Wayne,
See in line ...
On Sat, Mar 14, 2015 at 4:06 PM, Wayne Pollock <pollock_at_acm.org> wrote:
> It is a fine idea, well implemented. Yet, I do have concerns I'd like
> to discuss.
>
> Too many of these tutorials rely on GUIs and/or maven. The result is
> a lack of understanding of the underlying processes. I would like to
> see *just one* "Hello EE world" tutorial that describes compiling and
> deploying a WAR using nothing but javac and jar. Once the basics of
> how EE works (the directory structure of a WAR, the proper setting of
> CLASSPATH, etc.) is done, *then* is the time to go on to teaching the
> Java EE technologies using automation and GUIs, if you wish.
>
> Maven scares me. As far as I can tell from the Google searching I've
> done, the Maven central repository consists of unsigned contributed code.
> The maven tool automatically downloads, installs, and runs such code. I
> can't imagine how much longer it will be, before malware makes its way
> into developers' PCs, and ultimately to servers, using maven as an
> attack vector.
Maven is indeed scary, but a pragmatic reality. So we all have to get
used to it :)
Have you looked at
https://github.com/javaee-samples/javaee7-samples
that shows Hello World samples for different Java EE 7 technologies?
They can run against WildFly or GlassFish.
There is also
https://github.com/javaee-samples/javaee7-simple-sample
that is a simple sample to showcase different Java EE 7 technologies.
>
> Glassfish 4.1 scares me. I have reported the problem with it many times,
> to a deafening silence. It contains bad/corrupted jars in the official
> distribution, both from Oracle and from java.net. You can't see the
> errors if you build using a GUI such as Netbeans, or using ant or maven.
> But, add the javaee.jar to your CLASSPATH, and compile anything such as:
>
> class Foo {}
>
> with:
>
> javac -Xlint:all Foo.java
>
> and you will get about 20 warning messages about bad or missing
> jar files. (I did make a bug report on this as well.) I am
> currently switching my Java classes to use Wildfly. It's hard
> because, like all Java EE servers, the Wildfly docs make no mention
> of how to build code without using maven or some GUI IDE. They don't
> seem to come with a javaee.jar, or equivalent.
Have you looked at
http://www.mastertheboss.com/jboss-server/wildfly-8/maven-configuration-for-java-ee-7-projects-on-wildfly?
Arun
>
> The new paradigm is "Devops". Developers need to understand something
> about deployment, instrumenting code, logging, etc., in addition to
> understanding CDI or Java messaging. They need to know how to design
> file formats and message formats; many real-world enterprise
> applications do use files along with databases. Your tutorial
> should also address these issues, if possible.
>
> Finally, I would like tutorials to show correct security coding
> practices, such as the proper normalization, sanitization, and
> validation of external (untrusted, or "tainted") data. It's scary
> that even today, the #1 vulnerability is SQL injections. Yet, try
> to find any Java EE tutorials that do this, or any textbooks either.
> I haven't found any. No wonder each new generation of programmers
> makes the same errors.
>
> Thanks for the opportunity to vent a bit. Hopefully, you'll find
> my arguments have at least a little bit of merit. If so, you don't
> need to change the code; just add some comments here and there about
> what was left out for the sake of clarity, with some pointers to
> more information. As I said in the beginning, this is a good
> tutorial and well implemented. I just think it can be improved to
> give students a deeper understanding of Java EE development and
> deployment, and of security best practices.
>
> --
> Wayne Pollock
>
> On 3/13/2015 6:10 PM, Reza Rahman wrote:
>> Folks,
>>
>> Many of you are probably already familiar with the official Java EE 7 Hands-on-Lab
>> (https://glassfish.java.net/hol/). It is an excellent learning resource initiated
>> Arun Gupta while still at Oracle. I just finished successfully delivering the lab
>> once again at DevNexus 2015. In preparation for DevNexus and beyond I made a few
>> updates/changes:
>>
>> * I tried to make the lab entirely self-directed and self-paced for attendees by
>> removing as many possible stumbling blocks (however minor) as possible.
>> * I updated the lab to use GlassFish 4.1 and NetBeans 8.0.2.
>> * I polished up the code to make it as realistic as possible within the scope of a
>> simple lab.
>>
>> The first bullet point above is what I would really like to bring your attention to.
>> Every time I have run this lab I've tried to execute it such that it requires bare
>> minimum or no involvement from me and in fact I believe I've succeeded in doing just
>> that. The reason this really matters is that I think this lab material has much
>> greater potential than just something else our team does at conferences. I believe
>> that the lab is now in a state such that anyone can go through the lab entirely on
>> their own, by just using the public HOL page. More importantly I think it is possible
>> with very little effort for someone to lead the lab in their user group or company. I
>> highly encourage you to do so if you have an interest in supporting the Java EE
>> community. If needed, our team could provide any help that you may need (such as
>> being present virtually or working with you one-on-one to get you prepared). I've
>> supplied all the resources that you should need on the public HOL page.
>>
>> Do drop me a note off alias if you have any feedback on this, if there's anything
>> that I can improve with the lab or if you need any help. For sake of completeness, I
>> should mention that Arun also now has his own version of the lab
>> (https://github.com/javaee-samples/javaee7-hol) that you should also take a look at
>> if time permits.
>>
>> Cheers,
>> Reza | Java EE Evangelist
>> Cell: 267-798-9331
>> Home Office: 215-736-1208
>> Google/Skype: m.reza.rahman
>> Twitter: @reza_rahman
>> https://blogs.oracle.com/theaquarium/
>> https://blogs.oracle.com/reza/
>> https://cargotracker.java.net
>>
>> P.S.: In this same vein I'd like to point out that I've added detailed speaker notes
>> to my version of our current flagship Java EE 8 talk:
>> http://www.slideshare.net/reza_rahman/javaee8 (PowerPoint source available for
>> download). Making use of this, you could deliver this talk yourself. As an example,
>> Hanneli Tavante did this at ConFoo and Josh Juneau will be doing that soon at the
>> Chicago Coder Conference. Of course talks are highly personal and I don't expect that
>> anyone will just use my deck as-is (in fact neither Hanneli nor Josh are doing that).
--
http://blog.arungupta.me
http://twitter.com/arungupta