Slashdot Mirror
Java Development with Ant
Pros:
- Excellent coverage of optional Ant tasks
- Good division of beginner, intermediate and advanced content
- Thorough discussion of how to use Ant to solve a variety of software configuration management situations
- Shows how to use Ant for tasks outside of typical configuration management roles such as the automated code generation of EJB and Application Server deployment descriptors
- Shows how Ant helps with a variety of software development methodologies including XP's suggested best practices of continual integration and JUnit testing
- Catalogs IDEs that integrate well with Ant including my personal favorite, Intellij's IDEA development environment
Cons:
- Some of the examples could have benefited from more detail. For example, the section on the PropertyFile task could have shown how to solve the problem of platform specific path separators in Java property files.
- At the time of this review, the book's accompanying website was a bit meager. For example, a comprehensive list of Ant on-line resources would have been helpful.
What the book offers
I consider myself an intermediate Ant user and when books on Ant first appeared I thought they would add little to the excellent free documentation and examples readily available. With its clean, straight forward syntax and structure, Ant has a low of cost of entry, and being rooted in Java and XML it is extremely flexible and extensible. I found Ant refreshingly easy to use as part of a configuration management system that included continual integration and a unit testing strategy. It was much better suited for Java development than the tool I previously used which was make. So when I agreed to do this review, I was skeptical that I would find the book useful. However, the book proved to be rich in valuable information that is well organized and clearly presented. Java Development with Ant, written by Erik Hatcher and Steve Loughran who are both committers to the Apache Ant project, is a great resource for anyone wishing to learn how to integrate Ant into his personal set of best practices for software configuration management solutions.
Coming to the book as a long time Ant user, I was glad to see that it offered material appropriate for others than just those approaching Ant for the first time. The book is divided into three sections each of which could probably find a niche as useful (and thinner) separate book: Learning Ant, Apply Ant, and Extending Ant. Only the first section of the book is devoted to first-time users, or those Learning Ant. The reminder of the book is about Ant in action. It covers an interesting variety of third-party Ant tasks, various ways of applying Ant to software development projects, and an in-depth section on how to extend Ant writing your own Java classes.
After a short but helpful introduction to the general topic of software configuration management, the first section, Learning Ant, launches into a thorough explanation of Ant's fundamental concepts and operation. JUnit test integration is treated as part of of the basic operation of Ant, which I was happy to see because unit testing should be a fundamental part of any software configuration management process.
Despite having used Ant on a number of projects since the summer 2000, at no point have I had to become truly expert with it in order to solve the wide range of software configuration problems I encountered. This is because Ant is easy to use. Typically, I figure out what I want the software configuration management to do, and then look for Ant examples that I can easily tweak to get the job done. I think it is a great credit to the Ant and its designers that I can do this successfully. Even though I've had this success with Ant, the introductory material filled in some of the gaps I had in my understanding of Ant's operation. For example, I was introduced to the PropertyFile taskdef which up until then had escaped my notice but which solved a problem for which I previously had a less elegant solution.
The most interesting part of the book was the second section that talked about a variety of Ant add on programs (called taskdefs) like Middlegen (an EJB descriptor tool) and XDoclet. XDoclet had been on the periphery of my radar for a while now, so I welcomed the book's thorough discussion of it in both a general and Ant specific sense. In addition there are helpful chapters devoted to using Ant as an aide to production deployment, web site generation including the compilation of JSP pages and the automatic generation of EJB descriptors. There are also chapters on working with Web Services using SOAP and a section on how Ant can be used as part of a continuous integration process complete with email notification. There is even a section on using Ant for Java projects that have a native code component. (Ant can be used to compile native code and the book shows how it can be helpful in dealing with the complexities surrounding JNI.) The book works well as a reference text. There's no need to read it from cover to cover in order for it to be extremely helpful.
The third part of the book also looks interesting, but it is intended for a more hardcore audience than myself. I've been fortunate to find ready made solutions for all the configuration management services I wanted to provide my clients. So, learning how to extend Ant has never been an issue. Every time I think I might have to develop my own answer, I find that someone else has already beaten me to it. Such is the nature of successful Open Source projects. However, I am glad this section exists, because I am sure at some point I will use it myself or refer a student or client to it.
The book even has some material on using Ant outside of the context of Java. Not having much experience with these technologies, I didn't pay close attention to these sections. (I am sure I'll be amused when I encounter my first .NET project that is using Ant for its configuration management solution).
In closing, if you are more than casually interested in software configuration management for Java projects then I recommend this book with enthusiasm. Beginners will be up and running with Ant in short order, while the book contains many interesting and useful nuggets for more experienced Ant users.
Ant on the web
- The Ant Project -- be sure to see their resources section.
- Ant FAQ at jguru.com (moderated by the book's co-author: Erik Hatcher)
- Ant forum at jguru (moderated by the book's co-author: Erik Hatcher)
- JUnit: A regression testing framework written by Erich Gamma and Kent Beck. It is used to implement unit tests in Java.
- CheckStyle: A development tool to help programmers write Java code that adheres to a coding standard.
- Middlegen:A general-purpose database-driven code generation engine.
- XDoclet: An extended Javadoc Doclet engine. It's a generic Java tool that lets you create custom Javadoc @tags and based on those @tags generate source code or other files (such as xml-ish deployment descriptors) using a template engine it provides.
- Intellij's IDEA "Develop with Pleasure" with this award winning Java IDE featuring full Ant integration that Marin Flower says: has succeeded in really moving forward the state of the art...
- The NetBeans and Eclipse Open Source IDEs also integrate nicely with Ant.
Is this thing on?
I don't know about you guys, but all the fine Java ladies dig my JUnit.
