. If your goal is to create a Java application that "looks" like a normal Windows application (or OS X, or Linux), SWT will revolutionize your world. In this session, I introduce SWT from the ground up. I start at a high-level, but quickly move into the details of SWT's API. By the presentation's end, attendees will have a solid understanding of SWT.

By Ben Galbraith

This session picks up where SWT Fundamentals leaves off. Among the advanced topics I discuss are creating custom SWT widgets and exploring tight native integration. I combine another compelling topic with the advanced SWT material: JFace. SWT is a more akin to AWT than Swing; its concerned more with wrapping native functionality than providing any high-level abstractions. JFace is an API on top of SWT that provides such abstractions. The combination of SWT and JFace is comparable to Swing. My coverage of JFace includes an introduction to several of its frameworks, such as the Viewer and Window frameworks, along with many examples. Learning JFace will enable you to write complex SWT applications much faster.

This session picks up where SWT Fundamentals leaves off. Among the advanced topics I discuss are creating custom SWT widgets and exploring tight native integration. I combine another compelling topic with the advanced SWT material: JFace. SWT is a more akin to AWT than Swing; its concerned more with wrapping native functionality than providing any high-level abstractions. JFace is an API on top of SWT that provides such abstractions. The combination of SWT and JFace is comparable to Swing. My coverage of JFace includes an introduction to several of its frameworks, such as the Viewer and Window frameworks, along with many examples. Learning JFace will enable you to write complex SWT applications much faster.

By David Geary

Okay, so you know a little about JSF. You understand managed beans, action outcomes and how to attach standard JSF validators to components in a JSP page.

But there is a great deal of functionality that the average web application supports that JSF doesn't provide out of the box. For example, wouldn't you like to have JSF automatically place asteriks in front of labels for required fields? You are going to implement client-side validation, which JSF does not support out of the box, aren't you? Of course, you're going to test your application, right? And don't forget to trap unauthorized use of the back button.

How do you do all of that stuff in a JSF application? If those are the kinds of questions that keep you up at night, then this session is for you. We will explore the outer reaches of JSF development to illustrate how you can bend your next JSF application to your will.

By David Geary

JavaServer Faces is a well designed user interface framework, but it lacks a number of features you might otherwise expect out of the box; for example, JSF does not explicitly provide support for client-side validation.

So, from the folks that brought you Struts, comes Shale, a collection of useful enhancements to JSF. A top-level Apache Software Foundation project, Shale adds some really cool features to vanilla JSF, including:

Web flow: script dialog flow Remote Method Calls: easily call JavaBean methods from JavaScript Tapestry-like views: code views in pure HTML Use Apache Commons Validator validators on the client or server, or both JSF testing framework: mocks for easy JSF testing

There's a lot of cool stuff in Shale that makes JSF a much more compelling proposition. Come see what it's all about.

This is a code-intensive, fast-paced look at Apache Shale. Forty-plus slides and five demos makes for an action packed session that illustrates the cool features that Shale provides.

By David Geary

User interfaces are usually the most turbulent aspect of an application during development. Constant tinkering with the UI means constant changes to your code, so as a UI developer, you want to minimize the scope and effects of those code changes.

Open-source Java provides two powerful software packages that help you manage UI complexity: Tiles and Sitemesh. Tiles composes webpages from discrete regions of your user interface known as tiles. A tile contains a JSP page for layout and one or more JSP pages for content. Sitemesh decorates webpages with decorators that can be associated with URL patterns. Once you set up your decorators, you can decorate pages that match a decorator's URL pattern.

Come see how to use Tiles and Sitemesh with a guided tour from the inventor of Tiles, who has recently become a Sitemesh believer.

By Brian Goetz

What's the worst thing that can happen when you fail to synchronize in a concurrent Java program? Its probably worse than you think -- modern shared-memory processors can do some pretty weird things when left to their own devices.

Java was the first mainstream programming language to incorporate a formal, cross-platform memory model, which is what enabled the development of write-once, run-anywhere concurrent classes. It is the Java Memory model that defines the semantics of synchronized, volatile, and final.

However, because the most commonly used processors (Intel and Sparc) offer stronger memory models than is required by the JMM, many developers frequently use synchronization and volatile incorrectly, but have been insulated from failure by the stronger memory guarantees offered by the processor architecture they happen to be deploying on. (The infamous "double checked locking" idiom is an example of this sort of error.)

