This website uses cookies to ensure you get the best experience. Learn More.
Key Takeaways From JavaOne 2017 Talks
Here are some of the key takeaways that I learned from the talks I attended at JavaOne 2017:
by Mansi Sheth (video)
The Java Cryptography API is quite powerful and up-to-date as of Java 8, however there are some pitfalls when using it. Mainly, the JavaDoc examples and API defaults tend to use insecure, old crypto standards. Also for backwards compatibility, the Crypto API provides options that are not recommended or are insecure or deprecated. However, the API does provide modern, secure crypto options, so developers should check the best practices to ensure that they are using modern options before employing the Cryptography API.
by Ed Burns and Shing wai Chan (video)
Servlet 4.0 supports HTTP/2 and specifically Servlet Push. Servlet Push allows the servlet to send resources such as CSS and JS to the browser along with the html response to avoid unnecessary extra requests. Frameworks such as JSF will be able to take full advantage of this feature since they know which resources their view requires before returning the response. Servlet 4.0 has also added support for the HTTP trailer—which can be used to provide a checksum for the response among other things—and mapping discovery which can be used to determine how the current servlet was obtained.
by Gil Tene (video)
There are many options for garbage collection strategies in Java including copying collection or mark -> sweep -> compact. It’s difficult (but possible) to implement a responsive garbage collector that does not pause the entire JVM while performing garbage collection (since memory is still growing if the JVM is not paused). Testing garbage collection is difficult since many JVMs will attempt to delay garbage collection as long as possible (usually until after the test is done).
by Sven Peters (video)
Good teams provide psychological safety to explore (potentially bad) ideas and make mistakes. Good teams have at least some overarching schedule and an ability to grade themselves on whether they accomplished their goals (for example using OKRs).
by Kito Mann
JSF 2.3 includes many new features features and additions (several of which were contributed by community members Bauke Scholtz and Arjan Tijms). To name a few: f:websocket, h:commandScript, f:importConstants, ui:repeat begin, end, and step attributes which allow for iteration without a data model, and CDI injection of JSF objects like FacesContext. For a more complete list, see Arjan Tijm’s blog post What’s new in JSF 2.3?.
f:websocket
h:commandScript
f:importConstants
ui:repeat
begin
end
step
FacesContext
by Jonathan Ross
Since Java and the JVM are so complex, use the scientific method rather than intuition to test and improve performance. The Open JDK JMH framework allows developers to write performance regression tests.
by Sean Mullan
Oracle provides Secure Coding Guidelines for Java SE. Deserializing untrusted data can allow remote or malicious code to be executed on the JVM.
by Venkat Subramaniam
Immutability can make code simpler to reason about, allow compiler optimizations, and be exploited for easy parallelism.
by Maarten Mulders (video)
Encryption allows for secure interactions on the web. Certificate authorities are needed to verify that data is being sent to legitimate sites. However, certificate authorities can be compromised, so browsers need to keep up-to-date information on trusted certificate authorities as well.
by Roman Elizarov (video)
Lock-free algorithms can be implemented with atomic variables using the compareAndSet() method inside a while(true) loop. Lock-free algorithms tend to perform better than locking algorithms in read-heavy real-world scenarios (as opposed to write-heavy).
compareAndSet()
while(true)
by Steve Poole (video)
Vulnerabilities include bugs, features, and developer tools that a hacker can exploit.
I’m planning on including the Portlet 3.0 Deep Dive video in a larger blog post about Portlet 3.0 in general. So look forward to that soon.
One of the biggest takeaways from JavaOne was the commitment to open sourcing even more technology including TCKs and specifications that are moving to the Eclipse Foundation (as EE4J). Learning about all these technologies and best-practices was fun, but the best part of JavaOne was talking to JavaEE experts like Kito Mann and Ed Burns and listening to the problems that JavaEE devs are solving today.