What the Heck Are OAuth and OIDC?

Session abstract

OAuth is not an API or a service: it is an open standard for authorization, any developer can implement it, and applications can use it to provide client applications with “secure delegated access.” OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials. OpenID Connect (OIDC), built on top of the OAuth 2.0 protocol, enables clients to verify the identity of the user and obtain their basic profile information. This session covers how OAuth and OIDC work, when to use them, and frameworks/services that simplify authentication.

more >>

Benefiting from Java 9 Improvements

Session abstract

Mention Java 9, and everyone immediately thinks of modularization. Although that’s quite important, Java 9 contains many other improvements to the language and the JDK. This presentation dives into the language-level improvements and also the changes related to the Streams API and the functional style of programming. The objective of this session is to help developers make better use of Java 9 from the language, JDK, and functional programming point of view.

more >>

Enough java.lang.String to Hang Ourselves...

Session abstract

Is it better to write “” + 42 or Integer.toString(42)? How much memory can you save if you intern() all your strings? How can String Deduplication reduce your memory footprint, and what does it cost? And how much memory will Java 9 strings save in Bulgaria? What is the maximum length of a constant string? And a dynamic string? How much faster is the new StringBuilder().append(“Hello “).append(name).toString() than “Hello “ + name? What are intrinsics, and how do they relate to strings? Are strings really immutable? How can you efficiently create substrings? You’ll get answers to these and many more questions in this session.

more >>

Keynote: Groundbreakers: The Code Avengers

Session abstract

Superheroes protect the peace, save lives, and fight evildoers with their superhuman powers; however, they are not the only ones who have these abilities. Each day developers build highly advanced algorithms, design and code solutions to better humanity, deploy to thousands of servers in seconds, and come up with groundbreaking innovations. In this session join community leaders, unconference disorganizers, open-source standards gurus, and technology visionaries to hear an action-packed keynote to celebrate the developer community and you, a groundbreaker.

more >>

Hacking and Hardening Java Web Applications Workshop

Session abstract

PLEASE NOTE: YOU MUST BRING YOUR OWN LAPTOP (BYOL) TO PARTICIPATE IN THE HANDS-ON LABS.It seems like every day there is a new headline about a security breach in a major company’s web application. This hands-on workshop is designed to teach you how to identify and fix vulnerabilities in Java web applications. Using an existing web application, you will learn ways to scan and test for common vulnerabilities such as hijacking, injection, cross-site scripting, and cross-site forgery. You will learn best practices for logging, error handling, intrusion detection, authentication, and authorization. You will also learn how to improve security in your applications with existing libraries, frameworks, and techniques to patch and prevent vulnerabilities.*NOTE - Please download:- Virtual Box 64-bit -https://www.virtualbox.org(windows users please make sure you test virtual box ahead of time)- Kali Linux Varient Virtual Machine -https://s3.amazonaws.com

more >>

A Thousand Things You Always Wanted to Know About SSO but Never Dared Ask

Session abstract

How many times have you been in a meeting with a salesperson and started to sweat when you heard, “Yes, the system will be fully integrated with your SSO”? How many times have you searched on the internet forSSOand closed your browser after the second click? SAML, OAUth, ws-fed…which of these is the right protocol? Shibboleth, OpenAM, ADFS2, Keycloak…do I need all of them? Do I need them at all? Which is the right solution for my application? How can I protect my APIs? This session covers the most-popular SSO scenarios and will guide you along the sometimes obscure path to the “log in once and access everything” Grail.

more >>

Fully Reactive: Spring, Kotlin, JavaFX, and MongoDB Playing Together

Session abstract

Spring Framework 5 brings full reactive support to developers everywhere. What better way to demo reactive programming than to actually build something live? This session’s presenters perform a daring feat of pair programming/dueling coding to create an end-to-end application by using Spring Framework 5, Spring Boot, Reactor, Kotlin, JavaFX, REST, and MongoDB, all built with IntelliJ IDEA. What could possibly go wrong?

more >>

Ten Things You Can Do with GraalVM

Session abstract

PLEASE NOTE: YOU MUST BRING YOUR OWN LAPTOP (BYOL) TO PARTICIPATE IN THE HANDS-ON LABS.The GraalVM project enhances the Java ecosystem with an integrated polyglot, high-performance execution environment for dynamic, static, and native languages. GraalVM supports Java, Scala, Kotlin, Groovy, and other JVM-based languages. Simultaneously, it can run the dynamic scripting languages JavaScript, Ruby, R, and Python. In this lab, you’ll learn what you can do with GraalVM: Use it as the JVM JIT compiler, enhancing the JIT Run native and polyglot programs Compile them ahead of time for faster startup and lower runtime overhead Debug your polyglot code, using exactly the same tools for any language Profile the performance and memory of your application Embed GraalVM in a native application for portabilityPlease review the documentherein preparation for the lab.

more >>