JWt has a lot to offer. It includes the essential basic widgets and building blocks to build web applications, but also offers built-in security, PDF rendering, a 2D and 3D painting system, a charting library, and an authentication framework.

Core Library

  • Supports major browsers (Firefox, Safari, Chrome, ...), but also plain HTML browsers and web crawlers.
  • Simple deployment in standard Java Servlet 2.4 or 3.0 containers.
  • No need for IDE plugins: it's plain old Java.
  • Equal behavior with or without support for JavaScript or Ajax, as far as possible, by using graceful degradation or progressive enhancement.
  • Efficient rendering and low latency.
  • Support for browser history navigation (back/forward buttons and bookmarks), pretty URLs with HTML5 History if available, and search engine optimization with a unified behavior for plain HTML or Ajax sessions.
  • Widget centric API that promotes component reuse and increases productivity.

Event handling

  • Uses an event listener system for server-side event handling, comparable to Java GUI frameworks (SWT, Swing).
  • Listen for keyboard, mouse, focus, scroll or drag&drop events, and get event details (such as mouse position, modifier buttons, or keyboard key).
  • Automatically synchronizes form field data from browser to server and tracks server-side changes to be rendered in browser.
  • Integrate with JavaScript libraries
  • Timed events and server-initiated updates ("server push"), the latter using Servlet 3.0 async features when deployed in a Servlet 3.0 container.

Native painting system

  • Unified 2D painting API which uses the browsers native (vector) graphics support (inline VML, inline SVG, or HTML5 canvas), or renders to common image formats (PNG, GIF, ...) or vector formats (SVG, PDF).
  • Unified GL-based 3D painting API which leverages WebGL in the browser or server-side OpenGL (fallback).

Built-in security

  • Enables continuous use of HTTPS through low bandwidth requirements.
  • Built-in Cross-Site Scripting (XSS) prevention. Rendered text is always filtered against potentially malicious code, making XSS attacks against JWt applications (close to) impossible.
  • Not vulnerable to Cross-site Request Forgery (CSRF) because cookies are not needed for session tracking.
  • Not vulnerable to breaking the application logic by skipping to a particular URL, since only those events exposed in the interface can be triggered.


  • Deploy into servlet containers (Tomcat, Jetty) and application servers (JBoss).
  • Consists out of (currently four) jar files that need to be included in the IDE or used in war/ear archives.
  • No XML, except for JEE's web.xml and message resource bundles.