I've created a very basic portlet, which displays a String on-screen.
I have another web application hosted on separate VM which offers a REST api that I'd like to consume.
Understand I cannot make AJAX calls to remote web app (without some effort e.g proxy etc).
But what would be best approach to submitting HTTP GET requests to this remote web app?
I've considered both JSP and Servlets but not sure how to invoke the servlet from inside TestPortletView.xhtml and then display results?
Contents of TestPortletView.html ..
<%#page session="false" contentType="text/html" pageEncoding="ISO-8859-1" import="java.util.*,javax.portlet.*,com.ibm.test.*" %>
<%# taglib uri="http://java.sun.com/portlet_2_0" prefix="portlet"%>
<%#taglib uri="http://www.ibm.com/xmlns/prod/websphere/portal/v6.1/portlet-client-model" prefix="portlet-client-model" %>
<portlet:defineObjects/>
<portlet-client-model:init>
<portlet-client-model:require module="ibm.portal.xml.*"/>
<portlet-client-model:require module="ibm.portal.portlet.*"/>
</portlet-client-model:init>
<DIV style="margin: 6px">
<H3 style="margin-bottom: 3px">Welcome!</H3>
This is my basic view mode page.<BR>
</DIV>
Project setup ..
From your code snippet, I'm assuming you're using Websphere Portal (the taglib uri). WebSphere Portal offers a feature called the Ajax Proxy. You can enable and configure the proxy to let you make cross domain requests through Portal. Essentially you send an AJAX request to the Portal that specifies the request you want to send to the other domain. Portal then sends that request on the browsers behalf and returns the response. From the browser's perspective you're only sending AJAX requests to the original domain.
The other option is modify your server with REST API to allow CORS. Here is an an existing answer on SO to give you an idea. The implementation will depend on how your REST service is implemented.
There are a few ways to do this:
Have your portlet make calls to the remote web service directly. Get the response, parse it and do what you need to it, then set the data via request.setAttribute (if its a view) or response.setRenderParameter (if its responding to an action) and your page can then display it. This is by far the easiest as your have fewer parts to manage.
Use a UI framework on the front end that allows for you to do AJAX calls (like jQuery). Then your HTML page can make requests to a servlet, that servlet can then do the work making the actual calls to the remote API and return a chunk of data in the response which your page can use. This would be the way to go if you had Java based logic that you needed the servlet to use (since your front end will only have Javascript to work with) AND you wanted it to be a bit more dynamic.
Also using a UI framework, if you don't have any Java based logic and can do it all in Javascript, then you can potentially have all of your logic in your front end code and just make requests to the remote app directly.
Related
I'm trying to do a single page application using servlets and jsp pages.
For the moment I have the first page, which is simple to do: a servlet that forwards to the corresponding jsp.
How should the implementation look when navigating to the second page?
I guess it should be an ajax call, the servlet would populate the necessary data, but how to display the second page jsp?
JSP is a server side ui technology. A Servlet listens to specific urls and redirects to JSPs pages. The JSP is compiled to a class (another servlet in fact), invoked (data will be added and inline scripts will run) and the output, whith is HTML, is send to the client (browser). To get to a different page its neccessary to query the server (servlet) for another url, resulting in another html page.
To create an SPA you need a client side technology like JavaScript. Your query the server for a single html page. The page, made of HTML and JavaScript, for example, (could even be the output of a single JSP, dont get confused) is send to the client (browser) and the JS is run. This is nomaly backed up by a framework like AngularJS, EmberJS or Backbone. Once the page is set up, the links within the page are anchors (http://example.com/#/mySecondPage), so clicking them will invoke the framework again (Ajax, querying the server for new data), but will stay on the same page. Some contents of the page might then be replaced by new content.
If it is a true SPA then you would just have a single JSP and handle all your functionality (after your initial page load) using Ajax.
Have you looked at using a client-side framework such as Angular to help you with this?
Depending on how rich your SPA is, you could either use the same servlet or multiple servlets to serve each page.
Unless you are doing this for a course or tutorial and have some constraints on how to achieve it, you will very probably save yourself a lot of time if you couple something like Angular with a server-side framework like Spring instead of coding servlets. As a suggestion have a look at Spring with Angular.
