Founder of Tomitribe, veteran of Open Source Java EE in both implementing and defining JavaEE specifications for over 10 years with a strong drive to see JavaEE simple, testable and as light as Java SE. Co-Founder of OpenEJB (1999), Geronimo (2003), TomEE (2011). Member of the Java EE 7 and EJB 3.2 Expert Groups, past member of the Java EE 6, EJB 3.1, and EJB 3.0 Expert Groups. Contributing author to Component-Based Software Engineering: Putting the Pieces Together from Addison Wesley.

Apache TomEE from Dev to Ops

Apache TomEE is the Java EE distribution of Apache Tomcat. This live vJUG session goes beyond the basics and explores some fun features both TomEE-specific and JavaEE-portable for supercharging your application development, runtime and maintenance. Have a huge pile of DAOs? Use TomEE’s abstract bean concept. Need to configure your application for many different environments? CDI and portable-extensions to the rescue. Want to create secured microservice distributions without any fuss? Nothing beats the TomEE Maven Plugin. Looking for a way to get detailed stats from your code? Hello annotation-driven monitoring support. Ever wish you could make your own management API? Check out the portable SSH Connector.The perfect session for any TomEE or Java EE enthusiast looking for cool toys for both developer and operations bliss.

Deconstructing REST Security

The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, are riddled with extensions, and almost seem designed to deliberately confuse. For a back-end REST developer, choking all this down for the first time is mission impossible. With an aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. The presentation also details a competing Amazon-style approach called HTTP Signatures and digs into the architectural differences of all three, with a heavy focus on the wire, showing actual HTTP messages and enough detail to have you thinking, “I could write this myself.”