zoukankan      html  css  js  c++  java
  • SAP ABAP和Java跨域请求问题的解决方案

    There is an excellent blog Cross-domain communications with ABAP and JSONP written by Alessandro Spadoni.
    And in this blog, I just record down my own study experience about how to achieve cross domain request in ABAP and Java.

    Cross Domain Request in ABAP

    Create a new ICF node in tcode SICF, implement the following source code in its handler class.4

    METHOD if_http_extension~handle_request.
       DATA: lv_text TYPE string value 'hello world'.
       server->response->append_cdata(
                            data   = lv_text
                            length = strlen( lv_text ) ).
      ENDMETHOD.
    

    Access the url in browser, and it works as expected.

    And now try to access the url by AJAX in jQuery:

    function getPostByAJAX(requestURL){
       var html = $.ajax({
      	url: requestURL,
      	async: false}).responseText; 
       debugger;
       return html;
    }
    

    You will get the following error message in browser: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘null’ is therefore not allowed access.

    The request fails to finish due to same origin policy.

    One remedy is to use Cross-Origin Resource Sharing.

    Add a few more codes in the ICF handler class:

      METHOD if_http_extension~handle_request.
    
        DATA: lv_text TYPE string VALUE 'hello world'.
        CONSTANTS: cv_white_id TYPE string VALUE 'i042416'.
    
        DATA(lv_origin) = server->request->get_header_field( 'origin' ).
        DATA(lv_userid) = server->request->get_form_field( 'userId' ).
        IF lv_userid = cv_white_id.
          server->response->set_header_field(
             EXPORTING
               name  = 'Access-Control-Allow-Origin'
               value = lv_origin ).
        ENDIF.
        server->response->append_cdata(
                             data   = lv_text
                             length = strlen( lv_text ) ).
      ENDMETHOD.
    

    And when requesting the resource again but this time with a hard coded user id which acts a a simulation of white list, the request can be successfully processed this time thanks to CORS:

    The response is available in JavaScript code:

    Change the user id to any other one and the request will fail again:


    Cross Domain Request in Java

    The similar logic as in ABAP.
    Create a dynamic web project in Java with a servlet named “HelloWorldServlet”:

    Copy the following implementation source code into the Servlet:

    public class HelloWorldServlet extends HttpServlet {
        private static final long serialVersionUID = 1L;
        public HelloWorldServlet() {
            super();
        }
        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {	
        	List<String> allowedUserId = Arrays.asList(getServletContext().getInitParameter("userIds").trim().split(","));
            String clientOrigin = request.getHeader("origin");
            String ipAddress = request.getHeader("x-forwarded-for");
            if (ipAddress == null) {
                ipAddress = request.getRemoteAddr();
            }
            String userId = request.getParameter("userId");
            if( userId != null)
            	userId = userId.trim();
            if( allowedUserId.contains(userId)){
            	response.setHeader("Access-Control-Allow-Origin", clientOrigin);
            }
            if( ipAddress.equals("0:0:0:0:0:0:0:1"))
            	response.getWriter().println("local one");
            else
            	response.getWriter().println("Hello World!");
        }
    	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    		doGet(request, response);
    	}
    }
    

    The web.xml in folder WEB-INF, which the allowed user ids are listed in node .

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns="http://java.sun.com/xml/ns/javaee"
    	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    	id="WebApp_ID" version="2.5">
    	<display-name>JerryTest</display-name>
    	<welcome-file-list>
    		<welcome-file>Hello</welcome-file>
    		<welcome-file>index.html</welcome-file>
    	</welcome-file-list>
    	<context-param>
    		<param-name>userIds</param-name>
    		<param-value>i042416,i042417,i042418</param-value>
    	</context-param>
    	<servlet>
    		<description></description>
    		<display-name>HelloWorldServlet</display-name>
    		<servlet-name>HelloWorldServlet</servlet-name>
    		<servlet-class>helloworld.HelloWorldServlet</servlet-class>
    	</servlet>
    	<servlet-mapping>
    		<!-- http://stackoverflow.com/questions/4140448/difference-between-and-in-servlet-mapping-url-pattern -->
    		<servlet-name>HelloWorldServlet</servlet-name>
    		<url-pattern>/Hello</url-pattern>
    	</servlet-mapping>
    </web-app>
    

    Now access the servlet with user id which is not included in the list, and the request fails:

    And perform positive test via an allowed user id specified in request:

    Request is successfully handled and returned to browser:

    Client side workaround

    Sometimes for development purpose we would like to bypass the limitation of same origin policy, and here below are two approaches I used in my daily work.

    workaround 1: use Chrome extension “Allow-Control-Allow-Origin”

    Once installed, just switch on CORS via checkbox:

    This extension will automatically add a new field in request header to do the magic:

    Now the response is available with the help of this extension, even the requested user id is not in allowed list:

    workaround 2: disable same origin policy via Chrome start command argument –disable-web-security

    Create a new shortcut and add the argument –disable-web-security

    request detail:

    This time the request is still successfully handled – you will see a warning “Stability and security will suffer.” in Chrome.

    要获取更多Jerry的原创文章,请关注公众号"汪子熙":

  • 相关阅读:
    maven工程下添加oracle驱动包
    面试题----入参两个Integer,无返回值,然后使这个两个值在调用函数后交换
    使用spring data solr 实现搜索关键字高亮显示
    MyBatisPlus忽略映射字段注解
    Linux下Solr单机版、集群版安装与配置
    AngularJs实现全选功能
    SpringBoot2.0整合mybatis、shiro、redis实现基于数据库权限管理系统
    springboot2.0集成shiro出现ShiroDialect报错找不到AbstractTextChildModifierAttrPr
    linux下ssh远程登录服务器入门操作
    英文邮件寻求帮助的礼貌用语
  • 原文地址:https://www.cnblogs.com/sap-jerry/p/13544888.html
Copyright © 2011-2022 走看看