By Brian Goetz
The Java language included support for threads and concurrency from day 1, but writing correct multithreaded programs is not easy. This session will cover the how and why of using threads in Java.

Programming is hard, but concurrent programming is harder. Concurrent programs are at risk for all the safety, liveness, and performance hazards that sequential programs are. But there are also many hazards that apply exclusively to multithreaded programs, such as race conditions, stale data, and deadlock.

If an object is going to be accessed from multiple threads, it should be thread-safe. The requirement for thread-safety is often introduced into Java programs not by explicit use of threads within the program, but by the use of frameworks, such as Servlets and Swing, which create threads and call application components from those threads.

This class will cover what is thread safety, how to create thread-safe classes, and what costs and benefits you can expect to encounter by using threads in your programs.

By Brian Goetz
JDK 5.0 is a huge step forward in developing concurrent Java classes and applications, providing a rich set of high-level concurrency building blocks.

Prior to the release of JDK 5.0, the Java platform provided basic primitives for writing concurrent programs, but they were just that -- primitive -- and difficult to use properly. Building multithreaded applications on the Java platform's low-level concurrency primitives posed many traps for the unwary, and many developers were forced to reinvent the wheel by writing their own classes for thread pools, semaphores, and task schedulers.

To help users create robust, scalable, and (most importantly) correct multithreaded applications, JDK 5.0 includes a rich set of high-level concurrency constructs, such as thread pools, semaphores, mutexes, barriers, and high-performance concurrent collection classes. Using these concurrency utilities will, in most cases, make your programs clearer, shorter, faster, easier to write, and more reliable. This session provides you with an overview of the new high-level concurrency utilities in the new java.util.concurrent package in JDK 5.0.

By Brian Goetz
Does your program have bugs, despite unit tests, integration tests, and code reviews? You bet. Are you using static analysis as part of your QA process? If not, you're probably missing out on some bugs that can be caught before they bite your customers.

The cost of finding a bug increases dramatically the longer it lurks without being discovered. Fortunately, today?s development tools (IDEs and compilers) can identify many potential bugs within a few seconds of their creation, resulting in higher quality code and more productive programmers. However, even the best programmers can create bugs that are very hard to spot if they make it through their first few minutes of their existence.

Until recently, automated code analyzers have not been very useful for mainstream developers. Most code analysis packages focused either on stylistic issues (such as indenting and variable naming), or on formal correctness proofs (which require an investment in specification that few developers can afford to make.)

FindBugs, an open-source tool developed by Bill Pugh and David Hovermeyer of the University of Maryland, has raised the bar for ease-of-use and effectiveness of automated code analysis for finding bugs. FindBugs has been able to find many serious bugs in production software, including Eclipse, JBoss, Apache Tomcat and Sun's JDK implementation, with an impressively low false-positive rate compared to other approaches.

This session will explore how static code auditing tools work, how it is easy to write bug-detector plugins to find new bug patterns, presents some common bug patterns and fun "find the bug" puzzles, and shows how code auditing tools can easily identify them.

Every developer will want to have these tools in their toolbox.

By Brian Goetz
Performance myths about the Java platform abound, from the general "Java is slow", to the more specific "reflection is slow", "allocation is slow", "synchronization is slow", "garbage collection is slow", etc. Many of these myths have their root in fact (in JDK 1.0, everything was slow); today, not only are many of these statements not true, but Java performance has surpassed that of C in many areas, such as memory management.

In this class, we'll look at some common Java performance myths, identify where they came from, and explore the platform changes that have rendered them no longer true. Many common performance hacks don't actually help, and some can seriously hurt performance. The result is that clean code that follows common usage patterns generally shows far better behavior on modern JVMs than code laden with tweaks designed to "help" the JIT or garbage collector. More often than not, this well-intentioned assistance has the unfortunate effect of undermining many common JIT optimizations, resulting in slower -- not faster -- code.

By Brian Goetz
What's the worst thing that can happen when you fail to synchronize in a concurrent Java program? Its probably worse than you think -- modern shared-memory processors can do some pretty weird things when left to their own devices.

