Thursday Aug 14, 2008

LOTD #2: Phobos - MVC framework based on JavaScript

Phobos is a lightweight, scripting-friendly, web application environment running on the Java platform. It provides a complete MVC framework where Controller is a JavaScript class, View is an Embedded JavaScript (EJS) file and Model is typically a mix of Java and JavaScript.

The tech tip explains how Phobos and jMaki can be used to create a simple Ajax-enabled application using NetBeans tooling and GlassFish for deployment.
Another application built using Phobos and jMaki was shown in JavaOne 2007 technical keynote.

All previous entries in this series are archived at LOTD.

Technorati: lotd phobos jmaki javascript netbeans glassfish

Thursday May 29, 2008

GlassFish and jMaki @ RailsConf Today

I was originally planning to give my first talk at Rails Conf on "Rails powered by GlassFish and jMaki". But I cannot travel for personal reasons and instead Craig McClanahan, who is an excellent speaker, has graciously agreed to speak. Craig has been involved with Rails, GlassFish and jMaki for a long time so feel free to poke hime at the talk, in the exhibit hall and afterwards.

Thanks Craig for the wishes! I had a great time @ RailsConf 2007 (here and here) but life is about priorities :)

More information about support for Dynamic Languages and their Frameworks on GlassFish can be found on

Technorati: conf railsconf railsconf08 jruby ruby rubyonrails glassfish jmaki webtier

Monday May 12, 2008

JavaOne 2008 Wrapup

JavaOne 2008 is finally over ... 9th consecutive one for me and extremely busy as always!
And now let me talk about my formal speaking engagements (including the slides):
  • JavaU Bonus Evening Course on GlassFish Application Server - Shreedhar and I delivered a Bonus Evening Course on GlassFish in JavaU. We talked about GlassFish in depth - general overview, concepts, Metro Web services, dynamic languages support, high availability/clustering and lots of other details. The slides for the course are available here.

    Read more details in Shreedhar's Writeup.
  • GlassFish Unconference - Vivek and I led the "Scripting in GlassFish" session @ GlassFish Unconference and then I led the "Web services" session. It was very free-form forum, basically answering questions/clarifications from the participants and seeking feedback on our direction.

    It was great to know that people love Metro support in NetBeans and are some are using the IDE for that reason only.
  • Scripting in GlassFish (BOF 5111) - Vivek and I presented on "Scripting in GlassFish"and explained the support for different dynamic languages such as Ruby/Rails, Groovy/Grails, Python/Django on GlassFish. This preso showed bunch of demos including GlassFish v3 gem installation and deployment (screencast coming soon), GlassFish v3 Update Center, Rails Development/Deployment options, Groovy/Grails and Python/Django deployment. The slides are available here.

    You can find the latest information about support for different dynamic languages on
  • Lab 4530: Building Rich Web Applications with jMaki - Doris and I delivered Lab 4530: Building Rich Web Applications with jMaki. If you could not attend JavaOne, then you can follow the instructions at your own pace and download the entire lab.

    The complete material for all JavaOne 2008 Hands-on-Labs is available here. The material is pretty comprehensive and of high quality. I highly recommend refering to this material for sharpening your skills.
  • Tic Tac Tac @ General Session Keynote - I presented "Tic Tac Toe Demo" at General Session Keynote on Tuesday afternoon. This demo was a multi-player game developed in multiple scripting languages (Ruby, Groovy and Python) and their associated Web frameworks (Rails, Grails and Django) and all deployed on GlassFish v3 TP2. The main idea was to showcase multi-lingual support on GlassFish v3 and still able to use GlassFish features such as GlassFish Comet to push the events to browser. The entire source code for the demo will be released shortly and I'll announce the availability.

    You can watch the entire video here (starting at approx 1:10 into it). Hope you enjoy the War Games-esque look-and-feel. It was a keynote demo Hat-trick for me (jMaki/Phobos @ 2007, .NET Interoperability @ 2006. I'm happy to be labeled as "GlassFish Guy" :)
And then of course I met lots of others at the booth, in hallway/sessions/parties and elsewhere. I've taken few action items for generating new blogs/screencasts and they'll appear shortly on this blog.