Understanding the Java Memory model is key to using the core concurrency primitives (synchronized and volatile) to develop thread-safe, efficient concurrent classes. We?ll cover what a memory model is (and why we should care), what synchronization really means, and what can really go wrong when we fail to synchronized correctly.

By Brian Goetz

JDK 5.0 is a huge step forward in developing concurrent Java classes and applications, providing a rich set of high-level concurrency building blocks.

Prior to the release of JDK 5.0, the Java platform provided basic primitives for writing concurrent programs, but they were just that -- primitive -- and difficult to use properly. Building multithreaded applications on the Java platform's low-level concurrency primitives posed many traps for the unwary, and many developers were forced to reinvent the wheel by writing their own classes for thread pools, semaphores, and task schedulers.

To help users create robust, scalable, and (most importantly) correct multithreaded applications, JDK 5.0 includes a rich set of high-level concurrency constructs, such as thread pools, semaphores, mutexes, barriers, and high-performance concurrent collection classes. Using these concurrency utilities will, in most cases, make your programs clearer, shorter, faster, easier to write, and more reliable. This session provides you with an overview of the new high-level concurrency utilities in the new java.util.concurrent package in JDK 5.0.

By Brian Goetz

Pop quiz: which is faster, Java or C++? If you are talking about allocation performance, the answer is Java, hands-down.

The performance of the garbage collector in the HotSpot JVM has improved steadily since JDK 1.0. The early garbage collectors were criticized for poor performance, but, except for some edge cases, garbage collection performance in HotSpot is now so good that allocation is an area where Java programs handily outperform comparable C++ programs.

The early JVMs used a simple mark-sweep collector, which was easy to implement and worked well enough for short-lived, small-heap applications. Current JVMs use a generational garbage collection approach, using different collection strategies for different areas of the heap, which for typical applications, offers excellent throughput and short pauses. Additionally, HotSpot versions 1.4.1 and later offer several alternate collectors for multiprocessor and large-heap systems.

In this session, we’ll explore the basic approaches to garbage collection, garbage collection options in the the HotSpot JVM, some common garbage collector tuning options, and some idioms to avoid in order to make your application coexist peacefully with the garbage collector.

By Brian Goetz

Does your program have bugs, despite unit tests, integration tests, and code reviews? You bet. Are you using static analysis as part of your QA process? If not, you're probably missing out on some bugs that can be caught before they bite your customers.

The cost of finding a bug increases dramatically the longer it lurks without being discovered. Fortunately, today?s development tools (IDEs and compilers) can identify many potential bugs within a few seconds of their creation, resulting in higher quality code and more productive programmers. However, even the best programmers can create bugs that are very hard to spot if they make it through their first few minutes of their existence.

Until recently, automated code analyzers have not been very useful for mainstream developers. Most code analysis packages focused either on stylistic issues (such as indenting and variable naming), or on formal correctness proofs (which require an investment in specification that few developers can afford to make.)

FindBugs, an open-source tool developed by Bill Pugh and David Hovermeyer of the University of Maryland, has raised the bar for ease-of-use and effectiveness of automated code analysis for finding bugs. FindBugs has been able to find many serious bugs in production software, including Eclipse, JBoss, Apache Tomcat and Sun's JDK implementation, with an impressively low false-positive rate compared to other approaches.

This session will explore how static code auditing tools work, how it is easy to write bug-detector plugins to find new bug patterns, presents some common bug patterns and fun "find the bug" puzzles, and shows how code auditing tools can easily identify them.

Every developer will want to have these tools in their toolbox.

By Stuart Halloway

For centuries people have used crypto to build (and break) secure systems. Computers have only raised the pitch of conflict, providing enormous cryptographic power at commodity prices. Most programmers do not write their own crypto libraries, instead relying on the services of an operating system or virtual machine. But even with all this support, building secure systems is a daunting task.

This talk will cover three things all programmers need to know: 1. the basic tools of computer crypto 2. the programmatic APIs to these tools 3. common programming mistakes that can undermine otherwise secure systems You will learn the basics of hashing, message digests, public key encryption, symmetric key encryption, certificates, and key management. With each, you will see programmatic examples, with advice for correct usage.

