Posted by arungupta
on March 21, 2008 at 2:48 PM PDT
I delivered my
as an Ajax Mashup Framework talk and the slides are available
Lots of attendees came by afterwards and told me that they enjoyed the
demo. The talk showed how jMaki
Webtop provides a lightweight mashup framework that runs in
the browser. Here is a pictorial representation of the demo shown:
alt="GlassFish jMaki Webtop" title="GlassFish jMaki Webtop"
jMaki Webtop is basically a jMaki widget that can be embedded in a JSP
or PHP page. This widget provides the framework for managing widgets
and users, ability to persist the Webtop on client-side using Google
Gears or server-side using backend database, layouts and other
functionality. In JSP case, the widget uses JPA for performing all the
CRUD operations with the back-end MySQL database. The resulting WAR
file is deployed on GlassFish
(can be any other Servlet container as well). If you are interested in
a Java version of Webtop then the recommended path is:
- Create services & widgets using
- Deploy them on GlassFish
- jMaki webtop for widget deployment & customization
It really is an evolution of jMaki - using all the infrastructure that
has built over 2 years. You can experience it yourself at
which is running a PHP version of the app. See the coverage
The code will be available soon!
I attended few more talks and took notes in some of them to share:
we fix the Web ?
Ajax development with Appcelerator
& Ajax Reconciled
the Top Web 2.0 Attack Vectors
Web 2.0 Applications with Project Zero
Widgets & Gadgets
See below for notes from some of them.
we fix the Web ?
This was an early morning talk (7:30am) and I reached few minutes late.
- Script injection
- No difference between user & guest scripts
- Scripts exempt from same-origin policy
- No modularity (global access to everything on the page)
And also DOM vulnerability because every node in the tree has access to
every other node. This lacks modularity and causes a potential security
Doug recommended 3-step plan to fix the Web:
unsafe or suspect such as no global vars or functions
- Google Caja & Cajita provide a similar subet but
they use transformation instead of validation
- Minor browser improvements
- Scripts are exempt from same-origin policy. This allows a
dynamic <script> tag to make a GET request from a server.
Instead use JSONRequest (part of json.org ).
maintains backwards compatibility and adds complexity.
- Major browser improvements
approach is to start with JSLint and add safe features as required.
- The Object Capability System (where objects are given
explicit access to be used) needs to be enforced to make it secure.
In Doug's opinion, if the Web is not fixed then
(all vastly superior but lacking adoption) will displace the web.
The second talk was on
Ajax development with Appcelerator by
The talk started with a "not too long back" introduction of the
technology space. Well, it started with 1991 and the timeline (and
associated technology advances in that year) kept shuffling 1995, 1989,
2001 .... and so on. Jeff talked about how/why Tim Berners Lee invented
WWW and covered a myriad of terms after that including but not limited
to - Web 1.0, Netscape, Mosaic, marc Andreeeseen (sp?), Java, java Web
Start, Applets, W3C, CGI, J2EE, JCP, C#, JBoss, SOA, JavaFX,
Silverlight, AIR and many others. For a 50 minute talk, that was
style="font-weight: bold;">quite a long
After that introduction, he word "Ajax" was mentioned almost
30 minutes (8:51am to be precise) in the talk. And then the word
"Appcelerator" was mentioned at 9:06am. Finally, I realized that I'm in
the right talk ;)
like to pitch themselves as RIA + SOA company and allows true
decoupling of the rich client from it's services. Their services is
very similar to jMaki but they use event handling + Ajax + DHTML to
achieve it. They also run on Ruby, PHP, Java and other languages.
All in all, it was a good walk through the memory lane!
The next one was
& Ajax Reconciled.
The talk explained the basic concepts of
- Resource, URI, Representation, URL & Methods (GET, PUT, POST
& DELETE). It also explained the idempotency and safety of each
method type. Overall a good decent introduction.
Then it explained the limitations with current web-based forms:
- The URIs in the action attribute cannot be changed
- Most browsers recognize only GET/POST methods
- Limited ecodings - for example generating JSON encoding
requires extra work.
It provided a REST framework checklist:
- Does it have resource-based approach ?
- Acknowledges existing of representation ?
- Solid engineering & community support ?
The three frameworks discussed in the talk were:
Cocoon - based on XML pipelines & URL patterns,
powerful but steep learning curve
- Like Servlet for REST, good for existing model
Sling - Based on JCR with server-side scripting support
The talk did not mention anything about
href="http://jersey.dev.java.net">Jersey which is
turning out to be a great implementation and very well meets all the
critieria mentioned above.
The speaker recommended Apache Sling with