With the forthcoming release of Java7, a number of things come to fruition, both in the Java language and in the libraries, and it's important for Java developers to know what those features are, and how they change the game of writing Java code–or not.
In this presentation, we'll go over those changes, JSR by JSR, and discuss where and how they may affect your next project.
Hadoop is a MapReduce framework that has literally sprung into the vernacular of “big data” developers everywhere. But coding to the raw Hadoop APIs can be a real chore. Data analysts can express what they want in more English-like vocabularies, but it seems the Hadoop APIs require us to be the translator to a less comprehensible functional and data-centric DSL.
The Cascading framework gives developers a convenient higher level abstraction for querying and scheduling complex jobs on a Hadoop cluster. Programmers can think more holistically about the questions being asked of the data and the flow that such data will take without concern for the minutia.
We'll explore how to set up, code to, and leverage the Cascading API on top of a Hadoop sample or production cluster for a more effective way to code MapReduce applications all while being able to think in a more natural (less than fully MapReduce) way.
During this presentation, we'll also explore Cascading's Clojure-based derivative, Cascalog, and how functional programming paradigms and language syntax are emerging as the next important step in big-data thinking and processing.
Does your application transmit customer information? Are there fields of sensitive customer data stored in your DB? Can your application be used on insecure networks? If so, you need a working knowledge of encryption and how to leverage Open Source APIs and libraries to make securing your data as easy as possible. Cryptography is quickly becoming a developer's new frontier of responsibility in many data-centric applications.
In today's data-sensitive and news-sensationalizing world, don't become the next headline by an inadvertent release of private customer or company data. Secure your persisted, transmitted and in-memory data and learn the terminology you'll need to navigate the ecosystem of symmetric and public/private key cryptography.
Many development shops have made the leap from RCS, Perforce, ClearCase, PVCS, CVS, BitKeeper or SourceSafe to the modern Subversion (SVN) version control system. But why not take the next massive stride in productivity and get on board with Git, a distributed version control system (DVCS). Jump ahead of the masses staying on Subversion, and increase your team's productivity, debugging effectiveness, flexibility in cutting releases, and repository redundancy at $0 cost. Understand how distributed version control systems are game-changers and pick up the lingo that will become standard in the next few years.
In this talk, we discuss the team changes that liberate you from the central server, but still conform to the corporate expectation that there's a central master repository. You'll get a cheat sheet for Git, and a trail-map from someone who's actually experienced the Subversion to Git transition.
Lastly, we'll even expose how you can leverage 75% of Git's features against a Subversion repository without ever telling your bosses you are using it. Be forewarned that they may start to wonder why you are so much more effective in your checkins than other members of your team.
Git is a version control system you may have been hearing a bit about lately. But simply hearing more about it may not be enough to convince you of its value. Getting hands on experience is what really counts. In this workshop, you'll bring your Windows, Mac or Linux laptop and walk through downloading, installing, and using Git in a collaborative fashion.
The workshop style of this class will allow you to observe and discover the value of this new version control tool first hand. You'll be cloning, creating, commiting, and pushing repositories by the conclusion of this session.
git
is on your PATH
(in the environment variable list of paths)Computer science is built on a shaky tower of abstractions, but we've been distracted by other things until we believe it is reality.
This talk teases apart some of the tangled abstractions that have become so common they are invisible yet impact important decisions. I cover languages, tools, platforms, and burrow all the way down to fundamental concepts. This wide-ranging keynote answers these questions and more:
* Which language should I learn next? And should I bother?
* Why is the iPad is the most revolutionary device in the last 30 years?
* Why do some people hate Maven so much?
* How can I choose technologies with long shelf lives?
* Is hiding always a good thing?
Oh, and some jokes too.
The first in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
The REpresentational State Transfer (REST) architectural style has emerged as a winning strategy for building scalable, flexible, resilient systems that lead with an information focus. Far from being the simple “Web Services through URLs” idea many people have about them, REST-based systems require a new perspective, a fair amount of consideration and the discipline to look beyond simple point-to-point interactions.
The benefits are exciting and provide a gateway to a whole new world of information technology. This first talk will be an introductory session covering the basics of the REST architectural style.
