By Neal Ford

This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran.

Even the most competent programmer falls into habits and coding ruts. This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran. It is derived from many sources, including other languages (Smalltalk, Lisp, Java, and others), and techniques and idioms we have developed teaching developers. It also consolidates information from books that delve into the craft of writing good software. The goal is to create code that is easier to read, maintain, debug, and enhance.
Key Session Points:

1. Names of Things
2. Composed Method
3. Apply the Unix Philosophies
4. Syntactic Stuff
• Constants
• Enumerations
• Common Methods: equals() && hashcode()
5. Orthogonality
6. Compactness
7. The Pragmatic Rules
8. Template Method
9. Bad Inheritance
10. Decoupling with Interfaces

By Neal Ford

This session discusses techniques and tools for debugging enterprise applications (without using System.out.println()!)

It's an interesting dilemma – we have the best tools for software development ever, yet developers are still debugging enterprise applications using ystem.out.println()! This session discusses techniques and tools for debugging enterprise applications. It shows how to perform remote debugging through all the major IDEs, either on the same machine or across a network. It also shows how to debug using the command-line jdb debugger (the only one guaranteed to always be available).This session shows how to debug web, EJB, and lightweight enterprise applications. It discusses class loaders, interactive enterprise debugging with Groovy, and how to automate repetitive tasks using JWebUnit and Selenium, making the computer do work for you instead of vice versa (how many times do you have to walk multiple pages through a web application to get to the point where you can debug it?). This session shows you how to automate these and other common debugging tasks. The goal is to make hunting and eliminating bugs in complex applications much easier.

Key Session Points: • Setting up remote debugging in IDE's    o Eclipse    o IntelliJ • Effective remote debugging • When it's all you've got: jdb and enterprise applications • Forensic debugging using loggers • Debugging web applications    o Inspector    o Bookmarklets • Debugging EJB • Debugging in lightweight frameworks • Interactive Debugging with Groovy • Automating debugging tasks    o JWebUnit    o Selenium

By Neal Ford

Regular expressions should be an integral part of every developer?s toolbox, but most don?t realize what an important topic it is. Regular expressions have existed for decades, but many developers don't understand how to take full advantage of this powerful mechanism, either through command line tools and editors or in their development.

This session shows how to fully exploit regular expressions. It begins with the basic premise of how regular expressions work, then shows how to take advantage of the RegEx library built into the Java platform. This session shows how to use wildcards, escape characters, meta-tags, character class operators, look-aheads/look-behinds, and how to use the greedy operators effectively. It covers regular expressions from the beginning through to advanced usage, both in Java and in tools that support regular expressions. This session is packed with real examples of regular expressions (including a game show with no fabulous prizes).

Key Session Points:

Common Regex mistakes

By Neal Ford

This session talks about how to actually get XP done in the real world (and what to tell your boss).

Extreme programming sounds a little too ?ESPN2? for most managers, but there is a lot of sound engineering behind its principles. My employer, ThoughtWorks, has been extremely successful using the full XP stack and we have developed lots of experience with it. This session talks about how to do XP in the real world. XP is all about feedback loops, so I discuss how to replace the radical sounding ones with more palatable ones. I talk about the parts of XP that are absolutely vital (unit testing, collective ownership, continuous integration, etc) and the ones that you can introduce a little more slowly (pair programming, only a 40 hour work week). This session focuses on the practicality of XP and how you can adopt it at your organization. I also talk about political battles with managers, other departments, and barriers that pop up anytime you try to introduce change in a large enterprise. Discussion is encouraged (required) in this session.

Key Session Points: XP and Feedback Loops A pragmatic look at the XP practices     The planning game     Small releases     Metaphor     Simple design     Testing     Refactoring     Pair programming     Collective ownership     Continuous integration     40-hour week     On-site customer     Coding standards XP in the real world

By Neal Ford

This session shows how to use Java as the building block for domain-specific languages. It discusses the next revolution in programming: language-oriented programming and the nascent tools that support it.

If you look at the way advanced programmers in highly dynamic languages (like Lisp, Smalltalk, Ruby, etc.) work, they tend to build domain specific languages on top of their low-level language. The language syntax itself becomes building blocks for languages that are highly specific to their problem domain. It’s not as easy to apply this technique to a static language (like Java), but it is possible. This session shows how to use Java as the building block for domain-specific languages. It discusses internal and external DSLs, with pros and cons for each. This session progresses from creating an internal DSL using Java syntactic elements as keywords through using compiler-building tools to create your own external DSL arriving ultimately at the new tools that allow you to build, edit, and deploy external DSL (language workbenches). This session covers the theory and practice of building DSL's and why this is an important step in the evolution of programming paradigm. It shows tools that are available now to build DSL's and discusses tools on the horizon that will make this much easier.

Key Session Points: 1. Why Dynamic languages? 2. Building domain languages 3. Language-oriented Programming    a. Internal DSLs    b. External DSLs 4. Internal DSL    a. Characteristics    b. Advantages    c. Disadvantages 5. External DSL    a. Characteristics    b. Advantages    c. Disadvantages 6. Case Study: Building your own language    a. Building the parser    b. Building the lexer    c. Abstract Syntax Trees 7. Parsing other languages    a. Parsing Java    b. Parsing HTML, JavaScript, and others 8. Language Workbenches    a. JetBrains MPS in Action

By Ted Neward

There's a set of fallacies that every enterprise developer has fallen for at some point in their enterprise development lives, and unless they've come to realize it early enough, all cause big trouble and painful learning experiences in the long run.

In this talk, we'll go over the Enterprise Fallacies, discuss why they're so insidious and easy to fall into, and how developers can go about making sure they avoid them in the future. Discussions will be relative to both .NET and Java, as well as the emerging Web services stack, as the Fallacies know no technical boundaries.

