Keeping your SOC(K)s DRY Improving design with POJOs, dependency injection, O/R mapping and AOP
We have all been frustrated by difficult to maintain code. Maintenance problems are often caused by violations of the Separation of Concerns (SOCs) and Don't Repeat Yourself (DRY) design principles. The SOC principle requires an application component to do just one thing and violating it often results in overly complex code that is difficult to understand and maintain. Conversely, the DRY principle requires each design concept to map to one component. Violating the DRY principle results in design changes impacting multiple modules.
This talk describes how to develop enterprise Java applications that
conform to the SOCs and DRY principles by using dependency injection (DI),
O/R mapping (ORM) and Aspect Oriented Programming (AOP).
We will show how you can implement business logic using POJOs that
are decoupled from infrastructure concerns such as persistence,
security and transaction management.
We will also describe how to modularize concerns such as audit logging
that are normally implemented by code that is mixed in with the business logic.
You will learn how POJOs, DI, ORM and AOP let you keep you SOC(K)s DRY and
develop easy to maintain applications.
The presentation has numerous Spring, Hibernate, and AspectJ examples.
James Ward, Adobe Systems
Building sexy web apps in Java Mozilla Tamarin, and Flex
In this session James Ward will do live demonstrations and write code to show how easy it is to build sexy web apps with Java, Mozilla Tamarin, and Flex. The session will cover the programming model, Java Remoting, Pub/Sub messaging & JMS integration, Data Synchronization, Hibernate integration, charting, cinematic experiences, and media integration.
James Bio:
James Ward is a Technical Evangelist for Flex at Adobe and Adobe's JCP representative toJSR 286, 299, and 301. Much like his love for climbing mountains he enjoys programming because it provides endless new discoveries, elegant workarounds, summits and valleys. His adventures in climbing have taken him many places. Likewise, technology has brought him many adventures, including: Pascal and Assembly back in the early 90's; Perl, HTML, and JavaScript in the mid 90's; then Java and many of it's frameworks beginning in the late 90's. Today he primarily uses Flex to build beautiful front-ends for Java based back-ends. Prior to Adobe, James built a rich marketing and customer service portal for Pillar Data Systems.
This weeks meeting is a continuation of a previous meeting discussing several log file analyzing tools to help diagnose system issues. Focus will be on IBM specific tools, however information will translate to other available tools. This meeting is meant to facilitate discussion around the the tools and diagnostic techniques. My information is limited based on my experience and the groups participation will greatly add to the discussion. Tools can be used to reveal many system issues including memory, threading, and other system issues. Investigating the tools and system can greatly help understanding of Java and your applications characteristics, which can be very revealing.
Garbage Collection Utility: looking at verbose Garbage Collection data
Heap Analyzer: looking at objects in the heap
Thread and Monitor Dump Analyzer: looking at java core dump
Meeting will cover basic intro material in fist part of meeting durring the Starter Session. This will include basic Garbage Collection and Heap structure review just deep enough to help understand the tools being discussed. Verbose GC and forcing Dumps will also be discussed. If time permits, a quick discussion of some helpful tools. Advance Session will cover three utilities described above and a identify other tools providing similar functionality.
Starter session:
Introduce eight rules that have been identified as important coding styles for securing java code.
Discuss common mistakes that even experienced developers make when writing cryptography code.
Rules:
1: Avoid using inner classes
2: Avoid comparing class objects by name
3: Make your classes noncloneable
4: Make your classes nonserializable
5: Do not depend on package scope
6: Avoid returning references to mutable objects
7: Make methods, fields, and classes private
8: Make all classes and methods final
Show how to break code using the reasoning behind each rule.
Notes -
The presentation information is driven from an article in the JDJ volume 9 issue 4 (April 2004). A group of Parasoft employees list eight rules that Java coders should follow.
Beating hackers and keeping your customers happy:
An Approach to Mitigating Cross Site Scripting (XSS) in J2EE Applications
Mike is a Certified Information System Security Professional (CISSP) with a background in J2EE development.
His background includes Java Developer and Security Consultant for the California State Board of Equalization,
Security Testing Lead for Kaiser Permanente, and Information Security Architect for Citigroup North America.
He is currently the President of Anteater Security LLC.
XSS is the number 1 issue on the OWASP top 10 list of web application security vulnerabilities.
XSS is both common and dangerous. Potential impacts include phishing, session hijacking, and site vandalism.
There aren't any silver bullet solutions, but some mitigation strategies are much more effective than others.
We will cover an approach to the output encoding strategy recommended by US-CERT.
Properly implemented, output encoding can be an effective control against XSS.
Unfortunately, some obvious approaches may appear reasonable, but are actually ineffective.
We'll cover a much more effective approach.
Ed Gibbs
Software Development Manager, EDFUND
Happy Builds With Hudson
Hudson is a newer open source continuous integration tool. It seeks to make continuous integration drop dead simple.
Continuous Integration keeps your projects humming along alerting you when something goes wrong without tying up your machine.
Older build tools like cruisecontrol can be a pain to setup and configure.
There's annoying XML configuration to wade through and understand before you can get a project up and running.
Tapestry is an open-source framework for creating dynamic, robust, highly scalable web applications in Java.
Tapestry complements and builds upon the standard Java Servlet API, and so it works in any servlet container or application server.
Tapestry divides a web application into a set of pages, each constructed from components.
This provides a consistent structure,
allowing the Tapestry framework to assume responsibility for key concerns such as URL construction and dispatch,
persistent state storage on the client or on the server,
user input validation, localization/internationalization, and exception reporting.
The static HTML SacJUG site is transformed into a dynamic interactive web site.
The Tapestry project will be introduced and then we will look at the steps used to migrate a static HTML web site
to a Tapestry web site. Ant is used to build and deploy the site. Eclipse is used to edit the content and dynamic application.
![[Sacramento Java Users Group]](images/top.gif)
![[Home]](images/home.gif)
![[Members]](images/members.gif)
![[Announce]](images/announce.gif)
![[Sponsors]](images/sponsors.gif)
![[Resources]](images/resources.gif)
From Static to Dynamic