Keeping
your SOC(K)s DRY Improving design with POJOs, dependency injection, O/R mapping and AOP
We have all been frustrated by difficult to maintain code. Maintenance problems
are often caused by violations of the Separation of Concerns (SOCs) and Don't Repeat Yourself (DRY) design
principles. The SOC principle requires an application component to do just one thing and violating it often results
in overly complex code that is difficult to understand and maintain. Conversely, the DRY principle requires each
design concept to map to one component. Violating the DRY principle results in design changes impacting multiple
modules.
This talk describes how to develop enterprise Java applications
that conform to the SOCs and DRY principles by using dependency injection (DI), O/R mapping (ORM) and Aspect
Oriented Programming (AOP). We will show how you can implement business logic using POJOs that are decoupled from
infrastructure concerns such as persistence, security and transaction management. We will also describe how to
modularize concerns such as audit logging that are normally implemented by code that is mixed in with the business
logic. You will learn how POJOs, DI, ORM and AOP let you keep you SOC(K)s DRY and develop easy to maintain
applications. The presentation has numerous Spring, Hibernate, and AspectJ examples.
James Ward, Adobe Systems Building sexy web apps in
Java Mozilla Tamarin, and Flex
In this session James Ward will do live demonstrations and write code to show
how easy it is to build sexy web apps with Java, Mozilla Tamarin, and Flex. The session will cover the programming
model, Java Remoting, Pub/Sub messaging & JMS integration, Data Synchronization, Hibernate integration,
charting, cinematic experiences, and media integration. James Bio: James Ward is a Technical Evangelist for Flex
at Adobe and Adobe's JCP representative toJSR 286, 299, and 301. Much like his love for climbing mountains he
enjoys programming because it provides endless new discoveries, elegant workarounds, summits and valleys. His
adventures in climbing have taken him many places. Likewise, technology has brought him many adventures, including:
Pascal and Assembly back in the early 90's; Perl, HTML, and JavaScript in the mid 90's; then Java and many of it's
frameworks beginning in the late 90's. Today he primarily uses Flex to build beautiful front-ends for Java based
back-ends. Prior to Adobe, James built a rich marketing and customer service portal for Pillar Data Systems.
This weeks meeting is a continuation of a previous meeting discussing several
log file analyzing tools to help diagnose system issues. Focus will be on IBM specific tools, however information
will translate to other available tools. This meeting is meant to facilitate discussion around the the tools and
diagnostic techniques. My information is limited based on my experience and the groups participation will greatly
add to the discussion. Tools can be used to reveal many system issues including memory, threading, and other system
issues. Investigating the tools and system can greatly help understanding of Java and your applications
characteristics, which can be very revealing.
Garbage Collection Utility: looking at verbose Garbage
Collection data
Heap Analyzer: looking at objects in the heap
Thread and Monitor Dump Analyzer: looking at java core dump
Meeting will cover basic intro material in fist part of meeting durring the Starter Session. This will include basic
Garbage Collection and Heap structure review just deep enough to help understand the tools being discussed. Verbose
GC and forcing Dumps will also be discussed. If time permits, a quick discussion of some helpful tools. Advance
Session will cover three utilities described above and a identify other tools providing similar functionality.
Starter session: Introduce eight rules that have been identified
as important coding styles for securing java code. Discuss common mistakes that even experienced developers
make when writing cryptography code.
Rules: 1: Avoid using inner classes 2: Avoid
comparing class objects by name 3: Make your classes noncloneable 4: Make your classes nonserializable
5: Do not depend on package scope 6: Avoid returning references to mutable objects 7: Make methods,
fields, and classes private 8: Make all classes and methods final
Show how to break code using the reasoning behind each rule.
Notes - The
presentation information is driven from an article in the JDJ volume 9 issue 4 (April 2004). A group of Parasoft
employees list eight rules that Java coders should follow.
Beating hackers and keeping your customers happy:
An Approach to Mitigating Cross Site Scripting (XSS) in J2EE
Applications
Mike is a Certified Information System Security Professional
(CISSP) with a background in J2EE development. His background includes Java Developer and Security Consultant for
the California State Board of Equalization, Security Testing Lead for Kaiser Permanente, and Information Security
Architect for Citigroup North America. He is currently the President of Anteater Security LLC.
XSS is the number 1 issue on the OWASP top 10 list of web application security
vulnerabilities. XSS is both common and dangerous. Potential impacts include phishing, session hijacking, and site
vandalism. There aren't any silver bullet solutions, but some mitigation strategies are much more effective than
others. We will cover an approach to the output encoding strategy recommended by US-CERT. Properly implemented,
output encoding can be an effective control against XSS. Unfortunately, some obvious approaches may appear
reasonable, but are actually ineffective. We'll cover a much more effective approach.
Ed Gibbs
Software Development Manager, EDFUND Happy Builds With Hudson
Hudson is a newer open source continuous integration tool. It
seeks to make continuous integration drop dead simple.
Continuous Integration keeps your projects
humming along alerting you when something goes wrong without tying up your machine. Older build tools like
cruisecontrol can be a pain to setup and configure. There's annoying XML configuration to wade through and
understand before you can get a project up and running.
Tapestry
is an open-source framework for creating dynamic, robust, highly scalable web applications in Java. Tapestry
complements and builds upon the standard Java Servlet API, and so it works in any servlet container or application
server. Tapestry divides a web application into a set of pages, each constructed from components. This provides a
consistent structure, allowing the Tapestry framework to assume responsibility for key concerns such as URL
construction and dispatch, persistent state storage on the client or on the server, user input validation,
localization/internationalization, and exception reporting.
The static HTML SacJUG site is transformed
into a dynamic interactive web site. The Tapestry project will be introduced and then we will look at the steps used
to migrate a static HTML web site to a Tapestry web site. Ant is used to build and deploy the site. Eclipse is used
to edit the content and dynamic application.