By Ted Neward

Security's become a hot topic among enterprise developers in recent years, but to many developers, security is still the white elephant in the middle of the room. Discussions about security usually begin with, "Uh, we'll worry about that later", or, "Start with two really large prime numbers.....". Security isn't as hard as developers make it out to be, but it is something that developers need to face and recognize.

In this talk, we'll extract the 10 Items on Security from Effective Enterprise Java and talk about them, giving developers the basic heads-up they need to have when building enterprise systems in Java.

By Ted Neward

Bring all of your enterprise Java questions to this open forum discussion hosted by the author of “Effective Enterprise Java”, Ted Neward.

This session will be a great opportunity to listen & participate in a discussion on all things relating to enterprise Java.

By Mark Richards

As companies continue to change the way they do business, so must the IT systems that support the business. Changes due to regulatory requirements, competitive advantage, mergers, acquisitions, and industry trends require flexible IT systems to meet the demands of the business. Software Architects must therefore make their architectures more agile to meet the flexible demands of today's business. Through real-world examples and scenarios we will explore some of the challenges facing Software Architecture and discuss several concrete techniques for applying agility to both the architecture process and the technical architecture itself. We will also look at various architecture refactoring techniques, and discuss the pros and cons of each. By attending this session you will learn how to apply various agile techniques to improve your architectures and overcome some of the challenges facing software architecture in today's ever-changing market.

Agenda: - Introduction - Part One: Applying Agility to Architecture (Interactive) - Part Two: Agile Methodologies - FDD - Part Three: Agility and Architectural Refactoring

By Mark Richards

The new EJB 3.0 spec (JSR-220) offers some great improvements over the prior EJB specs in terms of development simplicity and new features. In this session we will take a look at the new EJB 3.0 spec and the new Java Persistence API. Included in this session will be a discussion about Java metadata annotations, simplification of enterprise beans (session and message-driven beans), interceptors, changes in transaction processing, and how the new Java Persistence API works. During the session I will be demonstrating how the EJB 3.0 spec differs from the EJB 2.1 spec through code example comparisons. I will also be discussing how the new Java Persistence API compares to related Java persistence options and whether we should be excited about the new persistence API or (yawn) sticking with what we have.

Agenda - Introduction - EJB 3.0 New Features Summary - Java MetaData Annotations – no more ejb-jar.xml? - Constructing and accessing an EJB 3.0 Session Bean - EJB 3.0 Transactions - Interceptors and use of the @AroundInvoke annotation - Entities and the Java Persistence API

By Mark Richards

Tired of dealing with EJBs but cannot use other frameworks like Spring? How would you like to replace all of your remote Stateless Session Beans with POJOs and still access them remotely within Java EE? By using the Java EE Command Pattern we can write EJBs as POJOs and solve many of the issues facing EJB, including testability, configuration complexity, and performance, and still remain within the boundaries of the Java EE container. The Java EE Command Pattern is a simple pattern that can significantly reduce the complexity of large-scale Java EE enterprise applications. In this session we will explore the numerous issues facing a typical EJB architecture and learn how the use of the Java EE Command Pattern can solve these issues. We will walk through the different design alternatives and see how the command pattern is implemented in both EJB3 and in Spring. Through interactive coding examples you will learn what components make up the Command Pattern framework and what simple coding changes are required to convert a complex remote EJB-based application to a much simpler remote POJO-based application.

Agenda - Issues with J2EE - Java EE Command Pattern Introduction - Java EE Command Pattern Core Components
- The Command Pattern Framework Implementation (EJB) - The Command Pattern Framework Implementation (Spring/RMI) - Applying the Command Pattern to a Typical EJB Application

By Mark Richards

There has been a significant amount of buzz in the community and industry about the definition and role of an Enterprise Service Bus (ESB), particularly within the area of Service-Oriented Architecture (SOA). In this product-agnostic high energy session we will take a step back and consider whether we really need an ESB. Through real-world application and architecture scenarios we will see where an ESB would be helpful and where it would be overkill. We will take a look under the hood and find out just what an ESB is really doing, and take a quick look at JBI (JSR-208) and see the impact it has on the ESB worls. Then, using product-agnostic coding examples we will learn what an Enterprise Service Bus is supposed to do, then answer the question about whether the ESB is just a bunch of hype or if we really need it.

Agenda - Introduction - Handling Distributed Services Today - ESB Alternatives - Services - ESB Capabilities - Rolling Your Own: Possible Java Implementations - ESB Use Cases - JBI (JSR-208) - Summary and Q&A

By Venkat Subramaniam

Agile development is picking up steam. You have heard about eXtreme Programming(XP). What other Agile methodologies are you familar with and what do they bring of interest or significant to the table of Agility? More important, why should you learn about these different methodologies instead of simply focusing on one? There is no one shoe that fits all. Any methodology that requires you to follow it in totality and not let you adapt is rather dogmatic, not pragmatic. To be effective we have to take the best of different approaches and apply to our projects base on our specific needs.

In this session, we will look at different methodologies (XP, Scrum, FDD, Crystal, ...) that promote agility. We then will compare and contrast the features of each. You can take away from the presentation what makes the most sense for your project and team.

By Venkat Subramaniam

Java introduced Generics in the 1.5 version (Java 5). What are the capabilities of Generics? How do you use it? Are there some gotchas in using it? In this example driven presentation, we will start at the basics of generics and look at its capabilities. We will then look at some of the under the hood details on generics implementation. We will then delve into the details of some of the changes to Java libraries to accommodate generics. Finally we will take a look at some restrictions and pitfalls that we need to be familiar with when it comes to practical and prudent use of generics.

