Effective Enterprise Java Online: Soliciting Feedback

Discussions

News: Effective Enterprise Java Online: Soliciting Feedback

  1. Ted Neward is putting up pieces of his forthcoming Effective Enterprise Java online and is actively soliciting comments from the Java/J2EE community.

    For starters he has put up topics on:

    Security: (http://www.neward.net/ted/EEJ/Security.html)

    Presentation: (http://www.neward.net/ted/EEJ/Presentation.html)

    System: (http://www.neward.net/ted/EEJ/System.html)

    Ted can be reached at ted at neward dot net for comments regarding EEJ or else he doesn't mind getting feedback on his comments section at his blog over at http://www.neward.net/ted/weblog

    This is a chance for the Java community to help shape a book that could dispel the common mistakes when building a classic Enterprise application with something as complex as J2EE.

    Threaded Messages (15)

  2. I read the Presentation and System sections and liked both very much.
  3. Great effort. We will definitely help as much possible.
    Thanks
  4. Count me as a buyer...[ Go to top ]

    I've looked at all three posted chapters and have a couple of comments.

    First, I think the System chapter is too ambitious. I think it should be broken out into several chapters. Perhaps one concerning resource management, one concerning JVM issues (GC and JVM tuning) and finally one on Classpath. I would probably buy a book with a good chapter on the latter topic alone!

    I suggest you organize things a bit better and illustrate with large fragments or complete apps, at least available for download. Snippets are OK in the chapter when you are making a concise point but they make me want to howl when I'm trying to grok the complete context of an idea.

    Break up the test a bit more than you have. The chapters tend to run together a bit right now.

    I don't know enough about Security to comment too much, but your chapter is like red meat to me. I want to see more!.....
  5. Thanks, and responses to your comments[ Go to top ]

    I've looked at all three posted chapters and have a couple of comments.

    >
    > First, I think the System chapter is too ambitious. I think it should be broken out into several chapters. Perhaps one concerning resource management, one concerning JVM issues (GC and JVM tuning) and finally one on Classpath. I would probably buy a book with a good chapter on the latter topic alone!
    >
    I wish I could. Frankly, though, it's intended to be somewhat of a higher-level discussion that in turn will persuade people to follow up more on the subject with books that examine those things in depth. Right now the best Classloader books on the planet, in order, are Stu Halloway's "Component Development in Java" (Addison-Wesley, free PDF download from his home page), and my "Server-Based Java Programming" (Manning, July 2000). The main reason I'm bringing up GC and JVM tuning is, in fact, because nobody else seems to be touching it, but I don't want to lead people towards believing that GC/JVM tuning will solve all your performance problems--it's just another tool in the arsenal, to be used intelligently (i.e., alongside a profiler).

    > I suggest you organize things a bit better and illustrate with large fragments or complete apps, at least available for download. Snippets are OK in the chapter when you are making a concise point but they make me want to howl when I'm trying to grok the complete context of an idea.
    >
    The format of the Effective series is exactly as you see here--little nuggets that are intended to be somewhat standalone but cross-reference liberally. Frankly, the items as they exist now are probably too long in of themselves. If I can find the time before the book's publication, I may try applying the items to a common example app (PetStore comes to mind), but that would be a peripheral thing hosted off of my weblog, not part of the book itself.

    > Break up the test a bit more than you have. The chapters tend to run together a bit right now.
    >
    I'm not sure what you mean by this.

    > I don't know enough about Security to comment too much, but your chapter is like red meat to me. I want to see more!.....
    Again, the idea is to touch just enough on Security to give the enterprise developer just enough to think about; a good follow-up book would be Li Gong's "Inside Java2 Security (2/E)" (Addison-Wesley), or perhaps "Java Security Solutions" (Wiley), whose author I can't remember offhand.

    Is there something specific you'd like to see elucidated in Security? If I could add just one more item, what would you suggest?
  6. Thanks, and responses to your comments[ Go to top ]

    Is there something specific you'd like to see elucidated in Security? If I could add just one more item, what would you suggest?

