I need to send a request from a servlet to an application running in other environment (IIS) with certain information in custom headers.
I know redirecting doesn't send the headers and getServletContext().getRequestDispatcher(url) is to be used in the servlet's context only. Has anybody made this work in some other way? I was thinking in using HttpURLConnection, but would it finally redirect the browser to the targeted app ?
Thanks in advance
You can't redirect from your servlet to the external server and keep the headers, and you can't forward the incoming request to other context.
What you could do, is to use the HttpURLConnection (or other http client library such as HTTPClient) to make the request (with the custom headers you need) to the remote server and, once the operation is complete, redirect the user to the external site (customm headers are not set in this redirection).
This is a little tricky, if you elaborate your question (what do you really need to do) we can probably think about other alternatives.
AJAX? You can send some JavaScript code to the browser which sends a request to the ISS and handle (shows) its answer. It's possible to set http headers with XMLHttpRequest but it needs client side JavaScript coding and you have to find a way to send cross domain requests.
Related
I have a GWT appilcation in which the client makes a request to another domain.
I wrote the request using RequestBuilder in GWT.
On executing the code, I get an error in my browser :
No 'Access-Control-Allow-Origin' header is present on the requested resource.
So I google and I found that the domain to which I am making the request should add this header in the response that it sends. Now I dont't have control over the other domain's server, so I can't do any modification there.
My question is, can I intercept the response and the Access-Control-Allow-Origin header to the response that is being sent by the other domain's server at my server, before I send it to my client?
I tried using Filters but the Filter doesn't get called for responses coming from another domain.
Is this possible to do, am I missing something or is it just not possible?
Vivek's answer that cross domain requests aren't allowed by the browser is true, except for the CORS mechanism, whereby newer browsers that support it can try in a cross origin way to servers that also support it.
However, unless that remote server support it itself, there is nothing you can do. If I server my app from A, and want to connect to B, only B can authorize that. If A were allowed to permit my app to connect to B via some filter or servlet, then I could write an app that makes calls to gmail or facebook or twitter and read/write your settings and personal data at those other urls.
So instead, it is the cross origin server that you are contacting that must approve the connection with the header you mentioned. In lieu of that, you can still use your own server as a proxy for the cross origin server.
Cross-domain requests are forbidden by web browsers as per the same origin security policy. These restrictions are limited to browser based applications and hence you can definitely use your own server application as a filter between the GWT based client side application and the external server.
I have a java servlet that is redirecting to a web application on a different server.
I was wondering if there is a way to hide the querystring parameters, so they are not visible to the client in the address bar.
response.sendRedirect("http://www.mywebapp.com/login.html?parameter1=value1¶meter2=value2");
Is there a way to force the sendRedirect to POST to the page and hide the querystring?
Edit: use case.
A user goes to http://www.mywebapp.com
They are automatically redirected to my servlet filter
The servlet handles SSO to an Identity provider using SAML
Once it recieves the SAML response back, I redirect the now authenticated user back to mywebapp.com
I want to pass some parameters back to the webapp. Parameters from the SAML response. But I don't want the user to see them in the URL
Clearly, sendRedirect() is not what I want. What would be the best way to handle this?
No, you can't use POST in this scenario. When calling sendRedirect() this is what you send back to the client:
HTTP/1.1 302 Found
Location: http://www.mywebapp.com/login.html?parameter1=value1¶meter2=value2
Browser interprets this and points user to that location.
Something tells me (maybe login.html name and two parameters) that you want to automatically login user on some web site). Don't go this way, sending username/password (both using GET parameters and inside POST) is really insecure.
Without knowing much about your use case it's probably the best solution to call http://www.mywebapp.com/login.html from your servlet, parse the response and return it to the user (so he will never really see mywebapp in his browser.
You could connect to the other server from your servlet (HttpConnection) and copy the returned data. The user will only see your server.
An alternative is returning an HTML page that does send a POST form automatically after loading. The user will need to allow JS.