Topics: • Need for Generics • Generics in Java • Bounded Parameters • Wildcard • Restrictions • Generics Implementation • Effect of Erasure • Java libraries changes • Pitfalls and pragmatics

Benefits: • Know your generics • See how to create your own generics • Understand issues with converting to genetics • Learn the limitations • Attain the wisdom • Decide if this if for your project

By Venkat Subramaniam

Is your code object-oriented? Developing with objects involves more than using languages like Java, C#, C++ or Smalltalk for that matter. From time to time, the OO paradigm stumps even expert developers. Agile programming becomes a mere act of hack if we code without knowing the OO principles. What are these principles – the ones that influence your design? In this presentation the speaker will present some of the challenges that are fundamental in nature. Then he will present OO Design principles and good practices for prudent development of OO code.

Topics: • Metrics of design • Good design vs. bad design • Perils of design • Principles for OO Design • Examples that illustrate the principles

Benefits: • Learn principles that lead to better design • Learn fundamentals that will change the way you will code • Gain insight into the design tools needed for agile development • Helps improve the quality of your system • Better your design skills

By Venkat Subramaniam

Object-oriented scripting languages, or agile dynamic languages, as some like to call those, are gaining programmers' attention. Groovy bring this excitement to the Java platform with its ability to generate byte code. You can use Groovy instead of Java for some parts of your application. By learning it, you can switch between the languages where you consider fit.

In this session we will learn what Groovy is. We will take an example driven approach to look at interesting features. We will see how a piece of code you would write in Java can be written, elegantly, using Groovy. In addition to the current features, we will also discuss the state of the language and tools.

By Scott Davis

Hopefully your test plan involves more than, "Well, it compiled..." JUnit is fast becoming a required part of the modern Java developer's toolkit. Unit testing your Java classes is a great start, but your test plan shouldn't stop there.

This talk will introduce several additional testing tools for the web developer -- HttpUnit, Canoo WebTest, and JMeter. These tools allow you to test a live website with no changes to the production code. Even better, you can test sites that have been implemented in technologies other than Java.

You will see code examples and live demos of these tools in action. We'll talk about the differences between unit testing, functional testing, and performance/load testing. Come get "test infected" -- you'll never look at the development process the same way.

By Scott Davis

Frameworks? We don't need no stinkin' web frameworks. OK, so maybe that's overstating the case. Web frameworks do plenty of good things, but sometimes they can also be golden handcuffs. Too many web developers fall into the trap of thinking, "If it can't be done by my web framework, then it simply can't be done."

This presentation focuses on the cool things that you can accomplish by stepping out of your web framework and getting closer to the underlying technology. We'll take a detailed look at what really goes on during the request/response cycle, and how new techniques like AJAX allow you to break the mold. We'll look at the clever things you can do with MIME types, User-Agents, and HTTP Headers in general.

Old technologies like CSS, DOM, and JavaScript are experiencing a renaissance under the guise of new names like DHTML and AJAX. Google Maps and GMail are literally redefining our expectations of how rich a web application can be by using these technologies to their fullest potential. Come see what makes these sites tick, and how you can utilize the same techniques in your own site.

By Scott Davis

The full title of this talk is, "The Sound of One Hand Clapping, or How to Pair Program with a Single Programmer -- Scaling XP to Small Projects." Everyone talks about using J2EE for massive projects, but what about the lone wolf developer? Can they still apply the lessons learned from agile development methodologies to their everyday work?

XP is an ideal methodology for dealing with small business owners and entrepreneurs. Often times small projects suffer from the complete lack of good programming practices because heavy-weight methodologies don't scale down well. Heavy-weight methodologies can also be intimidating to the non-computer professional. XP scales well to small projects and allows the domain experts to participate in good programming practices (sometimes for the very first time).

By Ben Galbraith

For many of us, XML has become a ubiquitous presence in application development, whether parsing, validating, or manipulating it. For many of us, all that XML is coupled with pain, in the form of tedious APIs (like, say, the W3C DOM API) and confusing technologies (oh, I don't know, W3C XML Schema?).

In this session, I share the following tips for making the XML in our lives a little easier to deal with: - Use StAX instead of SAX - Use StAX to create XML - Use JDOM instead of W3C DOM - Use XPath to select XML - Use Jaxen to enable XPath over custom trees - Use RELAX NG instead of DTD or WXS - Use Trang when DTD/WXS output is required - Use Sun's RELAX NG Converter when WXS input is required - Consider RELAX NG's compact syntax - Use Schematron to extend schema languages - Consider XML namespaces for versioning - Ignore unknown namespaces

By Ben Galbraith

Too often, Swing applications are slow, ugly, and hard-to-maintain. It turns out that it doesn't have to be this way. Swing can be used to create highly-responsive, beautiful applications that are very maintainable. If this isn't consistent with your own experience, don't feel bad; its not very obvious how to make Swing sing.

In this session, I explore three topics that lead to much better Swing applications:

• Proper Swing threading
• High-quality third-party Swing look-and-feels
• Good practices for coding Swing applications

In the threading portion of the session, I explain Swing's event handling architecture and its implications for Swing applications. Understanding this topic is crucial to creating highly-responsive Swing apps. I demonstrate how to use this knowledge in the form of many live-coded examples, and I show how frameworks like SwingWorker and FoxTrot can make this easier. Java's default look-and-feel, Metal, is awful (and in my opinion, the "Ocean" theme in JDK 5.0 doesn't do enough to improve it); you should stop using it immediately. But creating good-looking applications is sadly more than slapping in a look-and-feel; you must also take care to understand the principles behind attractive layouts. I spend the second part of this session exploring how to make your Swing applications look great through a combination of third-party look-and-feels and layout techniques.

By Ben Galbraith

Are you spending more time plumbing your Swing applications than solving business problems? Has your Swing application grown out of control? This session is for you.

In the first part of the presentation, I analyze the architectural problems that plague many Swing applications and present architectures that overcome these problems. These architectures are presented in terms of principles along with a reference implementation. You can therefore either adapt the principles to meet the needs of your existing applications, or incorporate the specific ideas of the reference implementation into your new projects. Fortunately, there are some existing frameworks that have done some of the architectural work already. I present some of these frameworks in the rest of the presentation.

