[Sacramento Java Users Group]
[Home] [Members] [Announce] [Sponsors] [Resources]
SacJUG Meeting Archive

January 9, 2007

Consultant and author of POJOs in Action

Keeping your SOC(K)s DRY
Improving design with POJOs, dependency injection, O/R mapping and AOP

We have all been frustrated by difficult to maintain code. Maintenance problems are often caused by violations of the Separation of Concerns (SOCs) and Don't Repeat Yourself (DRY) design principles. The SOC principle requires an application component to do just one thing and violating it often results in overly complex code that is difficult to understand and maintain. Conversely, the DRY principle requires each design concept to map to one component. Violating the DRY principle results in design changes impacting multiple modules.

This talk describes how to develop enterprise Java applications that conform to the SOCs and DRY principles by using dependency injection (DI), O/R mapping (ORM) and Aspect Oriented Programming (AOP). We will show how you can implement business logic using POJOs that are decoupled from infrastructure concerns such as persistence, security and transaction management. We will also describe how to modularize concerns such as audit logging that are normally implemented by code that is mixed in with the business logic. You will learn how POJOs, DI, ORM and AOP let you keep you SOC(K)s DRY and develop easy to maintain applications. The presentation has numerous Spring, Hibernate, and AspectJ examples.

Suggested reading before hand -

  1. POJOs in Action by Chris Richardson: Manning
Links -

The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

Feburary 13, 2007

Java Security

March 13, 2007

Tim Schafer - Java ESB
Tom Parker - Java Diagnostics

Starter Session:

Enterprise Service Bus

Introduction to ESB using ServiceMix.

Advanced Session:

JVM Diagnostics

Introduction on using various tools to diagnose JVM memory, thread, garbage collection issues.
Better, Faster, Lighter Java We raffled off the
" Better, Faster, Lighter Java " by Bruce Tate and Justin Gehtland.
" Enterprise Service Bus " by David A. Chappell.
Enterprise Service Bus

The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

April 10, 2007

James Ward, Adobe Systems
Building sexy web apps in Java Mozilla Tamarin, and Flex

In this session James Ward will do live demonstrations and write code to show how easy it is to build sexy web apps with Java, Mozilla Tamarin, and Flex. The session will cover the programming model, Java Remoting, Pub/Sub messaging & JMS integration, Data Synchronization, Hibernate integration, charting, cinematic experiences, and media integration.
James Bio:
James Ward is a Technical Evangelist for Flex at Adobe and Adobe's JCP representative toJSR 286, 299, and 301. Much like his love for climbing mountains he enjoys programming because it provides endless new discoveries, elegant workarounds, summits and valleys. His adventures in climbing have taken him many places. Likewise, technology has brought him many adventures, including: Pascal and Assembly back in the early 90's; Perl, HTML, and JavaScript in the mid 90's; then Java and many of it's frameworks beginning in the late 90's. Today he primarily uses Flex to build beautiful front-ends for Java based back-ends. Prior to Adobe, James built a rich marketing and customer service portal for Pillar Data Systems.

CSS Cookbook, Second Edition We raffled off the
" CSS Cookbook, Second Edition " by Christopher Schmitt.

The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

May 8, 2007

Advanced JVM Diagnostics

This weeks meeting is a continuation of a previous meeting discussing several log file analyzing tools to help diagnose system issues. Focus will be on IBM specific tools, however information will translate to other available tools. This meeting is meant to facilitate discussion around the the tools and diagnostic techniques. My information is limited based on my experience and the groups participation will greatly add to the discussion. Tools can be used to reveal many system issues including memory, threading, and other system issues. Investigating the tools and system can greatly help understanding of Java and your applications characteristics, which can be very revealing.

  1. Garbage Collection Utility: looking at verbose Garbage Collection data
  2. Heap Analyzer: looking at objects in the heap
  3. Thread and Monitor Dump Analyzer: looking at java core dump
Meeting will cover basic intro material in fist part of meeting durring the Starter Session. This will include basic Garbage Collection and Heap structure review just deep enough to help understand the tools being discussed. Verbose GC and forcing Dumps will also be discussed. If time permits, a quick discussion of some helpful tools. Advance Session will cover three utilities described above and a identify other tools providing similar functionality.

Tools for discussion
  1. IBM Garbage Collection Analyzer PMAT:
  2. IBM Heap Analyzer:
  3. Thread Dump Analyzer:
Tools of intrest
  1. Visual GC:
  2. HP JMeter analyzer:
  3. Heap Analysis Tool (HATS):
  4. jconsole artical:
See attachment on the wiki for slideshow of material and references. Slide show is in open office format.
Beyond Java We raffled off the
" Beyond Java " by Bruce A. Tate.

The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

June 12, 2007

Java Cryptography

Starter session:
An overview of cryptography basics with practical usage of the Java Cryptography Extension (JCE) and Java Secure Sockets Extension (JSSE).