Java was the first mainstream programming language to incorporate a formal, cross-platform memory model, which is what enabled the development of write-once, run-anywhere concurrent classes. It is the Java Memory model that defines the semantics of synchronized, volatile, and final.

However, because the most commonly used processors (Intel and Sparc) offer stronger memory models than is required by the JMM, many developers frequently use synchronization and volatile incorrectly, but have been insulated from failure by the stronger memory guarantees offered by the processor architecture they happen to be deploying on. (The infamous “double checked locking” idiom is an example of this sort of error.)

JDK 5.0 incorporates JSR-133, a revision of the Java Memory Model, which refines the semantics of synchronization, volatile variables, and final fields. Additionally, the new JMM provides a new safety guarantee – initialization safety – that allows immutable objects to be shared among threads without synchronization, if certain requirements are met. This talk describes the updated Java Memory Model for programmers who are familiar with the multithreading primitives in Java (synchronized and volatile.)

Understanding the Java Memory model is key to using the core concurrency primitives (synchronized and volatile) to develop thread-safe, efficient concurrent classes. We’ll cover what a memory model is, what synchronization really means, what was broken about the original Java Memory Model, and how the memory model changed in JDK 5.0.

By Brian Sletten
Imagine the simplicity of REST married to the power of Unix pipes with the benefits of a loosely-coupled, logically-layered architecture. If that is hard to imagine, it may because the architectures available to you today are convoluted accretions of mismatched technologies, languages, abstractions and data models.

NetKernel is a disruptive technology that changes the game. It has been quietly gaining mind share in the past several years; people who are exposed to it don't want to go back to the tired and blue conventions of J2EE and .NET. Not only does it make building the kinds of systems you are building today easier, it does it more efficiently, with less code and a far more scalable runway to allow you to take advantage of the emerging multi-core, multi-CPU hardware that is coming our way.

Come see how this open source / commercial product can change the way you think about building software.

NetKernel makes the things you are doing now easier, but also makes new types of systems possible.

A wise man once said, "XML is like lye. It is very useful, but humans shouldn't touch it." If you've had to incorporate XML into your project by hand, you have probably been burned by getting too close. NetKernel turns this wisdom on its head and encourages you to use XML like the liquid data stream you want it to be.

But, XML is only part of the story. Resource-oriented computing is a generalized and revolutionary approach to modern, flexible systems. There is less code to write, but it is more fun to do. Orchestration of existing services and data sources is faster, easier and more encompassing than with more conventional technologies.

This talk will help explain what NetKernel is (app server? pipeline tool? embedded SOA?) and, through a comprehensive set of examples, give you a glimpse at a deeper software reality than you might have thought possible.

Disclaimer: There will be no blue pills given to you to make you forget what you have seen. Come with an open mind.

By Brian Sletten
Most people new to Aspect-Oriented Programming (AOP) are fed up with separation of concerns zealots explaining how great their techniques are at dealing with... logging. Ok, you get it. Logging is a cross-cutting concern that can be appropriately modularized. What else does AOP have to offer? A lot, it turns out. This talk will give an introduction to the motivations of AOP as well as a series of concrete examples drawn from enterprise and client side Java. Come learn how AspectJ-flavored AOP can begin to benefit you immediately either in development or production environments. Learn how to enforce architectural policies, find Swing threading issues, reduce the invasiveness of the Observer design pattern or even improve the reusability of your domain models. Now that Spring 2.0 provides support for AspectJ, the time has never been better to learn about these new (but backwards compatible) ways of thinking about building software.

Attendees will learn about
The history and reasons behind AOP
Development-oriented aspects that can be useful, but compiled out of
production code
Production-oriented aspects that can simplify development and ease the
burden of future changes
Basic AspectJ usage and jargon
How to use AspectJ with Spring

Rating: Intermediate
Category: Architecture/Languages, Client Side Java, Server Side Java
Prerequisites: Basic Java. Some level of AOP understanding is helpful, but not required. The pace of the introduction will depend on the average level of exposure the audience has previously had to AOP.