By Ben Galbraith

It sounded like such a good idea back in the mid-nineties: based the Java platform on a standards-based, open community, and let anyone participate. There is no question that Sun's strategy for Java's stewardship via the JCP and sponsored open-source has yielded some enormous benefits. However, these have not been enjoyed without tremendous cost.

Perhaps the recent pop-culture book The Paradox of Choice put it best: "When people have no choice, life is almost unbearable. As the number of available choices increases, [as it has in the Java community], the autonomy, control, and liberation this variety brings are powerful and positive. But as the number of choices keeps growing, negative aspects of having a multitude of options begin to appear. as the number of choices grows further, the negatives escalate until we become overloaded. At this point, choice no longer liberates, but debilitates. It might even be said to tyrannize."

Does this ring true in your environment? Are you tired of spending countless hours evaluating IDEs, build systems, app server vendors, competing web frameworks, competing persistence standards, competing vendor implementations of those standards, and so forth? You're not alone.

The mess of competing standards, implementations, and other overlapping non-standard frameworks in Java, and lack of a single authoritative vendor-guide (i.e., Sun's "guidance" has proved irrelevant and unproductive) kills Java's productivity for all but a handful of experts with the experience to navigate the landscape.

This session details the ideas and experiences of one enterprise that has set out to solve this problem. The topics reviewed will consists of:

• Defining a standard "stack" of Java frameworks and technologies, but also "standardizing on demand"

• Creating a template application that acts as the starting point for any new project

• Approaching reuse retrospectively, not prospectively

• Unifying training and support, and providing organization mentoring

• Simple project health monitoring

Of course, the idea of standardizing application development in an organization is nothing new. You may have tried it. Did it work? Being successful at this endeavor is tricky, and most efforts fail.

While the specific example detailed in this session is still underway and its too early to declare unqualified success, come learn about this effort and how its principles can be applied in your organization.

By Ben Galbraith

You can do some pretty cool things with XML these days (despite what some curmudgeons in the technology world may claim). In the past few years, XML has solidified its place as the lingua franca of data sharing and data manipulation. But XML as a data transfer language is only marginally interesting. Things get really exciting when XML is dynamically transformed into other formats. In this session, I focus on two XML formats which can be readily transformed into high-quality presentation-centric output formats. XSL-FO is a typesetting format for XML that can be readily converted into PDF (or Postscript and some other formats). SVG is a vector graphics language in XML -- a sort of open-source version of the popular Macromedia Flash format. SVG files can be converted into beautiful, completely scalable -- and interactive - - images.

You can do some pretty cool things with XML these days (despite what some curmudgeons in the technology world may claim). In the past few years, XML has solidified its place as the lingua franca of data sharing and data manipulation. But XML as a data transfer language is only marginally interesting. Things get really exciting when XML is dynamically transformed into other formats. In this session, I focus on two XML formats which can be readily transformed into high-quality presentation-centric output formats. XSL-FO is a typesetting format for XML that can be readily converted into PDF (or Postscript and some other formats). SVG is a vector graphics language in XML -- a sort of open-source version of the popular Macromedia Flash format. SVG files can be converted into beautiful, completely scalable -- and interactive - - images.

By Ben Galbraith

Ajax -- called DHTML just a few months ago -- has revolutionized (or "radically iterated", if you like) web application development in the short few months since the term was coined.

What is it all about? Why are we excited about a set of capabilites that have been sitting in our browser for years? What can you do with it? And, how can you do it?

Ajax, short for Asynchronous JavaScript and XML, is a technique for communicating with servers from within a web page without causing a page refresh.

This session provides an introduction to Ajax and an orientation to the state of the ajaxian universe. The basic ajaxian techniques will be demonstrated through live coding, and more advanced examples of Ajax will be demonstrated and deconstructed.

Attendees will understand how the Google Maps UI is built (and why it isn't as hard as it looks), how Ajax can improve portals, community sites, and pretty much any other type of web application.

Furthermore, the issues surrounding how to create an Ajax application that doesn't turn into an unmaintainable pile of hacked up crap JavaScript will be discussed.

At the end of the session, an off-line capable, web services consuming Ajax RSS aggregator will also be demonstrated.

This talk will be presented by one or more of the founders of Ajaxian.com.

The session "Ajaxian JavaScript Frameworks" complements this session, and dives deeper into specifics on how to use many of the frameworks introduced in this session.

By Ben Galbraith

In the "Introduction to Ajax" session, we discuss what Ajax is, how it works, and how others are using it.

This session goes deeper into Ajax by reviewing the existing JavaScript frameworks that aim to make it easier.

The scope of the frameworks is all over the made, from unit testing JavaScript to deconstructing other websites to making it easier to create your own ajaxian effects.

If you want to easily add some Ajax to your site, come to this talk, presented by one or more of the founders of Ajaxian.com.

By David Geary

Okay, so you know a little about JSF. You understand managed beans, action outcomes and how to attach standard JSF validators to components in a JSP page.

But there is a great deal of functionality that the average web application supports that JSF doesn't provide out of the box. For example, wouldn't you like to have JSF automatically place asteriks in front of labels for required fields? You are going to implement client-side validation, which JSF does not support out of the box, aren't you? Of course, you're going to test your application, right? And don't forget to trap unauthorized use of the back button.

How do you do all of that stuff in a JSF application? If those are the kinds of questions that keep you up at night, then this session is for you. We will explore the outer reaches of JSF development to illustrate how you can bend your next JSF application to your will.

By David Geary

JavaServer Faces is a well designed user interface framework, but it lacks a number of features you might otherwise expect out of the box; for example, JSF does not explicitly provide support for client-side validation.

