File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes HTML, CSS and JavaScript and the fly likes 'Web Service and Security' in Ajax High Performance book Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark " Watch " New topic

'Web Service and Security' in Ajax High Performance book

Dinesh Sundrani
Ranch Hand

Joined: Mar 21, 2006
Posts: 78
Hi Authors,

I am getting a bit anxious and also quiet alot surprised to see 'Web Service and Security' chapter in an Ajax High Performance book.

I am serioulsy interested to know what all going into this chapter as I have been working in Web Service for past couple of years and would love to leverage it with Ajax programming.

Hope you could elaborate something for the relationship between Ajax and WebServices.

Dinesh Sundrani
Dave Charles Johnson

Joined: Jul 26, 2007
Posts: 4
Hi Dinesh,

The link between Ajax and Web Services is an important one for people that are working behind the firewall and integrating with business systems that are already using Web Services - by which I primarily mean SOAP messaging rather than XMP-RPC or JSON based requests.

There are a few different options for integrating Ajax with SOAP based Web Services. There are browser specific solutions for dealing with SOAP messages in both Firefox and Internet Explorer, but the solution we recommend is the cross browser JavaScript SOAP toolkit from IBM. It makes dealing with SOAP fairly seamless.

Due to the same origin security policy of the web browser, XHR requests cannot be performed across domains. To get around this, script injection can be used to create mashups with services like Google Maps or JSONP and XMLP with either script injection or hidden IFrames can be used to access data across domains. The mashup approach is fairly safe. However, when you start requesting JSON or XML data across domains using script injection it can be a security problem since the HTTP headers of the web site user are sent along with any script request. To get around this, sites such as Google, will return any JSON data in comments such that it is not directly executable and can only be read by JavaScript that has requested it from the same domain using a proper XHR request.

I hope that helps!
Dinesh Sundrani
Ranch Hand

Joined: Mar 21, 2006
Posts: 78
Thanks Dave, I'm pretty clear now!!

Dinesh Sundrani
I agree. Here's the link:
subject: 'Web Service and Security' in Ajax High Performance book
Similar Threads
Strategies for AJAX adoption
To authors - payment industry standards
Webservice Security Resources
Cleared SCEA 5 Part - I with 81%
Using AJAX with Swing applet