I took lots of pictures through out the event and posted them regularly. They are all available here. A consolidated album is inlined:

Hope you had a great JavaOne and we were able to share our current roadmap and future plans with you successfully.

Technorati: conf javaone javaone2008 glassfish netbeans

Monday Apr 14, 2008

jMaki Webtop on GlassFish - Ajax World Keynote Video

jMaki Webtop is a light-weight Mashup Framework based on jMaki widgets. The webtop was demonstrated at Ajax World East 2008 keynote. The key features are:
  • Simple & easy to use (runs in browser)
  • Extensible (add your own widgets & gadgets)
  • Manageable (create users)
  • Persistent (Google Gears on the client, Database on the server)
  • Shared (read-only views can be shared with other users)
A 30-minute video of the Ajax World keynote session is available here and shows webtop in action :) The keynote deployed the webtop as a WAR file on GlassFish. A live PHP version of webtop is available at

You can download the entire source code from the subversion repository and run it yourself.

Technorati: conf ajaxworld newyork glassfish jmaki

Thursday Mar 27, 2008

Slides & Demos for Rails/GlassFish/jMaki session at TSS JS

As reported earlier, I presented on "Rails powered by GlassFish and jMaki" yesterday at The Server Side Java Symposium - Las Vegas. The slides are available here. The demos shown in the talk are available at:
Would you like to know why use GlassFish for Rails deployment ? Rails powered by the GlassFish Application Server provides all the details. All the latest information about JRuby and GlassFish effort can be found at GlassFish JRuby wiki or JRuby wiki.

As announced earlier, Ruby Developer Center is a new page launched earlier today and provides all the resources to get started with Ruby, JRuby, Ruby-on-Rails @ Sun.

Check out some pictures from the event:

Technorati: conf theserverside tssjs lasvegas rubyonrails ruby jruby glassfish netbeans jmaki

Tuesday Mar 25, 2008

Rails powered by GlassFish & jMaki @ The Server Side Java Symposium, Las Vegas - Mar 26, 2008

If you want to learn more about:
  • How to use GlassFish as development & deployment platform for Rails applications ?
  • How GlassFish v3 Gem provides a "green" alternative to WEBrick & Mongrel ?
  • How to use NetBeans & jMaki plug-in to embed rich widgets in your Rails applications ?
Then you can learn all about it in The Server Side Java Symposium, Las Vegas. Here are the coordinates:

Date: Mar 26, 2008
Time: 2:30 - 3:30pm
Track: Language & Coding
Title: Rails powered by GlassFish & jMaki

A popular statement for Las Vegas is What happens in Vegas, Stays in Vegas! But I promise to share all the slides & demos with you so that you can enjoy at least the technical part of it ;-)

Another interesting session worth attending is How to use the Metro Web services stack to Build Fast, Scalable Services by Kohsuke on Mar 26 (Wed) from 4:10 - 5:15pm.

Technorati: conf theserverside tssjs lasvegas rubyonrails glassfish jmaki netbeans metro webservices

Friday Mar 21, 2008

Ajax World East 2008 - Day 2 Report

I delivered my Maki as an Ajax Mashup Framework talk and the slides are available here. Lots of attendees came by afterwards and told me that they enjoyed the demo. The talk showed how jMaki Webtop provides a lightweight mashup framework that runs in the browser. Here is a pictorial representation of the demo shown:

GlassFish jMaki Webtop

jMaki Webtop is basically a jMaki widget that can be embedded in a JSP or PHP page. This widget provides the framework for managing widgets and users, ability to persist the Webtop on client-side using Google Gears or server-side using backend database, layouts and other functionality. In JSP case, the widget uses JPA for performing all the CRUD operations with the back-end MySQL database. The resulting WAR file is deployed on GlassFish (can be any other Servlet container as well). If you are interested in a Java version of Webtop then the recommended path is:
  • Create services & widgets using NetBeans
  • Deploy them on GlassFish
  • jMaki webtop for widget deployment & customization
It really is an evolution of jMaki - using all the infrastructure that has built over 2 years. You can experience it yourself at which is running a PHP version of the app. See the coverage here. The code will be available soon!