The second in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
People already familiar with REST (or who have attended the first session) will be walked through the deeper topics of building Level 3 Hypermedia-based RESTful systems, security, content negotiation, etc.
The fourth of a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
The Web of Documents we are so familiar with is being extended with the technologies of the Semantic Web. Information will be freed from its containers and connected regardless of where it comes from. Building on the concepts of REST services and the Web Architecture, we will introduce the Resource Description Framework (RDF) as the basis of a new collection of tools for information sharing and integration. Once the information is woven together, we will want to query it and produce new information resources with technologies like the SPARQL query language.
People already familiar with REST and the Web (or who have attended the REST sessions) will be given both conceptual and technical examples of how and why these technologies are laying the foundation of future information systems.
The fifth in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
Once we have a flexible and extensible data model like RDF, we will want to find ways to weave it into our documents to make them easier to organize, find and extract value from on the Web. This talk will highlight techniques for adopting RDFa but will also motivate attendees to dig deeper by showing them how it is already being used by the biggest names on the Web. Improve your search results and allow your customers to leverage relevant information for their own purposes.
You understand how important it is to be on the Web. Come learn how important it is to be on the Web of Data.
People are confused about the status of HTML 5. Is it ready? Is it not? What is part of the spec and what isn't? We'll talk about the situation in the “HTML 5 and the Kitchen Sink” discussion, but as always, the proof is in the pudding. We will introduce the most exciting new features of HTML 5 and its related technologies and build examples that use them.
We will work with real code covering:
The new input elements
Editable content
Canvas Element and its related 2D APIs for drawing and animation
Audio and Video elements and how to use fallbacks for codec coverage
Browser native drag and drop
Local storage
Web Workers
Websockets
The Geolocation API
Web DB (SQL in the browser!)
This workshop will assume no special knowledge of HTML 5 and should be accessible to any web developers.
Bring your laptops. This is a hands-on workshop.
Even with the recent explosion in alternative languages for the JVM, the vast majority of us are still writing code in “Java the language” in order to put bread on the table. Proper craftsmanship demands that we write the best Java code that we can possibly write. Fortunately we have a guide in Joshua Bloch's Effective Java.
In his foreward to the first edition, Guy Steele writes about the importance of learning three aspects of any language: grammar, vocabulary, and idioms. Unfortunately many programmers stop learning after mastering the first two. Effective Java is your guide to understanding idiomatic Java programming.
Effective Java is organized into 78 standalone “items,” all of which will be impossible to cover in one session. Instead I've chosen a subset of the most important techniques and practices that are commonly missed by today's Java programmers. You'll pick from a menu and decide where we'll head. Regardless of the path we take, you'll leave this session thoroughly equipped to write better Java code tomorrow!
Feature requests are steadily pouring in, but the team cannot respond to them. They are paralyzed. The codebase on which the company has “bet the business” is simply too hard to change. It's your job to clean up the mess and get things rolling again. Where do you begin? Your first task is to get the lay of the land by applying a family of techniques we'll call “Code Archaeology.”
In this session we will learn how to systematically explore a codebase. We'll look at what tools are available to help us out, slinging some wicked shell-fu along the way. We'll look at “code islands” and “code bridges,” and how to construct a “map of the code.” We'll also examine the wisdom that thought leaders like Michael Feathers and Dave Thomas have leant to this subject.
Once we've gained a thorough understanding of what we have in front of us, we'll learn approaches for getting the system under test and refactoring so that we can start to pick up the pace and respond to user requirements without making a bigger mess. You'll leave this session well prepared to tackle the next “big ball of mud” that gets dumped on your desk.
The full title of this talk reveals its grand aims: Game Theory and Software Development: Explaining Brinksmanship, Irrationality, and Other Selfish Sins
Once in a while, a topic, seemingly orthogonal to software development, presents a great opportunity to showcase how engineering can benefit from knowledge of seemingly more social disciplines. In this talk, the fundamental principles of economics' Game Theory are compared to often inexplicable behaviors and decisions we frequently observe in programming projects.