By Brian Sletten
REST sounds like such a simple thing. But, what is it really? How do you convince your boss to let you try it when she has been sold on the equation SOAP = SOA + P(rofit)? How do you go about building, deploying, publishing and orchestrating web services without the (Un)Holy Trinity of SOAP, WSDL and UDDI?

This talk will thoroughly examine this REST phenomenon in terms of its history, its goals, its consequences and where it fits into the Big Picture of SOA. We will also look at exposing existing tools/APIs through RESTful APIs.

If you find yourself interested in talking about REST without people dismissing it as trivial (yeah, but what is it?!?!), unsaleable (yeah, but I am trying to solve problems, not buy tools!) or not SOA (<insert your own joke here -- that one leaves me speechless>), come on by.

By Brian Sletten
Just as the world is feeling comfortable with the Web, Tim Berners-Lee et al inform us that what we have seen so far is just the beginning. His original plans at CERN were larger and grander. The Semantic Web is the new vision of machine-processable documents and metadata to improve search, knowledge discovery and data integration and management. While there are many naysayers chiding such grand visions, there are also pragmatic and useful technologies emerging that can be applied today.

Attendees will learn:

The history and motivations behind the Semantic Web
The technology stack that will make it happen (including RDF and OWL)
An overview of tools and technologies that are beginning to satisfy the vision

This talk stands on its own, but feeds into the "Experiencing the Semantic Web" talk which is more hands on.

Rating: Intermediate
Prerequisites: This is all so new, most engineers will find something to excite them.

By David Geary
In April 2005, annual growth rates for jobs in JavaServer Faces, Struts, and Ruby on Rails were all at about 0%. Today, Struts' growth rate still hovers around 0%, but JSF and Rails have taken off. At the end of 2007, both JSF and Rails were growing at a rate of between 400-500% annually (according to indeed.com).

JSF has passed the adoption tipping point, and is now the Java-based framework of choice, as is evidenced by its ecosystem. From vendors such as MyEclipse and RedHat to open source projects such as Seam, Facelets, and Ajax4JSF, JSF is where the action is.

Come see why JSF is so popular. In this code- and demo-intensive session, I'll show you the fundamentals of JSF.

This session is taught by a member of the JSF Expert Group for JSF 1.0 and 2.0., and co-author of the best-selling book on JSF: Core JavaServer Faces. David will take you through a whirlwind introduction to JSF including what JSF is, how it was developed, and how you can best take advantage of the technology. Here is a list of topics:

Components, managed beans, value expressions, and static navigation
i18n, CSS, and actions
The Faces Context and Faces messages
The JSF Event Model
Using JavaScript with JSF

This introduction to JSF also contains 5 live-code demos, where David will develop a simple, but robust application during the course of the session.

Prerequisite: Some knowledge of Java-based web applications, such as Struts, is a plus, but is not required. If you have a significant experience with JSF, you probably already know most of what's covered in this session.

By David Geary
In 2005, JSF hit its stride, as evidenced from overwhelming support from both vendors and the open-source community. JSF 1.0 had plenty of holes, but open-source projects have arisen to address those needs. This session takes a look at three of those projects: Tomahawk (MyFaces component library) FaceletsSeam

MyFaces is an open-source implementation of the JSF spec. In addition, MyFaces developers got a little carried away and also developed a useful set of custom components that you can use in your own applications, regardless of whether you use MyFaces as your JSF implementation. Those components are now packaged separately from MyFaces under the name Tomahawk.

Facelets is an open-source project from java.net that lets you implement views with Tapestry-like HTML pages. That technique is a powerful feature that lets graphic designers and software developers work separately in parallel.

Seam is a framework from JBoss that provides a component model that unifies the EJB and JSF component models. Seam makes great use of annotations to meld EJBs and JSF components in a seamless fashion (thus the name).

Lots is happening in the JSF space. Come to this talk and learn about these three exciting open-source projects.

By David Geary
JavaServer Faces is a perfect platform for implementing Web 2.0 interfaces with Ajax. This session explores how you can use these two potent technologies--JSF and Ajax--together to create applications that look and behave like desktop applications but run in the browser.

JavaServer Faces, with a mature component model and flexible lifecyle, is a perfect platform for implementing Web 2.0 user interfaces with Ajax. This session explores using JSF and Ajax to create applications that act like desktop applications but run in a browser.