I attended few more talks and took notes in some of them to share:
See below for notes from some of them.

Can we fix the Web ?

This was an early morning talk (7:30am) and I reached few minutes late. But it was basically talking about JavaScript vulnerabilities such as
  • Script injection
  • No difference between user & guest scripts
  • Scripts exempt from same-origin policy
  • No modularity (global access to everything on the page)
And also DOM vulnerability because every node in the tree has access to every other node. This lacks modularity and causes a potential security risk.
Doug recommended 3-step plan to fix the Web:
  • Safe JavaScript subset
    • provides a safe subset of JavaScript that removes all features that are unsafe or suspect such as no global vars or functions
    • Google Caja & Cajita provide a similar subet but they use transformation instead of validation
  • Minor browser improvements
    • Scripts are exempt from same-origin policy. This allows a dynamic <script> tag to make a GET request from a server. Instead use JSONRequest (part of
    • ES4 (the upcoming JavaScript standard) is not good enough because it maintains backwards compatibility and adds complexity.
  • Major browser improvements
    • Replace JavaScript & DOM in browsers. The approach is to start with JSLint and add safe features as required.
    • The Object Capability System (where objects are given explicit access to be used) needs to be enforced to make it secure.
In Doug's opinion, if the Web is not fixed then JavaFX, Silverlight & AIR (all vastly superior but lacking adoption) will displace the web.

The second talk was on Accelerate Ajax development with Appcelerator by Appcelerator CEO.

The talk started with a "not too long back" introduction of the technology space. Well, it started with 1991 and the timeline (and associated technology advances in that year) kept shuffling 1995, 1989, 2001 .... and so on. Jeff talked about how/why Tim Berners Lee invented WWW and covered a myriad of terms after that including but not limited to - Web 1.0, Netscape, Mosaic, marc Andreeeseen (sp?), Java, java Web Start, Applets, W3C, CGI, J2EE, JCP, C#, JBoss, SOA, JavaFX, Silverlight, AIR and many others. For a 50 minute talk, that was quite a long introduction.

After that introduction, he word "Ajax" was mentioned almost 30 minutes (8:51am to be precise) in the talk. And then the word "Appcelerator" was mentioned at 9:06am. Finally, I realized that I'm in the right talk ;)

Appcelerator like to pitch themselves as RIA + SOA company and allows true decoupling of the rich client from it's services. Their services is very similar to jMaki but they use event handling + Ajax + DHTML to achieve it. They also run on Ruby, PHP, Java and other languages.

All in all, it was a good walk through the memory lane!

The next one was REST & Ajax Reconciled.

The talk explained the basic concepts of REST - Resource, URI, Representation, URL & Methods (GET, PUT, POST & DELETE). It also explained the idempotency and safety of each method type. Overall a good decent introduction.

Then it explained the limitations with current web-based forms:
  • The URIs in the action attribute cannot be changed dynamically
  • Most browsers recognize only GET/POST methods
  • Limited ecodings - for example generating JSON encoding requires extra work.
It provided a REST framework checklist:
  • Does it have resource-based approach ?
  • Acknowledges existing of representation ?
    • need multiple of them
  • Solid engineering & community support ?
The three frameworks discussed in the talk were:
  • Apache Cocoon - based on XML pipelines & URL patterns, powerful but steep learning curve
  • RESTlet - Like Servlet for REST, good for existing model
  • Apache Sling - Based on JCR with server-side scripting support
The talk did not mention anything about Jersey which is turning out to be a great implementation and very well meets all the critieria mentioned above.