Then, with a good Game Theory vocabulary under your belt, several standard games are studied in a manner that will allow you to better manipulate the inputs. These games are present in web framework choices, project planning and estimation, and even team decisions on which bug to solve first. With a good understanding of Game Theory, you'll be able to understand and influence what you previously labeled 'irrational behavior.' It turns out to be far from irrational when examined in the context of self-preservation. Once these behaviors are understood, you will be able to ethically influence the outcomes to your personal and corporate advantage.
You're serious about improving the quality of your code base, but with 10,000 lines of code, where do you start and how do you ensure the greatest ROI for the re-work your team members will perform?
Sonar is an open source tool that brings together the best of breed static and dynamic analysis of Java projects. The result is a unified view of problematic areas of your code on a time-line basis, allowing the team to attack the problems with the best ROI, and maintain a more watchful eye for positive and risky trends in the codebase in the future.
This talk will show you Sonar from the ground up and explain 10 critical metrics that affect your code's flexibility, stability, and durability.
A Technology Radar is a tool that forces you to organize and think about near term future technology decisions, both for you and your company. This talk discusses using the radar for personal breadth development, architectural guidance, and governance.
ThoughtWorks Technical Advisory Board creates a “technology radar” twice a year, a working document that helps the company make decisions about interesting technologies and where we spend our time. ThoughtWorks then started conducting radar-building exercises for our clients, which provides a great medium for technologists company-wide to express their opinions about the technologies they use every day. For companies, creating a radar helps you document your technology decisions in a standard format, evaluate technology decisions in an actionable way, and create cross-silo discussions about suitable technology choices. This session describes the radar visualization and how to conduct a radar building session for yourself. After a brief introduction, the bulk of the workshop consists of attendees building a radar for the group, following the same procedure you'll use when you do this exercise at your company. At the end, we'll have created a unique Radar for this event and practiced doing it for yourself.
One of the hallmarks of lean software development is the elimination of waste. Several of the key wastes in software development revolve around incomplete, incorrect, or obsolete documentation, especially documentation of requirements. One effective means of ensuring that your requirements documentation is complete, correct, and up-to-date is to make it executable. That sounds nice, but how do we get it done, especially in the world of modern, cross-browser web applications?
Executable web application specifications are within your reach through the combination of Spock, a testing and specification framework written for the JVM in Groovy, and Geb, an elegant Groovy wrapper around the powerful WebDriver browser automation framework. In this session we'll take a close look at Spock specifications for describing and verifying the behavior of our applications. We'll then examine how we can use Geb's implementation of the Page Object pattern and its “jQuery-ish” API for interacting with our web applications in WebDriver's range of supported browsers. Finally, by gluing these two technologies together via Geb's Spock integration, we'll automate the requirements specification for a simple web app.
CoffeeScript is a little language that compiles into JavaScript. Underneath all of those embarrassing braces and semicolons, JavaScript has always had a gorgeous object model at its heart. CoffeeScript is an attempt to expose the good parts of JavaScript in a simple way.
The golden rule of CoffeeScript is: “It's just JavaScript”. The code compiles one-to-one into the equivalent JS, and there is no interpretation at runtime. You can use any existing JavaScript library seamlessly (and vice-versa). The compiled output is readable and pretty-printed, passes through JavaScript Lint without warnings, and runs in every JavaScript implementation.
In this session we will look at Coffescript, write some coffeescript code, and analyze the generated Javascript. We will look at how we can use it in our existing web development stack, seamlessly compiling the coffeescript into Javascript so it works in our development environment. We will also look at seamlessly using existing Javascript libraries like Prototype, Scriptaculous, and JQuery.
Compass is a tool that can help you build cleaner, better structured, and less error-prone CSS. Semantic CSS is a technique where your CSS vocabulary describes WHAT things are on your page, rather than WHERE they are. Together, this tool and this concept can radically improve the structure of your html.
With compass, your CSS is written in a CSS superset called SCSS which can include variables, math, and method calls that evaluate to CSS. The end result is pure CSS - so you don't need to worry about anything 'funny' on the browser side. This lets us write cleaner CSS that documents the intent of our design, not just the 'end result'.