In SPA the browser only loads the document once (or a few, once per sub-application), and further communication to the server is done usually via AJAX or Websockets.
I recommend you to model your application as a thin server architecture, that is, a client application running in the browser (HTML, CSS, Javascript) consuming a web service API provided by the server.
The following are some points worth knowing;
Client-side:
Only presentation logic
Represent state by URL hash. This enables bookmarking, hyperlinking and browsing history. Your client app should listen to changes in the URL hash and act in consequence. This technique is called "routing" and it is implemented by all Javascript frameworks.
Client application is packaged server-side such it can be downloaded in a single request (in .html, .jsp, servlet, .jsp + multiple .jspf, ...)
Consumes services provided by the server via AJAX or Websockets
Server:
Offers client application to download
Provides a clean, stateless API to be consumed by the client application, better returning JSON (data) than HTML (presentation logic) (Why is it a bad practice to return generated HTML instead of JSON? Or is it?)
Use a REST or JSON-RPC frameworks to create the API. There is a lot of debate on what to choose (see here or here). In my opinion the only advantage of REST over RPC is that since REST has become a "de facto" standard its interoperability is higher, so my recommendation for SPA applications is using JSON-RPC, because your code is the only client of the API.
There are lots of alternatives for both client and server frameworks.
Javascript: AngularJS, EmberJS or Backbone,...
REST: Spring, Jersey, Restlet,..
JSON-RPC: https://en.wikipedia.org/wiki/JSON-RPC#Implementations
Regarding JSON-RPC, you might want to take a look to Brutusin-RPC, a JEE microframework I have created :)
If you are using an Ajax request, then you need to tell the browser that redirect to the second page. Example:
response.sendRedirect("second_page.jsp");
In your servlet, you need to differentiate a request to the first page, from a request that need to be redirected to the second page. You can use parameters, or session values, for example.
if (request.getParameter("page2") != null) {
response.sendRedirect("second_page.jsp");
} else {
.... // include here the normal logic of your Servlet for page 1
}
Then, you can invoke your servlet with or wihout the parameter page2, to go to page 1 (without parameter), or page 2 (with parameter).
I am developing an application in which i am using angularjs at client side and java,spring at server side,all communication is in the form of JSON.
The problem i am getting is about security.
I have multiple roles, user can have and based on these roles,tabs on UI are visible or not.
If i use JSP then it is easy to use taglib for this problem because jsp is compiled at server and returned html will not have html section for hidden tabs and there is no way by which end-user can see these tabs or their URL part.
But how to solve this problem in angular based application because whatever code i write in angular file,user can change it by firebug etc. and can see the tabs and their URLs.
example : i have following in my html :
Users
I want to hide this thing completely if user is not having required role.
One solution can be writing some directive but user can edit the script of this directive and can see this thing in html.
You need to do 2 things :
Implements an angular Service, giving your client side the authorization (obtained by REST)
Then, on the server side :
you need to protect ALL RESOURCES (html, angular controllers, angular services, rest resources) depending on the user's rights.
May you can protect only Rest Resources if Client side's ones are not critical (I don't mind if my user get my html).
This way, the user won't see the tabs he is not supposed to, but more important, he can't bypass your security in order to show it.
By protecting HTML, I mean that for the tab XX I use ng-include="'tabXX.html'", and I protect this html with Spring Security the same way I protect RestResources.
I have a jsp page(calendar) with lots of JSTL tags in it.
I set the attributes in my servlet and get them in my jsp page thanks to JSTL, EL.
When I press nextweek, I open a xmlhttp which sends a GET to my servlet(Ajax).
All my attributes renew so i want to get them again in my jsp page.
I do not want to dispatch the servlet to my jsp page because of performance latency.
I don't want to fetch servlet results because they are attributes.
I just want to refresh my JSTL & EL so they will get the new values (without refreshing the page).
Is this an illogical way of thinking? but anyway, how can I refresh my JSTL,EL, scriptlets so the new values will appear?
I just want to refresh my JSTL & EL so they will get the new values (without refreching the page)
This is impossible. Note that EL and JSTL run on server side in view build time, so once they're applied when generating the server response, they can't be updated in the page until the server generates new content using the view (basically, your JSP with JSTL, EL and other components)1.
