Unfortunately I’m not jetlagged anymore! What’s wrong with that? Well… Waking up became as hard as usual. This allowed me only a few minutes for my breakfast, which was barely enough to grab a grande americano and something to eat from the quietest of the 56 Starbucks (they are everywhere - Java really drives the world) on my way to Moscone Center.
It’s usually a pleasant walk from where I stay to the conference center. I’m staying 6-7 blocks away from the Moscone Center in a charming, century-old hotel. The only not-so-charming thing about it is one of its two elevators. One of them is so slow that one has to leave 5 minutes early, just in case. Anyway… I joined the river of walking people going to their businesses with a cup of coffee in my hand like half of them and carrying a JavaOne backpack like almost all of them. And as one of the bloggers was saying “almost all of them were men”. Yes, this is one of the sad things about the IT industry. Cultural diversity is perfectly in place. It feels great to be surrounded with thousands of people from all around the world. However 85-90% of all Java attendees must be men I think. I mean c’mon! JavaOne must be the only place on earth where there’s a queue to get in the men’s bathroom when there’s none for women’s. I swear today I heard someone complaining that he had to queue up, sorry “get in line”, to get out of the bathroom. Getting in line is part of the JavaOne life and one gets used to it. So much so that when you see a long queue, you wonder if you’re not missing something important. There’s a voice whispering in your head “Get in line! Get in line!”… 
Anyway… I was just on time for the first presentation that I had pre-enrolled for. This technical session was about AJAX security: “You Are Hacked: AJAX Security Essentials for Enterprise Java Technology Developers”. The speakers were engineers from VeriSign and they were really in control of the topic. It makes a big difference to start the day with a good technical session. I remember I attended their security talk 3 years ago in JavaOne. This time the difference was that it was applied to AJAX. They talked about some of the things that we, in DSI, cover with OWASP Top Ten Web Application Vulnerabilities. The four main topics covered were:
- Internet Threat Model
- Browser Security Model
- Vulnerabilities, Attacks and Countermeasures
- Secure Software Development Process
The morning was progressing nicely because the second session I attended was very good as well. It was called “JMX: Who’s Doing What?” It started with a jConsole demo, which, I guess, most of the attendees were familiar with. After showing code examples about adding JMX instrumentation to an application, Eamonn McManus, who was very articulate, demoed an MBean example. The example was a cache simulation where cache overflows generated warning messages so that someone from the data center could react to it by increasing the cache size. As you would guess, increasing the cache was part of the MBean interface as well therefore it was done with a few clicks.
To me the most important aspect (pun intended ) of this session was the section that talked about AOP in the context of JMX. After a quick introduction to AOP, the presenter spoke about an open-source product called Glassbox. It is a troubleshooting application for Java. This is a very interesting product because using AspectJ it inserts timing measurements into applications. I can see places where this can be very useful. I’m going to investigate this product as soon as I find some time.
The JMX 2.0 specification is still work-in-progress under the JSR 255. McManus, who was also the spec lead on this JSR, said that it was pretty much finalized and that he wasn’t expecting any major change to it. JMX 2.0 adds some interesting features to JMX such as hierarchical namespaces, cascading (federation), support for localization and internationalization, and annotations to define MBeans. Their annotations solution is inspired by Spring Framework’s approach.
The second presenter, Jean-Francois Denise who is a Sun employee as McManus, talked about Web Services connector for JMX. This spec is covered under the JSR 262, which is in Early Draft 2 stage as of this writing. This spec adds the following capabilities to JMX:
- A remote access mechanism (as an alternative to RMI)
- Possibility to use non-Java clients/consoles
- Possibility to exploit Web infrastructure
It defines a standard called WS-Management (WS-Man) that depends on WS-Addressing, WS-Transfer, WS-Enumeration and WS-Eventing (did someone say Web Services were simple?). Currently there’s a java.net project called WiseMan, which is an implementation of WS-Man.
