Domain: getahead.ltd.uk
Stories and comments across the archive that link to getahead.ltd.uk.
Comments · 20
-
Re:Explanation & Possible Solutions
Thanks for the comment. I had wondered about POST requests as well, but a few sources seem to say that POST requests can be forged using Javascript.
http://getahead.ltd.uk/blog/joe/2007/01/01/csrf_at tacks_or_how_to_avoid_exposing_your_gmail_contacts .html
"Switching to POST and denying GET: Forms can be trivially altered with DOM manipulation to forge POST requests."
I'm not an expert in CSRF (hadn't heard about it till this incident, which sparked my interest), but is this a problem? Do you know how this could be done? -
Some details on how it works
It's a CSRF attack. For more details see this blog post http://getahead.ltd.uk/blog/joe/2007/01/01/csrf_a
t tacks_or_how_to_avoid_exposing_your_gmail_contacts .html#preview -
Links
Here're some really good links about JavaScript:
http://www.crockford.com/javascript/
http://javascript.crockford.com/javascript.html
Clubbing server-side Java and client-side JavaScript is also something interesting:
http://getahead.ltd.uk/dwr/ -
Re:Java != Javascriptd for the type of content
Google's toolkit is kind of nice for Java developers but seems pretty intrusive to have a layered design with front end stuff done with Java. Dwr (direct web remoting) has a decent toolkit that allows you to call Java code through javascript by generating javascript files for your Java code. It also integrates well with the Spring framework.
-
Should have reviewed DWR
As many have noted the article is really quite clueless. However, any review on Ajax toolkits is not complete with a mention of Direct Web Remoting.
Central idea behind DWR is it exposes methods of Java Beans over the web. Create a server side class and then call methods from javascript like this: MyBean.method(). It couldn't be simpler.
I have used DWR in my just released online version of Risk, called Grand Strategy. -
Useless...
If it doesn't include DWR (probably THE most popular Java AJAX toolkit) yet includes a Microsoft offering then the article is effectively rendered useless...
Bob -
DWR
If you're doing Java/J2EE work, you should really have a look at DWR
It makes it disgustingly simple to expose pretty much anything as AJAX calls
-
Re:The best feature of this toolkit
I take it you don't know about Direct Web Remoting?
http://getahead.ltd.uk/dwr/ -
Re:A bit staid?
There is an update. I've got Venkman running in 1.5.0.1
http://getahead.ltd.uk/ajax/venkman -
Firefox extensions I can't live without
These are the Firefox extensions I can't live without
GooglePreview:
https://addons.mozilla.org/extensions/moreinfo.php ?id=189
Venkman Javascript Debugger (for 1.5):
http://getahead.ltd.uk/ajax/venkman
Live HTTP Headers:
http://livehttpheaders.mozdev.org/
Peter -
Re:So I'll be the first to say it....
I've never found a FF extension which added a genuinely useful feature that wasn't already in Opera, with the exception of GreaseMonkey, (which enjoys full support in the upcoming 9.0 release).
Then maybe you haven't looked at all.
- The Javascript Debugger - Where is the opera equivilent? Bloated? It adds one menu item in tools and an optional icon on the toolbar for easy access
- Web developer toolbarThis is something no web developer should be without. You can edit the css of the site you're viewing! You can resize the browser to common sizes to check it renders okay. Opera equivilent?
So you're not a web developer? How about things like FxIF which lets you view Exif data from digital camera shots off the web - find out the camera model used to take the photo as well as the settings.
Opera is lean, and it's fast and compared to IE, it just rocks. But featurewise, it doesn't come close to firefox and that can wholely be attributed to extensions.
-
assert(Java instanceof AJAX)
For example, there's Joe Walker's DWR Java/AJAX library.
-
DWR?
Is dwr any better?
-
DWR makes Ajax with Java dead simpleAfter doing some some stuff in raw XMLHttp, I'm now using DWR http://getahead.ltd.uk/dwr/ [getahead.ltd.uk].
So far it's been great.
DWR is very easy to add to add to a project, well documented, and light-weight. It makes AJAX so easy because javascript stubs are generated automatically for the Java classes you decide to export.
For testing and exploring, DWR creates an interactive web page generated automatically by the DWR servlet. From those pages you can see exactly which classes and methods you have access to and the number of parameters required! From there you can even call your server side methods interactively.
Look ma no code!
-
DWR = Ajax made dead simpleAfter doing some raw XMLHttp coding, I'm now using DWR http://getahead.ltd.uk/dwr/.
So far it's been great. Very easy to add to add to a project, well documented, light-weight. It makes AJAX so easy.
For testing and exploring, there's an interactive web page generated automatically by the servlet. From those pages you can see exactly which classes and methods you have access to! From there you can even call your server side methods interactively. Look ma no code!
-
Ajax library for Java
There's a pretty good library I've used recently called DWR.
If you're looking for a Java library to do some of the heavy lifting, check it out. -
xmlhttprequest frameworks...
there are a lot of them...
Sarissa - http://sarissa.sourceforge.net/doc/
Prototype - http://prototype.conio.net/
Dojo - http://dojotoolkit.org/
SAJAX - http://absinth.modernmethod.com/sajax/
DWR - http://www.getahead.ltd.uk/dwr/
JSON-RPC-Java - http://oss.metaparadigm.com/jsonrpc/ -
JavaScript libraries comparison
-
Writing AJAX should not mean writing javascript
If you're writing the javascript for this stuff yourself, you're already broken. You really need a framework which makes interacting with server-side stuff easy. Check out Direct Web Remoting (DWR). DWR allows you call methods ON YOUR SERVER within javascript, using the same names and classes as on the server side. Very cool.
-
Re:Some java way to do Ajax easily ?.
DWR does just that.