The speaker recommended Apache Sling with ┬Ájax for all REST + Ajax needs. But I'd strongly encourage you to have a look at Jersey. The JSON representation generated out of Jersey can now be directly consumed by jMaki as described here - a true combination of REST & Ajax :)

And then the last talk where I took notes is Understanding the Top Web 2.0 Attack Vectors. I'll provides notes from the last 5 slides of the talk which essentially captured the essence. These slides talked about fundamental issues with Ajax and described concerns and possible attacks in each issue. I'll need to understand some of these attacks better myself but at least I have a list to begin with :)

Here you go:
  • Client-side
    • Concerns
      • Transparency
      • Cross-domain communication
      • Exposed business logic (View Source)
      • Local & Offline data storage
    • Attacks
      • Cross-site scripting, DNS Rebinding
      • Business logic bypass
      • Variable tampering
      • Protocol hijacking
      • Function clobbering
      • JavaScript hijacking
  • Protocols
    • Concerns - new protocols on top of HTTP
      • SOAP
      • XML-RPC
      • REST
    • Attacks
      • Traditional
        • Man-in-the-middle
        • Spoofing
      • Recursive Payloads
      • Schema Poisoning
  • Information Sources
    • Concerns
      • Integrity
      • Transient
      • Diverse (RSS, Blogs, Email, ...)
    • Attacks
      • Untrusted content
      • Poisoned Cache (HTTP Response Splitting Vulnerability)
      • DNS Issues
  • Information Structure
    • Concerns - Variations of data structure
      • RSS
      • Atom
      • JSON
      • Serialized data
    • Attacks
      • Malicious injection
      • Parser implementations
  • Server-side Issues
    • Concerns
      • Architecture Weaknesses
      • Multiple languages & implementations
      • Increase & fragmented attack surfaces
      • Unknown request origin
      • Authorization & Authentication in complex environment
    • Attacks
      • Traditional
        • Information disclosure, Logical attributes, Denial-of-service
        • Command Injection
          • LDAP, SQL, XPath etc.

OpenAjax Alliance talk about Gadgets & Widgets was nice. The alliance is working on creating standards for widget metadata, communication across widgets and other similar tasks. The goal is to enable successful adoption of open and interoperable Ajax-based Web technologies.

Dave Ferraiolo (from OpenAjax) particularly expressed thanks to jMaki for deriving the first set of Open Ajax Data Model specs from jMaki data models.

That's it!

Check out some of the pictures:

The complete album is available at:

I had to leave at the end of Day 2 because of unfavorable health condition. But I'm glad at least I could deliver my talks :) Now I need to be back-in-shape before my upcoming trip next Tuesday!

Technorati: conf ajaxworld newyork glassfish netbeans ria sun web2.0 jmaki

Tuesday Mar 18, 2008

Ajax World East 2008 - Day 1 Report

Ajax World East 2008
started earlier today.

I delievered my "Web 2.0 Application development using jMaki" and the slides are available here. There were several demos shown in the talk (using NetBeans and GlassFish) and they are all accessible at the links mentiond below:
Several other related demos are available here. Luckily I could deliver without much hassle inspite of having a high fever and cough! I hope I can hold at least until tomorrow morning when the big preso is scheduled @ 11:35am.

Anyway I attended 3 more talks today and took notes to share:
See below for notes from each talk.

The first talk I attended was: Picking the Right Technology for Enterprise Rich Internet Applications. I got little late and the session was packed with attendees standing way outside the room so I joined them.
The session talked about AIR, Silverlight & JavaFX as three possible technologies for Enterprise RIA. Per the talk, here are the basic criteria for RIA tools requirement:
  • Seamless deployment on client
  • High penetration of runtime
  • Web browser independence
  • Fast client/server communication protocol
  • Robust security
Of course, this session was given in Ajax World so pros/cons of Ajax were dicussed:

Pros of Ajax Cons of Ajax
No deployment required Ajax apps are browser depdendent
100+ Frameworks 100+ Frameworks
Open Source, no need to purchase software license Expensive due to long cycle, skilled developers demand top rate
JavaScript is an interpreted language, entire source code can be viewed using "View Source"
Network communication speed is not optimizedf for Ajax requests

And then basically it talked about the three technologies and their pros & cons are well captured in the slides.