We'll start with a quick look at implementing basic Ajax in a JSF application. Then, once your bloodthirst has been slaked, we'll dive deeper into Ajaxian Faces dynamics with a form completion demo that requires its implementor to understand two simple, but vital facts about JSF.

If you're savvy, you probably use client-side validation to augment your server side validation logic, which parenthetically, is no no-brainer in either of the leading web application frameworks, JSF or Rails. But anyway, client-side validation is old school. All the cool developers nowadays use Ajax to implement realtime validation, where you sneak a trip to the server as an unwary user types into your input fields. But to accomplish that, we'll have to dive even deeper into JSF, with concerns such as accessing view state and accounting for client-side state saving.

All of this Ajax development is great fun, but most of it is best relegated to components and frameworks, which are the topics that will wrap up our session. We'll see how to keep your JavaScript separate from your JSF components and how to pass JSP tag attributes all the way through to JavaScript. Finally, we'll take a look at Ajax4jsf, a JSF component library with a tag library that blends Ajax into JSF in a natural, intuitive way without having to write JavaScript.

As web developers, we've been handcuffed long enough by the shackles of Web 1.0 development. Come to this session and see the brave new world of Web 2.0 development with one of the hottest web application frameworks.

By David Geary
JavaServer Faces is a well designed user interface framework, but it lacks a number of features you might otherwise expect out of the box; for example, JSF does not explicitly provide support for client-side validation.

So, from the folks that brought you Struts, comes Shale, a collection of useful enhancements to JSF. A top-level Apache Software Foundation project, Shale adds some really cool features to vanilla JSF, including:

Web flow: script dialog flow
Remote Method Calls: easily call JavaBean methods from JavaScript
Tapestry-like views: code views in pure HTML
Use Apache Commons Validator validators on the client or server, or both
JSF testing framework: mocks for easy JSF testing

There's a lot of cool stuff in Shale that makes JSF a much more compelling proposition. Come see what it's all about.

This is a code-intensive, fast-paced look at Apache Shale. Forty-plus slides and five demos makes for an action packed session that illustrates the cool features that Shale provides.

By David Geary
Developing highly interactive web applications, for the most part requires knowledge of a wide array of technologies: HTML, CSS, JavaScript, XMLHttpRequest, JSP, JSF, etc.

With the Google Web Toolkit (GWT), Google turns that notion of development on its head. Instead, you implement Ajax applications by writing almost entirely in Java. You use an AWT-like API, which the Google compiler compiles to JavaScript that runs on the client.

In the early days of Java, application development with the AWT was relatively simple. You had to have a decent understanding of Java and AWT fundamentals, but once equipped with such knowledge, you could dive in and develop some impressive applications.

Ten years later, we have, in so many respects, gone significantly backwards. We've shoehorned technologies such as HTML into shoes for which they were never intended, and for our efforts, we have a mismatch of disparate technologies that one needs to knit together for a truly interactive web application.

This is the first session of a two-part presentation on the GWT, where I'll concentrate on GWT basics: implementing Ajax-enabled applications in Java, internationalization, testing, and remote procedure calls.

By David Hussman
The participants of this session will become agile customers and product owners, using personas to create stories for a sample product development.

The questions around user stories are many, and the list grows larger as their popularity of increases. Many organizations are on their path to adopting stories as requirements vehicles, possibly struggling with story writing as well as finding a way to fit them into their organization. Along with writing stories, this session will cover connecting with product owners and a short review of several tools for tracking and managing user stories.

By David Hussman
The presentation will briefly discuss stories, the origin and authoring of story tests, and a demonstration of how FIT and FitNesse (FIT living within a Wiki) can be used to automate acceptance tests.

Agile communities consider stories “done” when the acceptance tests (also called story tests) are shown to the customer. Originally, this was a manual process, but in recent years, several frameworks have been created to automate this process, providing acceptance testing all the benefits of automated unit testing. One of the most popular of these if called FIT, created by Ward Cunningham.

By David Hussman
This session will focus on tools and techniques for tracking an agile project plan from creation to project completion.

