The Spring framework is one of the fastest growing open source frameworks. New job postings are gaining rapidly, and many customers are adopting Spring instead of heavier alternatives. In this session, we’ll introduce Spring. You’ll see how Spring can give you much of the power of EJB, without the complexity or pain.

Spring uses concepts like dependency injection and aspect oriented programming to ease standard enterprise development. Spring developers write plain, ordinary Java objects (POJOs), instead of sophisticated components. In this session, you’ll see a basic Spring application. You’ll also see some details about some of the enterprise integration strategies, including:

• Spring AOP • Transactions • Persistence • Model/view/controller

When the session is over, you won’t be an expert, but you should have a much clearer understanding of what Spring does, what it doesn’t do, and why it’s growing so rapidly.

This session, for the Spring beginner, helps you: • Understand dependency injection and inversion of control • Know the meaning of lightweight containers and Spring • Understand the basic pieces of Spring • See core Spring modules in action, including Persistence, AOP, transactions.

Attendees need not know anything about Spring. This session does talk about integration with core J2EE frameworks like JDBC and transactions.

Dependency Injection (DI) is the cornerstone of Spring. The core concept is quite simple, but (surprise!) actual practice can become complex. To take full advantage of Spring DI, you need to understand not only the basics on configuration, but also the container lifecycle model and the various hooks provided by the framework.

Topics will include

The difference between DI and Continuous Integration

Setter Injection

Constructor Injection

Factory Injection

Bean lifecycle

Method Injection

Using the ApplicationContext

Custom PropertyEditors

Hibernate is easy to get started with, but can sometimes be hard to make efficient or secure. In fact, the default settings for Hibernate createapplications that will run slowly, cause unwanted round trips to the database, and may be more restrictive and/or permissive from a security standpointthan you would otherwise want.

This session will show advanced techniques for tuning performance, including: • advanced collection mapping strategies • lazy loading • cascading update management • lifecycle management • Hibernate's interceptor layer In addition, we'll examine the security considerations when using Hibernate. Often, single-credential data access isn't enough for sensitive data. We'll walk through using per-user credentials for data access, logging security information about and through Hibernate, and accessing data sources through secure application servers.

Web applications have traditionally been a sort of Faustian bargain, yielding the high-quality user experience that desktop applications can deliver in exchange for incredibly easy deployment and lower support costs.

One of the arguments against creating rich HTML/JavaScript has been how difficult they can be to write and maintain. You will see how to adapt modern Java web frameworks such as JavaServer Faces and Tapestry to ease both the creation and maintenance of these types of applications.

With Ajax we can get a lot of the best of both worlds. Now our web applications can be powerful, usable, an easily deployed!

Web applications have traditionally been a sort of Faustian bargain, yielding the high-quality user experience that desktop applications can deliver in exchange for incredibly easy deployment and lower support costs (i.e., no client software to install, upgrade, and test on every conceivable desktop configuration).

It turns out that these qualities need not be mutually exclusive. As several recent high-profile web applications such as Google's GMail have shown, modern browsers (e.g., Internet Explorer 6, Mozilla/Firefox, and Safari) are capable of rendering web applications with highly dynamic and compelling user interfaces -- fetching data from a server without page refreshes, animating and manipulating page contents on-the-fly, and all without resorting to third-party plug-ins like Flash. The line between a ""web"" application and a ""desktop"" application is blurring.

Let's blur it some more. Another major limitation of web applications is the lack of ability to function in a disconnected (i.e., off-line) mode. It turns out that this too is quite possible with the right architecture -- a web application can continue to function in a modern browser even in the absence of an Internet connection. And when the connection is re-established, data collected while in off-line mode can be uploaded to a server.

Developers seeking practical, real-world advice for creating next-generation, rich web applications won't come away from this presentation disappointed.

This presentation covers JavaScript from the perspective of an Ajax programmer. We assume that you may be using an Ajax toolkit, but still need to be able to read, modify, and test the JavaScript code in your application. You will learn the common idioms of JavaScript by looking at working code from the Ajax toolkits themselves.

All Ajax programmers need to know JavaScript. Toolkits will do some of the work for you, but your own JavaScript will differentiate your applications from others. A reading knowledge of JavaScript is also necessary when selecting an Ajax framework, and for testing and debugging applications.

We'll go straight to the interesting parts of JavaScript programming:

* Prototype-based inheritance
* Functional style
* Dynamic evaluation
* In-browser testing

We'll demonstrate these concepts using popular Ajax frameworks such as Dojo, Prototype, script.aculo.us.

Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.

In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module

• page level authorization

• method level authorization

• instance level authorization

• forcing HTTPS connections to secured sites

• impersonation using the RunAsManager

The Java platform is built from the ground up with security in mind. This talk will introduce the security features of the J2SE, building quickly from the basic classes to realistic examples. You will learn the core APIs: SecurityManager, AccessController, Permissions and Policy JAAS Subjects, Principals, and LoginModules

You will then see how to invoke these APIs in real application scenarios. You will learn how to: • Partition your applications to safely invoke downloaded code • Read and write Java policy files • Extend the architecture with custom permissions