In this session, I'll lead a guided tour through the latest that Spring has to offer. Whether you're a Spring veteran or a Spring newbie, there will be something new for nearly everyone.
It's been 8 years since Spring 1.0 was released. In that time it has gone from a modest open-source project to being a de facto standard Java application framework. Now, as Spring enters its 8th year, it continues its attack on Java complexity, packed with many new features such as:
In this session, I'll lead a guided tour through the latest that Spring has to offer. Whether you're a Spring veteran or a Spring newbie, there will be something new for nearly everyone.
This talk covers testing the entire stack: unit, integration, functional, behavior-driven, databases, user acceptance, mocking & stubbing, and other topics and strategies.
Most talks you see about testing cover one particular tool, and rarely delve into the strategies around when you should use a particular tool for a particular kind of testing. This talk differs because it covers testing the entire stack: unit, integration, functional, behavior-driven, databases, user acceptance, mocking & stubbing, and other topics and strategies. I discuss the merits of “known good state” vs. “nuke & pave” for databases, discuss the differences between ClassicTDDers vs. Mockists and how they approach testing. Throughout, I provide strategies and heuristics to help guide you when making decisions about how, when, and why you are testing some part of your infrastructure.
Programming concurrency has turned into a herculean task. I call the traditional approach as the synchronized and suffer model. Fortunately, there are other approaches to concurrency and you can reach out to those directly from your Java code.
In this presentation we will discuss the actor based concurrency and also the software transaction memory. We will then develop examples using AKKA and compare the power of these approaches in contrast to the traditional approach.
Traditional collections on the Java platform focused on providing thread-safety at the expense of performance or scalability. More modern data structures strive to provide performance without compromising thread-safety. Some of them require you to adopt to a different semantics or programming model. In this presentation we will explore some data structures that can help reach both thread-safety and reasonable performance.
Concurrent collections, immutable collections, operations on and performance of lists, blocking queues, and tries.
Learning the syntax of a new language is easy, but learning to think under a different paradigm is hard.
Learning the syntax of a new language is easy, but learning
to think under a different paradigm is hard. This session
helps you transition from a Java writing imperative programmer to a
functional programmer, using Java, Clojure and Scala for
examples. This session takes common
topics from imperative languages and looks at alternative ways of
solving those problems in functional languages. As a Java developer, you know how to achieve code-reuse
via mechanisms like inheritance and polymorphism. Code reuse is
possible in functional languages as well, using high-order
functions, composition, and multi-methods. I show examples from my book Functional Thinking of shifting your perspective on problems, ceding messy details to the language, working smarter, not harder, and how to deal with multiparadigm languages.
Scala is a statically typed, fully OO, hybrid functional language that provides
highly expressive syntax on the JVM. It is great for pattern matching,
concurrency, and simply writing concise code for everyday tasks. If you're a
Java programmer intrigued by this language and are interested in exploring
further, this section is for you.
We will go through a rapid overview of the language, look at its key strengths and capabilities, and see how you can use this language for your day-to-day programming. This session will be coding intensive, so be ready for some serious Scala syntax and idioms.
Terracotta is an open-source cluster framework. In this session, attendees will begin by learning about Terracotta architecture and setup. We'll then examine the Terracotta Toolkit in detail with live code examples. Attendees will learn about features in the Terracotta toolkit: barriers, locking, clustered collections, and more. We'll discuss the usage of these features and how to best utilize them across a cluster of JVM's / app servers. We'll also talk about how to setup for high-availability.
Topics in this session:
Ehcache is the most popular open source cache framework for the JVM. It is integrated into many open-source packages, such as Grails. First, we'll cover the concept of caching objects and use cases around caching. In this session, we'll get into Ehcache details about architecture, configuration, design, cache types and more. Attendees will learn how to configure Ehcache and we'll discuss the major configuration options. We'll also do some live code demos so attendees can better understand the concepts and features of caching and Ehcache. Of course, we'll also see how it plugs into ORM / JPA tools like Hibernate.
