Belfast JUG 23-10-2013

Belfast Java User Group

Stuart GreenleesEamonn LongNiall McLoughlin

Wednesday 23/10/2013


Agenda

Introduction to the Belfast JUG• What is a JUG?• Some Logistics• How can you get involved?

JavaOne Key Notes

20+ New Features of JEE7

Extras


What is a JUG?

Belfast Java User GroupJava User Groups (JUGs) are volunteer organizations that strive to distribute Java-related knowledge around the world. They provide a meeting place for Java users to get information, share resources and solutions, increase networking, expand Java Technology expertise, and above all, drink beer, eat pizza and have fun.

Belfast Java User GroupRelation to Tech Forums?Relation to LIT?

Belfast Java User GroupMeet Quarterly

October 2013

February 2014

May 2014

August 2014

Belfast Java User GroupWhere can I find the Belfast JUG?

JUG Page on Java.Net: https://java.net/projects/belfast-jug

The Belfast JUG is on the MAP!

https://java.net/projects/belfast-jug

https://java.net/projects/belfast-jug

Belfast Java User GroupWhat are the Goals of the JUG?

Key• Establish Regular meetings of Java Users in Belfast• Share Information about Java• Get people involved

Optional• Adopt a JSR - https://java.net/projects/adoptajsr/pages/Home• Adopt Open JDK -

https://java.net/projects/adoptopenjdk/pages/AdoptOpenJDK

https://java.net/projects/adoptajsr/pages/Home

https://java.net/projects/adoptajsr/pages/Home

https://java.net/projects/adoptopenjdk/pages/AdoptOpenJDK


How can you get involved?

We Need Help!• Create a Belfast JUG logo• Create a simple website/wikki out on Java.Net

Contribute content

• Join the Java.Net project• Post topic suggestions you would like to here about• Post recommendations of any good speakers you would like to hear from• Contributing to OpenSource we would love to hear from you• E.g. Night-hacking with Raspberry Pi• Post Content on the java.net wiki/mailing list

Belfast Java User GroupHow Do I sign Up?


JUG Leadership Team

Stuart Greenlees – [email protected] Long (a.k.a BlueArsedFly) – [email protected] McLoughlin – [email protected]

mailto:[email protected]



JavaOne 2013 Keynote Speech

Internet of Things

Java 8

JEE7

Java 8 – What is a Lambda?Lambda expressions are anonymous methods

Arguments Arrow Expression or {Statement}

person -> person.getAge() > minimumAge

Example usage with new Iterable.forEach default method:

employees.forEach(e -> e.setSalary(e.getSalary() * 1.03));

The general syntax consists of an argument list, the arrow token ->, and a body. The body can either be a single expression, or a statement block. In the expression form, the body is simply evaluated and returned. In the block form, the body is evaluated like a method body.

Benefits

Internal Iteration

Pass Behaviour not just Data

Fluent Pipelined Operations

Lazy Evaluation

Parallelization

Java 8 –StreamsA stream is a sequence of elements. Unlike a collection, it is not a data structure that stores elements. Instead, a stream carries values from a source, such as collection, through a pipeline.

int sum = widgets.stream() .filter(w -> w.getColor() == RED) // Filter .mapToInt(w -> w.getWeight()) // Map .sum(); // Collect

The operations filter, map, and forEach are aggregate operations. Aggregate operations process elements from a stream, not directly from a collection.

A pipeline is a sequence of stream operations, which in this example is filter-map-sum. In addition, aggregate operations typically accept lambda expressions as parameters, enabling you to customize how they behave.

