I like Oracle SQL Developer. And I like TortoiseSVN. Oracle SQL Developer has versioning support, but some tasks are more easily done with TortoiseSVN. Maybe it’s what I’m accustomed to, but that’s the way I feel about it.

Today, I ran into a problem to get the versioning support in Oracle SQL Developer (based on SVNKit) to play nice with TortoiseSVN on the same working copy.

I have a repository on my harddrive and when I checked out files from within Oracle SQL Developer, TortoiseSVN refused to believe it was a legitimate subversion working copy. Vice versa, when checked out with TortoiseSVN, SQL Developer insisted that the directory was unversioned.

Huh?

After a small investigation (I ran a diff on the .svn/entries files), the major difference was that TortoiseSVN used an uppercase C (“file:///C:/path/to/repos”) and Oracle SQL Developer used a lowercase c (“file:///c:/path/to/repos”). After I recreated the repository connection in Oracle SQL Developer with a capital C and checked out to a fresh working copy, TortoiseSVN was also convinced that it was indeed a subversion working copy.

I hope this tip will save you valuable time should you happen to run into the same problem.

In my report on JFall 2009 I already wrote about JSF 2.0. I wanted to make an extensive posting about new features in JSF 2.0, but then I came across this excellent posting of July last year: What’s New in JSF 2? by Andy Schwartz of Oracle. I won’t rehash this and many other excellent postings on jsf – I’ll just shortly write what’s great about JSF 2.0, in comparison to JSF 1.2.

In short, main new feature of JSF 2.0 is standardization a frameworks that extended JSF 1.2:

• Ajax – provided in JSF 1.2 by amongst others by Richfaces (ajax4jsf). Standardization allows different ajax-libraries to work together.
• Other scopes besides application, session and request scope – provided in JSF 1.2 by amongst others Spring Webflow, JBoss Seam and Apache Orchestra. One notable flow is the flash-scope: a scope that is longer than the request scope, but shorter than the session scope. This scope can be used when you want to persist values between requests on the same page, but don’t care if a value is lost when the users navigates away from that page.
• Bean validation – also provided by JBoss Seam, and various other frameworks, now standardized under JSR 303. You add declarative rules to beans, such as ‘both street and house number should be filled in’, or ‘car-usage is filled in when lease-car is yes’. The jsf-engine will generate both client-side and serverside code for that – so you won’t have to implement the same functionality twice in cumbersome java and javascript code.
• Facelets – Apache Facelets replaced JSP as rendering engine for JSF 1.2 – in JSF 2.0 facelets has become a standard – and makes JSP legacy (at least when you use JSF). Facelets allows a developer to very easily create (truly) reusable components and templates.
  Creating re-usable components is something that is done rarely (well) in frontend development, and even more rarely web development – similar or even the same functionality is recreated countless times within the same company and even the same project. Facelets can change that!
• Better support for GET-request – which was already provided by Seam for JSF, and many other webframeworks. At least now you’re not limited to POSTs when using JSF. Especially useful if you want to create bookmarkable or search-engine friendly pages.

More shortly: JSF is a standardization for webframeworks. Many webframeworks and -libraries are or are becoming JSF 2.0 compatible, such as Richfaces, ZK, Icefaces,even Flex (Flash) and of course Oracle’s ADF.
This standardization not only means these frameworks can work together, more important is that a developer who has experience in developing for one framework, can reuse his knowledge when he starts developing with another framework. This can greatly shorten the many months needed to learn yet another web-framework.

In Part 1, I already blogged about the standard web container security but If you use ADF then you have an other option: ADF Security. With ADF Security you can protect your JSP or JSPX pages just like the default container security but ADF Security can do more like protecting your Task Flows ( fragments), Anonymous support, retrieve all the user roles, can create user and roles in Weblogic when it is in development mode.

Start the ADF Security wizard ( located in the Application menu / secure )

I choose for this blog for ADF Authentication and Authorization,  so I can also explain how authorization is done in ADF.

This will enable security in your ADF Web application.

When we take a look at what the ADF Security wizard did in your web application, we can see that in the web.xml an adfAuthentication servlet, security-constraint , security-role and a login-config element is added.