The second session I attended was Performance Tuning your Ajax Applications. This was an interesting session and I learned a few tricks. Interstingly we have implemented quite a few of these performance enhancements in jMaki already.

Improving the performance of Ajax applications require tuning the following parameters:
  • Number of requests
    • Reduce number of JavaScript files that are loaded. This is the most important since each request to the backend adds extra cost. Even when the scripts are cached, the browser still makes a request (unless Since-Modified header is set correctly).
    • Typical approaches are to concatenate the files at dev time or at runtime based upon request.
    • Dev time approaches
      • Ant - concat all JS files using <concat> task
      • Dojo - Run Rhino over all provide/requires and then concatenate the files
      • Command-line
    • Run time approaches - Concatenation happens depending upon the request. Cons are:
      • Server-side dependent
      • Makes it harder to distribute code
      • Server is loaded as concatenation happens on server (mitigated with caching)
      • Works for <15 JS files
      • Does not track dependency
  • Size of requests
    • Remove white spaces and comments (Packer, Dojo, YCompresser, SafeCompress, ShrinkSafe are some of the tools)
    • Shorten the variable names
    • Gzip the code
    • Semicolon is optional but needed if you remove EOL (careful when compressing the code)
      • Drastically reduces the file size (e.g. Apache XAP reduced the file size from 330 kb to 70 kb)
      • Lots of gzip tools
      • Need to put appropriate headers so that browsers recognize gzipped content
    • Coding Style
      • Single line "if" and "for" do not need "{ }"
      • Combine var declarations into a single var such as var x=1, y = 2;
      • Use JavaScript style object
  • Time of requests
  • Time of initial code completion
    • Minimize the time that is executed @ start up
    • Bring the data once the initial page is loaded
    • Show images telling users that something is going on
      • Distracts user from the time it's taking
  • Other tips
    • Don't write your own parser  - use the native parsers
    • "If" statement optimization
    • Use the native facilities like getElementById() or getElementByTagName()
    • Consider different approaches of DOM creation
      • Tail Recursion
      • Setting the value in innerHTML
    • Consider JSON over DOM for object graph traversal - JSON could be much faster
Similar tips can be used for CSS as well.

My third talk of the day was Performance Paradigm of a Mashup World.

This talk given by Vice President of Webmetrics and laid a special emphasis on "Collaborative Monitoring" for performance measuring any mashup. This process involves not only monitoring your own application, but also setting up agents that measure performance with other services being invoked in the mashup, their further partners and so on. It also talked about a layered approach of using:
  • Standard monitoring - HTML page load time, DNS request processing time, etc.
  • Pixel Mapping monitoring - required mainly for GUI intensive application
  • Web services monitoring - Used for partner monitoring
This was further clarified using a 6-step process:
  • Know your apps
  • Learn where the points are in your ecosystem
  • Measure your perspective
  • Monitor your APIs
  • Collaborate within your organization
  • Collaborate with your partners & customers
That's it!

Check out some of the pictures:

The expo hall opens tomorrow and Sun's booth is right between the ballroom and the main door to expo hall, can't miss us ;)

The complete album is available at:

The Internet connection at the Roosevelt hotel is painfully slow inspite of charging $14.95/night where as most of the "modern" hotels offer free wireless :(

Technorati: conf ajaxworld newyork glassfish netbeans ria sun web2.0 jmaki

Sunday Mar 16, 2008

Ajax World New York 2008 - This Week

Sun Microsystems is a Gold sponsor of Ajax World East 2008. The event kick starts in New York City tomorrow and you can see the complete agenda here.

