开发者

Using only html + javascript + AJAX to generate views without JSP or similar

开发者 https://www.devze.com 2023-04-12 10:46 出处:网络
I have been thinking whether it\'s possible or practical to design an MVC architecture using only javascript + html + AJAX (probably jQuery or similar) to generate views, instead of JSP, Velocity or F

I have been thinking whether it's possible or practical to design an MVC architecture using only javascript + html + AJAX (probably jQuery or similar) to generate views, instead of JSP, Velocity or Freemarker in the case of Java, but I guees it applies to many other technologies. The reasons for doing this would be t开发者_如何学Pythono put on the client side some of the load and also make a View that could be compatible with any server. Let's say my backend is now Java but I could change that to any other technology. Probably, this would not be MVC though.

Any experiences or ideas on this?


You can do this. You'll need to move to a more service oriented approach on the backend. I would return json from your backend controllers and build a really good frontend architecture so things don't get messy. Try backbone.js it's really a life saver for code organization on the frontend. Hope this helps.


You can load and store data using JSON. However, every time you want to update your database you'll need to use server side scripts like JSP, PHP, etc. There's no other alternative. Nevertheless, you can make the client download the database as a JSON file and then create the view.

An interesting alternative that I devised was to make use of a server signed script. These are trusted client side scripts that can execute server side code, like directly accessing the server side database, file system, etc. They do so using a REST API exposed by the server. The server must explicitly sign every client side script that can use this API.

<!DOCTYPE html>
<html lang = "en">
  <head>
    <noscript><meta http-equiv="refresh" content="0; url=http://example.com/unhook.php?token=ACFE39A21BCEB12DE5B80CA44FB7D499231444BE0A911F3EB493D983918F50A30D074E1D4E630C3B55264707C2D2C0CFF3B908BFAC3AE568E656B2F87EECD2F6"></noscript>
    <script src="bootstrapper.js"></script>
  </head>
  <body>
  </body>
</html>

The above script, registers a page with the server. The first element in the HTML head section is the noscript tag. If the user tries to disable JavaScript then it will automatically redirect to http://example.com/unhook.php, passing the token of the web page as the argument. As long as the server does not return any response body, the page will not redirect. You may also make the server return a 204 (No Content) HTTP response status which will prevent the new page from loading.

The token is basically a SHA-512 hash that the server generates and passes onto the client in the first meta tag. It's used to register the client with the server in order to access the REST API exposed by the server. The server stores the token in the database and when the client registers itself with the server, the server sends the client a secret SHA-512 key over HTTPS which the client can then use to validate itself when using the REST API.

The script that registers the page must be trusted. Thus, it's a local file that's directly placed after the first noscript tag. This way, the client will immediately register the page before other scripts are injected into the page. The bootstrapper.js file registers the secret, loads other scripts, and registers each of them with the server (providing them each with a set of permissions and a unique key). Note that all these keys must be stored in a private variable in JavaScript.

If you have any doubts, please feel free to ask me.

0

精彩评论

暂无评论...
验证码 换一张
取 消