You can forward the request from server side and then at the end redirect to some other page
I found a way for hiding any string from Java or Android project with concept of inner classes using proguard to hide them a class is my server side processing
I have written a simple HTTP server using Java and want to send some additional information (puzzle parameters and a small puzzle solver program) to the client i.e. a regular browser.
Similarly, the browser is also supposed to send information (solution) back to the server.
Is there a way to do this by just transmitting this information over the HTTP headers?
Thanks a lot
the headers are usually used to add http protocol relevant information.
You should probably use either the body of the response or cookies to add the needed information.
Adding a cookie is done using the header so it kind of fits what you are asking for.
But I wonder why you need to put it in the header? it seems like what you are asking for is url parameters (client to server) and response body (server to client).
Is it possible to use java socket API to read content of a webpage, ex: "www.yahoo.com"? Can somebody here show an example?
And how about reading content of a page protected by the web app login screen?
Thanks in advance,
dara kok
It's possible but not advisable. The webpage is returned using HTTP, which is more than just a stream of bytes. This means that in order to use a socket you application would need to understand the instructions in the HTTP responses and behave accordingly.
To programitically access a webpage use Jakarta Commons HTTP Client.
With regards to secure webpages, it will depend on how they are secured, however given HTTP Client can maintain cookies you should be able to perform the login through code too.
Further to Nick's answer (i.e. use the Jakarta commons HTTP Client). The login security depends on how the login page is implemented, if it is an apache .htaccess secured site you will need to place username/password information in the request header. Alternatively (and generally more usual), if it is an html form, you will need to deconstruct the form fields from the original HTML and send those as key/value parameters in the http GET/POST request
I have small ajax problem related to cross domain as i see it.
On localmachine i created html example with some ajax:
in registration text field user types 'username',
on every keystroke ajax sends it to
local Tomcat, where servlet checks if that username is already used
and sends 'taken' reponse back.
No problem on localhost at all.
As soon as i type used 'username' servlet sends 'taken' response
and browser displays it.
But, when i put test html page with ajax
on remote machine (some free hosting on remote network)
that sends validation request on my localhost Tomcat,
connection is made,
in Tomcat console i see request comming,
and in firebug in Mozzila this is Console ouput:
GET http://89.216.182.25:8080/Dinamicki1/UsernameServlet?username=zik 200 OK
...but in response tab
there is not servlet response 'taken'
and message in firebug is in red color
So servers communicate well, no firewall problems, response is 200 OK
But response body is empty.
Any ideas what this red messages in firebugs are?
Thank you very much in advance.
And if anyone can recommend a some serious ajax tutorial for java
it will be highly appreciated :)
You need to use a domain-relative URL in your Ajax request:
/Dinamicki1/UsernameServlet?username=zik
Or a context-relative URL (assuming that the page is served from /Dinamicki1):
UsernameServlet?username=zik
With regard to "Ajax tutorial for Java", start here: How to use Servlets and Ajax?
You cannot use AJAX to read replies from other domains.
Your HTML must be on the same server (and same domain, port, and protocol) as the AJAX servlet.
The 200 status reported in Firebug does not indicate the validity of the cross-domain ajax call, be it successful or not.
You might want to try using a proxy method to perform the call.
E.g. JavaScript: Use a Web Proxy for Cross-Domain XMLHttpRequest Calls
I figured out how to solve it from this site:
"To allow directory browsing via Apache Tomcat change the parameter "listings" in the file conf/web.xml from false to true."
Call your page not as C:/Documents and Settings/.../page.html but as localhost:8080/your_servlet_name (page is better named index.html).
This way, you will be able to make AJAX requests to localhost:8080/your_servlet_name/something_else.
A solution that worked for me was that I had to add "www" to the url! I was using URL Rewrite, so every URL that I had (image, js, get, load, post), I needed to use full url, but it was missing "www"!
For me, It was web api(c# .NET) request and cors was not enabled.
Added header for cors on controller and it solved the problem.
[EnableCors(origins: "*", headers: "*", methods: "*")]