Features

Wt has a lot to offer. It includes the essential basic widgets and building blocks to build web applications, but also offers built-in security, PDF rendering, a 2D and 3D painting system, an object-relational mapping library, a charting library, and an authentication framework.

Core Library

  • Fully open source.
  • Hybrid single page framework with full support for browser history navigation and SEO.
  • Compatible with HTML5 and HTML4 browsers, but also plain HTML user agents (including web crawlers).
  • Develop in and deploy on Linux, UNIX (macOS, FreeBSD, ...), or Microsoft Windows (Visual Studio and MinGW) environments.
  • High performance (you'd expect nothing else from a C++ library), using asynchronous I/O throughout, multi-threaded, optimized rendering, ...
  • Allows integration of 3rd party JavaScript libraries

Event handling

  • Typesafe C++11 signal/slot API for responding to events: attach C++ code (such as C++11 lambdas or bound object methods) to react to events from keyboard, mouse, touch, history navigation, etc.
  • Automated and efficient synchronization of browser and server state, using incremental rendering updates.
  • Server-initiated updates using WebSockets with automatic fallback to Ajax long polling.

2D and 3D painting APIs

  • 2D painting API which leverages the browsers native (vector) graphics support (HTML5 canvas, inline SVG or inline VML), but can also render to common image formats (PNG, GIF, ...) or vector formats (SVG, PDF).
  • Unified hardware-accelerated 3D painting API which leverages WebGL in the browser or server-side OpenGL (fallback).
  • Integrated capable HTML/CSS renderer lets you generate high quality dynamic PDF reports easily.

Built-in security

  • In dedicated process mode: ability to leverage kernel-level memory protection to isolate sessions.
  • TLS/SSL support.
  • Built-in Cross-Site Scripting (XSS) prevention. Rendered text is always filtered against potentially malicious code, making XSS attacks against Wt applications (close to) impossible.
  • Built-in Cross-Site Request Forgery (CSRF) prevention. Using cookies for session tracking is not necessary nor recommended. Cookies are never solely relied on for requests that trigger event handling code.
  • Application logic attack prevention. Only those events exposed in the interface (accessible from a button, for example) can be triggered.
  • Session hijacking mitigation and risk prevention
  • DoS mitigation
  • Authentication module which implements best practices for authentication, including support for OAuth 2.0 and OpenID Connect

C++ Object Relational Mapper

Wt::Dbo is a self-contained library which implements an Object-Relational Mapper (ORM) for C++, and thus a convenient way to interact with SQL databases from C++.

Although features like optimistic concurrency control make this an ideal technology for a database driven web applications (and it provides good integration with Wt's MVC classes), the library can also be used for other applications, and does not depend on Wt.

See also this tutorial for an idea of what Dbo looks like.

Features:

  • No code generation, no macro hacks, no XML configuration, just C++!
  • Uses a templated visitor pattern which requires a single template method to provide the mapping: DRY and efficient.
  • Flexible mapping support which includes support for surrogate auto-incremental keys or natural keys of any C++ type, which may also be composite (i.e. require more than one database field).
  • Supports optimistic concurrency control using a version field.
  • Maps Many-to-One and Many-to-Many relations to STL-compatible collections.
  • Provides schema generation (aka DDL: data definition language) and CRUD operations (aka DML: data manipulation language).
  • Transactions, prepared statements and connection pooling.
  • Each session tracks dirty objects and provides a first-level cache.
  • Uses native SQL to query individual fields and/or objects.
  • Comes with Sqlite3, Firebird, MariaDB/MySQL, SQL Server and PostgreSQL backends, and an Oracle backend is also available on request.

Deployment

The library abstracts different deployment options as connector libraries, which connect Wt with the outer world. Switching deployment option is a matter of (re)linking to one of these connector libraries!

When in doubt, pick the built-in httpd. It's convenient, battle-tested, and supports the most features.

a) Built-in httpd
  • Simple, high performance web application server (multi-threaded, asynchronous I/O) based on the C++ asio library.
  • Supports the HTTP(S) and (Secure) WebSocket protocols.
  • Supports response chunking and compression.
  • Can be deployed as a single process (convenient for development and debugging) or multiple processes (e.g. a separate process per session), and is embeddable in an existing application.
  • Host multiple applications on the same server, by bolting a reverse proxy in front.
  • Available for Linux, UNIX, and Windows platforms.
b) FastCGI
  • Legacy protocol that integrates with most common web servers (apache, lighttpd).
  • Different session-to-process mapping strategies.
  • Hot deployment: new sessions use the new application version while older sessions may continue with their application version.
  • Available only for Linux and UNIX.
c) ISAPI
  • Integrates with Microsoft IIS server.
  • Uses the ISAPI asynchronous API for maximum performance.
  • Available for Windows.