Advanced session:
Discussion on common mistakes that even experienced developers make when writing cryptography code.

Hibernate: A Developer's Notebook We raffled off the O'Reilly book
" Hibernate: A Developer's Notebook " by James Elliott
  and the
Building Secure Software: How to Avoid Security Problems the Right Way Addison-Wesley Professional book
" Building Secure Software: How to Avoid Security Problems the Right Way " by John Viega and Gary McGraw.

The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

July 10, 2007

Java Security

Starter session:
Introduce eight rules that have been identified as important coding styles for securing java code.
Discuss common mistakes that even experienced developers make when writing cryptography code.

1: Avoid using inner classes
2: Avoid comparing class objects by name
3: Make your classes noncloneable
4: Make your classes nonserializable
5: Do not depend on package scope
6: Avoid returning references to mutable objects
7: Make methods, fields, and classes private
8: Make all classes and methods final

See JDJ article for more info.

Advanced session:

Show how to break code using the reasoning behind each rule.

Notes -
The presentation information is driven from an article in the JDJ volume 9 issue 4 (April 2004). A group of Parasoft employees list eight rules that Java coders should follow.

We raffled off an O'Reilly book.
The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

August 14, 2007

Beating hackers and keeping your customers happy:
An Approach to Mitigating Cross Site Scripting (XSS) in J2EE Applications

Mike is a Certified Information System Security Professional (CISSP) with a background in J2EE development. His background includes Java Developer and Security Consultant for the California State Board of Equalization, Security Testing Lead for Kaiser Permanente, and Information Security Architect for Citigroup North America. He is currently the President of Anteater Security LLC.

XSS is the number 1 issue on the OWASP top 10 list of web application security vulnerabilities. XSS is both common and dangerous. Potential impacts include phishing, session hijacking, and site vandalism. There aren't any silver bullet solutions, but some mitigation strategies are much more effective than others. We will cover an approach to the output encoding strategy recommended by US-CERT. Properly implemented, output encoding can be an effective control against XSS. Unfortunately, some obvious approaches may appear reasonable, but are actually ineffective. We'll cover a much more effective approach.

Notes -

Mitigation Suggestion (Output Encoding)

We raffled off an O'Reilly book.
The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

September 11, 2007

Ed Gibbs
Software Development Manager, EDFUND
Happy Builds With Hudson

Hudson is a newer open source continuous integration tool. It seeks to make continuous integration drop dead simple.

Continuous Integration keeps your projects humming along alerting you when something goes wrong without tying up your machine. Older build tools like cruisecontrol can be a pain to setup and configure. There's annoying XML configuration to wade through and understand before you can get a project up and running.


  1. Download hudson.war
  2. Run java -jar hudson.war
  3. Go to http://localhost:8080

Suggested Reading -

"Pragmatic Project Automation" by Mike Clark, The Pragmatic Programmers

We raffled off the O'Reilly book
" Spring - A Developer's Notebook " by Bruce A. Tage & Justin Gehtland.
The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

October 9, 2007

Open Discussion

November 13, 2007

Deane Richan
Founder, Xito OpenSource Project
Xito OpenSource Project Introduction

We raffled off the O'Reilly book
" Java Generics & Collections " by Maurice Naftalin, Philip Wadler.
The sandwiches and drinks were sponsored by TEKsystems and The Scheuble Group .

December 11, 2007

The Scheuble Group
From Static to Dynamic
Tapestry is an open-source framework for creating dynamic, robust, highly scalable web applications in Java. Tapestry complements and builds upon the standard Java Servlet API, and so it works in any servlet container or application server. Tapestry divides a web application into a set of pages, each constructed from components. This provides a consistent structure, allowing the Tapestry framework to assume responsibility for key concerns such as URL construction and dispatch, persistent state storage on the client or on the server, user input validation, localization/internationalization, and exception reporting.

The static HTML SacJUG site is transformed into a dynamic interactive web site. The Tapestry project will be introduced and then we will look at the steps used to migrate a static HTML web site to a Tapestry web site. Ant is used to build and deploy the site. Eclipse is used to edit the content and dynamic application.

Suggested Reading -
  " Tapestry 101 " by Warner Onstine: SourceBeat
  " Enjoying Web Development with Tapestry " by Kent Tong: Agile Skills
  " Tapestry in Action " by Howard M. Lewis Ship: Manning Publications

Suggested Tutorials -
  " Apache Tapestry 4 Tutorial " by Alexander Kolesnikov: DevShed
  " Tapestry: A Component-Centric Framework " by Hemangini Kappla: OnJava

Quick Start -
  Hello World " by Apache Software Foundation Tapestry Project
We raffled off the O'Reilly book
" Dynamic HTML - The Definitive Reference " by Danny Goodman.
The sandwiches, desert and drinks were sponsored by TEKsystems , COMSYS , and The Scheuble Group .