Topics:
Building an application is not the straightforward exercise it used to be. Decisions regarding which architectural approaches to take (n-tier, client/server), which user interface approaches to take (Smart/rich client, thin client, Ajax), even how to communicate between processes (Web services, distributed objects, REST)… it's enough to drive the most dedicated designer nuts. This talk discusses the goals of an application architecture and why developers should concern themselves with architecture in the first place. Then, it dives into the meat of the various architectural considerations available; the pros and cons of JavaWebStart, ClickOnce, SWT, Swing, JavaFX, GWT, Ajax, RMI, JAX-WS, , JMS, MSMQ, transactional processing, and more.
After that, the basic architectural discussion from the first part is, with the aid of the audience in a more interactive workshop style, applied to a real-world problem, discussing the performance and scalability ramifications of the various communication options, user interface options, and more.
Fred Brooks said, “How do we get great designers? Great designers design, of course.” So how do we get great architects? Great architects architect. But architecting a software system is a rare opportunity for the non-architect.
The kata is an ancient tradition, born of the martial arts, designed to give the student the opportunity to practice more than basics in a semi-realistic way. The coding kata, created by Dave Thomas, is an opportunity for the developer to try a language or tool to solve a problem slightly more complex than “Hello world”. The architectural kata, like the coding kata, is an opportunity for the student-architect to practice architecting a software system.
In this session, attendees will be split into small groups and given a “real world” business problem (the kata). Attendees will be expected to formulate an architectural vision for the project, asking questions (of the instructor) as necessary to better understand the requirements, then defend questions (posed by both the instructor and their fellow attendees) about their choice in technology and approach, and then evaluate others' efforts in a similar fashion. No equipment is necessary to participate–the great architect has no need of tools, just their mind and the customers' participation and feedback.
Agile has matured to the point of mainstream success. Even large companies have discovered that it helps them build better quality software faster. But the agile practices that are mainstream today have been around for a long time. What is the next wave of innovation in the Agile world going to bring?
Agile software development works because of feedback loops, and to
make it better (or repair what's broken), you identify missing
feedback loops, or replace broken ones. This talk uncovers two
feedback loops missing from most projects. The first uses Behavior
Driven Development & Cucumber to incorporate business
analysts, testers, subject matter experts, and developers one one
platform for requirements definition and verification. The other
anemic feedback loop in many organizations involves the last mile to
production: you have error prone, horrific manual releases that
everyone hates. Continuous Delivery delivers proven techniques
and tools to make “Done” better.
One of the first principles of lean software development is the elimination of waste. Shigeo Shingo identified seven types of manufacturing waste in his “A Study of the Toyota Production System.” Later, the Poppendieck's translated these to seven wastes of software development.
The seven wastes:
In this session, we'll examine each of these wastes and look at some of their common manifestations, both in our coding practices and in our development methodologies. We'll also examine strategies for eliminating each of these wastes from our development efforts.
The Java Virtual Machine is home to several different languages beyond Java, many of which mix ideas (paradigms) together to create a flexible language. Languages which support these different paradigms can be awkward and hard to understand how to use at first.
But if we tear apart the paradigms, examine each one and its advantages and disadvantages, then we can go back to bringing them all back together to create some truly elegant and powerful software designs. It all begins with understanding what software design paradigms are.
JavaScript is one of those very powerful languages that is often misunderstood and underutilized. It's quite popular, yet there's so much more we can do with it.
In this presentation we'll deep dive into the capabilities and strengths of this prominent language of the web.
“The Google Guava project contains a host of new features/classes for use by the Java programmer. Intended as a drop-in supplement for the standard JDK APIs, Guava provides features like immutable and forwarding collections, some concurrency utilities, more support for primitives, and so on.
In this session, we'll go over the Guava library, looking at what it provides, when you might seek to use it, and what the overheads and consequences of using it would be.”
Object-oriented programming was formally introduced in the 1970's with the advent of Smalltalk. C++ took it mainstream in the 1980's, and Java carried it to the next level in the 1990's. Unfortunately, if you examine the vast majority of Java codebases, what you'll find is a bunch of C-style structs (a.k.a. JavaBeans) and functions. As these codebases grow, a number of design smells can potentially crop up, which in turn cripple our ability to respond to change. We need SOLID principles that we can apply to keep our software clean and malleable.
