Craig Walls

Presentations

Securing Spring

Watch Preview Video

In this session, I'll show you how to secure your Spring application with Spring Security 3.0. You'll see hot to declare both request-oriented and method-oriented security constraints. And you'll see how SpEL can make simple work of expressing complex security rules.

Although we may invite guests into our homes and give someone a ride in our car, we locks and alarms on our homes and our cars to keep uninvited and malicious visitors out. Similarly, we allow people to use the applications that we develop, but we probably want to control the access that they have.

Security is an important aspect of any application. And while we could program security rules into the web controllers and methods in our application, we'd find ourselves cluttering our business logic with repetitive security code. Security is a cross-cutting concern--begging to be handled with aspect-oriented techniques.

Spring Security is an authentication and access-control framework based on Spring that provides security aspects. With Spring Security, you can declare who is allowed to access your application and what they're allowed to see, keeping your application logic focused and uncluttered with security details.

NoXML: Spring for XML-Haters

Watch Preview Video

In this presentation, we'll explore all of the ways to do bean wiring in Spring We'll take a pragmatic view of each style, evaluating their strengths, weaknesses, and applicability to varying circumstances.

Over 6 years ago, Spring entered the enterprise Java scene, bringing a simpler development model rooted in dependency injection, the notion of assembling application components in a loosely-coupled way. With it, however, came a flood of XML configuration, required to declare how those components were to be assembled.

For a variety of reasons, XML has fallen out of favor with much of the development community. Now that there are other frameworks that offer dependency injection without all of the XML, some are suggesting that Spring's heavy use of XML has it destined for the scrap heap.

They don't know Spring.

Although XML-based Spring configuration is still available and still has a place in many Spring applications, it is no longer the only way to do dependency injection in Spring. The past few releases of Spring have brought us new ways of assembling our application objects, including annotation-driven options such as Spring's @Autowired and JSR-330's @Inject and Java-based configuration with Spring JavaConfig. There's even a way to express Spring configuration in Groovy.

Developing Next-Generation Applications

Watch Preview Video

For a long while, we've built applications pretty much the same way. Regardless of the frameworks (or even languages and platforms) employed, we've packaged up our web application, deployed it to a server somewhere, and asked our users to point their web browser at it.

But now we're seeing a shift in not only how applications are deployed, but also in how they're consumed. The cost and hassle of setting up dedicated servers is driving more applications into the cloud. Meanwhile, our users are on-the-go more than ever, consuming applications from their mobile devices more often than a traditional desktop browser. And even the desktop user is expecting a more interactive experience than is offered by simple page-based HTML sites.

With this shift comes new programming models and frameworks. It also involves a shift in how we think about our application design. Standing up a simple HTML-based application is no longer good enough.

In this session, we'll discuss what the next generation of applications looks like, exploring such things as the mobile web and cloud computing. We'll also dig into some of the technologies and practices such as REST, OAuth, and JavaScript microframeworks that enable us to move forward.

Spring Data

Watch Preview Video

This session starts with a high-level look at all that the Spring Data project has to offer. Then we'll dive deeper into a few select Spring Data modules, including Spring Data Neo4j, Spring Data MongoDB, Spring Data Redis, Spring Data JPA, and Spring Data JDBC Extensions

In recent years, there has been a renewed interest in how data is stored. Although RDBMS has long been treated as a one-size-fits-all solution for data storage, a new breed of datastores has arrived to offer a best-fit solution. Key-value stores, column stores, document stores, graph databases, as well as the traditional relational database are options to consider.

With these new data storage options come new and different ways of interacting with data. Even though all of these data storage options offer Java APIs, they are widely different from each other and the learning curve can be quite steep. Even if you understand the concepts and benefits of each database type, there's still the huge barrier of understanding how to work with each database's individual API.

Spring Data is a project that makes it easier to build Spring-powered applications that use new data, offering a reasonably consistent programming model regardless of which type of database you choose. In addition to supporting the new "NoSQL" databases such as document and graph databases, Spring Data also greatly simplifies working with RDBMS-oriented datastores using JPA.

Securing the Modern Web with OAuth

Watch Preview Video

In this session, we'll look at OAuth, focusing on OAuth 2, from the perspective of an application that consumes an OAuth-secured API as well as see how to use OAuth to secure your own APIs.