So, from the folks that brought you Struts, comes Shale, a collection of useful enhancements to JSF. A top-level Apache Software Foundation project, Shale adds some really cool features to vanilla JSF, including:

Web flow: script dialog flow Remote Method Calls: easily call JavaBean methods from JavaScript Tapestry-like views: code views in pure HTML Use Apache Commons Validator validators on the client or server, or both JSF testing framework: mocks for easy JSF testing

There's a lot of cool stuff in Shale that makes JSF a much more compelling proposition. Come see what it's all about.

This is a code-intensive, fast-paced look at Apache Shale. Forty-plus slides and five demos makes for an action packed session that illustrates the cool features that Shale provides.

By Justin Gehtland

The Spring framework is one of the fastest growing open source frameworks. New job postings are gaining rapidly, and many customers are adopting Spring instead of heavier alternatives. In this session, we’ll introduce Spring. You’ll see how Spring can give you much of the power of EJB, without the complexity or pain.

Spring uses concepts like dependency injection and aspect oriented programming to ease standard enterprise development. Spring developers write plain, ordinary Java objects (POJOs), instead of sophisticated components. In this session, you’ll see a basic Spring application. You’ll also see some details about some of the enterprise integration strategies, including:

• Spring AOP • Transactions • Persistence • Model/view/controller

When the session is over, you won’t be an expert, but you should have a much clearer understanding of what Spring does, what it doesn’t do, and why it’s growing so rapidly.

This session, for the Spring beginner, helps you: • Understand dependency injection and inversion of control • Know the meaning of lightweight containers and Spring • Understand the basic pieces of Spring • See core Spring modules in action, including Persistence, AOP, transactions.

Attendees need not know anything about Spring. This session does talk about integration with core J2EE frameworks like JDBC and transactions.

By Justin Gehtland

Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.

In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module

• page level authorization

• method level authorization

• instance level authorization

• forcing HTTPS connections to secured sites

• impersonation using the RunAsManager

By Justin Gehtland

Web Services are message-oriented. This means that any application intention (the need for security, for transactionality, for reliability, etc.) must be included in the message and not just assumed as external context. The WS-Security specifications are very advanced and currently being used in the wild to create robust, secure web services.

This session will examine these specifications, including:

• WS-Security • WS-Policy - for sharing enforcement and encryption strategies • WS-Privacy - for agreeing on privacy policy for service usage • WS-Encryption - for encrypting or signing all or part of a message • WS-Trust - for creating a single-sign-on solution
• WS-Federation - works with WS-Trust

These specifications, plus others like WS-Addressing and WS-Notification, provide a platform for communicating security intent across multiple network layers and many platforms. Of course, these specifications only define modifications to the messagapplication author. We will demonstate these capabilities using the Axis toolkit and the J2SDK.

By Justin Gehtland

O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

By Justin Gehtland

Hibernate is easy to get started with, but can sometimes be hard to make efficient or secure. In fact, the default settings for Hibernate createapplications that will run slowly, cause unwanted round trips to the database, and may be more restrictive and/or permissive from a security standpointthan you would otherwise want.

This session will show advanced techniques for tuning performance, including: • advanced collection mapping strategies • lazy loading • cascading update management • lifecycle management • Hibernate's interceptor layer In addition, we'll examine the security considerations when using Hibernate. Often, single-credential data access isn't enough for sensitive data. We'll walk through using per-user credentials for data access, logging security information about and through Hibernate, and accessing data sources through secure application servers.

By Brian Goetz

JDK 5.0 is a huge step forward in developing concurrent Java classes and applications, providing a rich set of high-level concurrency building blocks.

Prior to the release of JDK 5.0, the Java platform provided basic primitives for writing concurrent programs, but they were just that -- primitive -- and difficult to use properly. Building multithreaded applications on the Java platform's low-level concurrency primitives posed many traps for the unwary, and many developers were forced to reinvent the wheel by writing their own classes for thread pools, semaphores, and task schedulers.

To help users create robust, scalable, and (most importantly) correct multithreaded applications, JDK 5.0 includes a rich set of high-level concurrency constructs, such as thread pools, semaphores, mutexes, barriers, and high-performance concurrent collection classes. Using these concurrency utilities will, in most cases, make your programs clearer, shorter, faster, easier to write, and more reliable. This session provides you with an overview of the new high-level concurrency utilities in the new java.util.concurrent package in JDK 5.0.

By Brian Goetz

What's the worst thing that can happen when you fail to synchronize in a concurrent Java program? Its probably worse than you think -- modern shared-memory processors can do some pretty weird things when left to their own devices.

Java was the first mainstream programming language to incorporate a formal, cross-platform memory model, which is what enabled the development of write-once, run-anywhere concurrent classes. It is the Java Memory model that defines the semantics of synchronized, volatile, and final.

However, because the most commonly used processors (Intel and Sparc) offer stronger memory models than is required by the JMM, many developers frequently use synchronization and volatile incorrectly, but have been insulated from failure by the stronger memory guarantees offered by the processor architecture they happen to be deploying on. (The infamous "double checked locking" idiom is an example of this sort of error.)

Understanding the Java Memory model is key to using the core concurrency primitives (synchronized and volatile) to develop thread-safe, efficient concurrent classes. We?ll cover what a memory model is (and why we should care), what synchronization really means, and what can really go wrong when we fail to synchronized correctly.

By Brian Goetz

Pop quiz: which is faster, Java or C++? If you are talking about allocation performance, the answer is Java, hands-down.

The performance of the garbage collector in the HotSpot JVM has improved steadily since JDK 1.0. The early garbage collectors were criticized for poor performance, but, except for some edge cases, garbage collection performance in HotSpot is now so good that allocation is an area where Java programs handily outperform comparable C++ programs.

