I have a Springboot/angular component (this is an angular component that is authenticated by Spring security and loads its data from a Spring REST API) . This springboot/angular component is being loaded within an iframe of a JAVA EE application.
They are also loaded on separate contexts, localhost:8080 and localhost:7001 respectively.
Problem is, whenever the springboot/angular component is loaded and authenticated in the iframe, it overwrites the Jsessionid, such that the next HTTP request I make on the JAVA EE application, is no longer the original Jsessionid and hence results in an error.
How can I avoid the Jsessionid from being overwritten in this manner while using a cross-origin iframe?
Code in localhost:7001 (JAVA EE application) containing the iframe:
basically, what happens is I call a custom post request to my spring processLogin controller in order to authenticate the spring/angular component, and have the request display in the iframe.
<body>
<script>
function sendForm(){
var username = document.getElementById("sessionUser").value;
var password = document.getElementById("sessionPw").value;
var param = {};
param['username'] = username;
param['password'] = password;
post('http://localhost:8080/processLogin', param );
}
</script>
<iframe id=menuFrame frameborder="0" style="overflow:hidden;" src=""></iframe>
</body>
In fact you are in two separated contexts, so you have two different sessionId. In order to share your sessionId you should implement load balancing or another mechanisms that allow to share sessions at server level.
Related
I am developing spring batch web application in java that uses SPRING MVC. It uses free marker templates.
I need to set userid in request attribute in javascript written on FTL page.
I am using below javascript to retrieve username. I want to set(WinNetwork.UserName) it in request attribute and want to retrieve this attribute on my servlet.
<script type="text/javascript">
var WinNetwork = new ActiveXObject("WScript.Network");
alert(WinNetwork.UserName);
</script>
Please provide help on this.
I'm working with a third party that is generating div content based on a post response from my server (java servlet). One problem I have is that we have a list of radio buttons leveled in a form.
When I hit submit on that form, I need to make a post call to my server and re-render that div in the third party site. I have used different variations of jQuery to no avail.
I've included the most recent jQuery (also tried a sub 1.4 release of jQuery). When I hit the submit button on my form, I just render the same page and I do NOT render a call to the server.
How can I do this, update a div on the local page that renders my post results based on a form I write? Below is what I currently have:
Form:
<form action='\' id=\"form1\">... radio buttons ... </form>
<input hidden field name = value passed from Java method>
<input hidden field id = value passed from Java method>
<input hidden field the value of the selected checkbox>
HTML:
<script language='Javascript' type='text/javascript'>
$(\"#form1\").submit(function(event) {
event.preventDefault();
var $form = $( this ),
name2= $form.find( 'input[name=\"name\"]' ).val(),
id2= $form.find( 'input[name=\"id\"]' ).val(),
url = $form.attr( 'action' );
$.post( url, { name2:name, id2:id },
function( data ) {
var content = $( data ).find( '#content' );
$( \"#this_div\" ).empty().append( content );
});
});
</script>
Sending AJAX Requests from a Third Party site to your server:
Due to browser security requirements, it is not currently possible to make cross-domain AJAX requests to a third-party server. This means that the $.post request is limited to what is referred to as the same-domain policy.
Thus, if your server is example.com and the third party server is domain.com, domain.com cannot make AJAX requests to your server.
However, there is a technique you can use to circumvent this browser security. While it's not possible for XMLHttpRequests to be made cross domain, JavaScript <script> tag blocks can load JavaScript from any domain.
Script tag remoting, or JSONP, involves using a script tag to send a request to your server:
Script tag:
// from domain.com to your server, example.com, make a request using a script tag
var urlWithParams = "http://example.com/getHTMLForm.do?id2=" + id2 + "&name2" + name2;
var script = document.createElement("script");
script.setAttribute("type","text/javascript");
script.setAttribute("src", urlWithParams);
// create a script tag, which invokes your servlet
document.getElementsByTagName("head")[0].appendChild(script);
getHTMLForm.do is a hypothetical servlet that you're currently using to post the data and get HTML in the response. Instead of passing the parameters in the Request body using POST, you'll pass the data as query parameters.
Server response::
The server then responds with JSON that you generate on the server, but it's wrapped -- or padded -- inside a JavaScript function that is defined on the web page making the request.
// your response from your server
insertFormOnPage({"html":"<form action='#'><input name='name' /><input name='id' /></form>", "elem" : "#content"});
Third party Client side code:
For this technique to work, the third party site must have a function defined that matches the one your server will return:
function insertFormOnPage( data ) {
alert( data.html ); // prints the HTML for debugging
alert( data.elem ); // prints the selector you want to insert into
// inject the HTML into the #content DIV
$( data.elem ).html( data.html );
}
HTML on the third party site:
<!-- Let's just assume the third party site's DIV is empty for simplicity -->
<div id="#content"></div
Explanation:
Your server returns pure JavaScript to the client side, as JavaScript, as a function that executes immediately.
