Open Source Ajax Framework For Java EE Application Developers

ICEfaces RIA Journal

Subscribe to ICEfaces RIA Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get ICEfaces RIA Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


ICEfaces Authors: Ted Goddard, Steve Maryka, Pat Romanski, Ken Fyten, Shay Shmeltzer

Related Topics: RIA Developer's Journal, ICEfaces RIA Journal, Java Developer Magazine

RIA & Ajax: Article

New ICEfaces White Paper Details Robust Security Solution For AJAX-Based Rich Web Applications

ICEsoft is the "Gold Sponsor" of upcoming AJAXWorld Conference & Expo

ICEsoft Technologies, a leading provider of enterprise AJAX solutions, and the "Gold Sponsor" of the upcoming AJAXWorld Conference & Expo 2007 West, announced the release of Enterprise Ajax Security with ICEfaces, a new white paper providing a pioneering solution to the security problem posed by rich Internet applications employing Ajax techniques. By using ICEfaces, the unique integrated Ajax application framework for Java EE, developers can leverage the trusted, proven security characteristics of Java EE, thereby avoiding the security gaps inherent in client-centric Ajax implementations.

Typical Ajax techniques violate the fundamental security rule of the Web security modeldont trust the client, noted Stephen Maryka, Chief Technology Officer of ICEsoft Technologies Inc. and author of the white paper. Client-centric Ajax creates a number of security problems for the enterprise, from business logic residing outside the server environment, to multiple sets of validation logic necessary to verify data being submitted back to server-side applications. By using the inherent, existing security of Java EE, these issues are sidestepped without compromising the performance or convenience made possible with rich Web solutions.

Ajaxifying JSF
While security has always been a hallmark of Java EE (Enterprise Edition), a link must be established between the Java environment and Ajax. JavaServer Faces (JSF), the most recent addition to the Java EE stack, combined with ICEfaces, provides the solution.

As explained in the white paper, ICEfaces can be used to establish Ajax functionality in JSF without compromising the server-centric nature of the Java EE framework. ICEfaces offers a lightweight Ajax Bridge that enables both partial data submission from the user, and incremental DOM updates to the browser client. The partial submit mechanism is built into the ICEfaces component suite, so the developer has control over the mechanism on a component level basis; on the return side, the framework uses a technique called Direct-to-DOM rendering with incremental update to distill only those DOM changes necessary to update the Web page.

Enterprise Ajax Security with ICEfaces convincingly shows how Ajaxifying JSF can provide the security required for rich Web applications. By using ICEfaces, developers can create apps that are completely server-centric, thereby removing the need for client-side business logic and application data. Validation is also handled exclusively on the server, so there are no mismatches or inconsistencies that may open a security hole. Other strategic security advantages are also detailed.

The seven-page ICEsoft paper includes charts, point-by-point discussions of Ajax security gaps and how those challenges can be met through the JSF-ICEfaces implementation. To download the free paper, simply log on to

http://www.icefaces.org/main/resources/whitepapers.iface.

For more information please contact Serena Thomas at SSPR 847-415-9312 [email protected]

More Stories By RIA News Desk

Ever since Google popularized a smarter, more responsive and interactive Web experience by using AJAX (Asynchronous JavaScript + XML) for its Google Maps & Gmail applications, SYS-CON's RIA News Desk has been covering every aspect of Rich Internet Applications and those creating and deploying them. If you have breaking RIA news, please send it to [email protected] to share your product and company news coverage with AJAXWorld readers.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
navot 09/24/07 06:42:44 AM EDT

I would like to draw your attention to an AJAX paradigm shift. One should be aware that I am not, and do not pretend to be objective. Visual WebGui is an open source rapid application development framework for graphic user interfaces of IT web applications. It replaces the obsolete paradigms of ASP.NET which were designed for developing sites, with WinForms methodologies, which were designed for developing applications. Thus enabling designer that was designed for application.This provides the developer with an extremely efficient way to design interfaces using drag and drop instead of hand coding HTML. VWG doesn’t expose logic, data or open services on client requests and therefore is not as vulnerable as common AJAX solution. Worth a look – www.visualwebgui.com

ICEsoft News Desk 09/12/07 11:31:16 AM EDT

ICEsoft Technologies, a leading provider of enterprise AJAX solutions, and the 'Gold Sponsor' of the upcoming AJAXWorld Conference & Expo 2007 West, announced the release of Enterprise Ajax Security with ICEfaces, a new white paper providing a pioneering solution to the security problem posed by rich Internet applications employing Ajax techniques. By using ICEfaces, the unique integrated Ajax application framework for Java EE, developers can leverage the trusted, proven security characteristics of Java EE, thereby avoiding the security gaps inherent in client-centric Ajax implementations.