As agile grows, so too do the questions for how to track and communicate progress within the project community as well as to upper management and others interested in progress. We will create a simple plan in a planning tool, and run a mock project, showing how to estimate and use agile planning to communicating progress, addressing missed estimates, scope modifications, and more.

By David Hussman
As with many methodologies, moving agile into an organizations poses larger challenges. Before jumping in, it helps to ask a few questions before "racing toward agility". This session will provide 3 tactical steps that can help your adoption of agile.

There are many factors outside the developer world that can crash all the benefits of agile without regard to its success. This session will provide ways to select agile practices, create a transition plan for adopting agile, and bring people together before trying to adopt new techiniques that are part of agile development. Various tools and techniques will be discussed, and at least part of the session will include Q/A for the presenter to field specific questions about your organization.

By David Hussman
Adopting agile is different for each company, but most companies will go through some amount of change during the adoption of agile.

This session will discuss some of the most common difficulties for adopting agile and provide various plans of attack. The session will start with a listing of issues for the session participants, and some portion of the session will be dedicated to an open forum where the presenter will address the issues collected.

By Glenn Vanderburg
With the sudden importance of Ajax, it's time to take JavaScript seriously. That means learning it the right way: looking at the fundamentals of the language and surveying its strengths and weaknesses, instead of just copying other people's poorly written examples.

JavaScript got a bum rap. It's almost universally derided among serious programmers for being a toy language, or for its strange characteristics, or bugs, or slowness, or because it's only good for adding useless window dressing to web pages.

But JavaScript is actually a very nice little language which is popping up everywhere these days (not just in Ajax apps). Sure, JavaScript is quirky, but its problems are mostly due to history, association, and misunderstanding. Especially misunderstanding. Let's face it: most developers learned JavaScript by looking at examples in web pages they found online, and few of those examples are paragons of JavaScript style. Other developers learned JavaScript from books, but the typical JavaScript book ignores the fundamentals of the language, instead focusing on examples and the fastest ways to do fancy web page tricks.

In this talk, we'll go back to the basics that most JavaScript resources omit. We'll talk about JavaScript as a language, learning its fundamental concepts and the simple rules that underlie the sometimes bewildering behavior.

By Glenn Vanderburg
Building on part 1, this talk dives deep into JavaScript's object model. We'll see how it differs from more mainstream object-oriented languages, and why. We'll explore how to hide some of those differences, as well as the reasons you might not want to. Additionally, we'll cover useful tools for JavaScript testing, debugging, and profiling.

Ajax is not the focus of this talk, but a strong foundation in JavaScript is essential for working with Ajax.

By Glenn Vanderburg
The support infrastructure for your software project is a crucial factor for success. A new generation of tools offers significant benefits over their predecessors. This talk discusses how to choose the right mix of tools for a top-shelf project infrastructure.

The support infrastructure for your software project is a crucial factor for success. Many projects waste enormous amounts of time fighting through projects without the help of good tools. Other projects are on the right track, but could be even more successful by filling some crucial infrastructure gaps or by moving to improved tools, or by implementing policies that maximize the tools' power.

This talk looks at the latest generation of infrastructure tools, what makes them better, and how to use them well. Additionally, we'll examine the role of the infrastructure on projects and identify principles that help us understand what kinds of infrastructure we need. Tools examined will include CruiseControl, Rake, Subversion, Trac, and others.

By Glenn Vanderburg
The Java Collections framework is a cornerstone of Java development. It's been a part of J2SE for six years now. Every Java developer knows it—how to create Lists, Maps, and Sets, how to put things into them and take things out, and how to iterate over the contents. But there's a lot more to the collections framework than that -- and very few programmers really know how to exploit the power that's just under the surface.

The basics of the collections classes are so simple that many developers haven't even thought to look for the additional power that's there. And it's not just built-in capabilities, either. The design of the collections framework makes possible several powerful techniques and patterns that can magnify your productivity, as well as helping you build systems that are efficient and scalable.

