Learn your way! Get started

Java EE, Part 6: AJAX with DWR, DOJO, and Security

with expert Ali Hamad


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
  • Power Pack Plus

Release date Release date 12/17/2010
Level Level Intermediate
Runtime Runtime 10h 13m
Closed captioning Closed captioning N/A
Transcript Transcript N/A
eBooks / courseware eBooks / courseware Included
Hands-on labs Hands-on labs Included
Sample code Sample code Included
Exams Exams Included


Enterprise Solutions
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

This course is a continuation of the Java EE Programming: AJAX Fundamentals course and will get into greater detail about AJAX and cover Direct Web Remoting (DWR). It will cover what a time saver the DOJO framework can be and how to use DOJO toolkit. The course will then move onto Advanced JavaScript. Security is an important part of any development and this course covers AJAX security and security guidelines. The final chapters of this course will cover JavaScript Performance Tuning and Mashups for Java servers.

Learning Paths

This course is part of the following LearnNowOnline SuccessPaths™:
Java Development

Meet the expert

Ali Hamad Ali Hamad has a Bachelor and Masters degree in Computer Science and has been training many aspects of Java for over 14 years, covering Introduction through JDBC, JBoss and beyond. His training and consulting background also covers C, C , Object Oriented Analysis and Design (OOAD), and Unix/Linux. Ali has worked for or been a consultant and trainer for many companies including Dell, Texas Instruments, State of New Hampshire, Web Age Solutions, and many more. He is the author of training material for several programming topics such as Java, Struts, C , Unix and J2EE applications.


Course outline



Module 1

Direct Web Remoting (01:02:01)
  • Introduction (01:44)
  • Introduction (01:51)
  • How DWR Works (07:54)
  • Diagram: How DWR Works (02:46)
  • DWR: The Server Side (01:52)
  • Configuring the Server Side (02:26)
  • The dwr.xml File (03:04)
  • DWR: The Client Side (03:06)
  • Unit Testing (02:32)
  • Accessing Servlet API Objects (04:16)
  • Error Handling (01:52)
  • Demo: Direct Web Remoting (28:14)
  • Summary (00:19)

Module 2

DOJO (51:11)
  • Introduction (00:36)
  • Introduction (01:50)
  • Installation (02:36)
  • Dojo Capabilities (02:11)
  • Example - Tab Widget (04:22)
  • How Does DOJO Work (03:16)
  • Importing Packages (02:48)
  • Widget Basics (05:00)
  • Widget Layout Example (00:59)
  • The Two byId() Methods (01:56)
  • Widget Properties (03:33)
  • Demo: Dojo (21:33)
  • Summary (00:25)
DOJO Widget Events (47:50)
  • Introduction (00:30)
  • Widget Events (01:50)
  • Common Features of Widgets (02:28)
  • Form Input Widgets (02:09)
  • The Button Widget (01:06)
  • The Checkbox Widget (01:22)
  • The ComboBox Widget (03:48)
  • The FilteringSelect Widget (05:02)
  • The DateTextBox Widget (01:26)
  • Layout Widgets (02:15)
  • Other Common GUI Widgets (00:59)
  • Creating Widget Instances (03:46)
  • Create Widgets Programmatically (04:19)
  • Demo: Widget Events (16:21)
  • Summary (00:23)

Module 3

DOJO Event System (01:18:08)
  • Introduction (00:29)
  • Introduction (03:18)
  • Difference from DOM Event (02:04)
  • JavaScript Function Call Event (03:31)
  • Writing a JavaScript Class (01:54)
  • Example: JavaScript Class (03:33)
  • Writing an Event Handler Class (03:40)
  • Attaching the Event Handler (03:25)
  • Handling the Widget Event (03:04)
  • More on Handler Attachment (02:05)
  • The Dojo Event Object (03:26)
  • Window Load/Unload Event (01:52)
  • Publish Subscribe System (02:29)
  • Writing a Publisher (01:32)
  • Writing a Subscriber (01:42)
  • Publishing the Message (02:33)
  • Demo: DOJO Event System (36:48)
  • Summary (00:34)

Module 4

DOJO Logging (28:25)
  • Introduction (00:36)
  • Logging in Dojo (02:19)
  • Using Debug (02:02)
  • Log Severities (02:12)
  • Mozilla Debugging Tools (02:03)
  • IE Debugging Tools (01:33)
  • Other Tools (00:39)
  • Demo: DOJO Logging (16:31)
  • Summary (00:27)