This session ended with a brilliant demo that showed access to a running application through JMX using 3 different clients simultaneously:
- HP OpenView
- WinRM VBScript Client
- Windows Vista EventViewer
We haven’t had time to see the code nor the configuration to achieve this result but to me this looked very powerful as an integration technology.
After lunch I attented the technical session entitled “Best OSGi Practices”. I don’t know why the title was not “OSGi Best Practices” but hey! Who am I to give advice about English language? This was another excellent session, the third in a row. After a quick introduction to OSGi, the presentation was divided in four sections:
- Module Layer Best Practices
- Lifecycle Layer Best Practices
- Service Layer Best Practices
- General Best Practices
It was full of first-class recommendations and best practices.
And the “Disappointment Of The Day” award goes toooooo….. “Building JavaServer Faces Applications with Spring and Hibernate”. Despite the fact that this session was presented by two respected experts of the Java world (Kito Mann, author of “JSF in Action” and Chris Richardson, the author of “POJOs in Action”) it was a waste of time for me, and I’m sure for the half of the audience too. Mann asked three questions to the attendees to know who had used JSF, Spring and Hibernate. And for all of the questions, half of the audience raised their hands. But the introduction to JSF, Spring and Hibernate took 50 minutes. And the integration part was shown in 2 minutes. It may be a good introductory session but the name didn’t really represent the content. In my opinion it was confusing. This session should have been called “Introduction to JSF, Spring and Hibernate”.
The reason why I was upset about wasting my time is that at any time, there are about 15 technical sessions running concurrently in JavaOne. One can definitely find more than one interesting presentations to attend. So I could have used my time better.
Thankfully the next session was a good one: “Project Phobos: Server-Side scripting for the Java platform”. Phobos is a lightweight JavaScript framework running on Java. It is used on the server-side. There were very good demos throughout the session. Phobos development environment comes with NetBeans and it installs as NetBeans plugins. The thing that I most liked was the ability to truly debug the JavaScript application from within the IDE by setting breakpoints etc. Because Phobos is based on Rhino JavaScript engine 1.6, it comes with built-in debugging support.
Some of the demos were using jMaki to create presentation code as well. jMaki has a rich component palette mostly created by important components from other frameworks. And NetBeans supports drag and drop type of development.
Creating a Phobos project creates the boilerplate code for the developer with a fixed source folder structure. Some of the development is automated using a Web-based wizard. For example it is possible to create a new controller by using a Web-based wizard that creates the entire template on behalf of the developer. Or, using the same type of a Web page, it is possible to create persistent entities. Under the hood, the persistence is delegated to a JPA implementation. Therefore the created entities are JPA entities. Because it runs on server-side, Phobos allows the use of regular Java class libraries as part of the JavaScript code. And it is obvious that the tool support is getting much much better for JavaScript.
Furthermore, Phobos is using EX4 to support XML at the language level. Here’s what I mean:
// HTML example
var doc = <html/>;
doc.head.title = “Hello, world!”;
doc.body.@bgcolor = “#224466”;
doc.body.p = “This is all the text on this page.”;
or
// Atom example
default xml namespace = new Namespace(”atom”, “http://www.w3.org/2005/Atom”);
var feed = <feed><title>{title}</title><author><name>{author}</name></author></feed>;
Even though I was very sceptical at the beginning of the presentation, I can clearly see where Phobos development can be useful. There’s no doubt that one can go very very fast for small scale projects. For example, probably even a novice can create a feed in a few hours.
Last two session that I attended were “The Role of Java Technology in IPTV” and “SOA: A Real Experience”. Not surprisingly, the IPTV presentation was given by John Allen from Digisoft TV, our friends from Cork. I took this opportunity to meet him and to have a quick chat with him.
Tomorrow will be the last day of JavaOne. 
- Yagiz Erkan -
Technorati Tags: Moscone Center, AJAX security, VeriSign, JavaOne, OWASP, JMX, Glassbox, AspectJ, JSR 255, JSR 262, WS-Management, WiseMan, Phobos, jMaki, Phobos, IPTV
Nice writeup, thanks…I bookmarked glassbox and wiseman.
Really good work about this website was done. Keep trying more - thanks!