By Stuart Halloway

The Java platform is built from the ground up with security in mind. This talk will introduce the security features of the J2SE, building quickly from the basic classes to realistic examples.

You will learn the core APIs:

SecurityManager, AccessController, Permissions and Policy

JAAS Subjects, Principals, and LoginModules

You will then see how to invoke these APIs in real application scenarios. You will learn how to:

Partition your applications to safely invoke downloaded code

Read and write Java policy files

Extend the architecture with custom permissions

Provide secure services through PrivilegedActions

Use JAAS to authenticate and authorize users

By Stuart Halloway

Reflection is writing code that manipulates itself. Well-written reflective code automates a broad class of repetitive, error-prone programming tasks. Poorly-written reflective code obfuscates programs and destroys the benefits of the type system. We'll focus on the former.

REFLECTIVE TASKS COVERED IN THIS TALK

• Discovering class members
• Dynamically accessing fields, methods, and constructors
• Bypassing the Java language protection modifiers
• Converting between objects, XML, and relational data
• Generating new classes at runtime
• Intercepting method calls and simple aspects
• The reflection security model

By Stuart Halloway

(3 Hour Session) Attendees should attend the Introduction to Reflection talk, or have some experience using reflection or metaprogamming in a reflective language such as Java, Objective-C, Smalltalk, Python, or Ruby. Familiarity with the GOF book is helpful but not required.

Design patterns are recurring solutions to problems that consistently appear in software development. However, this does not mean that design patterns cannot be "solved", i.e. converted into language or library features. In fact, most of the original design patterns can be solved using dynamic language features such as reflection.

This talk covers specific design patterns, and shows multiple implementations of each, demonstrating how reflection and other dynamic techniques make the patterns invisible, freeing you to concentrate on solving new problems.

In part A I cover • Abstract Factory • Almost-Real Objects (a variant of mock objects) • Singleton

In part B I cover • Iterator • Flyweight • Observer • Dynamic Agile Development

By Stuart Halloway

(3 Hour Session) Attendees should attend the Introduction to Reflection talk, or have some experience using reflection or metaprogamming in a reflective language such as Java, Objective-C, Smalltalk, Python, or Ruby. Familiarity with the GOF book is helpful but not required.

Design patterns are recurring solutions to problems that consistently appear in software development. However, this does not mean that design patterns cannot be "solved", i.e. converted into language or library features. In fact, most of the original design patterns can be solved using dynamic language features such as reflection.

This talk covers specific design patterns, and shows multiple implementations of each, demonstrating how reflection and other dynamic techniques make the patterns invisible, freeing you to concentrate on solving new problems.

In part A I cover • Abstract Factory • Almost-Real Objects (a variant of mock objects) • Singleton

In part B I cover • Iterator • Flyweight • Observer • Dynamic Agile Development

By Stuart Halloway

JUnit is great. Jython and JRuby are even better. Unit testing libraries look the same everywhere, so why not use the one that lets you get your job done faster?

Unit testing has taken the world by storm. Almost every major language has a JUnit-like library. And here's the good news: These libraries are so similar that once you learn one, you can use any of them.

Given that many languages interoperate directly with Java, you aren't limited to JUnit. You can pick the library that provides the best language level support for writing concise, easily maintainable unit tests. Circa late 2005, there are good arguments for the unittest module in Jython, and Test::Unit in JRuby.

The talk is divided into three parts:

1. A crash introduction to unit testing Java code. We'll cover test-driven development, test cases, assertions, fixtures, and test suites. We'll be using Jython and JRuby but the concepts are exactly the same in any language
2. A look at the Python and Ruby features that make Jython and JRuby compelling choices. We'll see how tests are faster to develop and easier to maintain than JUnit tests. And perhaps surprisingly, we'll also see how tests scale better when applications get large.
3. A candid comparison of Jython, JRuby, and JUnit, including advantages and disadvantages of each. One size does not fit all.

By Ramnivas Laddad

J2EE has become the main new platform for enterprise application deployment. Good performance is an important business requirement. Supporting this requirement needs application profiling during the development phases and performance monitoring after application deployment. Come to this session to understand challenges and choices in monitoring J2EE applications.

Performance monitoring solutions must work under constraints imposed by the environment. Further, they must balance conflicting requirements such as overhead vs. richness of information. All of these need careful understanding of both requirements and solutions as well as the costs of any tradeoff decisions.