-gerbik
Dude, imagine a beawolf cluster of those books...
So 2/3 of the book would be useless to me?
Do I get a discount if I don't need 2/3 of the book?
www.cgisecurity.com/lib
Anti-java that is. Java based apps bring my 1Ghz P3 to its knees. and no, i'm not gonna get a new CPU so I can play your damn checkers game.
Man, I know I am just begging to be modded down, but did anyone else (especially us who grew up in the '80s) read that title as "Java Development with Adam Ant"?
I found myself wondering if he'd been dabbling in programming, as part of his community service.
ah ah ah ah ah, Antmusic, ah ah ah ah ah...
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Funnily, non-Java developer and former tennis-pro Stefan Edberg speaks out about Doom3 here!
So now I'm modded down as Flamebait for dissing one of the "sacred cows" (open source software) of slashdot? Figures...
Our company is doing a mixture of Java and C++ so we are using make. I came across a fantastic conditional compiler written by some developer at sun.. JavaMake It can be easily integrated with Ant and it evaluates the bytecode of the updated files to see what signatures have changed. It then recompiles anything using those signatures if they weren't changed as well. It works *wonderfully*. The only limitation is compile time constants. If you change the name or type of a constant, it has to recompile the whole project because the Java bytecode only has the substituted value, not a reference to the variable.
Check it out. It can save a *lot* of time.
All I wanted was a rock to wind a piece of string around, and I ended up with the biggest ball of twine in Minnesota
http://www.msnbc.com/news/835095.asp?cp1=1
The Federal Information Assurance Conference 2002 is taking place this Tuesday through Thursday at the University of Maryland. Some of the most prestigious government agencies and private businesses in the realm of Information Security are attending, including among others the National Security Agency, the National Institute of Standards and Technology, and the Defense Information Systems Agency; and RSA Security, Symantec, and IBM, respectively. The speakers included professionals from the FBI, the U.S. Secret Service, and the Office of Homeland Security.
Yesterday, the very first day, Microsoft announced that Windows 2000 has passed all required tests for certification under the Common Criteria (CC) at Evaluated Assurance Level 4 (EAL4) to demonstrate their "commitment to security." Unlike the Windows® NT 4.0 TCSEC (Trusted Computer Security Evaluation Criteria, a.k.a. "Orange Book") C2 certification which was on a non-networked machine without a floppy drive, the Windows 2000 CC EAL4 tests included among others the Active Directory Service, Virtual Private Networking (VPN), the Kerberos implementation, and the Encrypted File System. Where was Linux(TM) when Microsoft dropped this bombshell? Linux(TM) was nowhere to be found. There was no one from Red Hat, no one from Mandrakesoft (makers of Mandrake Linux), and no one from SuSE. Linus wasn't there. Not even the self-appointed patron saint of open source, Richard Stallman, bothered to show up.
Oh Linux(TM), oh Linux(TM). Where art thou, Linux(TM)? Why dist thou not showst up? The answer lies in a small, little excerpt from John Pescatore, Director of Internet Security for Gartner. He said, "Not all but some of versions of Linux could meet this level [CC EAL4] as well."
That's right. Not all versions of Linux could meet CC EAL4. In other words, not all versions of Linux could meet the same minimum security requirements as Microsoft Windows 2000.
"Well," you ask, "exactly which versions of Linux can and cannot meet CC EAL4 requirements?" It stands to reason that the core Linux(TM) kernel, the version distributed by Linus at http://www.kernel.org, cannot meet these minimum requirements, because if it did, all versions of Linux(TM) would meet these minimum requirements. After all, other Linux distributions are not going to be made less secure. I also know for a fact that this is true. The reason that only some of the Linux(TM) versions would pass CC EAL4 is that those versions patch the main Linux(TM) distribution. In other words, those more secure versions are forks, alternative versions of Linux(TM) that were not accepted into the main distribution.
This means that Linux(TM), as released by saint Linus, the same Linux(TM) that all these so-called "experts" have been touting as the more stable, more secure alternative to Windows, is actually less secure than Windows 2000. Now I don't want to get any email from you Linux(TM) naysayers asking me that if Microsoft Windows 2000 is so secure why does Microsoft® Windows 2000 have so many more security bugs, or security bulletins, than Linux(TM). Measuring the security of an operating system by the number of security bulletins is like measuring the security of a bank by the number of robberies. By that standard, my small town bank out here in the sticks with 2 tellers, 3 security cameras, and never more than US$1,000 cash on-hand is the most secure bank in the world.
The "theory of a thousand eyes" (the theory that open source is more secure because everybody can see the code and instantly discover a problem) doesn't make an operating system any more secure either. While the potential for more security exists, this doesn't ensure that the "thousand eyes" are actually looking. To the contrary, Red Hat has discovered bugs in the Linux kernel in sections that went unchanged for years. For example, not only did the Teardrop vulnerability in TCP/IP exist for decades, but the Teardrop vulnerability was ported to other operating systems, even though "thousands of eyes" had to be looking at the code in order to port it to another operating system. Peer review, an extension of this theory, doesn't provide any assurance either, because the reviewing peer may not be well versed in security and hence not fully understand or appreciate the implications of a given piece of code.
I've said it before, and I'll say it again. The only way to fully evaluate operating system security, and to compare one operating system's security to another operating system's security, is to have that operating system evaluated under TCSEC or CC. These are comprehensive methods of fully and exhaustively evaluating security, and the fact that they are common standards allows operating systems evaluated by the same criteria to be compared in terms of total security assurance. Until Linus and his open source goons get their act together, get their kernel up to snuff, and get their kernel certified, Linux(TM) will remain less secure than its arch-nemesis, Microsoft Windows 2000.