May 09 2008

JavaOne - Day Five

Published by mark at 11:46 pm under programming

What’s New in Ajax - Ben Galbraith, Dion Almaer

New frameworks, plug-ins, UI toolkits. Browser can become a bottleneck (single thread only) but is virtually multi-threaded using Google Gears, message communication with browser.

Cloud computing services: Amazon EC2, Google App Engine, Aptana Cloud - takes care of hosting infrastructure freeing developers to focus on applications.

  • Prototype - Lightweight Ajax/JavaScript helpers
  • GWT - hate JavaScript? Use Java
  • jQuery - new DOM-centric JavaScript helper (start with a page and add to it)
  • dojo - soup-to-nuts Ajax/JavaScript platform

LinkedIn Communication Architecture - Ruslan Belkin, Sean Dawson

100% Java, Spring glue for entire architecture. Parallel collection using java.util.concurrent to improve performance. Asynchronous communication with JMS.

Enterprise Undo - Andrew Dinn, Jonathan Halliday

JTA and EJB 3.0 annotation based ACID transaction management are insufficient for extended transactions.

Use Business Activity Framework.

e.g.

@BACompensatedBy (”cancelHotelRoom”)

public int bookHotelRoom(int roomNumber)

public boolean cancelHotelRoom(int reservation number)

Detecting and Defending Against Security Vulnerabilities for Web 2.0 - Ray Lai

Use tools to detect. No one tool will catch all; need to use them all.

Use defensive coding and testing tools.

Addressing Tomorrow’s Security Requirements in Enterprise Applications - Ben Alex

  • Simple web application security
  • Single Sign On and Federated Identity
  • Method authorization

Use Spring Security 2

Tips

  • Use a proven security framework; don’t roll your own
  • Start simply, and add complexity incrementally
  • Consider user registration requirements
  • Plan for federated identity, particularly involving OpenID
  • For in-house applications, consider NTLM and CAS
  • Employ Captcha techniques to mitigate DoS attacks
  • Favor method authorization over web authorization
  • Annotations-based authorization metadata is quick and easy
  • Very carefully consider any domain object instance security
  • Prefer Basic authentication for RESTful, HTTPS interactions
  • Leverage WSS for transport-independent SOAP

Trackback URI | Comments RSS

Leave a Reply