Web security is nothing new. As users of the web, we're all accustomed to entering our usernames and fumbling to recall our passwords when trying to access private data on one of the many online services we use. But while traditionally web security could be described as a two-party process between a web application and a user, the modern web involves applications that seek to access other applications on behalf of their users. This presents some new challenges in keeping a user's sensitive data secure while still allowing a the third party application to access it.

OAuth is an open standard for authorization, supported by many online services, that allows one application to access a user's data in another application, all while giving the user control of what information is shared.

Effective Spring

Watch Preview Video

After almost a decade and several significant releases, Spring has gone a long way from challenging the then-current Java standards to becoming the de facto enterprise standard itself. Although the Spring programming model continues to evolve, it still maintains backward compatibility with many of its earlier features and paradigms. Consequently, there's often more than one way to do anything in Spring. How do you know which way is the right way?

In this session, we'll explore several ways that Spring has changed over the years and look at the best approaches when working with the latest versions of Spring.

Building Next Generation Apps

For a long while, we've built applications pretty much the same way. Regardless of the frameworks (or even languages and platforms) employed, we've packaged up our web application, deployed it to a server somewhere, and asked our users to point their web browser at it.

But now we're seeing a shift in not only how applications are deployed, but also in how they're consumed. The cost and hassle of setting up dedicated servers is driving more applications into the cloud. Meanwhile, our users are on-the-go more than ever, consuming applications from their mobile devices more often than a traditional desktop browser. And even the desktop user is expecting a more interactive experience than is offered by simple page-based HTML sites.

With this shift comes new programming models and frameworks. It also involves a shift in how we think about our application design. Standing up a simple HTML-based application is no longer good enough.

In this session, we'll discuss what the next generation of applications looks like, exploring such things as the mobile web and cloud computing. We'll also dig into some of the technologies and practices such as REST, OAuth, and JavaScript microframeworks that enable us to move forward.

Client-Side MVC: Web and Mobile Development with Spine.js

Watch Preview Video

In this session, we'll start with an empty directory and use Spine.js to create an interactive client-side web application. Then we'll leverage what we learned to build a mobile web application with a native feel that can be deployed either through a phone's web browser or via native wrapper frameworks such as Apache Cordova (aka, PhoneGap).

Model View Controller (MVC) is often thought of in terms of server-side frameworks such as Spring MVC and Struts. But as web applications become more interactive, it becomes important to apply the same principles in the client. Roll-your-own MVC in JavaScript is possible, but as was the case with server-side MVC frameworks, it can get messy and is often better to seek out help from established frameworks.

Recently, several JavaScript-based microframeworks have emerged to address these concerns in the browser. Spine.js is one such framework that brings MVC to the client-side of web development. Based in CoffeeScript, Spine.js stands out due to its simplicity and a programming model resembling that of Rails and Grails. Also, unlike many other client-side MVC frameworks, Spine.js has a clear and well-paved path to mobile application development.

Building Web Applications with Spring MVC

Watch Preview Video

In this session, we'll start with the basics of Spring MVC development, focusing on how to leverage the new annotation-driven model. With that foundation set, we'll continue by exploring the new features in Spring 3.0 and 3.1 to build RESTful web applications that can serve both human-facing content as well as resources that are consumed by machine clients.

From the very beginning, Spring has included Spring MVC, a web framework built around the Spring Framework. Originally based on a rich hierarchy of controller classes, Spring MVC served developers well, but began to look a little long in the tooth compared to other web frameworks.

Starting with Spring 2.5, Spring MVC took a major evolutionary step, breaking away from the rigid controller class hierarchy model to embrace a more flexible annotation-driven model. Often referred to as Spring @MVC, this new model has continued to improve with Spring 3.0 and Spring 3.1.

Elements of Modern Applications: MVC in the Browser

In this session, we'll survey a handful of popular JavaScript libraries, frameworks, and tools that make developing rich applications in the browser a snap. Among those considered will be Spine, Backbone, Sammy, and Knockout, seeing how each stacks up to each other and (in some cases) how they can even be used together.

The pendulum has swung. For years we have developed round-trip web applications where the bulk of processing and content generation are performed server-side and simply displayed in a web browser. However, modern applications target a variety of clients and it's becoming increasingly important for the browser to handle more than content rendering and simple form validation. These applications leverage the capabilities of modern browsers to provider a richer and more responsive experience.

