Featuring the feature pack for Web 2.0

Off
Strongback Consulting

If you have not used the Web 2.0 feature pack for WebSphere App Server, you might be missing out on a free and valuable tool. This feature pack is for WebSphere App Server 6.1 and 7.0.

Web 2.0 Feature Pack Overview

In RAD / RSA, there you have built in support for the Dojo toolkit, which means you can drag and drop Dojo enabled widgets from the palette onto your JSP. For less experienced programmers, this is a blessing as it stubs out the required JavaScript for you in both the HTML element, and the header (such as effective path to dojo.js, the required dojo stylesheets, and the dojo.require statements).

Also included are some IBM provided widgets, which are only available in RAD/RSA. These include the FeedView, FeedViewEntry, FeedViewEditor widgets which are for reading, and manipulating ATOM feeds. The are instrumentation widgets for building gauges to display tabular data.

The IBM widgets require the Feature pack for Web 2.0. This feature pack includes an Ajax proxy servlet and server-side libraries. The Ajax proxy servlet allows you to pull data via JavaScript from outside of the local domain – a feat that is prohibited by most browsers (thankfully). The JSON4J library allows a developer to create simple data models to be delivered to the browser in JSON format, which is easier to manipulate in JavaScript than is XML. With XML you have to parse the text. With JSON, you get true JavaScript objects.

If you already have RAD or RSA, be sure to update to the latest build. You want support for Dojo Toolkit 1.4, which is included in version 7.5.5.1 of the software development platform. This is the latest release as of this writing.

Tips

To use the AJAX proxy, you must first enable the project facet on your project settings. This is under the ‘Project Facets – Web 2.0″. Once enabled, you’ll then have to configure the proxy-config.xml file, located under WEB-INF. This is a white list of authorized locations that your application can pull from. While you could allow all sites f using the AJAX proxy, you should restrict this to ONLY sites you know you are developing for. Giving wide open access has many risks. First, even if you are allowing your users to list their own feed settings, you have the risk of users being lured into pulling data from malicious sites. Such site could present your users with a phishing attack, or cross-site scripting attack. Because the data would be coming from the original host, the browser is more likely to allow such attack, and worse, your server will be enabling it! Be sure and lock down this file to only domains or IP address ranges you know to be secure. I also recommend using OpenDNS as your primary DNS provider to further prevent such attacks.

Resources

IBM developerworks has some great articles on the toolkit.
Using IBM Rational Application Developer Version 7.5 to develop a Web 2.0 page that references a session bean

A look at the WebSphere Application Server Feature Pack for Web 2.0

Comments are closed.