AppDev – Java EE Programming: AJAX with Direct Web Remoting (DWR), DOJO and Security

Author: Ali Hamad
Format: WMV | Resolution: 1280×720
Duration : 8 hours | Modules : 9 |
Home Page: http://www.appdev.com/prodfamily.asp?catalog_name=AppDevCatalog&category_name=JX2Product#outline

This course is a continuation of the Java EE Programming: AJAX Fundamentals course and will get into greater detail about AJAX and cover Direct Web Remoting (DWR). It will cover what a time saver the DOJO framework can be and how to use DOJO toolkit. The course will then move onto Advanced JavaScript. Security is an important part of any development and this course covers AJAX security and security guidelines. The final chapters of this course will cover JavaScript Performance Tuning and Mashups for Java servers.

Direct Web Remoting (DWR)

• How DWR Works
• DWR: The Server Side
• Configuring the Server Side
• The dwr.xml File
• DWR: The Client Side
• Unit Testing
• Accessing Servlet API Objects
• Error Handling

The DOJO Toolkit

• Simple Example Tab Widget
• How does DOJO Work?
• Importing Packages
• Widget Basics
• The Two byId() Methods
• Widget Properties
• Widget Events
• Common Features of Widgets
• Form Input Widgets
• The Button Widget
• The Checkbox Widget
• The ComboBox Widget
• The FilteringSelect Widget
• The DateTextBox Widget
• Layout Widgets
• Other Common GUI Widgets
• Creating Widget Instances Programmatically
• Creating Widgets Programmatically

DOJO Event System

• Difference from DOM Event Handling
• JavaScript Function Call Event
• Writing a JavaScript Class
• Writing an Event Handler Class
• Attaching the Event Handler
• Handling Widget Event
• More on Handler Attachment
• The DOJO Event Object
• Window Load/Unload Event
• Publish Subscribe System
• Writing a Publisher
• Writing a Subscriber
• Publishing the Message

Debugging DOJO Applications

• Logging in DOJO
• Using Debug
• Log Severities
• Mozilla Debugging Tools
• IE Debugging Tools
• Other Tools

Advanced JavaScript

• Basic Objects
• Constructor Function Object
• Object Properties
• Constructor and Instance Objects
• Constructor Level Properties
• Namespace
• Prototype
• Prototype Property Hieararchy
• Prototype Chain
• Inheritance Using Prototype
• Extending Inherited Behavior
• Enhancing Constructors
• Improving Constructor Performance
• Event Handling Problem
• Array
• Traversing an Array
• Appending to an Array
• Deleting Elements
• Inserting Elements
• Other Array Methods

AJAX Security

• The Same Origin Policy
• Exemption from SOP
• Bypassing SOP
• Using Dynamic Script Tag
• The Main Page
• The Included Script (test.js)
• Code in Dynamic Script Element
• Using an AJAX Proxy
• Common Attacks for AJAX Applications
• Cross Site Scripting (XSS)
• Preventing XSS
• JavaScript Worms
• Cross-Site Request Forgery (CSRF)
• Preventing CSRF
• JavaScript or JSON Hijacking
• Exploiting JSON Hijacking
• Preventing JSON Hijacking
• Denial of Service (DoS) Attack
• XML Bomb Attack
• AJAX Proxy Vulnerability

Security Guidelines

• Obfuscate JavaScript Code
• Do Not Expose Privileged Functions
• Do Not Expose Database Schema
• Validate Input on Server Side
• Password Protect Sensitive Operations
• Careful of State Information
• Use White List in AJAX Proxy
• Do Not Consume Distrusted Content
• Use eval() Carefully

JavaScript Performance Tuning

• Why Tune JavaScript Performance?
• What to Tune?
• Optimize Asset Download
• Optimize Content JavaScript Rendering
• Optimize Code JavaScript Scope
• Optimize Code Prototype
• Optimize Code Avoid eval()
• Optimize Code String Concatenation
• Optimize Code Event Handling
• AJAX Tuning Immediate Update
• AJAX Tuning Multiplexing
• AJAX Tuning Use Push
• Useful Tools

Mashups

• Mashup Genres
• Key Components
• Key Component Details
• Retrieving Data
• Data Assembly Details
• Data Format Options
• Enterprise 2.0 Mashups

Part 1

Part 2

Part 3

Part 4