We'll be demoing ICEfaces on the iPhone at AjaxWorld next week, and we needed a good way to display the mobile device for the audience. After setting up a small tripod and a DV camera, we observed that the best physical setup resulted in video displayed upside down on the screen.

So, I put together a simple video pipeline using Quartz Composer. If you have a Mac, and you haven't installed the developer tools and tried Quartz Composer, you should. It's a purely graphical development environment for creating sophisticated media pipelines (such as for screen savers or movie transitions). Creating a pipeline that captures the video input, rotates it, and renders the output was this easy:

In fact, you should be able to see yourself upside down in my jroller blog post.

I'll be presenting Ajax Push for Web 2.0 Collaboration on Monday morning and Steve will be presenting ICEfaces and Mobile Ajax on Tuesday at Lunch. Please contact ICEsoft if you would like a complimentary pass to the show.

Technorati Tags: quicktime video rotate

One of the trickier JSF exceptions we've run into is an UnsupportedOperationException on application startup. This exception is misleading because it's actually thrown during the failure to create a formatted error message, causing the original exception to be lost. You'll see something like the following:

java.lang.UnsupportedOperationException
	at com.sun.faces.config.ConfigureListener$InitFacesContext.getViewRoot(ConfigureListener.java:1690)
	at com.sun.faces.util.MessageFactory.getMessage(MessageFactory.java:113)
	at com.sun.faces.util.MessageUtils.getExceptionMessageString(MessageUtils.java:277)
	at com.sun.faces.util.Util.createInstance(Util.java:477)
	at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:578)
	at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:503)
	at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:402)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3830)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4337)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
	at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
	at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1206)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
	at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337)
	at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601)
	at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610)
	at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590)
	at java.lang.Thread.run(Thread.java:613)

The actual line to make note of is:

        com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:578)

indicating that a ViewHandler, VariableResolver, etc. defined in faces-config.xml is missing (a .jar file is missing) or failing during initialization (in this case, a NavigationHandler is failing instantiation).

Ajax is sometimes criticized for introducing security holes. This is a valid concern, but the situation is complex: Ajax techniques can be applied in many different ways; some lead to secure applications and some do not. to understand, we need to look at the security characteristics of current practices.

First, lets look at some of the more blatant problems. One of the greatest dangers is presented by moving data and business logic into the browser. JavaScript obfuscation is merely an inconvenience to hackers. Sensitive information that finds its way into the browser cache may persist for some time and, once on the filesystem, can potentially expose data or business processes to exploitation by worms or viruses.

To further compound the problem, mashups mix sensitive data and processes from multiple sources together in one page. Any component of the mashup can impersonate any other and, acting with the user's credentials, cause significant loss or damage. Is that JavaScript map component just displaying a map, or is it mining your customer database? You have no further guarantee than trust in the component's authors and the integrity of their servers.

Finally, the nondeterminism of dynamically loaded scripts make the complete Ajax system difficult to analyze from a security perspective (what cannot be analyzed is potentially a security risk). When data is passed to the browser as JSON rather than XML, even the data is dynamically executed; this further complicates the analysis because any source of data into the application then becomes suspect.

But that's the bad news. The good news is that there are ways to use Ajax techniques and retain the security characteristics of traditional web applications: fundamentally, Ajax still makes use of a web browser communicating with the server over HTTP/HTTPS. With ICEfaces we have approached the problem by using layers of security, each of which preserves the benefits of the layers below it:

• The application is implemented entirely in Java and resides on the server. No business logic or application database is stored in the browser. By using commonly available persistence technologies, such as Hibernate, input into the SQL interpreter is automatically escaped, preventing SQL-injection attacks.
• XMLHttpRequest sends HTML form data, just like traditional web applications . No security holes are opened through application-level remote procedure call interfaces. This limits the attack surface to the application user interface, matching what is exposed to what developers expect is exposed.
• The JavaScript implementation is fixed size and function, restricted essentially to the funcation of exchanging events with the server and applying incremental updates, sent as XML, to the page. This makes it security auditable and testable.
• The application filters all output through JSF, automatically escaping it, and preventing injection of malicious JavaScript used for cross site scripting attacks.
• Existing Java access-control techniques can be applied, and component-level access control is provided by the ICEfaces components.
• SSL can be used to secure the connection since all XMLHttpRequest traffic goes over the same connections as the originating page resources.

Steve's whitepaper, Enterprise Ajax Security with ICEfaces goes into the topic in more detail. As you can see, the Ajax security problem really is solvable, it just has to be approached in the right way.

In the future, perhaps we'll see a browser security model that can efficiently isolate different mashup components, but for the time being, the safest approach is to aggregate content from different web pages and web services on the server, and then provide the data obtained through your application. (It could even be argued that this more careful form of aggregation ultimately will lead to the best user experience.)

The href="" http:_="http:_" iphone="iphone" shape="rect" www.apple.com="www.apple.com">iPhone is a very impressive piece of engineering; and even more impressive is that it's great for running ICEfaces Ajax applications, including the use of Ajax Push. All of the ICEfaces sample applications work, including a mobile chat page created specifically for mobile devices (pictured below on the iPhone). As an application developer working with ICEfaces, we believe you will find it straightforward to target the iPhone. (Note that some layout adjustments specifically for the iPhone are not yet on the public demo server -- these adjustments fix the positioning of the scroll buttons so that they actually appear on the screen.)

The iPhone truly represents the desired configuration of a mobile device. It has certain inherent limitations (bandwidth, power, memory, and size), but otherwise is a fully functional internet device supporting the World Wide Web as we know it. It achieves this high degree of standards compliance by taking full advantage of the display and processing resources possible in a device of its size.

What doesn't work on the iPhone?

Most noticeably, drag-and-drop. Drag-and-drop gestures are occupied by the scrolling interface of the iPhone. This was a perfectly reasonable design decision, since drag-and-drop is rarely encountered on the web and typical mobile devices waste valuable screen space with barely usable scrollbars. (However, we're still interested in providing drag-and-drop on the iPhone, so will explore a click-lock mechanism.)

Also, "select" controls are awkward. It's difficult (impossible?) for the user to manipulate a tiny menu within the page, so interaction with select controls causes a large select interface to appear at the bottom of the screen (not unlike the virtual keyboard). It's probably best to design mobile interfaces without select controls.

(Admittedly, there may be other ICEfaces features that don't yet work on the iPhone; we haven't fired up any Selenium tests on it yet.)

You can download ICEfaces from MacUpdate or directly from ICEfaces.org. We look forward to hearing your feedback on the ICEfaces forums.