Here is my problem :
I have to perform post from java code to some page , get the data and parse it.
The problem is that only my country ip can post to this page. Requests from another ip's are rejected.
I want to find workaround.
I have added my html page on server in my country (this server accessible from all ips) . Now I am sending a get request (in open to all server) to this page from Java code.
What I want to do is to redirect my html page to post to the original page.
I tried to use redirection , but it doesn't work - from Java code I get my html page and not redirected one.
Is there any solution or my problem ?
Thanks
I tried to use redirection , but it doesn't work - from Java code I
get my html page and not redirected one.
Yes it wont work because redirection works on client side. You perform a request to your HTML page which sends back a redirect header and your Java implementation doesnt know what to do with it. Even if it did, it had to make a new request to redirected page, which means that the request to the redirected page would still be from a denied IP.
Another option is that your redirection HTML uses JavaScript window.location.assign or something like that. The point remains the same, beacause this also is a client side solution.
You have to use some kind of server side language on the host where you placed your HTML and in that server side script you have to perform a (post or get as you wish) request to only-your-country URL. This way this only-your-country URL will see that the request came from the host where the script was, not the client itself.
For example if you can use java as your server side language on the place where currently your redirection html is, then you can check out this thread: How to send simple http post request with post parameters in java
You need a reverse proxy installed on a server located in your country. If you make a request to this reverse proxy, it will make a request to the only-your-country server and when it gets a response it will forward it to you.
So the only-your-country server will receive the same request as you make to the reverse proxy, but with a source IP address changed to the IP of the reverse proxy server.
Related
Please forgive my ignorance, I am new to java, HTML and web development.
I'm trying to build a web app to control PTZ controls of an IP camera (Panasonic AW-HE50). I am able to send it basic commands through the browser as per the spec sheet:
https://eww.pass.panasonic.co.jp/pro-av/support/content/guide/DEF/HE50_120_IP/HDIntegratedCamera_InterfaceSpecifications-V1.05E.pdf
For example I can make it start spinning by typing in http://172.16.14.90/cgi-bin/aw_ptz?cmd=%23P99&res=1 in to the browser.
Now I'm just trying to translate this over to Java, so that when you press a button on the web page, it makes a "GET" request to move the camera in a certain direction.
My code in question at the moment looks like this:
$(document).ready(function(){
$("button").click(function(){
$.get(camURL + "T99&res=1", function(data, status){
alert("Data: " + data + "\nStatus: " + status);
});
});
});
However the message doesn't reach the cam, and the Chrome console reads:
"Access to XMLHttpRequest at 'http://172.16.14.90/cgi-bin/aw_ptz?cmd=%23T99&res=1' from origin 'http://172.16.14.12' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."
I have done some research in to this, but the solutions seem to be more relevant to servers. As far as I know, I cannot allow access to a domain, as it is an IP cam, not a server. Also, I hosted my HTML page on the same local network to get around this but it didn't work. I'm surprised that it isn't recognised as the same domain. I am also unsure as to why the browser is able to make this get request but the Java script is not.
Thanks in advance for your help, and sorry again for my ignorance.
Andy
This is a typical same-origin-policy problem, and there are 2 ways to fix it:
Hack the IP camera and host the HTML pages there.
Move the HTTP-request-to-IP-camera code from web page to Java server, and thus avoid the same-origin-policy limit.
Normally, the 2nd way is better, especially when you can put Java server in the same local network with IP camera. Here are some detail description:
Host HTML page and JavaScript code in Java server (I believe you've already done that).
When user click button on web page, send Ajax request to Java server, not the IP camera. Thus, avoid same-origin problem.
When Java server receives the above HTTP request, interpret the user operation and send corresponding HTTP request to the IP camera. As this is a pure server side HTTP request, it does not follow same-origin policy.
After the Java server receives response from IP camera, return that response to browser.
BTW, in the above scenario, the Java server takes the role of proxy.
For some of your questions:
"I have done some research in to this, but the solutions seem to be more relevant to servers."
-- Yes, CORS policy is a browser feature for security protection. To fix the problem, you need to do something in server.