    Good attention was given to firewalls, accounts, principle of least privilege, and JRE security classes. I skimmed the chapter, and I think it only addresses client/server scenarios -- long conquered problems such as 3 or 4 tier applications. I don't think the chapter gave advice for n-tier and service oriented architecture. Also not especially helpful with Enterprise Application Integration, for overlooking XML security standards of interoperability. 29 printed pages and no mention of single sign on, credential delegation, key repositories, or Bouncy Castle. Only oblique mentions of server credentials and certificate authority.
  7. Thanks[ Go to top ]

    29 pages is getting to the upper limit for that chapter; what would you drop in order to discuss single sign-on, credential delegation, key repositories or Bouncy Castle?

    The reasoning I give fot those items already there and why the items you mention aren't is as follows: Honestly, single sign-on really is just an issue of authentication against a single source, credential delegation and key repositories are generally topics best left to lower-level security books, and I'm not sure what you want me to say with respect to Bouncy Castle. (In truth, I honestly believe that security is one of the few areas where trying to roll-your-own, using JCA/JCE, is a Bad Idea, particularly in a book that's targeting a much higher-level topic such as enterprise development. Are these things important? Yep. Do most developers have the time to grok them? Nope.)

    Again, I have limited space in here, and need to try to find the 'sweet spot' between too little and too much information; otherwise, if I do as my first instincts tell me, this book becomes 1200 pages and costs $100 after discounts. :-)
  8. Thanks[ Go to top ]

    ...I'm not sure what you want me to say with respect to Bouncy Castle.

    How to deploy it via JNLP.
  9. JNLP & Bouncy Castle[ Go to top ]

    That's a great white paper or article idea, but way too "focused" for this book. :-(
  10. Thanks, and responses to your comments[ Go to top ]

    Break up the test a bit more than you have. The chapters tend to run together a bit right now.

    >
    >I'm not sure what you mean by this.

    It as late in the UK. I meant 'Break up the TEXT more than you have!

    My bad. Sorry.
  11. A few suggestions[ Go to top ]

    Have had a quick skim of the Security and Presentation chapters - the content looks fairly good here, particularly in the security area. There aren't too many generalist books that give a good overview of these different aspects of security and it's good to see references to things such as owasp, JAAS, encryptions, etc.

    From the presentation perspective this chapter does seem to go over a lot of ground that has been addresses years ago by toolkits such as struts (and I'm sure newer toolkits such as tapestry, spring, etc) - mainly MVC, taglibs, parameter validation (eg. struts validators that do both client side javascript and server side validation), error handling (although struts would be a lot better if it supported error levels such as info, warning, & error), duplicate page submission, simple page workflow, simple session management, etc. It would be good to reference these solutions rather than show people the hard way to do things.

    From a JNLP perspective, I've recently looked at the Bright Side framework, which doesn't look quite good as a client/server framework. Sample JNLP file for their demo:

    <?xml version="1.0" encoding="UTF-8"?>
    <jnlp codebase="http://www.bs-factory.com/bookstore" href="bookstore.jnlp"> <information>
            <title>The BookStore</title>
            <vendor>Bright Side Factory</vendor>
            <homepage href="http://www.bs-factory.com/"/>
            <description>Demo Application</description>
            <icon href="bookstore_logo.gif"/>
        </information>
        <security>
            <all-permissions/>
        </security>
        <resources>
            <j2se version="1.4.1* 1.4*" href="http://java.sun.com/products/autodl/j2se"/>
            <property name="org.bsf.framework.prefs.PreferencesFactory" value="org.bsf.framework.prefs.BSFPreferencesFactory"/>
            <jar href="Bookstore-client.jar" main="true" version="1.43"/>
            <jar href="bsframework-server.jar" download="eager" version="1.22"/>
            <jar href="foxtrot.jar" download="eager" version="1.0"/>
            <jar href="commons-lang-1.0.1.jar" download="eager" version="1.0"/>
            <jar href="commons-logging.jar" download="eager" version="1.0.3"/>
            <jar href="crimson.jar" download="eager" version="1.0"/>
            <jar href="jboss-j2ee.jar" download="eager" version="1.0"/>
            <jar href="jakarta-regexp-1.2.jar" download="eager" version="1.0"/>
        </resources>
        <application-desc main-class="com.bsf.gui.bookstore.modules.application.BookStoreDemo">
            <argument>www.bs-factory.com</argument>
            <argument>/bsframework-server/httpSession</argument>
            <argument>80</argument>
        </application-desc>
    </jnlp>