Robert C. “Uncle Bob” Martin identified several design smells in his book Agile Software Development: Principles, Patterns, and Practices:
We can reverse and in fact avoid these techniques by following the principles of SOLID software design:
You'll leave this session equipped to ferret out design smells and apply these principles on your next project.
Programmers often complain that it is hard to automate unit and acceptance tests for JavaScript. Testability is a design issue and with some discipline and careful design we can realize good
automated tests.
In this presentation we'll learn how to automate the testing of JavaScript using both TDD and BDD tools.
Most of the time when people talk about agile software development, they talk about project and planning practices and never mention actual development practices. This talk delves into best development practices for agile projects, covering all of its aspects.
Most of the time when people talk about agile software development, they talk about project and planning practices but never mention actual development, as if development where an afterthought when writing software. This talk bills into the real details of how to do agile development. I discuss best practices like continuous integration, pair programming, how developers should interact with story cards, how to handle enterprise concerns like integration with other software packages, and a slew of other topics related to agile software development.
Businesses are increasingly recognizing the value of connecting with their customers on a more personal level. Companies can utilize social networking to transition from “Big Faceless Corporation” to “Friend” by taking their wares to the online communities where their customers are. In this age of social media, those communities are found at social network sites such as Facebook, Twitter, and LinkedIn. In this session, you'll learn how to build applications that interact with the various social networks. We'll also look at Spring Social, a new feature in the Spring portfolio that enables integration with social networks in Spring-based applications.
Session Detail
Want to use Groovy but don't have time to read all of Groovy in Action? This talk gives you a whirlwind introduction to its capabilities, from basic data types, Groovy strings, POGOs, collections, Groovy SQL, and the Groovy JDK.
Learn the basics of Groovy through code examples, including both scripts and classes. A complete set of test cases is included, as well as a gradle build script to download everything you need and run all the tests.
Groovy was never intended to replace Java. Instead, it expands Java capabilities and makes developers' lives easier. In this presentation, we'll survey many ways to make your Java systems easier by adding Groovy.
Among the topics we'll cover are: parsing and generating XML, simplifying your build, making testing easier, quick database access, working with Spring, and mixing Groovy and Java at the code level.
The Spock framework brings simple, elegant testing to Java and Groovy projects. It integrates cleanly with JUnit, so Spock tests can be integrated as part of an existing test suite. Spock also includes an embedded mocking framework that can be used right away.
In this presentation, we'll look at several examples of Spock tests and review most of its capabilities, including mock objects and integration with Spring.
Groovy and the Spring framework are old friends. Spring includes dynamic beans that can be modified while a system is still running, and of course the Grails framework is built on top of Spring MVC. Here we'll illustrate all the ways that Groovy works with Spring, and show how a developer can take advantage of those capabilities right away.
Examples will include using Groovy beans in Spring systems, refreshable beans, inline scripted beans, aspects in Groovy, and even the Grails Spring bean builder.
There are a lot of things we can measure about our source code, but what about the “project as a whole” and its overall health? Are there ways of measuring the effectiveness of our processes? Are there things we can measure that would point to project automation wins? Is there a way to measure team 'morale'?
While we can gather a lot of metrics from automated source inspection tools, those can make us focus on the wrong “problems to solve”… There are a lot of personal, team, and project-level things we can measure and tune that can lead to big wins. Using advice from an obsessive-compulsive numbers collector, the Personal Software Process, Scrum, the Pomodoro Time Management Technique, and Personal Kanban, we will discuss ways of effectively measuring aspects of our team and our productivity, and actions we might take based on what we learn.
Most good developers eventually have the opportunity to be managers. Whether they call you the “project manager”, “Technical Lead”, “Lead Developer”, or some other classic middle-management title, you become the 'goto' guy between management and developers. You're the guy who is expected to keep the project in-line, track a schedule, and occasionally answer the question “How's it going?“, and perhaps still contribute at a technical level. So how do you do that?
So what do you do next? How do you plan what needs to be developed? How do you know if you are 'on schedule' or heading off-track? Using good ideas from a bunch of successful projects (but no methodology in particular), you will learn the basics of good project planning, execution, and tracking.
