HTTP proxy for AJAX applications
One of the basic technologies that have emerged in the context of the next generation web user interface is AJAX (Asynchronous JavaScript and XML). Using AJAX can increase the responsiveness and usability of web applications.
AJAX allows web pages to load data or markup fragments from a server using asynchronous requests that are processed in the background and thus do not interfere with the web page that is currently displayed in the browser. When you use AJAX, Web application exchanges only small amounts of data between the server and the client and consequently refreshes small parts of the markup only. Therefore AJAX is also useful for developing portlets and for building mashups, that is aggregating content from various different sources into a uniform user experience. For example, this can be RSS or Atom feeds or other data retrieved from external REST services.
To prevent cross site scripting in such web applications, browsers introduced the so called same-origin policy. This policy prevents client side scripts, in particular JavaScript, from loading content from an origin that has a different protocol, domain name, or port. To overcome this restriction, some browser vendors offer solutions that are based on signed scripts. However, using a signed script does not mean that a script can be trusted. Another disadvantage of these browser specific solutions is that they rely on the user to configure the browser accordingly.
The solution that WebSphere Portal offers is based on a server side HTTP proxy, the HTTP Proxy for AJAX Applications (aka AJAX Proxy). The underlying security model allows administrators to restrict access to trusted origins in a very flexible way. The AJAX Proxy can be used for developing themes, skins, static pages, or portlets. The following sections explain how to use and configure the AJAX proxy.
- AJAX proxy configuration
- The programming model for using the AJAX proxy
- XML schema of the proxy-config.xml file
Parent
Web 2.0 user interface features