Post on 16-Jan-2017
Adobe Integrate Runtime (AIR)RIA on Desktop
Abdul Qabizhttp://linkedin.com/in/abdulqabiz
Adobe and Adobe AIR are either the registered trademark or trademark of Adobe Systems Incorporated in the United States and/or other countries.
Desktop Apps?
Use-casesDesktop is still importantWe still use those most of timesSome data still on DesktopWe are not always connectedSome of us are occasionally-connected
Current IssuesSmart developers moved to Web :-)Gap between Web and DesktopDevelopment requires special skillsHard to update/patchBandwidth costs :-)
Topics
IntroductionExamplesDevelopment
SDK/IDE/ToolsFrameworks
SecurityInstallation/DeploymentMore ExamplesQ/A
AIR: Some more features
Native Windows/MenusClipboard (read/write)Command-line arugementsLaunch on Login ( != startup)File associations (mime type handlers)Tracking user presence (idle timeout, etc)Taskbar/Dock iconsApplication terminationInter application communicationApplication updatesDRM ;-)Encrypted storage (uses Keychain or DPAPI - AES-CBC 128-bit)
AIR: Development
ToolsAIR SDK - compiler/debugger/packagerAptana (Eclipse-based) for AJAX appsAdobe FlexBuilder for Flex/Flash apps
FrameworksNo special requirement for AIRGenerally, we use these for web-apps
YUI, ExtJs, Dojo, Prototype, etc - Any AJAX framework*Adobe Flex Framework (Flex/Flash)
AIR: Development
AJAX app structureStructure - HTMLPresentation - CSSBehaviour - JSAssets - images, swf, flv, etcapplication descriptor (application.xml) - XML
Flex/Flash app structureApplication - .swfLibs/modules - .swfAssets - images, swf, flv, etcapplication descriptor (application.xml) - XML
AIR: Descriptor format<?xml version="1.0" encoding="utf-8" ?><application xmlns="http://ns.adobe.com/air/application/1.0"> <id>com.abdulqabiz.air.BloglinesReader</id> <name>Bloglines Reader</name> <version>1.0</version> <filename>BloglinesReader</filename> <description>An offline Bloglines reader with lots of features.</description> <initialWindow> <title>Bloglines Reader</title> <content>root.html</content> <systemChrome>standard</systemChrome> <transparent>false</transparent> <visible>true</visible> <width>640</width> <height>480</height> <minimizable>true</minimizable> <maximizable>false</maximizable> <minSize>320 240</minSize> <maxSize>800 600</maxSize> </initialWindow> <icon> <image16x16>icons/AIRApp_16.png</image16x16> <image32x32>icons/AIRApp_32.png</image32x32> <image48x48>icons/AIRApp_48.png</image48x48> <image128x128>icons/AIRApp_128.png</image128x128> </icon></application>
AIR: Security - Sandbox types
There are different sandbox types:application
assigned to all the files in app directoryremote
Files from Internet URIlocal-trusted
trusted local .swf can acces local and remote but doesn't have all AIR privileges.
local-with-networkinglocal .swf (published with -use-network flag) can communicate with remote only.
local-with-filesystemlocal file (.swf, .js, .htm, etc) can read local but not remote.
AIR: Security - AJAX
AIR API allowedXHR - all domainsLimited eval () - only JSON literalsLimited dynamic code generation
javascript:<code>innerHtmlouterHtmldynamic-script/script-srcsetInterval/setTimeOut ("x=4", 1000)
AJAX frameworks might break
No access to AIR APIXHR - same domain, can be allowed to all domainsWindow.open (..) work in response of user-triggered event.AJAX frameworks would workCSS/frame/iframe/image loading
application non-application (classic)
AIR: Security: Sandbox Bridging
<html> <head> <title>Simple test</title> <script type="text/javascript" src="AIRAliases.js"></script> <script type="text/javascript"> var Exposed = {}; Exposed.trace = function(str) { air.trace(str); } Exposed.readApplicationDescriptorFile = function() { var content; //set content to descriptor content return content; } function doLoad() { document.getElementById('UI').contentWindow.parentSandboxBridge = Exposed; } </script> </head> <body onload="doLoad();"> <iframe id="UI" src="ui.html" sandboxRoot="http://SomeRemoteDomain.com/" documentRoot="app:/" </iframe> </body> </html>
AIR: Security: Sandbox Bridging
<html> <head> <title>UI</title> <script type="text/javascript"> var Exposed = {}; Exposed.trace = function(str) { air.trace(str); } function doLoad() { childSandboxBridge = Exposed; } </script> </head> <body onload="doLoad();"> <h3>Browser Sandbox Content</h3><ul><input type="button"onclick="alert(parentSandboxBridge.readApplicationDescriptorFile())" value="Call theexposed function for reading application.xml"/></ul> </body> </html>
AIR: Installation
Seamless installinstalls AIR, if not foundrequires Flash Player
Manual Installdownload .air file and run it.AIR needs to be installed before that.
Package AIR (the runtime) and App together?
AIR: Installation: Experience
Installation experience is consistent, it can not be modified by the developer.
AIR: Deployment
AIR apps are deployed as .air fileCreated using adt (the packager).air files need to be digitally signedCertificates could be:
Self-signed - created using adtVerisign or Thawte
Badge-installer (widget for web-site)Version (in application.xml) - choose a right scheme
Helps while updating app
AIR: Some best practices
Be responsible - You have more privilegesFileSystem, etc.
Try not to store sensitive data on clientIf you have to, encrypt it
Structure application properlyOnly keep trusted files in application sandboxKeep UI or other files in different sandbox
Digitally sign .air files use Verisign or Thawte certificates