It may seem strange to give a talk on a framework that every Java programmer already knows. But in every project I've worked on for the past six years, I've seen a lot of code that uses the collections poorly. More often than not, that code was written by skilled programmers with significant Java experience. In this talk, you'll learn how to use the collections well, exploiting their full power—the little-known capabilities, the extensibility features, and powerful patterns such as wrappers, adapters, and decorators. We'll also cover some new features that slipped into Java 1.5, plus a few especially useful third-party collection implementations.

By Howard Lewis Ship
An introduction to the Apache Tapestry web application framework, which will explain the concepts and features of the framework with some simple applications. We'll discsuss Tapestry forms, request cycle, component object model. The use of several important components, including BeanForm and Table will be highlighted, along with meta-programming using the Trails framework.

Tapestry is a powerful open-source Java web application framework that stands apart from most other technologies used for creating web applications ? it is based on highly reusable components, which are assembled to form complete pages. This session will get you started with Tapestry, showing how to build a simple form-based application. Along the way, we'll see how Tapestry simplifies your job: We'll see how Tapestry HTML templates are easier to create and maintain than JavaServer pages (JSPs). We'll see how Tapestry's built in error reporting lets you find and correct errors with startling speed. We'll see how Tapestry takes over responsibility for building and interpreting application URLs, eliminating large amounts of boring, error-prone, manual coding. Most importantly, we'll see how Tapestry bridges from the stateless world of HTTP and servlets into a more natural, more productive world of actual object oriented engineering ? allowing you to build applications in terms of objects with methods and properties (a true revolution if you are used to traditional servlets).

We'll also take a peek into more advanced aspects of Tapestry, such as its input validation subsystem that provides server- and client-side validation, as well as more advanced Tapestry components such as Table (a powerful data grid), and the Trails meta-framework that creates complete applications without almost no coding. Once you've learned a little bit about Tapestry, you might find it hard to go back to your old approach!

By Howard Lewis Ship
In Tapestry, components are not an add-on; in fact, anything but! Tapestry components are integral to the entire framework ? if something dynamic is going on in a page, there's a component involved.

When building Tapestry applications, a constant problem solving approach is to create new components. Tapestry makes creating components very, very easy. In this session, we'll see how to create simple output-only components, and how to create components with their own templates. We'll also see how to create components that can have interactions with the user independent of the containing page. Tapestry is designed so that the components just drop in and work, and we'll touch on some advanced services included in Tapestry, such as JavaScript generation.

By Howard Lewis Ship
You've heard about unit testing but were daunted when it came time to put the pedal to the metal. That's because JUnit is just one tool and there's others you need to learn about, including the wonderful and wierd EasyMock and the easy and powerful TestNG.

Unit testing with JUnit only gets you so far; even when you've refactored your code and hidden all your implementations behinds interfaces you are still stuck with the problem of testing the individual pieces. If you've hit this point and despaired, know that there are tools to help ... including the wierd and wonderful EasyMock. We'll discuss unit testing in general, and how EasyMock is used to to generate mock objects, allowing you test each class in isolation. We'll also leave JUnit behind and investigate using TestNG, a modern and improved test framework. We'll then learn how to tame EasyMock's awkward API with some modest refactoring and naming conventions.

By Justin Gehtland
The Spring framework is one of the fastest growing open source frameworks. New job postings are gaining rapidly, and many customers are adopting Spring instead of heavier alternatives. In this session, we’ll introduce Spring. You’ll see how Spring can give you much of the power of EJB, without the complexity or pain.

Spring uses concepts like dependency injection and aspect oriented programming to ease standard enterprise development. Spring developers write plain, ordinary Java objects (POJOs), instead of sophisticated components. In this session, you’ll see a basic Spring application. You’ll also see some details about some of the enterprise integration strategies, including:

• Spring AOP
• Transactions
• Persistence
• Model/view/controller

When the session is over, you won’t be an expert, but you should have a much clearer understanding of what Spring does, what it doesn’t do, and why it’s growing so rapidly.


This session, for the Spring beginner, helps you:
• Understand dependency injection and inversion of control
• Know the meaning of lightweight containers and Spring
• Understand the basic pieces of Spring
• See core Spring modules in action, including Persistence, AOP, transactions.