You should look into AJAX requests to your servlet (or the controllers you're using) and probably handling a JSON response to resolve the behavior of your JSP page.
More info:
How to use Servlets and Ajax?
1 Scriptlets also fall in server side category but I omit them since you should not use them for being highly discouraged to use in modern Java web development. More info How to avoid Java code in JSP files?
HttpServlets, JSP, JSTL, EL, and scriptlets are all server side components, ie. get executed on the server to produce an HTTP response. Javascript and AJAX are client side components, ie. work on the returned HTTP response.
You cannot refresh my JSTL & EL on the client side because they simply do not exist.
A possible (and common) solution is to have the request you make with AJAX produce a JSON response which you use to populate/replace HTML elements, where your EL had previously been used to set a value.
I have created a servlet called dbConnect(return type Connection). In which i wrote the code to connect to the database. Now I am calling the dbConnect(<%Connection con=dbConnect.getConnection()%>) into the JSP file. Since JSP file will be in the client side is there any possibility that an hacker can hack the connection??
The larger question is whether or not this is a good thing to do.
My preference would be no scriptlet code in JSPs whatsoever. If you must write JSPs, I'd recommend using JSTL tags and a servlet to handle requests. Let a servlet sit between the JSP and the database and intercede on its behalf with the database. You can do authentication, input validation, binding, and routing in the servlet and let the JSP do what it was meant to do: display only.
If this JSP is intended for anything other than a single toy application, I'd recommend that you dig into model-2 web MVC using JSPs and servlets.
JSP files aren't on the client side. A JSP is compiled into a servlet so anything you feel safe doing in a servlet is just as safe in a JSP page. That code snippet inside of <% %> is turned into plain old java code. Your HTML is turned into a string that's spit out from the servlet back to the client.
So yes, it's fine.
Is it possible to embed html with java
test.html
<input id="buttonId" type="button" class="button-click"
value="" onClick="checkSucess(2)" onload="counts(count)">
test.js
checkSucess = function(firstVal) {
// Jquery Ajax with url,params and response
doPost('test.java',
'first=' + firstVal,
function(response) {
});
test.java
Here get the 'first' value from ajax request, and further processing.
I believe you're looking for JavaServer Pages (.jsp), a starting point for implementing server-side logic using Java. (You can GET/POST to a jsp.)
Reference
JSP + Ajax Example
JavaServer Pages Technology
JSP Tutorial
Well, Java on the server side doesn't work quite like PHP. i.e. you can't simply drop your java files in your htdocs directory and trigger it by filename directly. Firstly you'll need an app server like tomcat or jetty (instead of just a webserver like apache httpd). Secondly, you'll need to create a Servlet (simplest case) and write your java code there and trigger it using the server request url. Google "servlets" and you should be able to pick it from there..
No, you can't do like that, you have to use AJAX request to interact with java from your html or javascript. For that you have to use servlet and pass the servlet URL to doPost function.
doPost('url to servlet',
'first=' + firstVal,
function(response) {
});
Since this is your first java project, you should do some reading to come up to speed with java. Here are some good tutorials:
Core Servlets, Intermediate Servlets
Apache Tomcat 6 - Apache is a nice tool for learning servlets; it is easy to install and run.
Core Servlets; Advanced Servlets - This may be more than you need.
Applets are Java, and the only (usual) way for Java in the browser.
You can communicate with Applets from Javascript/JQuery code. Applets have ending .class (.java is source code, you can't communicate with it).
In the case you want to communicate with serverside Java, you need servlets there. Then send requests to the url of the servlets.
No. Besides using Java Applets - which are actually just plugins - there is no way to embed Java into HTML.
That being said, It is possible to generate HTML using Java Server Pages.
It is also possible to use an HTML page in conjunction with JavaScript to interact with Java via subsequent HTTP Requests made using AJAX. These requests are initiated on the client browser, and received and fulfilled by a server capable of executing Java Server Pages (JPS).
Example:
An HTML page is loadad with some JavaScript that requests some url upon completion of DOM loading.
The request is received by some server which then responds to the request.
The client browser receives the response and provides it to JavaScript to be dealt with.
JavaScript reads the response, and uses it in some way (like "refreshing" some information on the page).