<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
    <description>Empty web.xml file for Web Application</description>
    <servlet>
        <servlet-name>adfAuthentication</servlet-name>
        <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
        <init-param>
            <param-name>success_url</param-name>
            <param-value>/main.jspx</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>adfAuthentication</web-resource-name>
            <url-pattern>/adfAuthentication</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>valid-users</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>valid-users</role-name>
    </security-role>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myrealm</realm-name>
    </login-config>
</web-app>

JDeveloper also creates an weblogic.xml deployment descriptor where it maps the default Weblogic users group to the valid-users container security role. For ADF Security we don’t ever need to change these files. Off course you can add extra Weblogic groups in the weblogic.xml ( you also need to add a security-role in the web.xml, else you will get a deployment error ) but ADF Security can’t use these roles for the JSP / JSPX pages or Task Flows ( fragments ). Off course you still can use these roles in the ADF isUserInRole method. ( ADFContext.getCurrent().getSecurityContext().isUserInRole(role) ) So when you have Weblogic groups which are not needed by ADF Security but you still want to use them in your application then you can add them to the weblogic.xml / web.xml.

Application Users
For the Authentication part we need to have some user accounts. When you have your own Authenticator provider then you can skip this part. When your Weblogic server is in development mode (Test ) then you can add your own test users in JAZN editor. Go to Application menu / Secure / Users

Here we can add our own test users. The next time you deploy your web application, it will add these users to the DefaultAuthenticator provider.

This will work in development but in production you probably have a LDAP ( OID or AD ) or SQL Authenticator which contains your application users. If so we need to change the control flag of the DefaultAuthenticator and your own Authenticator to Sufficient else your user acounts need to be in both Authenticators.


Enterprise Roles
The user part is ready and we can define the Enterprise roles. These roles matches with the Weblogic Groups. We can add these roles in the Application menu / secure / Groups.

Add a new Role and add the testusers as members of this role. When the Weblogic server is in Development mode then these Roles will be automatically be created in the Weblogic DefaultAuthenticator provider.

We can disable the automatic user / group migration by disable this User and Group property in the Configure Security Deployment. ( Application menu / secure )


Application Roles
The next part is defining the applications roles and map these application roles to the enterprise roles. To add these roles go to the application menu / secure / application roles.

Add a new application role and select the right enterprise role as member of this role. ( this is necessary when you want to protect your application resources with a specific Weblogic group )

Application Policies
The last part is defining the security policies on the Task Flows and JSP / JSPX pages ( pages need to have a Page Definition ) and add these policies to the Applications Roles. Go to the Application menu / secure / Application policies.

We can now select an application page ( which has a pagedef) and add an application role to this page. Default the view permission is already selected, this is the minimal security policy. The authenticated-role and the anonymous-role roles are the default application roles, when you only use these roles then you don’t need to define enterprise or application roles and are user accounts enough.

Web pages security policies overview

And the Task Flows overview

In the managed bean or JSF code we can retrieve or validate the ADF Security properties, here are some examples

// print the roles of the current user
for ( String role : ADFContext.getCurrent().getSecurityContext().getUserRoles() ) {
   System.out.println("role "+role);
}

// get the ADF security context and test if the user has the role users
SecurityContext sec = ADFContext.getCurrent().getSecurityContext();
if ( sec.isUserInRole("users") ) {
}
// is the user valid
public boolean isAuthenticated() {
 return ADFContext.getCurrent().getSecurityContext().isAuthenticated();
}
// return the user
public String getCurrentUser() {
 return ADFContext.getCurrent().getSecurityContext().getUserName();
}

or use it in an EL expression for example in a rendered or disable attribute of a JSF component
#{securityContext.regionViewable['pageDefs.MainPageDef.xml']} or use #{securityContext.userInRole['admin']}

With the  Weblogic server we have two ways to implement security on a J2EE web application. The first is the normal container security and the second is ADF Security. In part 1 I will explain the container security and in part 2 the ADF Security.
To test this, I first added a testuser called edwin and a test group called users to the DefaultAuthenticator Authentication Provider. The user edwin is member of the group users.
first step is to add a security constraint on a url and define that you need to have the role User_role to authenticate

