Google Web Toolkit -- adapting pains and issues
I have been first exposed to GWT on November 2006 and in one of our Java User group meeting. At that time we are looking to replace our ancient applet based web application. I saw the similarities on how GWT is similar to Java Swing in some of its components. Surely enough our group adapted and went with GWT. Here are the major issues that we have encountered.
The issues are based on some wrong assumptions about GWT.
Here is some points that our team missed about GWT.
- GWT is JavaScript
- JavaScript is executed in the clients Browser
- GWT is not a web application framework
- Be Aware of GWT Security issues
GWT is JavaScript
Even though GWT is coded using Java and leverages Java Tools, at the end of the day it is still JavaScript. So it is subjected to JavaScript issues like the following:
- Threading - JavaScript is event driven and has single threaded model for development. So codes that are executed will be solely based on events.
- Code size - even though there is no limit on how big your JavaScript could be. JavaScript is downloaded to the users browser before executing so the bigger your JavaScript code the longer it will take to download. (Our new application would eat up around 4 MB before you can use it)
- Browser Caching - The browser will cache JavaScript codes, so any production update will be totally dependent on a users browser cache settings. When deploying GWT, one must have a caching strategy on what is kept on the client side and how it is affected by updates on the server.
The only consolation that I can think of for GWT being java Script is that as a Java developer I don’t worry about coding in Java Script because it is done by GWT but I have to trust Google to provide me with a defect free tool and the people working on GWT must be very talented Java Script developers.
JavaScript is executed in the Client's Browser
GWT provides a strong support for browser compatibility .But, browsers today gives a lot of freedom to the users. Any application that uses the browser as an application platform will be subjected to a user’s browser settings One should be able to understand the limitations of the browser as an application platform specially if your code (like JavaScript) is executed in a client’s browser. With this in mind you should keep as much on the server as possible so that the client will deal with little or as minimal of the presentation or UI as possible.
GWT is not a web application framework
You should not approach GWT as a web framework but rather as a User Interface library with Asynchronous call support much like Yahoo UI. This will change your perspective on how to build your codes and how you determine interfaces between the GWT UI presentation and server
Be Aware of GWT Security issues
One last thing you don’t want to happen to your web application to leak sensitive data. When developing GWT make sure that a good security testing strategy is included . Even though GWT might have done a good job preventing some exploits, AJAX in general increases the surface for malicious attack for a web application. I just recently was able to do an exploit on our web application using Cross Site Scripting that we should now consider upgrading our GWT version.
The issues are based on some wrong assumptions about GWT.
Here is some points that our team missed about GWT.
- GWT is JavaScript
- JavaScript is executed in the clients Browser
- GWT is not a web application framework
- Be Aware of GWT Security issues
GWT is JavaScript
Even though GWT is coded using Java and leverages Java Tools, at the end of the day it is still JavaScript. So it is subjected to JavaScript issues like the following:
- Threading - JavaScript is event driven and has single threaded model for development. So codes that are executed will be solely based on events.
- Code size - even though there is no limit on how big your JavaScript could be. JavaScript is downloaded to the users browser before executing so the bigger your JavaScript code the longer it will take to download. (Our new application would eat up around 4 MB before you can use it)
- Browser Caching - The browser will cache JavaScript codes, so any production update will be totally dependent on a users browser cache settings. When deploying GWT, one must have a caching strategy on what is kept on the client side and how it is affected by updates on the server.
The only consolation that I can think of for GWT being java Script is that as a Java developer I don’t worry about coding in Java Script because it is done by GWT but I have to trust Google to provide me with a defect free tool and the people working on GWT must be very talented Java Script developers.
JavaScript is executed in the Client's Browser
GWT provides a strong support for browser compatibility .But, browsers today gives a lot of freedom to the users. Any application that uses the browser as an application platform will be subjected to a user’s browser settings One should be able to understand the limitations of the browser as an application platform specially if your code (like JavaScript) is executed in a client’s browser. With this in mind you should keep as much on the server as possible so that the client will deal with little or as minimal of the presentation or UI as possible.
GWT is not a web application framework
You should not approach GWT as a web framework but rather as a User Interface library with Asynchronous call support much like Yahoo UI. This will change your perspective on how to build your codes and how you determine interfaces between the GWT UI presentation and server
Be Aware of GWT Security issues
One last thing you don’t want to happen to your web application to leak sensitive data. When developing GWT make sure that a good security testing strategy is included . Even though GWT might have done a good job preventing some exploits, AJAX in general increases the surface for malicious attack for a web application. I just recently was able to do an exploit on our web application using Cross Site Scripting that we should now consider upgrading our GWT version.
Comments