The server-centric solution to Ajax brings a productivity boost, robustness, and security to Web application development; while client side solutions endows Web applications with greater controllability and the ability to leverage client side resources.
ZK marries the benefits of both to bring forth a developer-centric approach where developers continue to build large scale enterprise applications with all the robustness of Java technologies, but also are offered the flexibility to work directly with ZK’s jQuery based widgets to further enhance user experience. ZK's architecture is based on units of modularization which are pluggable and replaceable, enabling developers to extend and customize.
Developers are allowed to inject application specific code throughout the course of program execution, including Ajax communication, event handling, component instantiation, ZUML parsing, among numerous other implications.
Applications are executed on the server-side in ZK by default; no business logic is ever exposed to the client.
In addition, ZK protects applications against XSS, DoS, and CSRF. ZK further strengthens authentication and authorization with third party security frameworks such as Spring Security which altogether offers protection from page level to Ajax events.
By the introduction of event queue, ZK unifies the handling of server push and Ajax events to a simple publish and subscribe mechanism, rendering server push transparent to the developers. ZK shields developers from the complexity of multi-threaded programming that comes with server push.