JUG-Belfast-23-10-2013
advertisement
Belfast Java User Group
Stuart Greenlees
Eamonn Long
Niall McLoughlin
Wednesday 23/10/2013
Belfast Java User Group
Agenda
Introduction to the Belfast JUG
• What is a JUG?
• Some Logistics
• How can you get involved?
JavaOne Key Notes
20+ New Features of JEE7
Extras
Belfast Java User Group
What is a JUG?
Belfast Java User Group
Java User Groups (JUGs) are volunteer organizations that strive to distribute Java-rela
Belfast Java User Group
Relation to Tech Forums?
Relation to LIT?
Belfast Java User Group
Meet Quarterly
October
2013
August
2014
February
2014
May
2014
Belfast Java User Group
Where can I find the Belfast JUG?
JUG Page on Java.Net: https://java.net/projects/belfast-jug
The Belfast JUG is on the MAP!
Belfast Java User Group
What are the Goals of the JUG?
Key
• Establish Regular meetings of Java Users in Belfast
• Share Information about Java
• Get people involved
Optional
• Adopt a JSR - https://java.net/projects/adoptajsr/pages/Home
• Adopt Open JDK - https://java.net/projects/adoptopenjdk/pages/AdoptOpenJDK
Belfast Java User Group
How can you get involved?
We Need Help!
• Create a Belfast JUG logo
• Create a simple website/wikki out on Java.Net
Contribute content
•
•
•
•
•
•
Join the Java.Net project
Post topic suggestions you would like to here about
Post recommendations of any good speakers you would like to hear from
Contributing to OpenSource we would love to hear from you
E.g. Night-hacking with Raspberry Pi
Post Content on the java.net wiki/mailing list
Belfast Java User Group
How Do I sign Up?
Belfast Java User Group
JUG Leadership Team
Stuart Greenlees – s.greenlees@liberty-it.co.uk
Eamonn Long (a.k.a BlueArsedFly) – e.long@liberty-it.co.uk
Niall McLoughlin – n.mclouoghlin@liberty-it.co.uk
JavaOne 2013 Keynote Speech
Internet of Things
Java 8
JEE7
Java 8 – What is a Lambda?
Lambda expressions are anonymous methods
Arguments
person
Arrow Expression or {Statement}
->
person.getAge() > minimumAge
Example usage with new Iterable.forEach default method:
employees.forEach(e -> e.setSalary(e.getSalary() * 1.03));
The general syntax consists of an argument list, the arrow token ->, and a
body. The body can either be a single expression, or a statement block. In the
expression form, the body is simply evaluated and returned. In the block form,
the body is evaluated like a method body.
Benefits
Internal Iteration
Pass Behaviour not just Data
Fluent Pipelined Operations
Lazy Evaluation
Parallelization
Java 8 –Streams
A stream is a sequence of elements. Unlike a collection, it is not a
data structure that stores elements. Instead, a stream carries
values from a source, such as collection, through a pipeline.
int sum = widgets.stream()
.filter(w -> w.getColor() == RED)
.mapToInt(w -> w.getWeight())
.sum();
// Filter
// Map
// Collect
The operations filter, map, and forEach are aggregate operations.
Aggregate operations process elements from a stream, not directly
from a collection.
A pipeline is a sequence of stream operations, which in this
example is filter-map-sum. In addition, aggregate operations
typically accept lambda expressions as parameters, enabling you to
customize how they behave.
Java 8 – Lambda Stream Methods
public interface Stream<T> extends BaseStream<T, Stream<T>> {
/**
* Returns a stream consisting of the elements of this stream that match
* the given predicate.
*
* @param predicate a <a href="package-summary.html#NonInterference">
*
non-interfering, stateless</a> predicate to apply to
*
each element to determine if it should be included
* @return the new stream
*/
Stream<T> filter(Predicate<? super T> predicate);
/**
* Returns a stream consisting of the results of applying the given
* function to the elements of this stream.
*
* @param <R> The element type of the new stream
* @param mapper a <a href="package-summary.html#NonInterference">
*
non-interfering, stateless</a> function to apply to each
*
element
* @return the new stream
*/
<R> Stream<R> map(Function<? super T, ? extends R> mapper);
}
Lambda – Filtering / Mapping
Filtering
List<Person> eligibleVoters =
potentialVoters.
stream().
// Get the List of voters as a Stream
filter(p -> p.getAge() > legalAgeOfVoting). // Filter using Predicate
collect(Collectors.toList()); // Convert Stream Back to List
Mapping
return mixedCaseStrings.
stream().
// Get Stream from List
map(s -> s.toUpperCase()). // Convert Value
collect(Collectors.toList());
// Convert Back to List
Lambda – Method References
// Reference to a Static method
Arrays.asList("a", "b", "c").forEach(Printers::print)
// Reference to an method on an instance
public static void printPages(Document doc, int[] pageNumbers)
{
Arrays.stream(pageNumbers).
map(doc::getPageContent).
