O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

Hibernate is easy to get started with, but can sometimes be hard to make efficient or secure. In fact, the default settings for Hibernate createapplications that will run slowly, cause unwanted round trips to the database, and may be more restrictive and/or permissive from a security standpointthan you would otherwise want.

This session will show advanced techniques for tuning performance, including: • advanced collection mapping strategies • lazy loading • cascading update management • lifecycle management • Hibernate's interceptor layer In addition, we'll examine the security considerations when using Hibernate. Often, single-credential data access isn't enough for sensitive data. We'll walk through using per-user credentials for data access, logging security information about and through Hibernate, and accessing data sources through secure application servers.

Dependency Injection (DI) is the cornerstone of Spring. The core concept is quite simple, but (surprise!) actual practice can become complex. To take full advantage of Spring DI, you need to understand not only the basics on configuration, but also the container lifecycle model and the various hooks provided by the framework.

Topics will include

The difference between DI and Continuous Integration

Setter Injection

Constructor Injection

Factory Injection

Bean lifecycle

Method Injection

Using the ApplicationContext

Custom PropertyEditors

Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.

In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module

• page level authorization

• method level authorization

• instance level authorization

• forcing HTTPS connections to secured sites

• impersonation using the RunAsManager

Learn to use Spring AOP, aspect injection. and AspectJ integration.

Spring provides powerful support for Aspect-Oriented Programming (AOP), via

Spring Advisors Dependency Injection for Aspects Integration with AspectJ

In this session you will learn to use Spring AOP in real-world settings. We'll start with the basics of programmatic pointcuts, advice, and joint points. Then, we'll integrate these into the application Spring-style, using Dependency Injection.

With the basics out of the way, we'll move to meatier questions, including:

How (and when) should I step up to AspectJ? How are Aspects implemented, and what are the performance implications? What are the alternatives to Aspects?

Attendees will get more out of this presentation if they have a basic knowledge of Spring and Dependency Injection.

Java has always provided a model for concurrency and threads. With Java 1.5, this model received a major facelift. Learn how to use the new concurrency utilities to build responsive, scalable, and correct concurrent applications.

Java's support for threads is broad and deep. From the early days of the platform, programmers have used threads, synchronized blocks, and monitors to build safe multi-threaded applications. Java 1.5's new concurrency utilities greatly reduce the need to use these primitives directly. Now, Java provides a set of lock classes and task scheduling tools that provide much more leverage in writing real applications. We'll explore java.util.concurrent, and also see how the Java Memory Model has been corrected in 1.5.

Most of the advantages of java.util.concurrent can also be had in previous version of Java. We'll discuss Doug Lea's concurrency utilities and the backport of java.util.concurrent to 1.4. Both of these are appropriate for production use.

Finally, we'll look at common mistakes in multi-threaded programming. The most common mistake is using threads when you don't need them. We'll look at alternatives to threads, and how to choose between them.

The Java platform is built from the ground up with security in mind. This talk will introduce the security features of the J2SE, building quickly from the basic classes to realistic examples. You will learn the core APIs: SecurityManager, AccessController, Permissions and Policy JAAS Subjects, Principals, and LoginModules

You will then see how to invoke these APIs in real application scenarios. You will learn how to: • Partition your applications to safely invoke downloaded code • Read and write Java policy files • Extend the architecture with custom permissions