The early JVMs used a simple mark-sweep collector, which was easy to implement and worked well enough for short-lived, small-heap applications. Current JVMs use a generational garbage collection approach, using different collection strategies for different areas of the heap, which for typical applications, offers excellent throughput and short pauses. Additionally, HotSpot versions 1.4.1 and later offer several alternate collectors for multiprocessor and large-heap systems.

In this session, we’ll explore the basic approaches to garbage collection, garbage collection options in the the HotSpot JVM, some common garbage collector tuning options, and some idioms to avoid in order to make your application coexist peacefully with the garbage collector.

By Brian Goetz

Does your program have bugs, despite unit tests, integration tests, and code reviews? You bet. Are you using static analysis as part of your QA process? If not, you're probably missing out on some bugs that can be caught before they bite your customers.

The cost of finding a bug increases dramatically the longer it lurks without being discovered. Fortunately, today?s development tools (IDEs and compilers) can identify many potential bugs within a few seconds of their creation, resulting in higher quality code and more productive programmers. However, even the best programmers can create bugs that are very hard to spot if they make it through their first few minutes of their existence.

Until recently, automated code analyzers have not been very useful for mainstream developers. Most code analysis packages focused either on stylistic issues (such as indenting and variable naming), or on formal correctness proofs (which require an investment in specification that few developers can afford to make.)

FindBugs, an open-source tool developed by Bill Pugh and David Hovermeyer of the University of Maryland, has raised the bar for ease-of-use and effectiveness of automated code analysis for finding bugs. FindBugs has been able to find many serious bugs in production software, including Eclipse, JBoss, Apache Tomcat and Sun's JDK implementation, with an impressively low false-positive rate compared to other approaches.

This session will explore how static code auditing tools work, how it is easy to write bug-detector plugins to find new bug patterns, presents some common bug patterns and fun "find the bug" puzzles, and shows how code auditing tools can easily identify them.

Every developer will want to have these tools in their toolbox.

By Stuart Halloway

For centuries people have used crypto to build (and break) secure systems. Computers have only raised the pitch of conflict, providing enormous cryptographic power at commodity prices. Most programmers do not write their own crypto libraries, instead relying on the services of an operating system or virtual machine. But even with all this support, building secure systems is a daunting task.

This talk will cover three things all programmers need to know: 1. the basic tools of computer crypto 2. the programmatic APIs to these tools 3. common programming mistakes that can undermine otherwise secure systems You will learn the basics of hashing, message digests, public key encryption, symmetric key encryption, certificates, and key management. With each, you will see programmatic examples, with advice for correct usage.

By Stuart Halloway

JUnit is great. Jython and JRuby are even better. Unit testing libraries look the same everywhere, so why not use the one that lets you get your job done faster?

Unit testing has taken the world by storm. Almost every major language has a JUnit-like library. And here's the good news: These libraries are so similar that once you learn one, you can use any of them.

Given that many languages interoperate directly with Java, you aren't limited to JUnit. You can pick the library that provides the best language level support for writing concise, easily maintainable unit tests. Circa late 2005, there are good arguments for the unittest module in Jython, and Test::Unit in JRuby.

The talk is divided into three parts:

1. A crash introduction to unit testing Java code. We'll cover test-driven development, test cases, assertions, fixtures, and test suites. We'll be using Jython and JRuby but the concepts are exactly the same in any language
2. A look at the Python and Ruby features that make Jython and JRuby compelling choices. We'll see how tests are faster to develop and easier to maintain than JUnit tests. And perhaps surprisingly, we'll also see how tests scale better when applications get large.
3. A candid comparison of Jython, JRuby, and JUnit, including advantages and disadvantages of each. One size does not fit all.

By Stuart Halloway

Java has always provided a model for concurrency and threads. With Java 1.5, this model received a major facelift. Learn how to use the new concurrency utilities to build responsive, scalable, and correct concurrent applications.

Java's support for threads is broad and deep. From the early days of the platform, programmers have used threads, synchronized blocks, and monitors to build safe multi-threaded applications. Java 1.5's new concurrency utilities greatly reduce the need to use these primitives directly. Now, Java provides a set of lock classes and task scheduling tools that provide much more leverage in writing real applications. We'll explore java.util.concurrent, and also see how the Java Memory Model has been corrected in 1.5.

Most of the advantages of java.util.concurrent can also be had in previous version of Java. We'll discuss Doug Lea's concurrency utilities and the backport of java.util.concurrent to 1.4. Both of these are appropriate for production use.

Finally, we'll look at common mistakes in multi-threaded programming. The most common mistake is using threads when you don't need them. We'll look at alternatives to threads, and how to choose between them.

By Stuart Halloway

The Java platform is built from the ground up with security in mind. This talk will introduce the security features of the J2SE, building quickly from the basic classes to realistic examples.

You will learn the core APIs:

SecurityManager, AccessController, Permissions and Policy

JAAS Subjects, Principals, and LoginModules

You will then see how to invoke these APIs in real application scenarios. You will learn how to:

Partition your applications to safely invoke downloaded code

Read and write Java policy files

Extend the architecture with custom permissions

Provide secure services through PrivilegedActions

Use JAAS to authenticate and authorize users

By Jason Hunter

Java's new Metadata facility introduced in J2SE 5.0 defines a way to attach decorations to classes, fields, methods, and even packages that can be extracted by the compiler or runtime tools to provide advanced functionality. Think of metadata as an extended @deprecated flag, or think of XDoclet++. In this tutorial session you'll learn how Metadata fits in the Java platform (and how it compares to the C# platform). We'll cover how to use the metadata attributes provided in the core J2SE libraries and how to write your own. We'll also show a bit of what's coming in JSR-181, tasked to define standard metadata attributes for web services.

Attendees should be skilled Java programmers ready to see what's possible in the latest release and learn to make the most of it.

By Jason Hunter

Web Caching is very important for high traffic, high performance web site but few people know all the professional-level strategies. In this talk I'll share some of the tricks of the trade, including advanced tips from Yahoo's Mike Radwin.