This session presents various tools and techniques available for monitoring J2EE applications. We will consider requirements of performance monitoring solutions in different scenarios. We will also discuss underlying enabling technologies such as Java Virtual Machine Profiling Interface (JVMPI), Java Virtual Machine Tool Interface (JVMTI), JFluid, JMX, design patterns, and aspect-oriented programming (AOP). During the session, we will demonstrate many of the tools and technologies discussed.

By Ramnivas Laddad

Aspect Oriented Programming (AOP) enables modularizing implementation of crosscutting concerns that abound in practice: logging, tracing, dynamic profiling, error handling, service-level agreement, policy enforcement, pooling, caching, concurrency control, security, transaction management, business rules, and so forth. Traditional implementation of these concerns requires you to fuse their implementation with the core concern of a module. With AOP, you can implement each of the concerns in a separate module called aspect. The result of such modular implementation is simplified design, improved understandability, improved quality, reduced time to market, and expedited response to system requirement changes. Come to this session and learn all about how AOP can help you simplify developing complex systems.

AspectJ (http://eclipse.org/aspectj) is the leading implementation of AOP for the Java programming language. AspectJ is a new language as well as its implementation. The output produced by the AspectJ compiler is compatible with the Java byte code specification. Further, AspectJ is well integrated with the most commonly used IDEs, which makes the Java developer more productive.

This session is targeted at the developer with no or little familiarity with AOP and AspectJ. It will introduce AOP’s concepts and the AspectJ programming language, along with many examples and live coding to solidify the concepts learned. After attending the session, you will have a clear idea about AOP's value and its practical applications.

By Ramnivas Laddad

Aspect Oriented Programming (AOP) enables modularizing implementation of crosscutting concerns that abound in practice: logging, tracing, dynamic profiling, error handling, service-level agreement, policy enforcement, pooling, caching, concurrency control, security, transaction management, business rules, and so forth. Traditional implementation of these concerns requires you to fuse their implementation with the core concern of a module. With AOP, you can implement each of the concerns in a separate module called aspect. The result of such modular implementation is simplified design, improved understandability, improved quality, reduced time to market, and expedited response to system requirement changes. Come to this session and learn all about how AOP can help you simplify developing complex systems.

AspectJ (http://eclipse.org/aspectj) is the leading implementation of AOP for the Java programming language. AspectJ is a new language as well as its implementation. The output produced by the AspectJ compiler is compatible with the Java byte code specification. Further, AspectJ is well integrated with the most commonly used IDEs, which makes the Java developer more productive.

This session is targeted at the developer with no or little familiarity with AOP and AspectJ. It will introduce AOP’s concepts and the AspectJ programming language, along with many examples and live coding to solidify the concepts learned. After attending the session, you will have a clear idea about AOP's value and its practical applications.

By Nick Lesiecki

Design patterns have long been part of the experienced developer's tool chest. However, design patterns can affect multiple classes and this makes them invasive and hard to (re)use. This presentation will discuss how AOP solves this problem by fundamentally transforming pattern implementation. The class will examine examples of various traditional design patterns (including some of the famous GoF patterns) and discuss the practical and design benefits of implementing them with aspect-oriented techniques. This session will be of interest to anyone who has struggled with design patterns. It is also the perfect session for a programmer interested non-trivial applications of AOP, or who wishes to see aspect-oriented design in action.

Goals/Key Points:

• Review design patterns: what they are, how they can be thought of
• How AOP can affect pattern implementation
• Review AOP key concepts and AspectJ syntax
• The Decorator Pattern, in Java, then AspectJ
• Apply more advanced AOP to the Swing Thread Safety patter
• How to reuse open source pattern implementations (Observer)

By Nick Lesiecki

Aspect Oriented Programming offers enhanced modularity and cleaner separation of crosscutting concerns. That's all fine and well for architecture geeks. But can it help your project today? Has anyone applied it in the real world? The answer is "yes," and in this session, an AOP expert and early adopter will demonstrate how his team used aspect oriented programming to implement non-trivial business concerns. Along the way attendees will learn about advantages of AOP and understand some of the problems encountered adopting it.

