Skip to main content

Ajax World East 2008 - Day 2 Report

Posted by arungupta on March 21, 2008 at 2:48 PM PDT

I delivered my  href="">Maki
as an Ajax Mashup Framework talk and the slides are available
Lots of attendees came by afterwards and told me that they enjoyed the
demo. The talk showed how jMaki
provides a lightweight mashup framework that runs in
the browser. Here is a pictorial representation of the demo shown:

alt="GlassFish jMaki Webtop" title="GlassFish jMaki Webtop"

jMaki Webtop is basically a jMaki widget that can be embedded in a JSP
or PHP page. This widget provides the framework for managing widgets
and users, ability to persist the Webtop on client-side using Google
Gears or server-side using backend database, layouts and other
functionality. In JSP case, the widget uses JPA for performing all the
CRUD operations with the back-end MySQL database. The resulting WAR
file is deployed on GlassFish
(can be any other Servlet container as well). If you are interested in
a Java version of Webtop then the recommended path is:

  • Create services & widgets using href="">NetBeans
  • Deploy them on GlassFish
  • jMaki webtop for widget deployment & customization

It really is an evolution of jMaki - using all the infrastructure that
has built over 2 years. You can experience it yourself at href="">
which is running a PHP version of the app. See the coverage href="">here.
The code will be available soon!

I attended few more talks and took notes in some of them to share:

  • href="">Can
    we fix the Web ?
  • href="">Accelerate
    Ajax development with Appcelerator
  • href="">REST
    & Ajax Reconciled
  • href="">Understanding
    the Top Web 2.0 Attack Vectors
  • href="">Building
    Web 2.0 Applications with Project Zero
  • href="">OpenAjax
    Widgets & Gadgets

See below for notes from some of them.

we fix the Web ?

This was an early morning talk (7:30am) and I reached few minutes late.
But it was basically talking about JavaScript vulnerabilities such as

  • Script injection
  • No difference between user & guest scripts
  • Scripts exempt from same-origin policy
  • No modularity (global access to everything on the page)

And also DOM vulnerability because every node in the tree has access to
every other node. This lacks modularity and causes a potential security

Doug recommended 3-step plan to fix the Web:

  • Safe JavaScript subset
      provides a safe subset of JavaScript that removes all features that are
      unsafe or suspect such as no global vars or functions
    • Google Caja & Cajita provide a similar subet but
      they use transformation instead of validation
  • Minor browser improvements
    • Scripts are exempt from same-origin policy. This allows a
      dynamic <script> tag to make a GET request from a server.
      Instead use JSONRequest (part of
    • ES4
      (the upcoming JavaScript standard) is not good enough because it
      maintains backwards compatibility and adds complexity.
  • Major browser improvements
    • Replace JavaScript & DOM in browsers. The
      approach is to start with JSLint and add safe features as required.
    • The Object Capability System (where objects are given
      explicit access to be used) needs to be enforced to make it secure.

In Doug's opinion, if the Web is not fixed then href="">JavaFX, href="">Silverlight
(all vastly superior but lacking adoption) will displace the web.

The second talk was on  href="">Accelerate
Ajax development with Appcelerator by href="">Appcelerator

The talk started with a "not too long back" introduction of the
technology space. Well, it started with 1991 and the timeline (and
associated technology advances in that year) kept shuffling 1995, 1989,
2001 .... and so on. Jeff talked about how/why Tim Berners Lee invented
WWW and covered a myriad of terms after that including but not limited
to - Web 1.0, Netscape, Mosaic, marc Andreeeseen (sp?), Java, java Web
Start, Applets, W3C, CGI, J2EE, JCP, C#, JBoss, SOA, JavaFX,
Silverlight, AIR and many others. For a 50 minute talk, that was style="font-weight: bold;">quite a long

After that introduction, he word "Ajax" was mentioned almost
30 minutes (8:51am to be precise) in the talk. And then the word
"Appcelerator" was mentioned at 9:06am. Finally, I realized that I'm in
the right talk ;)

like to pitch themselves as RIA + SOA company and allows true
decoupling of the rich client from it's services. Their services is
very similar to jMaki but they use event handling + Ajax + DHTML to
achieve it. They also run on Ruby, PHP, Java and other languages.

All in all, it was a good walk through the memory lane!

The next one was  href="">REST
& Ajax Reconciled.

The talk explained the basic concepts of href="">REST
- Resource, URI, Representation, URL & Methods (GET, PUT, POST
& DELETE). It also explained the idempotency and safety of each
method type. Overall a good decent introduction.

Then it explained the limitations with current web-based forms:

  • The URIs in the action attribute cannot be changed
  • Most browsers recognize only GET/POST methods
  • Limited ecodings - for example generating JSON encoding
    requires extra work.

It provided a REST framework checklist:

  • Does it have resource-based approach ?
  • Acknowledges existing of representation ?
    • need multiple of them
  • Solid engineering & community support ?

The three frameworks discussed in the talk were:

  • Apache
    - based on XML pipelines & URL patterns,
    powerful but steep learning curve
  • RESTlet
    - Like Servlet for REST, good for existing model
  • href="">Apache
    Sling - Based on JCR with server-side scripting support

The talk did not mention anything about href="">Jersey which is
turning out to be a great implementation and very well meets all the
critieria mentioned above.

The speaker recommended Apache Sling with href="">