We'll start with the basics: using client-side caches, conditional get, and proxies. Then we'll talk about more advanced features: how best to handle personalized content, setting up an image caching server, using a cookie-free domain for static content, and using randomization in URLs for accurate hit metering or sensitive content.

Attendees should have experience or interest in how the web works and in cajoling the web into doing their bidding.

By Jason Hunter

XQuery is a new language from the W3C that lets you query and manipulate XML -- or anything that can be represented as XML, such as relational databases. As a Java developer -- especially a server-side Java developer -- XQuery is key to searching and manipulating large XML repositories or performing any XML-centric task.

This talk introduces XQuery. I'll explain the XQuery language; I'll show how to call XQuery from Java; and as the creator of JDOM, I'll also explain when to use XQuery instead of JDOM, and when to use both.

Attendees should have an interest or need in managing large sets of XML, but need not have any past experience with XQuery. After the session, attendees will be able to program XQuery and know which implementations to trust.

By Jason Hunter

The new Java 5 release introduces a number of significant Java language enhancements: generics, typesafe enums, autoboxing, an enhanced "for" loop, a static import facility, and a general-purpose metadata facility. This talk gives an overview of the changes and helps you understand what all the funny new syntax means.

The main new language topics covered:

• Generics, also called "parameterized types", which let you specify the type of objects used in a collection, among many other things.

• Autoboxing, that lets you implicitly convert from primitives to reference types, and vice-versa.

• An Enhanced For Loop, that lets you iterate over arrays or collections with half the code as before.

• Typesafe Enums, to create object-oriented, extensible enumerated values.

• Static Imports, to put into scope static methods and fields.

• Varargs, that allows methods to accept an arbitrary number of parameters.

• A Metadata Facility, allowing decoration to classes and methods for later tool consumption. Covered in more depth in the "Java Metadata" talk.

• Random new Library Features, like the ability to control external process launching, output formatting, and input scanning.

This talk describes the proposed changes and shows how they work together to improve the Java language. We also take breaks to see how closely Java matches the C# designs!

Attendees are assumed to be competent Java programmers.

By Ramnivas Laddad

J2EE has become the main new platform for enterprise application deployment. Good performance is an important business requirement. Supporting this requirement needs application profiling during the development phases and performance monitoring after application deployment. Come to this session to understand challenges and choices in monitoring J2EE applications.

Performance monitoring solutions must work under constraints imposed by the environment. Further, they must balance conflicting requirements such as overhead vs. richness of information. All of these need careful understanding of both requirements and solutions as well as the costs of any tradeoff decisions.

This session presents various tools and techniques available for monitoring J2EE applications. We will consider requirements of performance monitoring solutions in different scenarios. We will also discuss underlying enabling technologies such as Java Virtual Machine Profiling Interface (JVMPI), Java Virtual Machine Tool Interface (JVMTI), JFluid, JMX, design patterns, and aspect-oriented programming (AOP). During the session, we will demonstrate many of the tools and technologies discussed.

By Ramnivas Laddad

Aspect Oriented Programming (AOP) enables modularizing implementation of crosscutting concerns that abound in practice: logging, tracing, dynamic profiling, error handling, service-level agreement, policy enforcement, pooling, caching, concurrency control, security, transaction management, business rules, and so forth. Traditional implementation of these concerns requires you to fuse their implementation with the core concern of a module. With AOP, you can implement each of the concerns in a separate module called aspect. The result of such modular implementation is simplified design, improved understandability, improved quality, reduced time to market, and expedited response to system requirement changes. Come to this session and learn all about how AOP can help you simplify developing complex systems.

AspectJ (http://eclipse.org/aspectj) is the leading implementation of AOP for the Java programming language. AspectJ is a new language as well as its implementation. The output produced by the AspectJ compiler is compatible with the Java byte code specification. Further, AspectJ is well integrated with the most commonly used IDEs, which makes the Java developer more productive.

This session is targeted at the developer with no or little familiarity with AOP and AspectJ. It will introduce AOP’s concepts and the AspectJ programming language, along with many examples and live coding to solidify the concepts learned. After attending the session, you will have a clear idea about AOP's value and its practical applications.

By Ramnivas Laddad

Aspect Oriented Programming (AOP) enables modularizing implementation of crosscutting concerns that abound in practice: logging, tracing, dynamic profiling, error handling, service-level agreement, policy enforcement, pooling, caching, concurrency control, security, transaction management, business rules, and so forth. Traditional implementation of these concerns requires you to fuse their implementation with the core concern of a module. With AOP, you can implement each of the concerns in a separate module called aspect. The result of such modular implementation is simplified design, improved understandability, improved quality, reduced time to market, and expedited response to system requirement changes. Come to this session and learn all about how AOP can help you simplify developing complex systems.

AspectJ (http://eclipse.org/aspectj) is the leading implementation of AOP for the Java programming language. AspectJ is a new language as well as its implementation. The output produced by the AspectJ compiler is compatible with the Java byte code specification. Further, AspectJ is well integrated with the most commonly used IDEs, which makes the Java developer more productive.

This session is targeted at the developer with no or little familiarity with AOP and AspectJ. It will introduce AOP’s concepts and the AspectJ programming language, along with many examples and live coding to solidify the concepts learned. After attending the session, you will have a clear idea about AOP's value and its practical applications.

By Nick Lesiecki

Design patterns have long been part of the experienced developer's tool chest. However, design patterns can affect multiple classes and this makes them invasive and hard to (re)use. This presentation will discuss how AOP solves this problem by fundamentally transforming pattern implementation. The class will examine examples of various traditional design patterns (including some of the famous GoF patterns) and discuss the practical and design benefits of implementing them with aspect-oriented techniques. This session will be of interest to anyone who has struggled with design patterns. It is also the perfect session for a programmer interested non-trivial applications of AOP, or who wishes to see aspect-oriented design in action.