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>sec</web-resource-name>
            <url-pattern>/</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>User_role</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myrealm</realm-name>
    </login-config>
    <security-role>
        <role-name>User_role</role-name>
    </security-role>

Because we don’t have the role User_role in Weblogic so we need to add a mapping between User_role role ( defined in the web.xml ) and the Weblogic group users. For this we need to add a weblogic.xml deployment descriptor (located in the WEB-INF )

<?xml version = '1.0' encoding = 'windows-1252'?>
<weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-web-app.xsd"
                  xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app">
  <security-role-assignment>
    <role-name>User_role</role-name>
    <principal-name>users</principal-name>
  </security-role-assignment>
</weblogic-web-app>

We solved the Authentication part but the next step is Authorization part. For this we need to add a managed bean where we retrieve and evaluate the roles of the authenticated user. The hard part is that the principal does not give back the user roles. Off course we can evaluate is the user has a role ( with isUserInRole ), but then you need to know the role name ( in most cases this is enough). To get all the User roles, we need to retrieve the Weblogic Subject and get all the principals and look at the class of the principal ( it can be a instance of WLSGroupImpl or WLSUserImpl ). Be aware you will get the Weblogic groups and not the mapped names of the web.xml or weblogic.xml.
Here is the managed bean ( request scope)

package nl.whitehorses.sec.bean;

import java.security.Principal;

import java.util.ArrayList;
import java.util.Set;

import javax.faces.context.FacesContext;
import javax.security.auth.Subject;

import weblogic.security.Security;
import weblogic.security.SubjectUtils;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;

public class SecurityBean {

    public SecurityBean() {

        Subject subject = Security.getCurrentSubject();
        Set<Principal> allPrincipals = subject.getPrincipals();
        for (Principal principal : allPrincipals) {
            if ( principal instanceof WLSGroupImpl ) {
                System.out.println("found role: "+principal.getName());
                roles.add(principal.getName());
            }
            if ( principal instanceof WLSUserImpl ) {
                System.out.println("found user: "+principal.getName());
                user = principal.getName();
            }
        }
    }

    private ArrayList<String> roles = new ArrayList<String>();
    private String user = null;

    public String getCurrentUserRoles() {
        String curRoles = "";
        for (String role : roles) {
            curRoles = curRoles +", "+role;
        }
        return curRoles;
    }

    public boolean isWlsUserRole() {
     for (int i=0; i < roles.size() ; i++ ){
        if ( "users".equalsIgnoreCase(roles.get(i)) ){
           return true;
        }
      }
      return false;
    }

    public boolean isContainerUserRole() {
      if (FacesContext.getCurrentInstance().getExternalContext().isUserInRole("User_role")){
           return true;
      }
      return false;
    }

    public String getCurrentUser() {
        return user;
    }
}

and last the JSF page where I use this managed bean

<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
          xmlns:f="http://java.sun.com/jsf/core"
          xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
  <jsp:directive.page contentType="text/html;charset=windows-1252"/>
  <f:view>
    <af:document id="d1">
      <af:form id="f1">
        <af:panelHeader text="Start" id="ph1">
          <af:panelFormLayout id="pfl1">
            <af:inputText label="User" id="it1"
                          value="#{SecurityBean.currentUser}"/>
            <af:inputText label="Roles" id="it2"
                          value="#{SecurityBean.currentUserRoles}"/>
            <af:inputText label="WLS Role" id="it3"
                          value="got the users role from weblogic"
                          rendered="#{SecurityBean.wlsUserRole}" columns="80"/>
            <af:inputText label="JAAS Role" id="it4"
                          value="got the User_role mapped by weblogic.xml"
                          rendered="#{SecurityBean.containerUserRole}"
                          columns="80"/>
          </af:panelFormLayout>
        </af:panelHeader>
      </af:form>
    </af:document>
  </f:view>
</jsp:root>

with this as result.

In Part 2 I will explain ADF Security and then you can see how easy Security is in ADF and that ADF has a lot more security options then the standard container security.

Although the Apple iPad event got far more buzz, Oracle presented a very important press conference yesterday (Jan. 27) as well.

After about 9 months of waiting, the European Commission finally approved the acquisition of Sun Microsystems by Oracle. At the day of that announcement, Oracle announced the  Strategy Update Webcast.