While this talk as management methodology agnostic, many of the ideas are tracable directly back to concepts from XP, SCRUM, and even RUP and CMMi. Whether you are following a management methodology or not, the ideas in this talk will be applicable to technical managers.
In this session, I'll show you how to secure your Spring application with Spring Security 3.2. You'll see how to declare both request-oriented and method-oriented security constraints. And you'll see how SpEL can make simple work of expressing complex security rules.
Although we may invite guests into our homes and give someone a ride in our car, we locks and alarms on our homes and our cars to keep uninvited and malicious visitors out. Similarly, we allow people to use the applications that we develop, but we probably want to control the access that they have.
Security is an important aspect of any application. And while we could program security rules into the web controllers and methods in our application, we'd find ourselves cluttering our business logic with repetitive security code. Security is a cross-cutting concern–begging to be handled with aspect-oriented techniques.
Spring Security is an authentication and access-control framework based on Spring that provides security aspects. With Spring Security, you can declare who is allowed to access your application and what they're allowed to see, keeping your application logic focused and uncluttered with security details.
In this session, we'll start with the basics of Spring MVC development, focusing on how to leverage the new annotation-driven model. With that foundation set, we'll continue by exploring the new features in Spring 3.0 and 3.1 to build RESTful web applications that can serve both human-facing content as well as resources that are consumed by machine clients.
From the very beginning, Spring has included Spring MVC, a web framework built around the Spring Framework. Originally based on a rich hierarchy of controller classes, Spring MVC served developers well, but began to look a little long in the tooth compared to other web frameworks.
Starting with Spring 2.5, Spring MVC took a major evolutionary step, breaking away from the rigid controller class hierarchy model to embrace a more flexible annotation-driven model. Often referred to as Spring @MVC, this new model has continued to improve with Spring 3.0 and Spring 3.1.
How does your team handle release weekend? Is it the whole weekend? Is everyone on call? Is there a way to reverse the decision mid-stream?… How long would it take your company or team to push a single line code fix from dev into production? Way too many organizations handle the production release through manual and tedious labor following a lengthy to-do check list. Way too many organizations have no way to reproduce their production environment… because they have manually changed or updated configurations without version control… or they have OS or application server paths that are not under proper management.
What if you could “test” your production release before production? One of the answers to the last mile of continuous delivery is GLU. GLU is an open source project for deployment automation. It was created by one of the co-founders of LinkedIn (Yan Pujante) for automation of LinkedIn's deployment automation.
This session is a basic tutorial, walking through the configuration of a deployment out to multiple services. We will work through serial and parallel deployments, ensuring consistency and detecting problems. This session should be a sufficient introduction to walking through: 1) installation, 2) configuration, 3) multi-server deployments 4) manual updates and 5) automated updates
When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the loj4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern which seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs…. until now… Enterprise Security API library from OWASP.
This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues which can be solved through standardizing on the open source Enterprise Security API.
Even with the recent explosion in alternative languages for the JVM, the vast majority of us are still writing code in “Java the language” in order to put bread on the table. Proper craftsmanship demands that we write the best Java code that we can possibly write. Fortunately we have a guide in Joshua Bloch's Effective Java.
Effective Java is organized into 78 standalone “items,” all of which will be impossible to cover in one session. Instead I've chosen a subset of the most important techniques and practices that are commonly missed by today's Java programmers.
*In Part II of this session, we'll cover those items we were unable to reach during Part I. We'll follow that up with a dive into the new features available in Java 7, describing new idioms for effective Java programming in the following areas:
Enterprise Integration used to be mundane and tedious - developers had to build all the code by hand and testing was difficult. With the rise of popular Enterprise Integration toolkits such as Apache Camel, this is no longer the case. Apache Camel makes it a breeze to do enterprise integration, and in this session, you'll be introduced to both Enterprise Integration basics as well as implementing them with Apache Camel.
Along with Apache Camel, we'll also look at Spring Integration. Filled with lots of code examples from both Camel and SI, we'll see how you implement common Enterprise Integration patterns. We'll compare and contrast the two approaches and get you up-to-speed so you can start using these tools quickly.