Goals/Key Points:

• Review design patterns: what they are, how they can be thought of
• How AOP can affect pattern implementation
• Review AOP key concepts and AspectJ syntax
• The Decorator Pattern, in Java, then AspectJ
• Apply more advanced AOP to the Swing Thread Safety patter
• How to reuse open source pattern implementations (Observer)

By Nick Lesiecki

Aspect Oriented Programming offers enhanced modularity and cleaner separation of crosscutting concerns. That's all fine and well for architecture geeks. But can it help your project today? Has anyone applied it in the real world? The answer is "yes," and in this session, an AOP expert and early adopter will demonstrate how his team used aspect oriented programming to implement non-trivial business concerns. Along the way attendees will learn about advantages of AOP and understand some of the problems encountered adopting it.

This session will give an overview of how the Adbase team at VMS (http://vmsinfo.com) brought AspectJ into a J2EE data integration project. It will start with showing how aspects provided a clean way to debug errors in a third party library. A more complex example will illustrate how AOP helped dynamically update shopping cart prices without requiring extensive modifications to the domain objects. Finally, the class will cover one of the first reusable aspects developed by the company—an aspect to manage relationships between persistent objects. The last part of the presentation will examine the challenges of and tactics for AOP adoption. Attendees will learn what compromises were necessary, how the team scaled the learning curve, and which development practices helped ease adoption and mitigate risk.

By Bruce Tate

Agile programming is a collection of core principles and techniques that allow software developers to create lighter, more responsive applications, and to have fun doing it. Many established organizations are either openly or sub-conciously hostile to many of the principles of Agile development.

We'll explore the intersection of these new practices and old-world sensibilities, relying on real-world case studies to illustrate some of the compromises that are necessary to bridge the gap. In addition to technical and process aspects, we'll also spend some time talking about the business aspects, such as how Agile development affects contracts.

By Bruce Tate

This session, for the Spring beginner, helps you: • Understand dependency injection and inversion of control • Know the meaning of lightweight containers and Spring • Understand the basic pieces of Spring • See core Spring modules in action, including Persistence, AOP, transactions.

Attendees need not know anything about Spring. This session does talk about integration with core J2EE frameworks like JDBC and transactions.

The Spring framework is one of the fastest growing open source frameworks. New job postings are gaining rapidly, and many customers are adopting Spring instead of heavier alternatives. In this session, we’ll introduce Spring. You’ll see how Spring can give you much of the power of EJB, without the complexity or pain.

Spring uses concepts like dependency injection and aspect oriented programming to ease standard enterprise development. Spring developers write plain, ordinary Java objects (POJOs), instead of sophisticated components. In this session, you’ll see a basic Spring application. You’ll also see some details about some of the enterprise integration strategies, including:

• Spring AOP • Transactions • Persistence • Model/view/controller

When the session is over, you won’t be an expert, but you should have a much clearer understanding of what Spring does, what it doesn’t do, and why it’s growing so rapidly.

By Bruce Tate

All programming languages have a limited life span, and Java is no different. This is a philosophical session rather than a programming session. Sooner or later, Java will lose its leadership position. This session will explore Java's strengths and weaknesses. We'll try to understand whether conditions are ripe for alternatives to emerge, and what those alternatives may be.

The Java programming language has been tremendously successful. Many of the roots of its success may be surprising to the audience. But every major programming language has a limited life cycle. While it’s true that Java and .NET seem to be the only games in town, some alternatives are beginning to emerge.

In this session, we’ll discuss some of the limitations of the Java language, and the impact that they might have on the productivity of Java developers. We’ll then look at some of the innovations around other frameworks and languages, and some of the features of those languages that boost the productivity of other non-Java developers:

• Typing, and why it matters • Code blocks and closures • Regular expressions • Innovative frameworks

Finally, we’ll take a look at where developers may look at using other languages. Clearly, most of the work that we do will be in Java for the foreseeable future, but certain project classifications may make it much easier to embrace alternatives, for good competitive effect.

By Dave Thomas

Are you frustrated by experts who can't tell you what to do, or by junior team members who refuse to see the big picture? How can you best develop careers: both yours and those of your teammates and managers? How can we learn to apply experience more effectively, and why do the many approaches designed to tame complexity actually end up increasing it?

Dave Thomas, of The Pragmatic Programmers, describes the solutions to these and other problems as he turns the Pragmatic Spotlight (and a good dose of twisted humor) on formal learning models, the Nursing profession, and streamlining sheep.

By Dave Thomas

Ruby recently enjoyed its tenth birthday. Instead of cake and candles, the community celebrated by releasing a wave of new libraries and frameworks that make Ruby programming even easier. This talk features some of the best of these, as we explore Ruby.

We'll spend about half the session getting to know Ruby: the syntax, type system, blocks, iterators, and so on. Then we'll dive in and develop some real-world code using web services, RSS, and databases. If you want to come to the Rails talk, and you're not that familiar with Ruby, this talk is a good starting point.

By Dave Thomas

The Ruby on Rails framework has exploded onto the scene over the last few months. Propelled by some genuine benefits, and fueled by a whole lot of controversy, Rails seems here to stay. So, is it a Java killer? (No.) Is it a great way to develop certain classes of web application? (Yes.) Does it really deliver the 10-fold increase in developer productivity that some have claimed? (It depends...)

If you can't help thinking that there must be an easier way of developing web projects, come and join us as we construct an MVC-based Ruby on Rails application using the very latest libraries and tools. You'll get a taste of Ruby, and also a feel for some of the power and productivity gains offered by this remarkable framework. You'll need a grounding in Ruby to get the most from this talk; if you're not already a Ruby developer you might want to attend the Facets of Ruby talk before coming to this one.