Giving Spring some REST

Watch Preview Video

In this presentation, we'll see how Spring is well-suited for developing that lightweight API, employing the RESTful features of Spring MVC. We'll also look at how to secure those APIs using Spring Security for OAuth and how to create self-describing REST APIs using Spring HATEOAS.

In modern applications, there are a diverse array of clients consuming content from the web. Each of these clients has unique capabilities and limitations, therefore demanding presentation of the application to be tailored to each device. As a result, presentation logic is often pushed into the client itself, leaving the application to serve a common data-oriented lightweight API to be consumed by each client.

Client-Side UI Smackdown

Watch Preview Video

In the modern web, user interfaces are expected to be rich, highly responsive, and available anytime, anywhere, and on any device. Round-trip server-side HTML rendering doesn't fit the bill any longer and numerous JavaScript frameworks have stepped forward to simplify development of client-side user-interfaces. With so many great options available, we now face a paradox of choice and it can be difficult to decide which UI framework best suits our needs.

In this session we'll explore a handful of the most popular client-side UI frameworks, including Backbone, Knockout, Sammy, and Spine (and others) weighing their strengths and weaknesses and helping decide which framework is most suitable for a given set of UI goals.

Making Connections with Spring Social

Watch Preview Video

The modern web is rich with APIs that can be consumed by other applications, enabling an integrated experience for the users who hold accounts on the websites that front those APIs. Many of these APIs are secured with OAuth, an authorization specification for securing REST APIs. Spring Social is an extension to the Spring Framework that enables Spring applications to establish connections with those APIs on behalf of their users with little or no need to muck about in the intricacies of OAuth.

In this session, we'll explore how Spring Social brings API connectivity to Spring applications. We'll also uncover the newest features of Spring Social that make it easier than ever to link your application's users to the identities they maintain on various sites across the web.

Cujo.js: Rabid Application Development in Javascript

Watch Preview Video

In modern applications, Javascript is increasingly prevalent both on the client-side and to some degree on the server-side. As we continue to crank out more Javascript code, we're finding that many of the same hard-lessons we learned in writing decoupled Java code are equally desirable in Javascript code. Without the benefit of dependency injection and AOP, both Java and Javascript code can quickly become an unnavigable and untestable mess.

Where frameworks like Spring have helped us gain control over our Java code, Cujo.js similarly aims to give our Javascript code more structure and testability.

In this session, we'll look at Cujo.js, an "unframework" that provides dependency injection that takes Javascript's unique needs into consideration to create loosely-coupled code. We'll also see how, although Cujo.js isn't strictly a UI framework, elements of Cujo.js can be brought together to elegantly build client-side UIs.

Client-Side UIs with Backbone and Knockout

Watch Preview Video

Model View Controller (MVC) is often thought of in terms of server-side frameworks such as Spring MVC and Struts. But as web applications become more interactive, it becomes important to apply the same principles in the client. Roll-your-own MVC in JavaScript is possible, but as was the case with server-side MVC frameworks, it can get messy and is often better to seek out help from established frameworks.

Recently, several JavaScript-based microframeworks have emerged to address these concerns in the browser. Two of the most popular framework are Backbone and Knockout. In this session, we'll explore what each of these two frameworks bring to the table for the client-side Javascript developer and then see how they complement each other through another framework known as Knockback.

Client-Side UIs with Thorax and Lumbar

Watch Preview Video

Model View Controller (MVC) is often thought of in terms of server-side frameworks such as Spring MVC and Struts. But as web applications become more interactive, it becomes important to apply the same principles in the client. Roll-your-own MVC in JavaScript is possible, but as was the case with server-side MVC frameworks, it can get messy and is often better to seek out help from established frameworks.

One of the most popular Javascript frameworks in this space is Backbone.js. Although Backbone has a strong following and is used in many successful applications, it is still missing a few useful features and doesn't present a very good "getting started" story for a developer new to Backbone or any developer starting out on a new application.

In this session, we'll take a look at Thorax, an opinionated extension to the Backbone framework that helps you build clean and robust Backbone applications. We'll also look at Lumbar, a build tool for Javascript from the makers of Thorax, that enables you to target your build to a variety of clients, both mobile devices and traditional browsers.