Wt C++ Web Toolkit Introduction

Home / Wt C++ Web Toolkit Introduction

Wt C++ Web Toolkit Introduction

December 9, 2015 | Article | No Comments

Wt (pronounces as witty) is a C++ library for developing web application.

Wt offers abstraction of web-specific implementation details including client-server protocols, event handling, graphics support, graceful degradation (or progressive enhancement), and URL handling. The API is widget-centric, like Qt and other toolkits.

Unlike many page-base frameworks, Wt was designed for creating stateful application that are at the same time highly interactive (leveraging techniques such as WebSockets, and Ajax) and accessible (supporting plain HTML browsers), using automatic graceful degradation or progressive enhancement. Things that are natural and simple with Wt would require an impractical amount of effort otherwise: switching widgets using animations, while being perfectly indexed by search robots with clean URLs, or having a persistent chat widget open throughout, that even works in legacy browsers like Microsoft Internet Explorer 6.

Wt can acts as a stand alone Http(s)/WebSocket server or integrates through FastCGI with other web servers.

Why Wt

Page-based web frameworks (Django, Ruby on Rails, PHP, etc …) do not attempt to abstract underlying technologies (HTML/XHTML, JavaScript, CSS, Ajax, WebSockets, Comet, Forms, DHTML, SVG/VML/Canvas). As a consequence, a web developer needs to be familiar with all of these evolving technologies and is also responsible for graceful degradation when browser support is lacking. The structure of many web applications still follows mostly the page-centric paradigm of early day HTML. This means that not only will you need to implement a controller to indicate how a user moves from page to page, but when using advanced Ajax or WebSockets, you will need to design and maintain your client-server communication.

Pure Ajax frameworks on the other hand require tedious JavaScript programming to deal with browser quirks, and client-server programming to interact securely with server resources. These applications usually are not compliant with accessibility guidelines and cannot be indexed by a search robot.

Generating HTML code or filling HTML templates is prone to security problems such as XSS (Cross-Site-Scripting) by unwillingly allowing JavaScript to be inserted in the page, and CSRF (Cross-Site Request Forgery) by trusting cookies for authentication. These security problems are hard to avoid in traditional frameworks when as a developer you need to implement JavaScript functionality and thus the framework cannot filter it out.

In contrast, a web application developed with Wt is developed against a C++ API, and the library provides the necessary HTML, CSS, Javascript, CGI, SVG/VML/Canvas and Ajax code. The responsibility of writing secure and browser-portable web applications is carried by Wt. For example, if available, Wt will maximally use JavaScript, Ajax and even WebSockets, but applications developed using Wt will also function correctly when JavaScript is not available. Wt will start with a plain HTML/CGI application and progressively enhance to a rich Ajax application if possible. With Wt, security is built-in and by default.

Typical Use Scenario

  • High performance, complex web applications which are fully personalized (and thus cannot benefit from caching), fully Ajax enabled and at the same time entirely accessible and Search Engine Optimized.
  • Web-based GUIs for embedded systems benefit from the low footprint of a C++ web application server.
  • Web-based GUIs that require integration with (existing) C++ libraries, for example for scientific or engineering applications, or existing C++ desktop applications.

Other Benefits

  • Develop web applications using familiar desktop GUI patterns.
  • Provides an extensive set of widgets, which work regardless of JavaScript availability (but benefit from JavaScript availability).
  • A single specification for both client- and server-side validation and event handling.
  • Optionally, use XHTML and CSS for layout and decoration.
  • Generates standards compliant HTML or XHTML code.
  • Portable, anti-aliased graphics optimized for web usage (using inline VML, inline SVG, HTML5 canvas or PNG images), which can also be used to render to PDF.
  • Avoid common security problems since Wt has complete control over the presentation layer and proactively filters out active tags and attributes, does not expose business logic, and simplifies authentication using a stateful design.
  • Ultra-fast load time and low bandwidth usage, which are affected only by screen complexity, not application size. Wt implements all the common tips and tricks for optimizing application responsiveness and even optimizes per browser.
  • A simple API with a robust cross-browser implementation for server-initiated events aka server push (using comet or WebSockets).
  • Use the built-in httpd for easy development and deployment, or use the FastCGI/ISAPI connectors to deploy in existing web servers.

Features

Core Library

  • Supports major browsers (Firefox/Gecko, Internet Explorer, Safari, Chrome, Konqueror, and Opera) but also plain HTML browsers (Links, Lynx).
  • Develop and deploy on Unix/GNU Linux or Microsoft Windows (Visual Studio) environments.
  • Equal behavior with or without support for JavaScript or Ajax, as far as possible, by using graceful degradation or progressive enhancement.
  • Integrated Unicode support and pervasive localization.
  • Efficient rendering and (very) low latency.
  • Support for browser history navigation (back/forward buttons and bookmarks), pretty URLs with HTML5 History if available, and search engine optimization with a unified behavior for plain HTML or Ajax sessions.
  • Configurable session tracking options that include URL rewriting and cookies.
  • High performance, allowing deployment on low-end embedded devices, or energy-, space- and budget-friendly deployment of Internet or extranet web sites.
  • Completely based on event-driven async I/O: sessions are not tied to threads, and neither do open connections block threads. Instead, threads are needed only to improve concurrent request handling or for reentrant event loops.

