On oktober 12, 2005, a few of my colleagues and me attended JFall, the second Java conference this year organised by NL-JUG, the Netherlands Java User’s Group. Like JSpring, the first Java conference organised by NL-JUG this year, JFall was held in the Reehorst in Ede. It’s a nice location, though some of the rooms were quite warm during the presentations. Below I will tell all about the presentations I attended and what I think of them.
The kick-off presentation by Simon Ritter informed us about the progress being made on the subject of using Java to connect to and control sensor built in small devices. Simon’s presentation showed this technology to work very well indeed. After introducing us to the involved technologies, he used his laptop to connect to three sensors and showed the possibilities of reading data from the sensors. Especially his demonstration of using sound to indicate the distance to a sensor (low pitch is long distance, high pitch is short distance) was very entertaining, albeit arguably not very usefull.
Next was Onno Kluyt, of the Java Community Process (JCP) Program. In his presentation, Onno brought us up to speed with the efforts the JCP has taken to introduce standards in Java technology. It sure gave me the impression that the JCP is doing very important, and at times difficult, work.
Next, the first parallel sessions started. The first one I attended was Duncan Mill’s “JavaServer Faces – One Step Beyond”. Duncan has shown to be an authority on this subject and in this presentation he addressed some of the pitfalls he encountered when trying to come to terms with JSF. Following the example of transforming the Spring Petstore example from JSP to JSF, he explained how he solved those pitfalls. Finally, he also introduced his JSF Security project, which when used allows a JSF programmer to introduce role based authorization in the same way as is possible with Struts. Afterwards I briefly spoke to Duncan about the problem both he and I have had filling a selectOneMenu with a collection of our choice. He concluded that using a collection of SelectMenuItems probably will remain the safest way of making a selectOneMenu component behave correctly.
The next presentation I attended was “Productiviteit: heb ik nog een keus?” (Productivity, do I still have a choice?) by Robert Willems of Brilman of LogicaCMG. He presented Oracle’s ADF framework and JDeveloper in a nice overview, starting with an historical overview of the evolution from Headstart to AFD and JDeveloper. Since Robert kept on assuring us he is a lazy programmer, I was kind of surprised to hear he hasn’t much experience with JHeadstart. Perhaps the projects he’s been working on weren’t suitable for using JHeadstart, but otherwise I would strongly recoomend him having a look at this.
After lunch Ted Farrell treated us on a live demonstration of ADF Faces and how easily one can build applications with it. Like NL-JUG’s president Klaas-Jan Tukker promised, Ted showed a great technical knowledge despite the fact he’s high up in Oracle’s organisation. He even managed to only mention the word “ADF” twice and the word “Oracle” not at all! Quite impressive indeed.
It wasn’t all Oracle on JFall. The Netbeans team member Geertjan Wielinga gave a one slide presentation about the upcoming Netbeans 5. In six parts, Geertjan showed the audience the new capabilities of Netbeans 5. And they look very promising. The plugin capabilities of Netbeans 5 especially appealed to me. It proved to be quite easy to extend the IDE with a Google search textfield in the menubar or with starting up a complete new type of application based on the Wicket framework. The only flaw about this presentation was Geertjan’s enthousiasm about the product. Too bad I missed the end of the presentation, cause it just took too long.
After another coffee break, I attended the “Top Tien Web Applicatie Kwetsbaarheden In J2EE” (Top Ten Web Application Vulnerabilities In J2EE) by Vincent Partington and Eelco Klaver. To me, this definately was the number one presentation of the day. Using a few examples of their and others day to day business, they demonstrated the ignorence of Java developers and the creativity of hackers concerning building Java applications. I never thought my Java code is 100% secure, but I also never was aware of the sheer amount of ways to hack into an application. Fortunately, Vincent and Eelco presented simple but effective ways to make an application securer and I will definately follow their tips from now on.
What a shame that the best presentation of the day was to be followed by the worst of them. The “Java Development. Snel En Simpel, Toch?” (Java Development. Fast And Simple, Right?) looked very promising in the announcement. But in my humble opinion, the presenters failed to tell us most of the items summed up in their announcement. Yes, they told us what they do to learn from a project they do (which is evaluating the project and sending people off to trainings if necessary). But I still don’t know what they base their decisions to use certain frameworks on and how they ensure to be able to reuse the code they have written for a certain project. To me, again humbly stating my opinion, their decision to use Spring in some parts of the project was not sufficiently explained and the fact that they will use it even more extensively next time and advised us all to use it in our projects was just based on the fact that their choice turned out to be a happy one. I’m not claiming here that Spring shouldn’t be used. I just would like to have heard why they chose Spring anyway after having claimed they weren’t sure to use it and even that it may only be a hype.
To conclude with a positive note on this presentation: the presenters showed to have a good knowledge of setting up a project and finishing it in a well overthought and professional manner. If only they would share their knowledge about how to do this with us…
So, JFall turned out to be an excellent day again. Many thanks to NL-JUG for organising it. I’ll be back for JSpring next June!
Check out http://www.owasp.org, that is dedicated to security in web applications. They provide the very interesting local webapplication WebGoat that teaches you, hands-on, webapplication security. Download,unzip and run it.
I’m very interested as well. Did they make their presentation available? In that case, a hyperlink would really be appreciated!
Wouter: excellent write-up. Can you share some of these weaknesses security wise that your (and probably my) code will have and what to do about them?