JWt: an introduction

JWt is a Java library for developing interactive web applications that may be deployed within standard Java Servlet containers.

The API is widget-centric and inspired by desktop GUI APIs. To the developer, it offers complete abstraction of any web-specific implementation details, including event handling, graphics support, and pretty URLs.

Unlike many page-based frameworks, JWt was designed for creating stateful applications that are at the same time highly interactive (leveraging techinques such as AJAX to their fullest) and accessible (supporting plain HTML browsers), using automatic graceful degradation or progressive enhancement.

Interactive, secure and accessible

Page-based frameworks (based on PHP, JSP/JSF, Ruby on Rails, etc...) do not make abstraction of the underlying technologies (HTML/XHTML, JavaScript, CSS, AJAX, Forms, DHTML, SVG/VML/Canvas). As a consequence, a developer needs to be familiar with all of these evolving technologies and is also responsible for graceful degradation when browser support is lacking. The structure of the application follows mostly the page-centric paradigm of early day HTML. This means that not only will you need to implement a controller to indicate how a user moves from page to page, but when using advanced AJAX techniques you will need to design and maintain manually your client-server communication.

Generating HTML code or filling HTML templates is prone to security problems such as XSS (Cross-Site-Scripting) by unwillingly allowing JavaScript to be inserted in the page, and CSRF (Cross-Site Request Forgery) by trusting cookies for authentication. These security problems are hard to avoid when as a developer you need to be able to insert self-written JavaScript to improve your web application and thus the framework cannot filter it out.

In contrast, a web application developed with JWt is written in only one compiled language (Java), from which the library generates the necessary HTML/XHTML, Javascript, CGI, SVG/VML/Canvas and AJAX code. The responsibility of writing secure and browser-portable web applications is handled by Wt. For example, if available, Wt will maximally use JavaScript and AJAX, but applications developed using Wt will also function correctly when AJAX is not available, or when JavaScript is disabled, by progressively enhancing a plain HTML/CGI application to a rich AJAX application.

By using standard Java and JVMs, JWt applications can benefit from any existing Java libraries and JVM features including support for scripting languages.

Typical use scenarios:

  • Web-based enterprise applications with a database backend that require a responsive and dynamic user interface.
  • Web applications which maximally benefit from modern browser capabilities but with graceful degradation to adhere to W3C accessibility guidelines and be search engine friendly.
  • Porting of Java desktop applications to the web.

Some benefits of using JWt

  • The library allows you to develop web applications much like you develop Java desktop applications, using your favourite JVM programming language, while benefitting fully from the powerful tools available for (Java) development such as flexible debugging and source code refactoring.
  • There are no fragile string-based bindings of parameters in templates or XML files, nor do you need to implement tedious (and security critical) request/response controller logic.
  • Just a library: no need for new conventions which imply behavior or requirements for organizing your source code.
  • JWt applications have automatic fall-back for non-JavaScript browsers where possible, allowing you to create fully accessible applications, which benefit from AJAX where available.
  • The toolkit generates standards compliant HTML or XHTML code.
  • You can include dynamic graphics using a portable, anti-aliased graphics API that uses inline VML, inline SVG or HTML 5 canvas.
  • The library provides sophisticated high-level widgets that allow plotting of charts and visualising complex tree structures.
  • Avoid XSS security risks since JWt has complete control over the presentation layer and proactively filters out active tags and attributes. There is no exposure of business logic which stays entirely at the server, and no need for exposing your data using a REST API.
  • Highly optimized load time and low bandwidth usage, which are affected only by screen complexity but not by application size or bulky JavaScript libraries.
  • Integrates well with modern object relational mapping techniques such as the Java Persistence API (e.g. Hibernate).