The webcast started at 18:00 in The Netherlands and lasted until late. Still, from following Twitter, it was clear that a lot of people we attending. Although I won’t be complete, I’ll share some of what I heard with you in this blog.  The webcast started with a extensive safe harbor statement explaining that Oracle cannot be asked to deliver on their promises. So… there we go.

Hardware

There was lots of talk about hardware. Following the strategy that has made IBM big (at least according to Larry himself), Oracle wants to sell end-to-end everything. They will continue to sell the Sun hardware and will keep the strong Sun brand. Oracle will make a lot of changes to the distribution and supply chain models to reduce cost. Also, expect a lot less sales through the old Sun channels: “partners need to add value, or we’ll go direct”.

The big investments will go to enhance the Sun platform with embedding specific functionality, like encryption, to make the total solution (hardware, OS and software) better. Oracle will also bundle the apps with the hardware. The first steps are already there with the announcement during OpenWorld in 2009 of the second database machine based on Sun hardware.

I was glad to hear that Oracle will continue to support the other platforms and operating systems, specifically Linux of course.

Software

The product portfolio of Sun is extensive and covers a broad range of functionality. Some of its products overlap with the Oracle product suite and some products seem to be quite alien to the core business of the former database company. After the BEA Systems take over, that has quite a (potential) impact for some Oracle customers, I was curious to see what the direction would be for the Sun middleware components. Besides hardware, MySQL and Java, Sun has an extensive set of products that overlap the Oracle stack. Examples are Glassfish, Open ESB and Netbeans.

Some of the announcements (or at least my interpretation of them):

• The open source MySQL database will co-exist with all the other Oracle databases. It will be managed with an independent development organization and handled through a dedicated sales force. Customers use both MySQL and the commercial Oracle databases at the same site. To facilitate this, technical support will be integrated through Oracle Support and there will be bridges (for lack of a better word), for instance to support easier backup/restore and management through Enterprise Manager.
• Java is the most important language in the world. It will continue to be very important and Oracle will make money from it (in contrast to Sun who apparently didn’t). Oracle will push to rapidly release Java SE 7, work on JEE and improve Java ME and JavaFX.
• OpenOffice will be expanded and offered in a hosted web based model as well.
• GlassFish will continue to be the reference implementation for Java EE and is positioned for tactical (smaller) deployments. The WebLogic platform is strategic moving forward.
• NetBeans is positioned as the lightweight IDE and targeted specifically at the mobile developement. Eclypse contributions will continu. The strategic development tool will be JDeveloper.
• The SOA Suite / OSB platform is and will be the strategic platform for Service Oriented Architectures. OpenESB and other Sun products get continued support.
• The Identity & Access Management products of both product lines will continue to be supported. For most components the Oracle version will be the strategic product. The Sun Role Manager is the strategic product for Identity Analytics.
• For management both product lines will (eventually) be integrated. Oracle’s Enterprise Manager is strategic, important parts of Sun Ops Center will get included.
• Both Solaris and Unbreakable Linux will get big investments and continued support.
• The virtualization solutions from Sun are key in the Oracle strategy to deliver a uniform and integrated platform. Solaris virtualization will be added t0 the Oracle VM offering on x86 machines.

Concluding

Oracle has used the forced delay well and showed strong valid plans. As with every acquisition Oracle promises continued support for all Sun products (except the ones that Sun already declared end-of-life). That will of course not stop them to try to persuade us to migrate to the strategic Oracle product lines.

For the main focus areas of Whitehorses, the changes at hand give us some very nice opportunities. And it looks like the Sun acquisition will have a lot less impact on Oracle SOA & middleware customers than the BEA purchase had/has.

All in all it was a good overview covering all aspects of the Sun offering. Oracle has big plan, has lots of experience in merging companies and expects to make Sun profitable this year. Oracles fiscal year that is!

The webcast is or will be available on demand through the Oracle site. There are additional webcasts discussing the future direction for each product area.

With Patch Set 1 of Fusion Middleware R1 Oracle adds support for SCA Spring in WebLogic and also add the Spring Component in SOA Suite 11g.  This is great news because everything what works in SCA Spring can be used without any problem in SOA Suite 11g. Develop once and use it everywhere or start with SCA Spring and end with SOA Suite 11g when you are ready. With Patch Set 2 SCA Spring and the Spring component will be supported in WLS or SOA Suite.

