Java EE, Part 6 of 8: AJAX with DWR, DOJO, and Security page 1

Meet the expert: Ali Hamad has a Bachelor and Masters degree in Computer Science and has been training many aspects of Java for over 14 years, covering Introduction through JDBC, JBoss and beyond. His training and consulting background also covers C, C , Object Oriented Analysis and Design (OOAD), and Unix/Linux. Ali has worked for or been a consultant and trainer for many companies including Dell, Texas Instruments, State of New Hampshire, Web Age Solutions, and many more. He is the author of training material for several programming topics such as Java, Struts, C , Unix and J2EE applications.

Runtime: 10:13:19

Course description: This course is a continuation of the Java EE Programming: AJAX Fundamentals course and will get into greater detail about AJAX and cover Direct Web Remoting (DWR). It will cover what a time saver the DOJO framework can be and how to use . The course will then move onto Advanced JavaScript. Security is an important part of any development and this course covers AJAX security and security guidelines. The final chapters of this course will cover JavaScript Performance Tuning and Mashups for Java servers.

Course outline:

Direct Web Remoting • Common Features of Widgets • Demo: DOJO Event System • Inheritance Using Prototype • Introduction • Form Input Widgets • Summary • Example: Inheritance • Introduction • The Button Widget • Extending Inherited Behavior • How DWR Works • The Checkbox Widget DOJO Logging • Demo: Prototypes • Diagram: How DWR Works • The ComboBox Widget • Introduction • Summary • DWR: The Server Side • The FilteringSelect Widget • Logging in Dojo • Configuring the Server Side • The DateTextBox Widget • Using Debug Constructors and Arrays • The dwr.xml File • Layout Widgets • Log Severities • Introduction • DWR: The Client Side • Other Common GUI Widgets • Mozilla Debugging Tools • Enhancing Constructors • Unit Testing • Creating Widget Instances • IE Debugging Tools • Constructor Performance • Accessing Servlet API Objects • Create Widgets • Other Tools • Event Handling Problem • Error Handling Programmatically • Demo: DOJO Logging • Array • Demo: Direct Web Remoting • Demo: Widget Events • Summary • Traversing an Array • Summary • Summary • Appending to an Array Object Orientation • Deleting Elements DOJO DOJO Event System • Introduction • Inserting Elements • Introduction • Introduction • Basic Objects • Other Array Methods • Introduction • Introduction • Constructor Function Object • Demo: Constructors and Arrays • Installation • Difference from DOM Event • Example: Constructor Function • Summary • Dojo Capabilities • JavaScript Function Call Event • Constructor Function Object • Example - Tab Widget • Writing a JavaScript Class • Object Properties AJAX Security • How Does DOJO Work • Example: JavaScript Class • Object Properties: Looping • Introduction • Importing Packages • Writing an Event Handler Class • Constructor & Instance Objects • The Same Origin Policy • Widget Basics • Attaching the Event Handler • Constructor Level Properties • SOP Example • Widget Layout Example • Handling the Widget Event • Namespace • Exemption from SOP • The Two byId() Methods • More on Handler Attachment • Example: Namespace • Bypassing SOP • Widget Properties • The Dojo Event Object • Demo: Object Orientation • Using Dynamic Script Tag • Demo: Dojo • Window Load/Unload Event • Summary • Example: Main Page • Summary • Publish Subscribe System • Example: The Included Script • Writing a Publisher Prototypes • Demo: Example Site Setup DOJO Widget Events • Writing a Subscriber • Introduction • Summary • Introduction • Publishing the Message • Prototype • Widget Events • Example: Prototype AJAX Common Attacks • Prototype Property Hierarchy • Introduction • Prototype Chain • Example: The Included Script

(Continued on page 2)

LearnNowOnline www.LearnNowOnline.com powered by Java EE, Part 6 of 8: AJAX with DWR, DOJO, and Security page 2

• Code in Dynamic Script • Useful Tools Element • Demo: CSRF • Using an Ajax Proxy • Summary • Common Attacks for Ajax • Cross Site Scripting (XSS) AJAX Mashups • XSS Example • Introduction • Preventing XSS • Example: ChicagoCrime.org • Demo: Ajax Security • Mashup Flavors • Summary • Key Components • Key Component Details Java Script Worms • The Client • Introduction • Retrieving Data • JavaScript Worms • Data Assembly Details • Cross-site Request Forgery • Data Format Options • Preventing CSRF • Enterprise 2.0 Mashups • JavaScript or JSON Hijacking • Demo: AJAX Mashups • Example: JSON Hijacking • Summary • Exploiting JSON Hijacking • Preventing JSON Hijacking • Denial of Service (DoS) Attack • XML Bomb Attack • Example: XML Bomb Attack • Ajax Proxy Vulnerability • Demo: Java Script Worms • Summary

AJAX Security Guidelines • Introduction • Obfuscate JavaScript Code • Privileged Functions • Do Not Expose Database Schema • Validate Input on Server Side • Password Protect Operations • Careful of State Information • Use White List in Ajax Proxy • Do Not Use Distrusted Content • Use eval() Carefully • Demo: AJAX Security Guidelines • Summary

AJAX Performance Tuning • Introduction • Why Tune JavaScript Performance • What to Tune • Optimize Asset Download • Optimize Content Rendering • Example: Content Rendering • Optimize Code - JavaScript • Scope Example • Optimize Code - Prototype • Optimize Code - Avoid eval() • String Concatenation • Optimize Code - Event Handling • Ajax Tuning - Immediate Update • Ajax Tuning - Multiplexing • Ajax Tuning - Use Push

LearnNowOnline www.LearnNowOnline.com powered by