Whether you are just getting started, or you’ve made an attempt and well… it could be better… a lot better, this session is for you. Ken has been working on Agile projects as a coach and mentor for a number of years. Come discover the common reasons teams fail to get it right. Bring your own challenges and lets discuss. This is set to be an engaging and illuminating discussion.
This can be a dynamic discussion where challenges facing attendees may have us to focus on some areas and tips of agile development. We will certainly talk about how team or management choices to deviate from core agile practices add risk to a project with suggestions on how to resolve many of these challenges.
There is a new “movement” in software development circles called DevOps. It is about the automation of development best practices as well as the automation of the deployment pipeline. Answer this question, “How long does it take your organization or team to push 1 line code of change into production?” That’s what this session is all about.
See what LinkedIn is doing… a company who is pushing production releases multiple times a day. Their approach may not be best for you, but we can learn from it. This session will look at all aspects of automating the delivery pipeline with a focus on “Continuous Delivery”, a term coined in the Agile Manifesto.
With the rise of multi-core processors, and their growing ubiquity (on client machines, to say nothing of the server machines on which Java applications most frequently execute), the need to “program concurrently” has risen from “nice-to-have” to “mandatory” requirement, and unfortunately the traditional threading-and-locking model is just too complicated for most Java developers–even the brightest of the lot–to keep track of with any degree of reliability. As a result, numerous new solutions are emerging, each of them with their own strengths and weaknesses, leaving the Java developer in a bit of a quandary as to which to examine.
In this presentation, we'll look at Akka, a framework/platform specifically aimed at building high-throughput, concurrency-friendly applications in either Java or Scala (or both), with a slew of additional add-on modules to handle issues like persistence, communication (pub-sub, REST, and more), and more. By the time we're done, you'll be able to start looking into using Akka on your own projects, and have a good feel for what your projects would look like when Akka-ized.
Android is a new mobile development platform, based on the Java language and tool set, designed to allow developers to get up to speed writing mobile code on any of a number of handsets quickly. In this presentation, we'll go over the basic setup of the Android toolchain, how to deploy to a device, and basic constructs in the Android world.
Attendees should be intermediate to advanced Java developers, as no time will be spent on Java basics, just the Android parts. Attendees are encouraged to bring laptops to the session (and your Android-based device, if you have one) to fill out code as we go, but the limited time frame means a focus on fast delivery of content and example code; have your fingers warmed up (and the SDK downloaded!) before you get here. (Latest Android SDK will also be on a USB key for attendees' use, in case attendees haven't had a chance to download & install.)
With the rise of the NoSQL movement, a whole new crop of different ways to store data suddenly became available to the Java developer. Unfortunately,what didn't come with them was an owner's manual. CouchDB, for example, was the first of the NoSQL databases to be named as such, and offers features not found in the traditional RDBMS: A distributed, robust, incremental replication document-oriented database server with bi-directional conflict detection and management, accessible via a RESTful JSON API, stored ad-hoc and schema-free with a flat address space, that is both query-able and index-able, featuring a table oriented reporting engine that uses JavaScript as a query language. (With a list of buzzwords like that, what's not to love?)
In this session, we'll look at CouchDB, how to set it up, store data to it, retrieve data from it, and in general figure out where it fits within your next project.
Cryptography at first seems like a daunting topic. But after a basic intro and the leverage of the Java Cryptography Extension (JCE), it seems downright feasible to add encryption and decryption capabilities to your application.
Developers weren't satisfied with just the JCE and its plug-in concepts though. Over the last few years, framework architects have made strides in either wrapping or re-writing the approachable JCE in more convenient APIs and fluent interfaces that make effective and accurate crypto down right simple.
Explore three of these libraries – Jasypt, BouncyCastle and KeyCzar – and how they can be leveraged to make your next Java cryptography and data security effort a simple exercise and not a tribulation.
Jasypt, BouncyCastle and KeyCzar are three open source frameworks that bring unique new crypto algorithms such as elliptic curve cryptography to the enterprise developer, remove repetitive ceremonious setup and tear down coding, and add high level adapters to the Spring and Hibernate frameworks.