This session will give an overview of how the Adbase team at VMS (http://vmsinfo.com) brought AspectJ into a J2EE data integration project. It will start with showing how aspects provided a clean way to debug errors in a third party library. A more complex example will illustrate how AOP helped dynamically update shopping cart prices without requiring extensive modifications to the domain objects. Finally, the class will cover one of the first reusable aspects developed by the company—an aspect to manage relationships between persistent objects. The last part of the presentation will examine the challenges of and tactics for AOP adoption. Attendees will learn what compromises were necessary, how the team scaled the learning curve, and which development practices helped ease adoption and mitigate risk.

By Bruce Tate

This session, for the Spring beginner, helps you: • Understand dependency injection and inversion of control • Know the meaning of lightweight containers and Spring • Understand the basic pieces of Spring • See core Spring modules in action, including Persistence, AOP, transactions.

Attendees need not know anything about Spring. This session does talk about integration with core J2EE frameworks like JDBC and transactions.

The Spring framework is one of the fastest growing open source frameworks. New job postings are gaining rapidly, and many customers are adopting Spring instead of heavier alternatives. In this session, we’ll introduce Spring. You’ll see how Spring can give you much of the power of EJB, without the complexity or pain.

Spring uses concepts like dependency injection and aspect oriented programming to ease standard enterprise development. Spring developers write plain, ordinary Java objects (POJOs), instead of sophisticated components. In this session, you’ll see a basic Spring application. You’ll also see some details about some of the enterprise integration strategies, including:

• Spring AOP • Transactions • Persistence • Model/view/controller

When the session is over, you won’t be an expert, but you should have a much clearer understanding of what Spring does, what it doesn’t do, and why it’s growing so rapidly.

By Bruce Tate

This session will help a Java developer choose a persistence framework. After the session, you will • Understand the core strengths and weaknesses of the main persistence frameworks in the Java space • Understand where marketing influences can impact persistence • Know what’s going on behind the scenes to impact the persistence pictures • Answer questions about persistence frameworks that might not be mainstream

This free-form session is intended to help attendees choose or validate a persistence framework. In it, the instructor will take questions from the audience, and tailor the session to the questions asked. Bruce will focus on three persistence frameworks: EJB, JDO and Hibernate. He’ll talk about the evolution of each of the frameworks. He’ll talk about the fundamental design philosophies of each, and what makes each unique and strong.

But understanding technical strengths is not enough in the area of persistence. To make the best possible choice, a developer or architect must also understand the politics of persistence, and the marketing pressures that lead to the success or failure of each framework. The proposed common standard across JDO and EJB will get special consideration.

This format has been very popular among nofluffjuststuff attendees. It’s highly tailored to each audience, but still flows with good structure. When the session is over, you’ll have a better understanding of the major persistence frameworks in the Java space, and what makes each valuable. You’ll also understand how much of a role market share and technology play in the success or failure of a persistence framework.

By Bruce Tate

All programming languages have a limited life span, and Java is no different. This is a philosophical session rather than a programming session. Sooner or later, Java will lose its leadership position. This session will explore Java's strengths and weaknesses. We'll try to understand whether conditions are ripe for alternatives to emerge, and what those alternatives may be.

The Java programming language has been tremendously successful. Many of the roots of its success may be surprising to the audience. But every major programming language has a limited life cycle. While it’s true that Java and .NET seem to be the only games in town, some alternatives are beginning to emerge.

In this session, we’ll discuss some of the limitations of the Java language, and the impact that they might have on the productivity of Java developers. We’ll then look at some of the innovations around other frameworks and languages, and some of the features of those languages that boost the productivity of other non-Java developers:

• Typing, and why it matters • Code blocks and closures • Regular expressions • Innovative frameworks

Finally, we’ll take a look at where developers may look at using other languages. Clearly, most of the work that we do will be in Java for the foreseeable future, but certain project classifications may make it much easier to embrace alternatives, for good competitive effect.

By Bruce Tate

Agile programming is a collection of core principles and techniques that allow software developers to create lighter, more responsive applications, and to have fun doing it. Many established organizations are either openly or sub-conciously hostile to many of the principles of Agile development.

We'll explore the intersection of these new practices and old-world sensibilities, relying on real-world case studies to illustrate some of the compromises that are necessary to bridge the gap. In addition to technical and process aspects, we'll also spend some time talking about the business aspects, such as how Agile development affects contracts.