Event Handling

  • Uses a modern typesafe signal/slot API for responding to events.
  • Listen for keyboard, mouse and focus events, and get event details (such as mouse position, modifier buttons, or keyboard key).
  • Automatic synchronization of form field data between browser and server.
  • Dynamic C++-to-JavaScript translation, by specifying stateless slot implementations. A single C++ slot implementation provides both client-side and server-side event handling: visual changes at client-side and application state at server side.
  • Possibility to hook in custom JavaScript (e.g. for client-side only event handling), and emit C++ signals from this custom JavaScript.
  • Drag&Drop API.
  • Timed events and server-initiated updates (“server push”)
  • Uses plain HTML CGI, Ajax or WebSockets

Native Painting Support

  • Unified painting API which uses the browsers native (vector) graphics support (inline VML, inline SVG, or HTML5 canvas), or renders to common image formats (PNG, GIF, …) or vector formats (SVG, PDF).
  • Supports arbitrary painter paths, clipping, text, images, transformations, drop shadow.

GUI Component

GUI component is composed of various widgets. For comprehensive examples, you can visit this link.

Built-in Security

  • Kernel-level memory protection protects against privacy issues arising from programming bugs, since sessions can be completely isolated from each other (in dedicated-process mode).
  • Supports encryption and server authentication using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) through HTTPS.
  • Enables continuous use of HTTPS through low bandwidth requirements (fine-grained Ajax).
  • Built-in Cross-Site Scripting (XSS) prevention. Rendered text is always filtered against potentially malicious code, making XSS attacks against Wt applications (close to) impossible.
  • Not vulnerable to Cross-site Request Forgery (CSRF) because cookies for session tracking are optional, and even when used, they are never solely relied on for requests that trigger event handling code.
  • Not vulnerable to breaking the application logic by skipping to a particular URL, since only those events exposed in the interface can be triggered.
  • Session hijacking mitigation and risk prevention
  • DoS mitigation
  • A built-in authentication module implements best practices for authentication, and supports third party identity providers using OAuth 2.0, and (later) OpenID Connect

Object Relational Mapping Library

Wt comes with Wt::Dbo, a self-contained library which implements Object-Relational mapping, and thus a convenient way to interact with SQL databases from C++. Although features like optimistic concurrency control make this an ideal technology for a database driven web application (and it provides good integration with Wt’s MVC classes), the library can also be used for other applications, and does not depend on Wt. The ORM library has the following features:

  • No code generation, no macro hacks, no XML configuration, just modern C++!
  • Uses a templated visitor pattern which requires a single template method to provide the mapping: DRY and as efficient as conceivable!
  • You can indicate surrogate auto-incremental keys or map natural keys of any C++ type, which may also be composite (i.e. require more than one database field).
  • Supports optimistic concurrency control using a version field.
  • Maps Many-to-One and Many-to-Many relations to STL-compatible collections.
  • Provides schema generation (aka DDL: data definition language) and CRUD operations (aka DML: data manipulation language).
  • Prepared statements throughout.
  • Each session tracks dirty objects and provides a first-level cache.
  • Flexible querying which can query individual fields, objects, or tuples of any these (using Boost.Tuple).
  • Use a single connection or share connection pools between multiple sessions from which connections are used only during an active transaction.
  • Comes with Sqlite3, Firebird, MariaDB/MySQL and PostgreSQL backends, and an Oracle backend is also available on request.

Deployment

Wt library abstracts different deployment options as connectors libraries, which connect Wt with the outer world. Switching deployment option is a matter of relinking to one of these connector libraries.

Built-in httpd

  • Simple, high-performance web application server (multi-threaded, asynchronous I/O) based on the C++ asio library.
  • Supports the HTTP(S) and WebSocket(S) protocols.
  • Supports response chunking and compression.
  • Single process (convenient for development and debugging), and embeddable in an existing application.
  • Supports deployment behind a ProxyPass’ing (and if needed, load-balancing) web server.
  • Available for both UNIX and Win32 platforms.

FastCGI

  • Integrates with most common web servers (apache, lighttpd).
  • Different session-to-process mapping strategies.
  • Hot deployment: new sessions use the new application version while older sessions may continue with their application version.
  • Available only for UNIX platforms.

ISAPI

  • Integrates with Microsoft IIS server.
  • Uses the ISAPI asynchronous API for maximum performance.
  • Available for the Win32 platform.

, ,

About Author

about author

xathrya

A man who is obsessed to low level technology.

Leave a Reply

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial