Articles

JSR-286: The Edge of Irrelevance
JSR-286 updates the Portlet specification to add new functionality, but has the Portlet ship sailed? In this article, Eric Spiegelberg looks at the history of the Java Portlet spec and argues that the design and philosophy of Java web applications has moved on and left portlets behind. Jan. 20, 2009

Securing Your Web Application Requests
One often unanticipated vector for security attacks on web applications is the possibility that a user could hack the GET or POST request to send unanticipated or invalid data to the application. In this article, Eric Speigelberg shows how to use JSTL's URL encoding and a servlet filter to obfuscate or even encode parameters in each direction to thwart parameter-hacking. May. 20, 2008

Ajax Form Validation Using Spring and DWR, Revised
In a previous article, Eric Spiegelberg offered a design for using DWR to allow an Ajax-based web application to provide server-side validation of client-side input. After nearly a year in production, he's back with a cleaner, more efficient design. Dec. 4, 2007

Ajax Form Validation Using Spring and DWR
Validating user input in web apps doesn't lend itself to easy solutions: you don't want client-side validation to require you to duplicate your effort, but server-side validations may run long after the invalid input is entered. Eric Spiegelberg has an approach that uses Ajax, via Direct Web Remoting, to let your server-side validation code correct client-side entries on the fly. Feb. 8, 2007

Log4Ajax
AJAX developers, like all client-side JavaScripters, know that alert is their friend at development time, but as a logging tool, it's severely limited. Eric Spiegelberg offers more robust ideas for logging on the client side and logging from the client to the server.  Dec. 13, 2005