forEach(Printers::print);
}
Java 8 – Lambda
http://openjdk.java.net/projects/lambda/
Streams – Brian Goetz/Paul Sandoz
CON7942_Sandoz-javaone-streamstopgear.pdf
Stuart Marks
TUT3877_Marks-JumpStartingLambda-v6.pdf
Brian Goetz – State of the Lambda
http://cr.openjdk.java.net/~briangoetz/lambda/lambda-state-final.html
Java Tutorial
http://docs.oracle.com/javase/tutorial/java/javaOO/lambdaexpressions.html
JUnit Based Tutorial
https://github.com/AdoptOpenJDK/lambda-tutorial
Adam Bien – Java Rockstar
http://www.adam-bien.com/roller/abien/
Lightweight Java EE Architectures (Free Devcast)
http://www.adam-bien.com/roller/abien/entry/lightweight_java_ee_architectures_a
Rethinking JEE Design Patterns
EJB’s are cool
No need for DAO’s with EntityManager
No need for DTO’s with JPA Entity
No need to have an interface for every class
Setting up JEE7 projects with Maven3
http://www.adam-bien.com/roller/abien/entry/setting_up_java_ee_7
Starting WebSphere with Java EE 6...in 3 seconds
http://www.adam-bien.com/roller/abien/entry/starting_websphere_with_java_ee
Building Modular Cloud Apps
- Luminis Technologies http://luminis-technologies.com
20+ New Features of JEE7
20+ New Features of JEE7
Bean Validation: Method Validation
20+ New Features of JEE7
Concurrency: ManagedExecutor
20+ New Features of JEE7
JPA: Schema Generation
20+ New Features of JEE7
JPA: @Index
20+ New Features of JEE7
JPA: Stored Procedure
20+ New Features of JEE7
JTA: @Transactional
20+ New Features of JEE7
JTA: @TransactionScoped
20+ New Features of JEE7
JMS: JMSContext API
20+ New Features of JEE7
JMS: Autocloseable
20+ New Features of JEE7
Servlet: Improved Security
20+ New Features of JEE7
WebSocket: Annotated server endpoint
20+ New Features of JEE7
WebSocket: Annotated client endpoint
20+ New Features of JEE7
JSF: Faces Flow
20+ New Features of JEE7
JSF: Pass-through Attributes
20+ New Features of JEE7
JSF: File Upload Component
20+ New Features of JEE7
JAX-RS: Client API
20+ New Features of JEE7
JAX-RS: Async Client
20+ New Features of JEE7
JAX-RS: Async Server
20+ New Features of JEE7
JSON-P: JSON Builder
20+ New Features of JEE7
Batch: Chunk-style Processing
20+ New Features of JEE7
Batch: Chunk-style processing
20+ New Features of JEE7
Batch: Batchlet-style Processing
20+ New Features of JEE7
Batch: Job/Step/Chunk Listeners
20+ New Features of JEE7
Batch: Job/Step/Chunk Listeners
20+ New Features of JEE7
Batch: Creating Workflows
20+ New Features of JEE7
Batch: Creating Workflows
Ten Tips for Unit Tests
•
•
•
Think Before Testing
• Input Data
• What is it called
• Expected Output
Make the tests understandable
• Comments
• Expected Behaviour
• Diagnostics
•
Absolute Repeatability
• Must trust each test
•
Independent Tests only
• Must run in any order
• No dependencies
•
Diagnostics on Failure
• Message in assets
• Reference input data
• Record test environment info
• Make it simple to debug
•
No hard coding environment
• Chained exceptions
• Use config files for portability
• Mock objects
• No databases
•
No Extraneous Output
• Too much output == confusion
• Slient test
• Use option/config to turn debug on
Small and Simple
• Use setup and teardown
• Separate test logic from setup to make it easier to debug
•
Test 1 thing only
• One scenario per test so its more obvious why it failed
• Enables faster debugging
•
Fast Tests only
• Run as often as possible
• Quick results
• Maintain quaility bar
• More likely that devs will run with every change
Stress Testing – Arquillian & JMeter
http://arquillian.org/
Arquillian brings the test to the runtime so you don’t have to
manage the runtime from the test (or the build). Arquillian eliminates
this burden by covering all aspects of test execution, which entails:
• Managing the lifecycle of the container (or containers)
• Bundling the test case, dependent classes and resources into a
ShrinkWrap archive (or archives) Executing the tests inside (or against)
the container
http://jmeter.apache.org/
Apache JMeter - may be used to test performance both on static and
dynamic resources (Files, Web dynamic languages - PHP, Java, ASP.NET,
etc. -, Java Objects, Data Bases and Queries, FTP Servers and more).
It can be used to simulate a heavy load on a server, group of servers,
network or object to test its strength or to analyze overall performance
under different load types. You can use it to make a graphical analysis of
performance or to test your server/script/object behavior under heavy
concurrent load.
Security – OWASP Top 10 Web App Defenses
• SQL Injection Defence
• Query Parameterization
• Password Defences
• Don’t limit length
• credential-specific salt
• Keyed functions
• Multi-Factor Authentication
• SMS / Mobile App / Tokens
• Cross Site Scripting Defence
• OWASP Java Encoder
• OWASP HTML Sanitizer
• JSHtmlSanitizer
• Cross Site Request Forgery Defence
• CSRF Cryptographic Tokens
• Re-authentication
• Controlling Access
• Apache Shiro - comprehensive solution to
authentication, authorization, cryptography, and
session management.
• Clickjacking Defence
• response.addHeader( "X-FRAME-OPTIONS",
"SAMEORIGIN" );
• App Layer Intrusion Detection
• Input validation failure server side on non-user
editable parameters
• OWASP AppSensor Project
• Encryption in Transit (HTTPS/TLS)
• Credentials and Session IDs Encrypted in Transit
• Use HTTPS/TLS from login to logout
• Certificate Pinning
• File Upload Security
Jim Manico
https://oracleus.activeevents.com/2013/connect/fileDownload/session/0C826D948B4001909E22C76D363E0E86
/CON5523_Manico-Top%20Ten%20Defenses%20v11.ppt
Security – OWASP Recommended Tools
OWASP Java Encoder Project
https://www.owasp.org/index.php/OWASP_Java_Encoder_Project
XSS Defence - OWASP HTML Sanitizer Project
https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project
Apache SHIRO
http://shiro.apache.org/
App Sensor Intrusion Detection
https://www.owasp.org/index.php/OWASP_AppSensor_Project