"I hosted my HTML page on the same local network to get around this but it didn't work. I'm surprised that it isn't recognised as the same domain."
-- To make 2 URLs as same domain (in CORS point of view), the following URL part should be identical: protocol, hostname and port. Move 2 machines to the same local network does not satisfy same-origin policy for browser.
"I am also unsure as to why the browser is able to make this get request but the Java script is not."
-- When you type IP camera URL in the browser's address bar and press return, a simple normal HTTP GET request is sent to camera, no same-origin policy is applied. However, when you send HTTP request from JavaScript code, browser will check CORS settings for security reason.
I do not have much experience with JSP/Servlets and I have searched for an answer regarding my problem but have not found an answer to my question.
Lets say I have a file on the back-end, called test.txt, and i want my servlet to stream the file contents to a jsp page dynamically. By dynamically i mean that if the file is being updated, text is being appended to the end of file, then i want the client looking at the resulting html/jsp file to see the changes live.
For example, the client would be able to see the changes in a textbox element in the html document.
Is this possible with JSP/Servlets or not? If so, how would i go about it?
Thanks for your time.
Already tried searching for related questions, searching for stream inquires
and haven't found any answer that would answer my question.
I think that you should probably load the file:
See an example: How should I load files into my Java application?
and reload the page using javascript
See: How to reload a page using JavaScript
I am sure you are not professional in web development , so lets fix it.
When a client (Mobile App , Browser , ... ) wants to send a request to a server , it will create a TCP/IP (we have more protocols like UDP but web applications work on top of TCP/IP protocol) connection. All data between client and server will transfer by this connection. It's your only way to send and receive data from server or client.
When you create a JSP file (and it will compile to Class file when deploy on server application [ for better understand search JASPER JSP ENGINE ] ) to response to requests i will produce a response like this for browser :
some Http-Headers
Content-Type : text/html
some other Http-Headers
{JSP as a html text}
so browser will parse the response , render it and show it to your client user.
It means this jsp page will sent as a static html page.
For update it you have 2 ways :
1- The wrong way : Keep-Alive connection between client and server and each time you want to update client , send whole response to it again ! So all data come and html will render again and ... . So its bad way and not safe and many things else.
2- The correct way : Create a new async connection between client and server using JavaScript and just request for watch data change in file and show it to user in real time , without render whole html page. If this connection use Http protocol (http protocol just is a text protocol not a network protocol like TCP/IP) add Connection : Keep-Alive in your request header to server keep it alive.
Note : if you want understand better , search for socket in java and learn how it works.
I have a java servlet that is redirecting to a web application on a different server.
I was wondering if there is a way to hide the querystring parameters, so they are not visible to the client in the address bar.
response.sendRedirect("http://www.mywebapp.com/login.html?parameter1=value1¶meter2=value2");
Is there a way to force the sendRedirect to POST to the page and hide the querystring?
Edit: use case.
A user goes to http://www.mywebapp.com
They are automatically redirected to my servlet filter
The servlet handles SSO to an Identity provider using SAML
Once it recieves the SAML response back, I redirect the now authenticated user back to mywebapp.com
I want to pass some parameters back to the webapp. Parameters from the SAML response. But I don't want the user to see them in the URL
Clearly, sendRedirect() is not what I want. What would be the best way to handle this?
No, you can't use POST in this scenario. When calling sendRedirect() this is what you send back to the client:
HTTP/1.1 302 Found
Location: http://www.mywebapp.com/login.html?parameter1=value1¶meter2=value2
Browser interprets this and points user to that location.
Something tells me (maybe login.html name and two parameters) that you want to automatically login user on some web site). Don't go this way, sending username/password (both using GET parameters and inside POST) is really insecure.
Without knowing much about your use case it's probably the best solution to call http://www.mywebapp.com/login.html from your servlet, parse the response and return it to the user (so he will never really see mywebapp in his browser.
You could connect to the other server from your servlet (HttpConnection) and copy the returned data. The user will only see your server.
An alternative is returning an HTML page that does send a POST form automatically after loading. The user will need to allow JS.