To demonstrate this exchange of Java code  I made two examples:  the first is a java logger in SCA Spring in Weblogic 10.3.2 and the second is to use the same code in SOA Suite 11G

Part 1: Weblogic SCA Spring Example

Part 2: Soa Suite Spring Example

On the first day of the Devoxx 2009, Noora Peura presented a university session on the new 4.0 version of JRockit Mission Control called “The Next Generation Profiling and Diagnostics Tools”. JRockit is the second most used Java Virtual machine(JVM) with, as they claim, tremendous power and analytic abilities. Sun’s JVM is used more, because it is the default JVM when you install Java Runtime.

JRockit was originally built by Appeal Virtual Machines. In 2002 it was acquired by BEA Systems it is now part of the Oracle Fusion Middelware stack. Noora Peura has been with the JRockit team since 2001. JRockit has been here for over a decade and is for a fact, one of the fastest virtual machines around. Because of its excellent statistics it is the favorite JVM for building and running high performance apps. It is the default JVM used by the Oracle support and performance teams.

Suite of tools

In this sneak preview of the new JRockit Mission Control 4.0 version we saw a complete line of tools in a neat tool suite. Some tools already exit in the Mission Control 3.1 version and can therefore already be used straightaway. And some extra, very useful features were added or improved.

Memory Leak Detector

The Memory Leak Detector is build-in inside JRockit JVM with enables it to link directly to the garbage collector and gather analysis data from there. Direct monitoring like this gives a firsthand insight of any problems or memory leaks as they occur. An overview of existing classes can be displayed and in this presentation one can see how much heap size is allocated and in how many bits a second this allocation is growing. You can zoom into suspicious classes in a graphical overview. Displaying which dependencies this class has to give more insight in its usage. This way it is easier to detect if it is valid that the class still exists or should have been garbage collected already. With this approach the Memory Leak Detector even makes it possible to detect very slow occurring memory leaks even long before the system crashes as a cause of them.

The new JRockit Mission Control 4.0 release has a new feature called shortest path analysis. This feature gives a boost to the analysis of stackdumps as we know them. Shortest path analysis helps you to point directly to the root of the problem when something goes wrong. Instead of browsing through endless stackdumps. It reduces the stackdump to only the information you need while highlighting the possible cause of the failure.

Being directly hooked into the class loader JRockit is also able to pull information from it to tackle the much to often occurring vague class loader issues as early as possible.

Management Console

In the Management Console you’re able to present an overview of MBeans residing in the JVM and monitor their activity. It helps you monitor the servers health by giving insight in heap usage and CPU load. Profiling is done low-level and on-line which provides real-time information.
A very nifty extra feature is the ability to monitor multiple JVM’s and plot log alerts profile.

JRockit runtime Analizer 3.1 –> JRocket Flight recorder 4.0

In the new JRockit Mission Control version 4.0 they changed the name of the “Runtime Analyzer” tool into “Flight Recorder”. This tool provides the information for the real-time analytics that is used by the other two tools. Recording is done in a very inexpensive manner. Therefore they have decided to leave recording is always on by default in the new 4.0 version.

Eclipse plug-in

Besides these tools JRockit Mission Control 4.0 also comes with a number of extension points with enable you to write and add you own self-created plug-ins or use others shared on the net.
For eclipse there already is a downloadable plug-in that make it possible to use eclipse as a profiling and diagnostics GUI tool.

Eclipse-plugin voor JRockit

Java profiling and diagnostics

JRockit JVM with the JRockit Mission Control tools is very suitable for both development and production environments. Key here is non-intrusive performance monitoring. Which means you can leave your monitoring on also during production in a high performing environment nearly without paying the performance cost. This ability gives you direct insight into any problems that occur. Which will save you weeks of bug fixing iterations trying to reproduce the failure that occurred. The JRockit profiling and diagnostics tell the system administrator immediately where the problem occurred and he can start fixing the defect straight away.

