views:

54

answers:

2

I don't have a big experience in this kind of things, so I see the easiest way is sending key-value pairs as post parameters and then servlet container will parse these pairs and put to the parameters map.

But I assume that there can exist more convenient way based on using some ready solutions (libs) that's why (and what) I'm asking. One more thing which can play some role in the decision is that I need to transfer rather complicated stuff (i.e. I want to implement some kind of protocol).

A: 

http://www.json.org/

MK
Sorry, but your answer looks as a votes magnet. Everyone heard about JSON but could you show in what way it's more convenient to send data in JSON from client? (I understand in what way it's more convenient to parse in client JSON sent from server).
Roman
@Roman - you could've mentioned that _you_ have heard of JSON. Otherwise this is the most logical answer. And the expanded name of JSON should give some clues - JavaScript Object Notation
Bozho
@Roman - because many clientside languages have excellent easy to use ways to create JSON too. Especialy with JavaScript, which is a superset of JSON, JSON manipulation is very natural and easy.
Martijn
Coronatus
@Roman whatever, I tried to help, didn't have time to elaborate. Next time try to take a couple of minutes to formulate the question better.
MK
+2  A: 

Your two real choices for data interchange are XML and JSON. I have worked with both extensively, and these days JSON is far and away my first choice.

Of the two, it's my opinion that JSON trumps XML on every consideration except one. JSON is leaner and easier to read. It's a better fit for representing data formats because it's purpose built to apply labels to discreet data units. A JSON parser is far simpler to write and takes far less code. I have found the limited set of types that JSON supports to be perfect for data interchange. JSON is not burdened with legacy semantics for allowing document markup.

Furthermore, if your client is using JavaScript, support for JSON is intrinsic.

The only advantage to XML is that there might be more and better tools for working with the data in this format. It has to be said, though, that JSON is simple enough not to require tools, per se.

A third choice might be URL encoded keyword/value pairs, but I think you will quickly find this too limiting.

Just my 200 cents.

See: http://www.json.org/

You may also be interested in my lightweight open-source unencumbered JSON parser.


EDIT: 2010-08-10 00:43

In response to the comment about security of using JS eval, the following excerpt from the JSON website might be of interest:

To convert a JSON text into an object, you can use the eval() function. eval() invokes the JavaScript compiler. Since JSON is a proper subset of JavaScript, the compiler will correctly parse the text and produce an object structure. The text must be wrapped in parens to avoid tripping on an ambiguity in JavaScript's syntax.

var myObject = eval('(' + myJSONtext + ')');

The eval function is very fast. However, it can compile and execute any JavaScript program, so there can be security issues. The use of eval is indicated when the source is trusted and competent. It is much safer to use a JSON parser. In web applications over XMLHttpRequest, communication is permitted only to the same origin that provide that page, so it is trusted. But it might not be competent. If the server is not rigorous in its JSON encoding, or if it does not scrupulously validate all of its inputs, then it could deliver invalid JSON text that could be carrying dangerous script. The eval function would execute the script, unleashing its malice.

To defend against this, a JSON parser should be used. A JSON parser will recognize only JSON text, rejecting all scripts. In browsers that provide native JSON support, JSON parsers are also much faster than eval. It is expected that native JSON support will be included in the next ECMAScript standard.

Software Monkey
Using Javascript's intrinsic support for JSON (I assume you mean just evaling the JSON-encoded string) is a bad security practice.
MK
@MK: That's true, if you are not in complete control of the content - however sometimes you are in complete control. I don't program in JS, but I must admit, I do assume there is a simple way to parse JSON into objects without executing any functions automatically.
Software Monkey
@Software Monkey depends on what you call complete control of content. You can never fully trust any data. In JavaScript you can use the "official" JS parser library: http://www.json.org/js.html (the real beauty of JSON is not that it is in JS syntax, but that it is so simple that parsers are very lightweight).
MK
@MK: That's the page I already linked to in my edit.
Software Monkey