You can forward the request from server side and then at the end redirect to some other page
I found a way for hiding any string from Java or Android project with concept of inner classes using proguard to hide them a class is my server side processing
I am working on a project where I have running servlets packaged in a war that listen for requests and populate a foreign div on a separate page. An initial request is made to servlet (a) and if there is data to display, it renders that HTML. If there is NO data, it passes a query string to another servlet to handle the request and then renders a page with options to choose.
I am running Tomcat 6 with Windows Server 2008.
But I run into two problems:
When I use redirect, I get no response from the servlet being
redirected to. I have some javascript alerts up that are never called by the (b)
servlet. I AM using relative paths and confirm the link is
correct in logs.
When I copy that link in step 1 in a new window, I see
the results. Just not when it's embedded in another page that makes
the request. Why would that be? Is it possibly a limitation from the host page and not being able to render the response?
When I use a forward, I see the servlet response,
but then a new window opens. Thus taking the person away from the
original page. This would be great if the results render in the same page.
What's the best practice to assure that I can "redirect" from an initial servlet call to another servlet using the response object from that first servlet?
A redirect returns a HTTP 302 response with the new URL in Location header which the client needs to deal with. Basically, your JS code must check the response status code if it's 302 and then extract the Location header and then re-send a new request on it. Repeat this until the response status code is 200.
That it works when pasting the URL in browser's address bar is because the browser already knows how to deal with 3nn responses properly. If you open up the network traffic tracker in browser's webdeveloper toolset, then you'll see that a second GET request is been fired on the new URL.
Another way, if the servlets run in the same container, is to just use RequestDispatcher#forward() instead of HttpServletResponse#sendRedirect().
I have small ajax problem related to cross domain as i see it.
On localmachine i created html example with some ajax:
in registration text field user types 'username',
on every keystroke ajax sends it to
local Tomcat, where servlet checks if that username is already used
and sends 'taken' reponse back.
No problem on localhost at all.
As soon as i type used 'username' servlet sends 'taken' response
and browser displays it.
But, when i put test html page with ajax
on remote machine (some free hosting on remote network)
that sends validation request on my localhost Tomcat,
connection is made,
in Tomcat console i see request comming,
and in firebug in Mozzila this is Console ouput:
GET http://89.216.182.25:8080/Dinamicki1/UsernameServlet?username=zik 200 OK
...but in response tab
there is not servlet response 'taken'
and message in firebug is in red color
So servers communicate well, no firewall problems, response is 200 OK
But response body is empty.
Any ideas what this red messages in firebugs are?
Thank you very much in advance.
And if anyone can recommend a some serious ajax tutorial for java
it will be highly appreciated :)
You need to use a domain-relative URL in your Ajax request:
/Dinamicki1/UsernameServlet?username=zik
Or a context-relative URL (assuming that the page is served from /Dinamicki1):
UsernameServlet?username=zik
With regard to "Ajax tutorial for Java", start here: How to use Servlets and Ajax?
You cannot use AJAX to read replies from other domains.
Your HTML must be on the same server (and same domain, port, and protocol) as the AJAX servlet.
The 200 status reported in Firebug does not indicate the validity of the cross-domain ajax call, be it successful or not.
You might want to try using a proxy method to perform the call.
E.g. JavaScript: Use a Web Proxy for Cross-Domain XMLHttpRequest Calls
I figured out how to solve it from this site:
"To allow directory browsing via Apache Tomcat change the parameter "listings" in the file conf/web.xml from false to true."
Call your page not as C:/Documents and Settings/.../page.html but as localhost:8080/your_servlet_name (page is better named index.html).
This way, you will be able to make AJAX requests to localhost:8080/your_servlet_name/something_else.
A solution that worked for me was that I had to add "www" to the url! I was using URL Rewrite, so every URL that I had (image, js, get, load, post), I needed to use full url, but it was missing "www"!
For me, It was web api(c# .NET) request and cors was not enabled.
Added header for cors on controller and it solved the problem.
[EnableCors(origins: "*", headers: "*", methods: "*")]