From Sun speakers, you'll hear how jMaki, GlassFish Comet, GlassFish and NetBeans provide an easy-to-use and industry-grade platform to develop and deploy Rich Internet Applications. Here is the list of Sun sessions:

Here is my wish list of sessions that I'd like to attend:

Tuesday, Mar 18
Picking the Right Technology for Rich Internet Applications Track 5 2:00 - 2:45pm
Ajax Applicability: When should Ajax be used ? Track 2 2:50 - 3:35pm
RIA Approach for Web 2.0 Development using jMaki Track 3 3:40 - 4:25pm
Wednesday, Mar 19
Opening Keynote: Can we fix the Web ? Opening Keynote 7:30 - 8:20am
Think Fast: Accelerate Ajax Development with Appcelerator Session 2 8:25 - 9:15am
REST and Ajax Reconciled Track 6 9:20 - 10:05am
Enterprise Comet: Real-Time or Real-Time Web 2.0 ? Session 4 11:00 - 11:30am
jMaki as an Ajax Mashup Framework Session 5 11:35 - 12:05pm
Understanding the top Web 2.0 Attack Vectors Track 3 12:10 - 12:55pm
Building Web 2.0 Applications with Project Zero Track 3 2:05 - 2:50pm
Ajax and Social Computing for the Enterprise Session 7 2:55 - 3:30pm
Aptana IDE: Your unfair advantage for Ajax etc. Track 3 5:20 - 6:05pm
SYS-CON.TV Power Panel: The Business Value of RIAs Session 10 6:10 - 6:55pm
Welcome Reception 6:30 - 8:30pm
Thursday Mar 20
RIA Adoption in 2008: Risks, Rewards, Challenges & Opportunity Opening Keynote 8:00 - 8:50am
Ajax and Rails Track 6 8:55 - 9:40am
Now Playing: Desktop Apps in the Browser Session 3 9:45 - 10:15am
DreamFace: The Ultimate Framework for Creating Personalized Web 2.0 Mashups Session 4 11:55 - 12:25pm
Securing Ajax Development and Testing Track 6 12:30 - 1:15pm
Asynchronous Ajax for Revlutionary Web Applications Track 3 2:15 - 3:00pm
Saving your Investment: Transforming J2EE Applications into Web 2.0 using GWT Track 4 3:05 - 3:50pm
Building Scalable Ajax Applications using GlassFish Comet Track 4 5:30 - 6:15pm
SYS-CON.TV Power Panel: What Lies Beyond AJAX? Session 9 6:15 - 7:00pm

It's only a wish list cause I'll be spending time at Sun booth in the Expo Floor as well and this is New York City ;)

See ya there!

Technorati: conf sun ajaxworld jmaki glassfish mashups comet netbeans ria

Travel Schedule - Next 5 weeks

Here is my travel schedule for next 5 weeks:

Mar 17-21 Ajax World, New York Web Application Development using jMaki
Mar 25-26 The Server Side Java Symposium, Las Vegas Rails powered by GlassFish & jMaki
Mar 27 Developer Update, St Louis Westport DoubleTree, FREE event Open Source Web Services stack in GlassFish
Mar 28 Developer Update, Kansas City, FREE event Rich Internet Applications and GlassFish
Apr 16-19 FISL, Brazil Web 2.0 Application Development using jMaki and
Asynchronous Ajax for Revolutionary Web Applications

Stop by and say hello if you are present at any of the events. You'll hear about different GlassFish technologies:
  • How Metro provides enterprise-grade open source Web services stack for meeting all your needs
  • How jMaki allows you to create Rich Internet Applications
  • How Rails applications can be powered by GlassFish & jMaki
  • Asynchronous Ajax that allows you to scale your applications tremendously
  • And any other topic that you are interested in :)
Drop a comment if you are interested in a run or meal together ?

Technorati: conf glassfish metro webservices netbeans jmaki ajax newyork lasvegas stlouis kansascity brazil fisl ajaxworld tssjs

profile image
Arun Gupta is a technology enthusiast, a passionate runner, author, and a community guy who works for Oracle Corp.

Java EE 7 Samples

Stay Connected


« February 2017