(by Ted Neward, Addison-Wesley)


  1. Prefer components as the key element of development, deployment, and reuse

  2. Prefer loose coupling across component boundaries

  3. Differentiate layers from tiers

  4. Keep data and processors close together

  5. Remember that identity breeds contention

  6. Use hook points to inject optimizations, customizations, or new functionality

  7. Be robust in the face of failure

  8. Define your performance and scalability goals

  9. Restrict EJB to transactional processing

  10. Never optimize without profiling first

  11. Recognize the cost of vendor neutrality

  12. Build in monitoring support

  13. Build in administration support

  14. Make deployment as simple as possible


  1. Understand all your communications options

  2. Consider your lookup carefully

  3. Recognize the cost of network access

  4. Prefer context-complete communication styles

  5. Prefer data-driven communication over behavior-driven communication

  6. Avoid waiting for remote service requests to respond

  7. Consider partitioning components to avoid excessive load on any one machine

  8. Consider using Web Services for open integration


  1. Pass data in bulk

  2. Consider rolling your own communication proxies

  3. Keep it simple

  4. Prefer rules engines for complex state evaluation and execution

  5. Prefer transactional processing for implicitly nonatomic failure scenarios

  6. Differentiate user transactions from system transactions

  7. Minimize lock windows

  8. Never cede control outside your component while holding locks

  9. Understand EJB transactional affinity

  10. Prefer local transactions to distributed ones


  1. Consider using optimistic concurrency for better scalability

  2. Consider using pessimistic concurrency for explicit concurrency control

  3. Consider lower isolation levels for better transactional throughput

  4. Use savepoints to keep partial work in the face of rollback

  5. Replicate resources when possible to avoid lock regions

  6. Favor the immutable, for it needs no locks

  7. Use HttpSession sparingly


  1. Use objects-first persistence to preserve your domain model

  2. Use relational-first persistence to expose the power of the relational model

  3. Use procedural-first persistence to create an encapsulation layer

  4. Recognize the object-hierarchical impedance mismatch

  5. Use in-process or local storage to avoid the network

  6. Never assume you own the data or the database

  7. Lazy-load infrequently used data

  8. Eager-load frequently used data

  9. Batch SQL work to avoid round-trips

  10. Know your JDBC provider

  11. Tune your SQL


  1. Consider rich-client UI technologies

  2. Keep HTML minimal

  3. Separate presentation from processing

  4. Keep style separate from content

  5. Pregenerate content to minimize processing

  6. Validate early, validate everything


  1. Security is a process, not a product

  2. Remember that security is not just prevention

  3. Establish a threat model

  4. Assume insecurity

  5. Always validate user input

  6. Turn on platform security

  7. Use role-based authorization

  8. Use SignedObject to provide integrity of Serialized objects

  9. Use SealedObject to provide confidentiality of Serializable objects

  10. Use GuardedObject to provide access control on objects


  1. Aggressively release resources

  2. Tune the JVM

  3. Use independent JREs for side-by-side versioning

  4. Recognize ClassLoader boundaries

  5. Understand Java Object Serialization

  6. Don’t fight the garbage collector

  7. Prefer container-managed resource management

  8. Use reference objects to augment garbage collection behavior

  9. Don’t be afraid of JNI code on the server

Tags: reading   books   architecture   distribution   jvm  

Last modified 03 May 2022