Java se – Google 2007 JavaOne Advance Conference Guide User Manual

Page 23

technical sessions | track two : java SE

Java SE

TS-2594 Secure Coding Guidelines, Continued: Preventing Attacks

and Avoiding Antipatterns

Charlie Lai, Sun Microsystems, Inc.

Have you heard of cloning attacks, package insertion attacks, and finalizer
attacks but don’t fully understand how they work or how to prevent
them? Did you know that the accessibility of methods and fields declared
private by a developer can automatically increase to package-private
under certain circumstances?

This session builds on last year’s “Secure Coding Antipatterns: Avoiding
Vulnerabilities” session. Although it starts with a quick review, this
session focuses primarily on new coding antipatterns, attack scenarios,
and JDK software vulnerabilities. More important, the session describes a
new set of secure coding guidelines that will help you avoid them.

Whether you’re a developer working on the internals of a security
component, a shared library, or an end-user application, you can benefit
from this session, because a security vulnerability at any level of the
software stack can have serious ramifications.

TS-2656 JMx Technology: Who’s doing What

Jean-François Denise, Sun Microsystems, Inc.
Eamonn McManus, Sun Microsystems, Inc.

The Java Management Extensions (JMX) API has been part of the core
Java platform since release 5.0. In this session, members of Sun’s JMX
technology team present a survey of the ways it is being used and a vision
of what is in store in the next version.

The presentation examines, among other things
• Management consoles, both free and commercial
• How JMX technology is an excellent fit for aspect-oriented

programming, with the Glassbox open source project as an example

• The tools that make it easy for developers to create their own JMX

instrumentation

Looking forward, the session presents the features planned for release
7 of Java SE, in particular to address scalability. It discusses the WS-
Management support being standardized by JSR 262 and how it will
permit interoperation with the world outside the Java platform. The
session does not assume detailed knowledge of JMX technology.

TS-2689

Effective Java™ reloaded : This Time It’s for real

Joshua Bloch, Google, Inc.

It’s been more than five years since Effective Java™ was released. The Java
platform has evolved, and we’ve learned more about how to use it to best
effect. This session covers new material added to the second edition,
which makes its debut at this conference. The presentation, which should
be useful to every working programmer, contains plenty of new material
that was not covered in the 2006 session.

TS-2885 High-Performance Java Technology in a Multicore World

David Dagastine, Sun Microsystems, Inc.
Paul Hohensee, Sun Microsystems, Inc.

This presentation discusses the issues facing Java and Java Virtual Machine
(JVM) technologies in a computing world quickly moving toward multiple-
core CPU solutions. It reviews current and planned multicore technologies

from Sun, Intel, AMD, and others and describes relevant JVM technology
requirements and performance optimizations in detail. It also discusses
changes, including example code, in Java technology-based applications
to take advantage of multicore platforms. A short demonstration shows
how to solve common performance and scalability bottlenecks through
JVM software tuning.

TS-2890 Java Technology Generics and Collections: Tools for

Productivity

Maurice Naftalin, Morningside Light Ltd.
Philip Wadler, University of Edinburgh

Java technology generics are the largest and most important change
to the Java programming language since it was introduced. The Java
Collections Framework API is the most widely used library and will
become even more popular with the use of generics, which eliminate
the annoying casts that previously peppered Collections code. Although
the fundamentals of generics and collections are easy to absorb, many
important aspects require serious thought. In generifying an existing
library, should one recode, use stubs, or use wrappers? What is
“migration compatibility,” and why is it central to the design of generics?
What pitfalls need to be avoided when combining generics and arrays?
How does one choose between ArrayDeque and LinkedList?

Java Generics and Collections, published by O’Reilly in October 2006,
provides a thorough coverage of these topics. Gilad Bracha, Java Generics
lead at Sun Microsystems, wrote this review: “A brilliant exposition of
generics. By far the best book on the topic, it provides a crystal clear
tutorial that starts with the basics and ends leaving the reader with a
deep understanding of both the use and design of generics.” As of this
writing, the book has four reviews on Amazon.com, all five-star.

This presentation, based on the book, answers the questions that
developers need to understand to make productive use of generics and
collections. Attendees should be practicing programmers using the Java
programming language, should be acquainted with the basic ideas of
generics, and should have written code using collections.

A big advantage of the erasure technique used to implement generics is
the easy migration it allows from nongeneric legacy code to generic code.
With erasure, legacy and generic code can interoperate freely, because
the compiler can produce the same bytecode from a program using
generics as from its nongenerified equivalent. Realizing this advantage
in practice needs care, however. The presentation shows how developers
can choose between the different routes to full migration.

Unlike generic types, arrays do carry runtime type information. Having
two type systems can create difficulties that developers need to
understand. The session explains a classic puzzle: why can’t you create

TS-2023 What’s Hot in IBM’s Virtual Machine for the Java Platform?—2007 Edition

TS-2171 What’s Hot in BEA JRockit

TS-2220 Testing Concurrent Software

TS-2294 Closures for the Java Programming Language

TS-2318 JSR 277: Java Module System

TS-2383 Java Platform, Standard Edition (Java SE): Present and Future

TS-2388 Effective Concurrency for the Java Platform

TS-2401 Java Language Modularity with Superpackages

TS-2594 Secure Coding Guidelines, Continued: Preventing Attacks and

Avoiding Antipatterns

TS-2656 JMX Technology: Who’s Doing What

TS-2689 Effective Java™ Reloaded : This Time It’s for Real