Java 8 – Lambda Stream Methodspublic interface Stream<T> extends BaseStream<T, Stream<T>> {

/** * Returns a stream consisting of the elements of this stream that match * the given predicate. * * @param predicate a <a href="package-summary.html#NonInterference"> * non-interfering, stateless</a> predicate to apply to * each element to determine if it should be included * @return the new stream */ Stream<T> filter(Predicate<? super T> predicate);

/** * Returns a stream consisting of the results of applying the given * function to the elements of this stream. * * @param <R> The element type of the new stream * @param mapper a <a href="package-summary.html#NonInterference"> * non-interfering, stateless</a> function to apply to each * element * @return the new stream */ <R> Stream<R> map(Function<? super T, ? extends R> mapper);}

Lambda – Filtering / Mapping

Filtering

List<Person> eligibleVoters =

potentialVoters.

stream(). // Get the List of voters as a Stream

filter(p -> p.getAge() > legalAgeOfVoting). // Filter using Predicate

collect(Collectors.toList()); // Convert Stream Back to List

Mapping

return mixedCaseStrings.

stream(). // Get Stream from List

map(s -> s.toUpperCase()). // Convert Value

collect(Collectors.toList()); // Convert Back to List

Lambda – Method References

// Reference to a Static method

Arrays.asList("a", "b", "c").forEach(Printers::print)

// Reference to an method on an instance

public static void printPages(Document doc, int[] pageNumbers)

{

Arrays.stream(pageNumbers). map(doc::getPageContent).

forEach(Printers::print);

}

Java 8 – Lambda http://openjdk.java.net/projects/lambda/

Streams – Brian Goetz/Paul Sandoz

CON7942_Sandoz-javaone-streamstopgear.pdf

Stuart Marks

TUT3877_Marks-JumpStartingLambda-v6.pdf

Brian Goetz – State of the Lambda

http://cr.openjdk.java.net/~briangoetz/lambda/lambda-state-final.html

Java Tutorial

http://docs.oracle.com/javase/tutorial/java/javaOO/lambdaexpressions.html

JUnit Based Tutorial

https://github.com/AdoptOpenJDK/lambda-tutorial

http://openjdk.java.net/projects/lambda/




https://oracleus.activeevents.com/2013/connect/fileDownload/session/BD5A0CFB13F398A8B1F79D2A95914936/CON7942_Sandoz-javaone-streamstopgear.pdf

https://oracleus.activeevents.com/2013/connect/fileDownload/session/1953B3A125C537DCFD8D298816E75531/TUT3877_Marks-JumpStartingLambda-v6.pdf




















Adam Bien – Java Rockstarhttp://www.adam-bien.com/roller/abien/

http://www.adam-bien.com/roller/abien/entry/lightweight_java_ee_architectures_a

Lightweight Java EE Architectures (Free Devcast)

Starting WebSphere with Java EE 6...in 3 secondshttp://www.adam-bien.com/roller/abien/entry/starting_websphere_with_java_ee

Setting up JEE7 projects with Maven3http://www.adam-bien.com/roller/abien/entry/setting_up_java_ee_7

Rethinking JEE Design PatternsEJB’s are coolNo need for DAO’s with EntityManagerNo need for DTO’s with JPA EntityNo need to have an interface for every class

http://www.adam-bien.com/roller/abien/

http://www.adam-bien.com/roller/abien/entry/lightweight_java_ee_architectures_a

http://www.adam-bien.com/roller/abien/entry/starting_websphere_with_java_ee

http://www.adam-bien.com/roller/abien/entry/starting_websphere_with_java_ee

http://www.adam-bien.com/roller/abien/entry/setting_up_java_ee_7

Building Modular Cloud Apps - Luminis Technologies http://luminis-technologies.com

http://luminis-technologies.com/



Bean Validation: Method Validation


Concurrency: ManagedExecutor


JPA: Schema Generation


JPA: @Index


JPA: Stored Procedure


JTA: @Transactional


JTA: @TransactionScoped


JMS: JMSContext API

JMS: Autocloseable


Servlet: Improved Security


WebSocket: Annotated server endpoint


WebSocket: Annotated client endpoint


JSF: Faces Flow


JSF: Pass-through Attributes


JSF: File Upload Component


JAX-RS: Client API


JAX-RS: Async Client


JAX-RS: Async Server


JSON-P: JSON Builder


Batch: Chunk-style Processing


Batch: Chunk-style processing


Batch: Batchlet-style Processing


Batch: Job/Step/Chunk Listeners


Batch: Job/Step/Chunk Listeners


Batch: Creating Workflows


Batch: Creating Workflows


Ten Tips for Unit Tests• Think Before Testing

• Input Data• What is it called• Expected Output

• Make the tests understandable• Comments• Expected Behaviour• Diagnostics

• Small and Simple• Use setup and teardown• Separate test logic from setup to make it easier to debug

• Test 1 thing only• One scenario per test so its more obvious why it failed• Enables faster debugging

• Fast Tests only• Run as often as possible• Quick results• Maintain quaility bar• More likely that devs will run with every change

• Absolute Repeatability

• Must trust each test

• Independent Tests only• Must run in any order• No dependencies

• Diagnostics on Failure• Message in assets• Reference input data• Record test environment info• Make it simple to debug

• No hard coding environment• Chained exceptions• Use config files for portability• Mock objects• No databases

• No Extraneous Output• Too much output == confusion• Slient test• Use option/config to turn debug on

Stress Testing – Arquillian & JMeter

http://arquillian.org/

Arquillian brings the test to the runtime so you don’t have to manage the runtime from the test (or the build). Arquillian eliminates this burden by covering all aspects of test execution, which entails:

• Managing the lifecycle of the container (or containers)• Bundling the test case, dependent classes and resources into a ShrinkWrap

archive (or archives) Executing the tests inside (or against) the container

http://jmeter.apache.org/

Apache JMeter - may be used to test performance both on static and dynamic resources (Files, Web dynamic languages - PHP, Java, ASP.NET, etc. -, Java Objects, Data Bases and Queries, FTP Servers and more).

It can be used to simulate a heavy load on a server, group of servers, network or object to test its strength or to analyze overall performance under different load types. You can use it to make a graphical analysis of performance or to test your server/script/object behavior under heavy concurrent load.








Security – OWASP Top 10 Web App Defenses

• SQL Injection Defence• Query Parameterization

• Password Defences• Don’t limit length• credential-specific salt• Keyed functions

• Multi-Factor Authentication• SMS / Mobile App / Tokens

• Cross Site Scripting Defence• OWASP Java Encoder• OWASP HTML Sanitizer• JSHtmlSanitizer

• Cross Site Request Forgery Defence• CSRF Cryptographic Tokens • Re-authentication

• Controlling Access• Apache Shiro - comprehensive solution to authentication,

authorization, cryptography, and session management.

• Clickjacking Defence• response.addHeader( "X-FRAME-OPTIONS",

"SAMEORIGIN" );

• App Layer Intrusion Detection• Input validation failure server side on non-user editable

parameters • OWASP AppSensor Project

• Encryption in Transit (HTTPS/TLS)• Credentials and Session IDs Encrypted in Transit• Use HTTPS/TLS from login to logout• Certificate Pinning

• File Upload Security

Jim Manico https://oracleus.activeevents.com/2013/connect/fileDownload/session/0C826D948B4001909E22C76D363E0E86/CON5523_Manico-Top%20Ten%20Defenses%20v11.ppt

https://oracleus.activeevents.com/2013/connect/fileDownload/session/0C826D948B4001909E22C76D363E0E86/CON5523_Manico-Top%20Ten%20Defenses%20v11.ppt








Security – OWASP Recommended Tools

OWASP Java Encoder Projecthttps://www.owasp.org/index.php/OWASP_Java_Encoder_Project

XSS Defence - OWASP HTML Sanitizer Projecthttps://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project

Apache SHIROhttp://shiro.apache.org/

App Sensor Intrusion Detectionhttps://www.owasp.org/index.php/OWASP_AppSensor_Project

https://www.owasp.org/index.php/OWASP_Java_Encoder_Project






https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project






http://shiro.apache.org/



https://www.owasp.org/index.php/OWASP_AppSensor_Project







Belfast JUG 23-10-2013

Technology

jugthe belfast jug

belfast jug logo

new stream

regular meetings of

sequence of stream operations

belfast share information

stream filterpredicate

jug page