Attendees need not know anything about Spring. This session does talk about integration with core J2EE frameworks like JDBC and transactions.

By Justin Gehtland
Dependency Injection (DI) is the cornerstone of Spring. The core concept is quite simple, but (surprise!) actual practice can become complex. To take full advantage of Spring DI, you need to understand not only the basics on configuration, but also the container lifecycle model and the various hooks provided by the framework.





Topics will include




The difference between DI and Continuous Integration

Setter Injection

Constructor Injection

Factory Injection

Bean lifecycle

Method Injection

Using the ApplicationContext

Custom PropertyEditors

By Justin Gehtland
Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.




In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module

• page level authorization

• method level authorization

• instance level authorization

• forcing HTTPS connections to secured sites

• impersonation using the RunAsManager

By Justin Gehtland
Ajax applications have unique architectural challenges and opportunities. This presentation will show you how to take advantage of the Ajax's strengths, and work around its quirks.




Topics covered will include

Selecting an Ajax toolkit

Dealing with browser differences

Handling the "Back" button

Degrading gracefully

Marshalling data

Managing XML

Minimizing roundtrips--or not!

When Ajax isn't enough

Packaging and deployment


Prior exposure to Ajax and JavaScript is very useful, but not required.

By Justin Gehtland
This presentation covers JavaScript from the perspective of an Ajax programmer. We assume that you may be using an Ajax toolkit, but still need to be able to read, modify, and test the JavaScript code in your application. You will learn the common idioms of JavaScript by looking at working code from the Ajax toolkits themselves.

All Ajax programmers need to know JavaScript. Toolkits will do some of the work for you, but your own JavaScript will differentiate your applications from others. A reading knowledge of JavaScript is also necessary when selecting an Ajax framework, and for testing and debugging applications.

We'll go straight to the interesting parts of JavaScript programming:

* Prototype-based inheritance
* Functional style
* Dynamic evaluation
* In-browser testing

We'll demonstrate these concepts using popular Ajax frameworks such as Dojo, Prototype, script.aculo.us.

By Justin Gehtland
O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

O/RM (Object/Relational Mapping) seeks to eliminate repetitive or tedious work enabling the CRUD (create, read, update, delete) that underlies most applications. Hibernate is a popular, open-source O/RM tool that uses reflection (instead of code generation, like EJB, or bytecode injection, like JDO) to manage your persistence layer. This session will introduce you to Hibernate. After an overview of common usage scenarios, including web and enterprise applications, we'll examine the basics of getting Hibernate running. We'll cover the mapping file format and syntax, including common relational mapping structures. Then, we'll examine the Hibernate API for interacting with the framework. Finally, we'll cover the common architectural decisions you'll have to make as you include this (or any other) O/RM framework.

By Justin Gehtland
Hibernate is easy to get started with, but can sometimes be hard to make efficient or secure. In fact, the default settings for Hibernate createapplications that will run slowly, cause unwanted round trips to the database, and may be more restrictive and/or permissive from a security standpointthan you would otherwise want.

This session will show advanced techniques for tuning performance, including:
• advanced collection mapping strategies
• lazy loading
• cascading update management
• lifecycle management
• Hibernate's interceptor layer
In addition, we'll examine the security considerations when using Hibernate. Often, single-credential data access isn't enough for sensitive data. We'll
walk through using per-user credentials for data access, logging security information about and through Hibernate, and accessing data sources through secure application servers.

By Neal Ford
Lots of developers want to use Agile development technique but don't know where to start. This session discusses how to get started with Agility, the key benefits you can expect, and the pitfalls to avoid.

There's the perfect world, and then there's the world you have to live in. Lots of organizations would like to reap the benefits of Agile development techniques but don't know how to get started. This session discusses the key benefits you can derive from Agile software development so that you can decide for yourself how many agile techniques will work within your organization. I discuss project planning and estimation, how to benefit from pair programming when you aren't allowed to pair, how to measure your progress, and other project milestones. Agile software development isn't just an unrelated set of activities, it is a discipline. Once you understand the component parts of the discipline, you can apply them to your less-than-perfect world.

Key Session Points

• What makes Agile tick?
  