    From a security perspective these frameworks also address some of the issues you have brought up (eg. double submission, parameter validation, etc). I think references to these projects and to other articles (from memory IBM had a good article on JAAS, etc) would make the book a more useful resource..
  12. A few suggestions[ Go to top ]

    A typo in the previous post - the Bright Side Framework DOES look quite good..
  13. thanks for the suggestions[ Go to top ]

    Don--

    Your idea of referencing existing resources is a good one, except that books often live much longer than weblinks do, and I, personally, hate a book that makes a big deal out of something that was really cool at the time the author wrote it, but six months later is obviously no longer maintained/supported/etc. Those sorts of links I'm hoping to keep up on the EEJ weblog, instead.

    Frankly, I'm really trying to avoid value-judgement kinds of prose in general except about the specifications themselves; I really don't want to get into the whole "I like BEA but not WebSphere", because that takes you down a slippery slope to making the book too narrow, IMHO. Unfortunately that means I have to exercise the same restrictions with open-source projects, too. It's a really fine line and one that I've sort of criss-crossed back and forth a couple of times already. :-/

    Your comment about the fact that various tools already cover this is a good one; however, a lot of people (a) still aren't using those tools, and (b) still need to understand what the tool is doing for them. Hence my decision not to cover any of the other JSP-oriented or servlet-based toolkits (Struts, Tapestry, WebWork, ....). If I don't draw a fairly coarse line in the sand it's pretty obvious this book bloats out really really badly. :-/

    (In all honesty, there's probably still room for a couple related books just like this: Effective Servlets, Effective Struts, Effective JSP, ....)

    Ted
  14. thanks for the suggestions[ Go to top ]

    Fair enough comments re. the weblinks, however I don't think toolkits like struts, tapestry, spring are going anywhere in a hurry. I think that pointing out what you need to avoid is good and showing readers how to do it themselves is also good, but developers can be far more productive with the use of a framework that takes all the routine stuff out - a mention of these products that implement best/better practice will allow the reader to make their own decisions..

    Agree with the points on avoiding BEA vs Websphere comparision, however (from a presentation perspective) it may be worth pointing out that most commercial containers do provide the basic caching facilities, edge side includes, etc for content. While open source containers such as tomcat don't, there's plenty of options here in the open source with good caching solutions also plugged into persistence frameworks like Hibernate.

    Further on presentation (I've read it a bit more) - presentation seperation from code is a good thing, but IMHO I don't think XSLT is quite there yet - great concept, but have you ever tried to read/code a complex XSLT stylesheet ? There have been a few good tools that assist in this area very recently (ie. XMLSpy), however the vast majority of tools don't and this is a very developer intensive technology..
  15. Server-based Java Progamming[ Go to top ]

    Ted, when you mentioned your previous book I thought I remembered it. It was on a bookshelf at home. As I recall I bought it because of the reviews on amazon.com, then shelved it when I realized it wasn't really a J2EE book, which is what I was into at the time.

    So I'm reading the Classpath chapters now. Thanks.
  16. More chapters went up[ Go to top ]

    Architecture and State Management just went up on the website. Communication and Processing are all that's left, keep an eye out in the next 48 hours for them.