Module 5

Object Orientation (49:19)
  • Introduction (00:31)
  • Basic Objects (02:54)
  • Constructor Function Object (01:21)
  • Example: Constructor Function (01:19)
  • Constructor Function Object (02:38)
  • Object Properties (03:21)
  • Object Properties: Looping (04:19)
  • Constructor & Instance Objects (02:05)
  • Constructor Level Properties (03:49)
  • Namespace (01:23)
  • Example: Namespace (01:36)
  • Demo: Object Orientation (23:41)
  • Summary (00:17)
Prototypes (33:14)
  • Introduction (00:31)
  • Prototype (01:45)
  • Example: Prototype (01:39)
  • Prototype Property Hierarchy (05:49)
  • Prototype Chain (02:13)
  • Inheritance Using Prototype (00:56)
  • Example: Inheritance (05:18)
  • Extending Inherited Behavior (05:59)
  • Demo: Prototypes (08:40)
  • Summary (00:19)
Constructors and Arrays (51:28)
  • Introduction (00:27)
  • Enhancing Constructors (04:16)
  • Constructor Performance (02:51)
  • Event Handling Problem (01:52)
  • Array (04:36)
  • Traversing an Array (00:55)
  • Appending to an Array (00:58)
  • Deleting Elements (01:37)
  • Inserting Elements (00:47)
  • Other Array Methods (02:11)
  • Demo: Constructors and Arrays (30:38)
  • Summary (00:16)

Module 6

AJAX Security (25:10)
  • Introduction (00:28)
  • The Same Origin Policy (03:44)
  • SOP Example (02:07)
  • Exemption from SOP (01:02)
  • Bypassing SOP (01:26)
  • Using Dynamic Script Tag (02:54)
  • Example: Main Page (00:33)
  • Example: The Included Script (02:11)
  • Demo: Example Site Setup (10:27)
  • Summary (00:13)
AJAX Common Attacks (25:42)
  • Introduction (00:37)
  • Example: The Included Script (00:31)
  • Code in Dynamic Script Element (01:51)
  • Using an Ajax Proxy (02:37)
  • Common Attacks for Ajax (00:41)
  • Cross Site Scripting (XSS) (02:26)
  • XSS Example (00:55)
  • Preventing XSS (02:54)
  • Demo: Ajax Security (12:56)
  • Summary (00:11)
Java Script Worms (34:36)
  • Introduction (00:29)
  • JavaScript Worms (03:02)
  • Cross-site Request Forgery (02:29)
  • Preventing CSRF (02:29)
  • JavaScript or JSON Hijacking (01:24)
  • Example: JSON Hijacking (03:03)
  • Exploiting JSON Hijacking (02:15)
  • Preventing JSON Hijacking (02:36)
  • Denial of Service (DoS) Attack (01:34)
  • XML Bomb Attack (01:15)
  • Example: XML Bomb Attack (00:46)
  • Ajax Proxy Vulnerability (03:54)
  • Demo: Java Script Worms (09:00)
  • Summary (00:13)

Module 7

AJAX Security Guidelines (30:07)
  • Introduction (00:28)
  • Obfuscate JavaScript Code (01:50)
  • Privileged Functions (02:01)
  • Do Not Expose Database Schema (01:44)
  • Validate Input on Server Side (01:04)
  • Password Protect Operations (01:49)
  • Careful of State Information (01:13)
  • Use White List in Ajax Proxy (01:22)
  • Do Not Use Distrusted Content (01:07)
  • Use eval() Carefully (02:02)
  • Demo: AJAX Security Guidelines (14:51)
  • Summary (00:29)

Module 8

AJAX Performance Tuning (01:03:01)
  • Introduction (00:37)
  • Why Tune JavaScript Performance (01:57)
  • What to Tune (02:21)
  • Optimize Asset Download (04:47)
  • Optimize Content Rendering (05:58)
  • Example: Content Rendering (05:12)
  • Optimize Code - JavaScript (02:49)
  • Scope Example (01:07)
  • Optimize Code - Prototype (07:02)
  • Optimize Code - Avoid eval() (01:04)
  • String Concatenation (00:44)
  • Optimize Code - Event Handling (00:34)
  • Ajax Tuning - Immediate Update (01:32)
  • Ajax Tuning - Multiplexing (01:04)
  • Ajax Tuning - Use Push (00:34)
  • Useful Tools (01:02)
  • Demo: CSRF (24:02)
  • Summary (00:27)

Module 9

AJAX Mashups (32:58)
  • Introduction (00:36)
  • Example: ChicagoCrime.org (00:19)
  • Mashup Flavors (01:12)
  • Key Components (01:07)
  • Key Component Details (01:42)
  • The Client (00:58)
  • Retrieving Data (02:21)
  • Data Assembly Details (02:19)
  • Data Format Options (02:05)
  • Enterprise 2.0 Mashups (00:44)
  • Demo: AJAX Mashups (18:56)
  • Summary (00:34)