• Flavors of agility
  
• Selectively applying agile practices
  
• Enforcing code quality
  
• Measuring progress
  
• Iterating over the waterfall
  
• Lessons learned

By Neal Ford
Is Service Oriented Architecture the next wave of distributed computing or just the same old crap in a shiny new package? This session provides an overview of what most people agree is the definition of SOA. I talk about SOA, ESB, CORBA, your MOM, and a bunch of other acronyms.

This session is a pragmatic look at SOA from a developer perspective, including such (never talked about) topics like tranports, granularity, versioning services, transformations, and whether you should be doing this or not. I show lots of slides with diagrams and talk about how to evolve towards an SOA. SOA can work if you ignore the hype and focus on the real meat: building loosely coupled message-based applications. This session discusses just that.

By Neal Ford
This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.

Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!



Key Session Points:

* OWASP List of Vulnerabilities

10. Insecure configuration management
9. Denial of service
8. Insecure storage
7. Improper error handling
6. Injection flaws
5. Buffer overflows
4. Cross site scripting flaws
3. Broken authentication and session management
2. Broken access control
1. Unvalidated input

* Security Tools and frameworks
* Case Study: Hacking Oracle through a browser
* Case Study: Cross-site scripting
* Case Study: SQL Injection

By Neal Ford
This session describes the use and workings of Selenium, the open source web user interface testing tool.

Selenium is one of the most powerful functional testing frameworks to come from the open source world in a long time. This session covers all aspects of Selenium, starting from its origins as an internal user-acceptance testing tool through testing Ajax applications. This session covers Selenium functionality, syntax of the test scripts (both HTML and the scripting language), keywords, testing techniques, recording tests, creating extensions, and testing Ajax applications. Selenium is the premiere testing tool for Ajax, so I show several examples of the power of Selenium combined with Ajax.

Key Session Points

• Selenium origins and background


• Installation


• Building tests


• API overview


• The Selenium IDE


• Testing Ajax Applications


• Future directions

By Neal Ford
This session shows you how to become a more productive programmer every day by using tools that you didn't know you already had.

<grizzled-programmer>
Why, in my day, we didn't have any fancy Gooey tools -- we did everything from the command line and we liked it. And, we got a lot more done than all you point-and-click monkeys
<grizzled-programmer>
Have you ever noticed that some old-school developers can run rings around you at the keyboard? Have you ever seen a 2 week problem become a 2 hour solution because someone knew a better way to solve it? This session is about all the command line and other tools that are extremely powerful yet widely neglected in today's graphical environments. This session shows you how to take advantage of those tools whether you run Windows, *Nix, or Mac. It focuses on specific recipes to make your job easier. I'll show you how to get around your computer in a hurry (no more clicking around in trees), how to find anything fast, how to manage projects and artifacts from the command line, how to automate the repetative tasks you find yourself doing every single day, how to stop repeating yourself, and how to stop repeating yourself. This session is guaranteed to improve your developer productivity by an order of magnitude.



Key Session Points

• Creating a common environment
  
• The Unix philosophy (without Granola or sandals)
  
• Automating common programming tasks
  
• Getting around in a hurry
  
• Searching techniques
  
• Text techniques
  
• Project management from the command line
  
• Stop repeating yourself
  
• Tying it together

By Neal Ford
This session discusses techniques and tools for debugging enterprise applications (without using System.out.println()!)

It's an interesting dilemma – we have the best tools for software development ever, yet developers are still debugging enterprise applications using ystem.out.println()! This session discusses techniques and tools for debugging enterprise applications. It shows how to perform remote debugging through all the major IDEs, either on the same machine or across a network. It also shows how to debug using the command-line jdb debugger (the only one guaranteed to always be available).This session shows how to debug web, EJB, and lightweight enterprise applications. It discusses class loaders, interactive enterprise debugging with Groovy, and how to automate repetitive tasks using JWebUnit and Selenium, making the computer do work for you instead of vice versa (how many times do you have to walk multiple pages through a web application to get to the point where you can debug it?). This session shows you how to automate these and other common debugging tasks. The goal is to make hunting and eliminating bugs in complex applications much easier.

Key Session Points: