Craig Walls

Presentations

Securing Spring

Watch Preview Video

In this session, I'll show you how to secure your Spring application with Spring Security 3.0. You'll see hot to declare both request-oriented and method-oriented security constraints. And you'll see how SpEL can make simple work of expressing complex security rules.

Although we may invite guests into our homes and give someone a ride in our car, we locks and alarms on our homes and our cars to keep uninvited and malicious visitors out. Similarly, we allow people to use the applications that we develop, but we probably want to control the access that they have.

Security is an important aspect of any application. And while we could program security rules into the web controllers and methods in our application, we'd find ourselves cluttering our business logic with repetitive security code. Security is a cross-cutting concern--begging to be handled with aspect-oriented techniques.

Spring Security is an authentication and access-control framework based on Spring that provides security aspects. With Spring Security, you can declare who is allowed to access your application and what they're allowed to see, keeping your application logic focused and uncluttered with security details.

NoXML: Spring for XML-Haters

Watch Preview Video

In this presentation, we'll explore all of the ways to do bean wiring in Spring We'll take a pragmatic view of each style, evaluating their strengths, weaknesses, and applicability to varying circumstances.

Over 6 years ago, Spring entered the enterprise Java scene, bringing a simpler development model rooted in dependency injection, the notion of assembling application components in a loosely-coupled way. With it, however, came a flood of XML configuration, required to declare how those components were to be assembled.

For a variety of reasons, XML has fallen out of favor with much of the development community. Now that there are other frameworks that offer dependency injection without all of the XML, some are suggesting that Spring's heavy use of XML has it destined for the scrap heap.

They don't know Spring.

Although XML-based Spring configuration is still available and still has a place in many Spring applications, it is no longer the only way to do dependency injection in Spring. The past few releases of Spring have brought us new ways of assembling our application objects, including annotation-driven options such as Spring's @Autowired and JSR-330's @Inject and Java-based configuration with Spring JavaConfig. There's even a way to express Spring configuration in Groovy.

Spring MVC Workshop

Watch Preview Video

For as long as there has been a Spring Framework, there has been Spring MVC, a web framework built around the principals of Spring. Although it was originally designed around a deep hierarchy of controller classes and focused on HTML-oriented views, Spring MVC has evolved in the past few years to embrace an annotation-oriented model and RESTful web development.

In this workshop, we'll use Spring MVC to build the web front-end of an application. We'll start with the essentials and work our way up to try out the latest Spring MVC features in Spring 3.1. We'll explore the following Spring MVC topics:

• Spring MVC essentials (request mapping, controllers, and views)
• Field formatting and validation
• Spring's JSP tag libraries
• Handling file uploads
• Content negotiation and non-HTML views
• Request and response body conversion
• Advanced request mapping
• And much more!

Whether you're a Spring newbie or a long-time Spring veteran, this is your chance to get a hands-on experience with everything Spring MVC can do.

Securing the Modern Web with OAuth

Watch Preview Video

In this session, we'll look at OAuth, focusing on OAuth 2, from the perspective of an application that consumes an OAuth-secured API as well as see how to use OAuth to secure your own APIs.

Web security is nothing new. As users of the web, we're all accustomed to entering our usernames and fumbling to recall our passwords when trying to access private data on one of the many online services we use. But while traditionally web security could be described as a two-party process between a web application and a user, the modern web involves applications that seek to access other applications on behalf of their users. This presents some new challenges in keeping a user's sensitive data secure while still allowing a the third party application to access it.

OAuth is an open standard for authorization, supported by many online services, that allows one application to access a user's data in another application, all while giving the user control of what information is shared.

Spring Data Workshop

In recent years, there has been a renewed interest in how data is stored. Although RDBMS has long been treated as a one-size-fits-all solution for data storage, a new breed of datastores has arrived to offer a best-fit solution. Key-value stores, column stores, document stores, graph databases, as well as the traditional relational database are options to consider.

With these new data storage options come new and different ways of interacting with data. Even though all of these data storage options offer Java APIs, they are widely different from each other and the learning curve can be quite steep. Even if you understand the concepts and benefits of each database type, there's still the huge barrier of understanding how to work with each database's individual API.

Spring Data is a project that makes it easier to build Spring-powered applications that use new data, offering a reasonably consistent programming model regardless of which type of database you choose. In addition to supporting the new "NoSQL" databases such as document and graph databases, Spring Data also greatly simplifies working with RDBMS-oriented datastores using JPA.

In this 2-part workshop, we'll dig in with a hands-on exploration of a variety of data stores, including Redis, MongoDB, Neo4j, and traditional RDBMS. In doing so, you'll experience first-hand how Spring Data simplifies working with these data stores.

Spring Social Workshop

Businesses are increasingly recognizing the value of connecting with their customers on a more personal level. Companies can utilize social networking to transition from "Big Faceless Corporation" to "Friend" by taking their wares to the online communities where their customers are. In this age of social media, those communities are found at social network sites such as Facebook, Twitter, and LinkedIn.

In this workshop, you'll learn how to build applications that interact with the various social networks using Spring Social, a new feature in the Spring portfolio that enables integration with social networks in Spring-based applications.

Social Clients Workshop

You see them everywhere: "Like" buttons, "Tweet" buttons, and now there are "+1" buttons. The social networks have extended their reach beyond their own websites and into almost every web site you visit. But did you know that these simple little buttons are just the tip of the iceberg when it comes to adding social features to your website?

Several of the popular social networks (including Facebook, Twitter, and LinkedIn) provide client-side APIs that enable you to build social capabilities into you application. With these APIs, your application can not only show a simple button for your users to express their opinion, but can also let you query information about their profile, friends, interests, and much more.

In this hands-on, we'll examine the client-side APIs offered by Facebook, Twitter, and LinkedIn. We'll dig even deeper than the "Like" button as we see how the APIs can be used to build rich social applications.

Building Next Generation Apps Workshop

For a long while, we've built applications pretty much the same way. Regardless of the frameworks (or even languages and platforms) employed, we've packaged up our web application, deployed it to a server somewhere, and asked our users to point their web browser at it.

But now we're seeing a shift in not only how applications are deployed, but also in how they're consumed. The cost and hassle of setting up dedicated servers is driving more applications into the cloud. Meanwhile, our users are on-the-go more than ever, consuming applications from their mobile devices more often than a traditional desktop browser. And even the desktop user is expecting a more interactive experience than is offered by simple page-based HTML sites.

With this shift comes new programming models and frameworks. It also involves a shift in how we think about our application design. Standing up a simple HTML-based application is no longer good enough.

In this 2-part workshop, you'll get hands-on experience building a simple, yet complete next-generation application that can be deployed in the cloud, consumed from any device, and offers a rich experience for your users.

Effective Spring Workshop

After 9 years and several significant releases, Spring has gone a long way from challenging the then-current Java standards to becoming the de facto enterprise standard itself. Although the Spring programming model continues to evolve, it still maintains backward compatibility with many of its earlier features and paradigms. Consequently, there's often more than one way to do anything in Spring. How do you know which way is the right way?

In this 2-part workshop, you'll get a hands-on feel for the current best approaches in Spring development. We'll start with a poorly written Spring application and work our way through it, bringing it up to speed with the techniques encouraged by the most recent versions of the Spring Framework and other Spring projects.

Effective Spring

After 9 years and several significant releases, Spring has gone a long way from challenging the then-current Java standards to becoming the de facto enterprise standard itself. Although the Spring programming model continues to evolve, it still maintains backward compatibility with many of its earlier features and paradigms. Consequently, there's often more than one way to do anything in Spring. How do you know which way is the right way?

In this session, we'll explore several ways that Spring has changed over the years and look at the best approaches when working with the latest versions of Spring.

Building Next Generation Apps

For a long while, we've built applications pretty much the same way. Regardless of the frameworks (or even languages and platforms) employed, we've packaged up our web application, deployed it to a server somewhere, and asked our users to point their web browser at it.

But now we're seeing a shift in not only how applications are deployed, but also in how they're consumed. The cost and hassle of setting up dedicated servers is driving more applications into the cloud. Meanwhile, our users are on-the-go more than ever, consuming applications from their mobile devices more often than a traditional desktop browser. And even the desktop user is expecting a more interactive experience than is offered by simple page-based HTML sites.

With this shift comes new programming models and frameworks. It also involves a shift in how we think about our application design. Standing up a simple HTML-based application is no longer good enough.

In this session, we'll discuss what the next generation of applications looks like, exploring such things as the mobile web and cloud computing. We'll also dig into some of the technologies and practices such as REST, OAuth, and JavaScript microframeworks that enable us to move forward.

Securing the Modern Web with OAuth

Web security is nothing new. As users of the web, we're all accustomed to entering our usernames and fumbling to recall our passwords when trying to access private data on one of the many online services we use. But while traditionally web security could be described as a two-party process between a web application and a user, the modern web involves applications that seek to access other applications on behalf of their users. This presents some new challenges in keeping a user's sensitive data secure while still allowing a the third party application to access it.

OAuth is an open standard for authorization, supported by many online services, that allows one application to access a user's data in another application, all while giving the user control of what information is shared.

In this session, we'll look at OAuth, focusing on OAuth 2, from the perspective of an application that consumes an OAuth-secured API as well as see how to use OAuth to secure your own APIs.

CloudFoundry workshop

You've developed your application, tested it, and now you're ready to deploy it. But wait...where are you going to deploy it? You could go buy or lease expensive server hardware and struggle to set it up yourself or you could find a hosting plan that offers the features your application needs. In either case, what happens if you buy too much or too little server for the load your application will experience?

If there were only a way you could just ask for a server and get what you need. And it'd also be nice if you could crank up the number of instances to meet peak demand and then turn it back down when load is low.

In this workshop, we'll look past the hype and misconception about "the cloud" and instead get our hands dirty deploying real applications to CloudFoundry. We'll look at how to deploy Java, Ruby, and other types of applications to CloudFoundry. We'll also declare services that our applications can consume, adding a variety of datastores for our application to use. All this without getting bogged down in server administration or database setup.

Client-Side MVC: Web and Mobile Development with Spine.js

Watch Preview Video

In this session, we'll start with an empty directory and use Spine.js to create an interactive client-side web application. Then we'll leverage what we learned to build a mobile web application with a native feel that can be deployed either through a phone's web browser or via native wrapper frameworks such as Apache Cordova (aka, PhoneGap).

Model View Controller (MVC) is often thought of in terms of server-side frameworks such as Spring MVC and Struts. But as web applications become more interactive, it becomes important to apply the same principles in the client. Roll-your-own MVC in JavaScript is possible, but as was the case with server-side MVC frameworks, it can get messy and is often better to seek out help from established frameworks.

Recently, several JavaScript-based microframeworks have emerged to address these concerns in the browser. Spine.js is one such framework that brings MVC to the client-side of web development. Based in CoffeeScript, Spine.js stands out due to its simplicity and a programming model resembling that of Rails and Grails. Also, unlike many other client-side MVC frameworks, Spine.js has a clear and well-paved path to mobile application development.

Cujo.js: Rabid Application Development in Javascript

Watch Preview Video

In modern applications, Javascript is increasingly prevalent both on the client-side and to some degree on the server-side. As we continue to crank out more Javascript code, we're finding that many of the same hard-lessons we learned in writing decoupled Java code are equally desirable in Javascript code. Without the benefit of dependency injection and AOP, both Java and Javascript code can quickly become an unnavigable and untestable mess.

Where frameworks like Spring have helped us gain control over our Java code, Cujo.js similarly aims to give our Javascript code more structure and testability.

In this session, we'll look at Cujo.js, an "unframework" that provides dependency injection that takes Javascript's unique needs into consideration to create loosely-coupled code. We'll also see how, although Cujo.js isn't strictly a UI framework, elements of Cujo.js can be brought together to elegantly build client-side UIs.