Building Web Apps with Lift framework

Lift Web framework is written in Scala language. Lift Web applications works with Scala and Java libraries and it can be deployed easily to any Servlet Container or App server (like Jetty or Tomcat or WebSphere).

Lift apps are high performance and scalable. Lift templates are different from traditional template language like FreeMarker or Velocity frameworks. Below list will help you to understand why Lift is different and better.

  1. Designer friendly templates
  2. Zero logic in the HTML
  3. Built in JavaScript support
  4. Built in REST support
  5. Built in Lazy loading
  6. Resistant to security vulnerabilities
  • Designer friendly templates

    Lift Designer friendly templates are pure XHTML and HTML5 compliant. Other frameworks like Velocity or FreeMarker templates are not pure html tag files as they contains language tags and snippets of code. But Lift templates has Zero logic in the HTML pages. This makes HTML files completely designer friendly HTML contains Lift snippets. Web App designers can edit the same HTML files that developers edit.

    Developers & Designers can use any off the shelf web design/publishing tools to manage their templates. Lift snippets popluate the dynamic data based on data binding using 'data-lift' attribute or 'lift:' CSS class in HTML templates.

    <!DOCTYPE html>
        <meta content="text/html; charset=UTF-8" http-equiv="content-type">
        <link href="/css/bootstrap.min.css" rel="stylesheet"/>
        <script src='/js/jquery/1.11.1/jquery.min.js'></script>
        <script src='/js/bootstrap.min.js'></script>
        <title>Lift Template pages</title>
    <!-- The data-lift-content-id attribute tells Lift that the  actual template starts with the element with the id main -->
      <body data-lift-content-id="main">  
    <!-- Wrap the default template page around this <div> element at the "content" marker in the template -->
        <div id="main" data-lift="surround?with=default;at=content">
          <div class="panel panel-primary">
              <div class="panel-heading"> <h3 class="panel-title">My Page title</h3> </div>
              <div class="panel-body"> My Page content </div>
    <!-- server-time comes here from the Snippet Code.-->
          <div class="lift:CurrentTime">
            Current time from server is 
            <span class='server-time'> Current Time here </span> 

    Scala snippet: CSS Selector functions transform a subset of html CSS class to replace the static content with dynamic data.

    // Lift checks the snippet package to find snippets.
    package snippet
    import net.liftweb._
    import util._
    import Helpers._
    // App snippet
    object CurrentTime {
      // function (NodeSeq => NodeSeq) puts 
      // the current time into the body of the incoming Element's child with 'server-time' css class
      def render = "* .server-time" #> now.toString
  • Built in JavaScript, REST & Lazy loading

    Built in JavaScript and Ajax support provides rich UI to the end user. Less way for the user to break our application. Easy to maintain business logic related to JavaScript.

    Built in REST support for refreshing only few part of UI instead of loading the complete page. More details on Lift wiki

    Supports built in Lazy loding of specific UI components. Lift has excellent comet support, it's easy to "push" content from the server to the browser. Here the page will be rendered with a waiting spinner for part of the screen. Once server has content ready, it will be loaded after a while.

    <div data-lift="LazyLoad">
      <span data-lift="LongRunningSnippetCall"> 
        Long Running Snippet Response will be loaded here .............
  • Secure

    Lift applications are resistant to many of the OWASP security vulnerabilities.

    • A1: Injection - Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent as query string to backing store. Lift's Mapper and Record do proper escaping of query strings.
    • A2: XSS - Lift to automatically do HTML escape Strings before they are sent to the client browser. So Application executing scripts on untrusted data can be prevented
    • A3: Session Management - Lift use Servlet container's session management.
    • A4: Direct Object References - A direct object reference occurs when a application exposes a reference to an internal object, such as a database key which allows attackers to access unauthorized data. Lift HTML forms do not expose direct object references, but creates a session-specific token that refers to the server objects. This avoids unauthorized data access.
    • A5: CSRF - Cross Site Request Forgery is avoided by Lift uses session-specific bindings between HTML elements and the server-side snippets/behaviors. The bindings cannot be predicted so CSRF is not possible.
    • A8: URL Access - Lift includes SiteMap which gives rule based access to URLs in the application. It denies user access to specific URLs unless the criteria are met.
  • Conclusion

    Let's say your web product needs completely different look and feel to support different clients/customers then Lift template approach is the best solution. Having Zero logic in the Lift HTML templates help to easily build new theme by just designing your new templates and reusing the snippets. With Server-side snippets having all the business logic helps to easily maintain the code.

    If you are looking for designer friendly server-side templates with build it support for JavaScript, REST, Ajax & Lazy Loading and very Secure application which can be deployed to a Java EE/Servlet Container then Lift web framework is best solution out of the box.

    Kick Start with Lift