Gathering all necessary data doesn’t use any bytecode generation and no Java code has to be altered. So after all analyzing, profiling and diagnosing is done you can easily replace the JRockit JVM with your own preferred JVM without any rewriting, rebuilding or redeploying whatsoever.

JRockit has been around for a long time and has proved to perform very well in the past. However SUN hasn’t stood still either. Their JVM has also made some significant improvements on profiling and error detection. So that is also still interesting to keep in mind. But more on that in a later blog.

For more information on JRockit Mission Control take a look at http://www.tinyurl.com/missioncontrol.

The last day of Devoxx. For me every session of this conference has been worthwhile. I am very glad I was there. On the last day I attended a session presented by Paul Brown. He was talking about BPM in a SOA environment. After that a session about slicing up web applications into vertical slices. It was interesting for me because I am looking for this kind of separation for a while, but I never found a good way to do it. The last session (Fuse) was like a University session: great explanation with some good code examples.

Paul Brown: BPM in a SOA Environment

In a service-oriented architecture a BPM engine is both a provider and consumer of services. BPM’s consumed services generally provide access to the enterprise’s applications, while its provided services define and manage business processes. These provided services are used by different types of interfaces and other services. An architect should think through intended utilization. Also he should design for failure. And above all, think total architecture: business purpose, business processes, people, information, system. Pay attention to user interaction styles; changes in style may impact many layers.
After the talk Mr. Brown signed my copy of ‘Succeeding with SOA; Realizing Business Value Through Total Architecture’.

Andy Wilkinson: Modular Web Applications with OSGi

Spring Dynamic Modules enables building modular web applications: splitting the libraries from the web application. OSGi gives the ability to dynamically add, remove, and replace functionality at runtime. SpringSource Slices goes even further. Using the Spring Source Slices libraries it is possible to slice a web application vertically. This means that different parts of one web application can be developed in separate teams. This is great. At this moment Slices is still tied to OSGi. Soon also a standard Servlet container will be available. This means that potentially this functionality can be applied to many web frameworks.

James Strachan: Open Source SOA with Fuse

Fuse is a supported distribution of popular Apache SOA and integration projects: ActiveMQ, CFX, ServiceMix, and Camel. ActiveMQ offers messaging. Messaging is like e-mail between a applications. ActiveMQ offers reliable load balancing and high performance. CFX consumes web services. ServiceMix is a container for integration glue. Camel is a library that offers a way to use the Enterprise Integration Patterns in an easy way. For example the MessageFilter. Camels offers the ability to describe routes in every programming language you like; XML, Java, Scala, Ruby, Groovy, etc. The code examples during the presentation showed that Camel API is very easy to use.

This year the Devoxx movie was ’2012′. In the movie the President of the USA announces: “This will be the end of the world as we know it”.
On the Devoxx conference some of the speakers make similar claims:

• A big change is coming: Craftsmanship (Robert C. Martin)
• Cloud computing will become mainstream and traditional data centres will be marginalised (Manik Surtani)
• A new software engineering method should stop emerging new methodologies every year (Ivar Jacobson)

Robert C. Martin: Craftsmanship

Ten years ago Agile methodology completely changed the software world. Now, an even bigger change is coming: Craftmanship. What does it mean to be a professional? Writing code is not enough. A true professional should not compromise beyond a certain line. There are certain principles to be followed:

• First, do no harm. Do not compromise quality. Defend it well, and you will earn respect.
• Clean code
• To go fast, go well. You will not go fast by rushing.
• TDD. Always strife for 100% test coverage. You should know that it works. Our attitude should be that QA does not find anything.

I really hope most developers already follow these rules.

Manik Surtani: Infinispan and the future of data grids

Cloud computing will become mainstream and traditional data centres will be marginalised. Databases on clouds don’t make sense, because of scalability issues. Native database clustering is very hard to accomplish on clouds; Oracle RAC on EC2 is impossible. However, data grids are a perfect solution. They are highly scalable and there is no single point of failure. Latency is very low.

Infinispan is an open source data grid platform that uses a JPA-like API. This should make easy migration form traditional databases. The functionality is similar to database, but keywords like “JOIN” cannot be supported.

If Surtani is right, the software industry will change completely. This will have a big impact on database manufactures. Infinispan is not yet available for download. When it is available I would like to judge for myself whether the data-grid is a real alternative for the relational database.

Ivar Jacobson: Software Engineering Method and Theory

Ivar Jacobson is a father of components and component architecture, use cases, aspect-oriented software development, UML (Unified Modelling Language) and RUP (Rational Unified Process). He asks the question: Do we really know how to develop software? It looks like we are working in a fashion industry. Every year a new, but not really new, methodology becomes popular. We should not re-invent the wheel every time. We need a theory / basis that we all share and support. Ivar started a new initiative: Software Engineering Method and Theory. This initiative should provide a solid theory, proven principles and best practices.

Let’s hope he will succeed.

Many sessions on the third day of Devoxx were about the new Java EE release.

Antonio Goncalves: Java EE 6 release

Java EE 6 will be released on December 10th 2009. It will contain many improvements:

• JAX-RS – Annotation based API for REST web services. Very simple to use, just add the following annotations: @Path, @GET, @POST, etc.
• BeanValidation – Also annotation based; similar to the annotations in Rails/Grails: @NotNull, @Size (max=40, message=”longer than {max} characters”). It is possible to add your own custom tags. The tags work with JPA and JSF.
• Web Profile 1.0 – This is a subset of Java EE APIs only for webcontainer. Includes EJB Lite: a way to run EJBs in a web container.
• CDI – Context Dependency Injection. Annotations to be used: @Inject, @Resource.
• EJB 3.1 – A new component has been added: Singleton. It is now possible to make a method asynchronous using the annotation @Asynchronous.
• Embedded Container – EJB Container to be used in Java SE for test purposes.
• Portable JNDI Names – Naming rules are not vendor specific anymore.
• Servlet 3.0 – Many improvements. The file web.xml is now optional. Instead annotations like @WebServlet and @WebFilter can be used.
• Simplified packaging – For example, EJBs do not have to be in separate jar anymore.
• etcetera.

I think Java EE 6 has some really great features. Java EE 6 is a huge improvement over Java EE 5.

Scott Ambler: Agile Mythbusters

Based on facts Scott Ambler makes some conclusions about what Agile people are really doing in practice. According to him:

• Agile is not just for small teams.
• Only 47% of all Agile teams practice TDD (Test Driven Development). (This is strange. Isn’t it a requirement to do TDD?)
• Only 65% of all Agile teams do continuous integration.
• Agile teams do not just start coding from the beginning of the project. On average it takes 4 weeks before they start programming.
• Agile teams do not follow common development guidelines. Applying common guidelines can be a quick win to increase software quality.
• Agile works really works better than traditional approaches. “Agile teams produce higher quality work, are quicker to deliver, are more likely to deliver the right functionality and likely to produce greater ROI than traditional teams.”

Interesting results?

Chris Richardson: Architecting Robust Applications for Amazon EC2

Amazon’s EC2 (Elastic Compute Cloud) is a virtualized computing environment which offers a way access computing resources via a web services API. Developing Java applications seems easy since it allows you to develop applications using standard software packages such as Tomcat and MySQL. However, some aspects of EC2 are very different than a physical computing environment. For example, you don’t know where your data is. A big advantage is that you are not responsible for the hardware. It is very easy to add and remove server instances.

Christophe Herreman: Spring ActionScript

Spring ActionScript is brings Independency Injection to the Flash Platform. The main focus is on Flex and AIR development. This framework can be used to build testable and maintainable Flex applications. The code examples looked quite clean. Maybe worth a try.

Gregor Hohpe: Distributed programming the Google way

Google runs one of the largest computer infrastructures in the world. Parts of this infrastructure have been made available as open source projects. Some design themes or patterns can be used in other contexts. Gregor Hohpe’s 8 rules:

1. Use sharding. Partition your data.
2. Less is more. Choose only the basic features.
3. Expect failure. It is not a matter if, but when the failure will strike.
4. Autonomy. Some processes should be able to continue without supervision.
5. Empower the runtime. Flow freely instead of strict rules.
6. Favor Stateless. Processes that keep state are more expensive than stateless operations.
7. Precision versus Speed. Faster is better.
8. It is all about trade-offs.

Interesting ideas. Some of them can also be useful for smaller scale projects.