The function receives the following items as properties in a JavaScript object: The HTML, and the div id.
The function accesses the object's html and elem properties to access both the html string and the selector.
Using jQuery, the function injects the HTML inside the DIV#content element.
The last and final thing you should know about this technique is that it only supports GET methods, since that is how JavaScript is fetched from the server. This means that you'll need to make sure your server is configured to accept GET requests for this data and not POST requests.
JSONP Using jQuery:
While the above solution helps describe the concepts of what is happening under the hood, you may also want to check out jQuery getJSON. Specifically, look at the JSONP examples, which are the only way to make cross-domain requests without reloading the page.
$.getJSON("http://api.flickr.com/services/feeds/photos_public.gne?jsoncallback=?",
{
tags: "cat",
tagmode: "any",
format: "json"
},
function(data) {
$.each(data.items, function(i,item){
$("<img/>").attr("src", item.media.m).appendTo("#images");
if ( i == 3 ) return false;
});
});
I am using a session scope to store the bean,and i want to project the bean value to the jsp page when needed like this way
request.getSession().setAttribute("bean", bean);
response.sendRedirect("test.jsp");
And in the jsp i am using the below code to get the value on jsp
<% bean1 bean = (bean1) session.getAttribute("bean");
%>
<%= bean.getValue() %>
Instead of using a session scope i want to use a request scope,so can i set my attribute in my servlet in this way
request.setAttribute("bean", bean);
So how can i call it on my jsp
can i say
<% bean1 bean = (bean1) request.getAttribute("bean");
But it is showing error.Or instead of using scriplet how can i show my output using JSTL.
You're not understanding what a redirect is. A redirect is a response you send to the browser so that the browser sends another, new request to the location you redirected to. So, when you call sendRedirect("test.jsp"), the browser will send a new request to test.jsp. And obviously, all the attributes you have stored in the current request won't be available anymore.
It's impossible, without context, to say if a redirect is something you should do in this case, or if you should instead forward to the JSP. A forward is very different from a redirect, since it only transfers the responsibility of the current request and response to another component. In that case, there would be a unique request, and the JSP could find the attribute set by the servlet in the request.
The only thing I can say is that, in a properly designed MVC application, the JSP is used as a view, and there should never be a direct request to the view. Each request should go through a controller.
I have a JSF 1.2 login page (login.xhtml) that has 2 sub-forms - menuForm, loginForm.
Using a browser, I am able to navigate from the login page to a productList.xhtml page by clicking on the Login button within the loginForm.
....
For allowing the Google Crawler to crawl through my pages that require login, I am trying to test a form submit with a Java program on the loginForm to see if I can retrieve the productList.xhtml page.
The hidden fields (View Source from browser) in the login.xhtml page includes the following:
username
password
autoScroll
loginForm
loginButton
javax.faces.ViewState
I have submitted all the values from above (except the javax.faces.ViewState) in my Java program, but I keep getting only the login.xhtml page back in my response. Why is this?
I cannot submit the javax.faces.ViewState because there is no state on the server-side for the form when a submit happens from the Java program. How do I submit a form that does not yet have a view state?
For allowing the Google Crawler to crawl through my pages that require login
A login requires a session (basically: a cookie). But web crawlers does not maintain the session (basically: they do not maintain cookies). So it ends up here. You have to remove the login form and replace all navigation commandlinks by normal links in order to let any webcrawler index your pages.
It's by the way beyond me why you would like to make restricted pages crawlable (thus: publicitly available). Why is the login there in first instance?
I have submitted all the values from above (except the javax.faces.ViewState) in my Java program, but I keep getting only the login.xhtml page back in my response. Why is this?
Because you omitted the view state field. JSF won't process the form submit then. For a part, this is a safeguard against CSRF attacks and for other part, this is because JSF is a stateful component based MVC framework.
I cannot submit the javax.faces.ViewState because there is no state on the server-side for the form when a submit happens from the Java program. How do I submit a form that does not yet have a view state?
You need to either maintain the session (basically: send all cookies from the server back in subsequent requests), or to set the state saving method in web.xml to client and you also need to pass the view state hidden field along with the form submit request.
Is there any way I can redirect to a different page from a Spring Controller that gets called from a JSP using <c:import>?
Scenario is as follows: I have a Spring WizardFormController, that handles a multi-page form and is included into the website using a JSP and <c:import>. After the wizard is finished, I would like to redirect to a different page, but that seems to be impossible from the Controller. At least, if I could get a message to the surrounding JSP, it would already help.
It seems, the only way is to use JavaScript to create a client-side redirect like this:
<script type="text/javascript>
window.location.href = '<URL of Target>';
</script>