I have implemented file download functionality in my application
navigateToURL(urlRequest,"_blank");
I am using navigateToURL method to call servlet in Java backed but in that case my URL contains values as in that URL request i am passing values in string and through get method i am downloading that file.
(like path of a file) so i need to hide that as it is security concern , please share your valuable comments.
You can use POST in Flex setting URLRequestMethod.POST to URLRequest.method();
This will hide your parameters from the eye, it's not a security solution, though.
Related
So, I'm currently developing an app for a service which has a json-based (unfortunately) read only API. Retrieving content is no problem at all, however the only way to post content is using a form on their site which location is a PHP script. The service is open source so I know which fields the form expects, but whatever I send, it always results in a BAD REQUEST.
I captured the network traffic inside my browser and as far as I can see, the browser constructs a multipart form request, however when I copy the request and invoke it again using a REST client, a BAD REQUEST gets returned.
Is there a way to construct a http request in Android that simulates a form post?
If it's readonly I think you wouldn't be able to make requests with POST (it's assume for editing or adding things).
If you let me make you an advise, I recommend you using this project as a Library.
https://github.com/matessoftwaresolutions/AndroidHttpRestService
It makes you easy deal with apis, control network problems etc.
You can find a sample of use there.
You only have to:
Build your URL
Tell the component to execute in POST mode
Build your JSON
As I told you, I don't know even if it will work.
I hope it helps!!!
We have a GWT app that accesses REST API. REST API is meant for other uses too, and is secured using JAAS basic authorization. GWT app uses RestyGWT dispatcher and filter, as shown here, to add Authorization: Basic to header, and, so far, this works fine.
However, our app also allows users to work with files, either download generated (such as pdf reports) or upload/download any kind files. We used servlets on server side for upload and download of these files, and Window.open() call to receive them in GWT. Without JAAS this worked fine.
Now I'm trying to secure that part of the API, too. Window.open(...) won't work because it doesn't allow for adding headers.
Is there some kind of workaround for this?
I've tried RequestBuilder, and I receive correct response, that contains the requested file. However, I'm not able to initiate the download of the file. Is it maybe possible to encode this (AJAX) response as data:... URL and display it using, for example, iframe, which will, in turn, initiate file download?
I always handled downloads by producing regular links. Wouldn't it be ok to check if a user session is valid and only then deliver the file?
By the way you could obtain an opened window's document and populate it:
public static native Document open(String url, String name, String features)/*-{
return $wnd.open(url, name, features).document;
}-*/;
I am new to web programming. My web application can upload files (uploaded by drag and drop method in javascripts ) and i want to retrieve them in servlet using Json . servlet file only needs the contents of the text files to do the calculation.
Can any one suggest how to do this ?
softwares used - netbeans ,tomcat
Thank you.
I'm not quite sure if you mean rendering your files in servlets or actually downloading them from your browser. I'm going to assume you mean rendering them. If so, then what you have to do is set up a URI which is associated with the content you want to render. Let's say this is a simple "hello world" rendering in the browser. what you would do is set up a URI as such:
localhost:3000/helloWorld.html.jsp
What you do on your back end is then wait to receive a http GET request to "/helloWorld.html.jsp" page, and then have your router send over the correct page. Luckily, with tools such as tomcat, the routing from local host is straight forward enough, and as your comments mentioned this is simple enough to do with the ample resources on the web.
Also an important point, you don't need JSON when using servlets (if i understood your problem correctly). If you want to send over data in a JSON format, then all you would do is modify the above steps to listen for "/sendJSON.html.jsp" (this could be an empty jsp), and you send over JSON from your back end in your response.
yesterday i started brainstorm for a project of mine and I'm not sure if its the correct approach.
On my website I'm having an (kind of an order form) which sends a post to a target URL, which works with a simple curl php script. The target is an external service (where I have no access no rights, nothing). I only know that I will get a POST with further processed data back from the service, which I have to save into my DB.
in steps:
Users fills out the (order) form and posts data to an external url on my website.
data gets externally handled and after finishing that resents a post.
read incoming post data.
save data into DB.
Success page on my website.
My thoughts were to handle the incoming data with a servlet (spring maven project) but I'm not sure if this is a correct approach. Is there a better why to do this. Or is the first step with the php scripts wrong. thx for any help.
A simplest workflow could be
1. Forward the initial (Order form with values) request to a servlet
2. Invoke a post request using java to an external url inside this servlet (Using Apache http client, or libraries such as HTMLUnit)
3. Once you get the incoming response in your servlet, you can update your database.
If you are using spring, the controller could forward initial request to a business class which will handle this post processing and delegate the database update to respective DAO.
There are a number of suitable ways to handle this, and the decision is largely a matter of preference and what you're familiar with. Spring can handle this sort of job quite well.
Note: Maven is a build system for Java and some other JVM languages. I recommend using it, but it's not part of Spring; what you're probably looking for is Spring MVC.
I am writing a Java based Web application, which, in the actual production environment would be front-ended by another application which would set certain HTTP request headers before the request hits my application.
However, in the development environment I do not have the front-ending application, for which I need to create a mock web application that simulates the same behavior. i.e. this mock application should set the request headers and redirect or forward or whatever that I do not know :) to a certain page in my application.
How can I accomplish this?
The following articles may help you:
Adding Header Information to an existing HTTP Request
How to modify request headers in a J2EE web
application.
P.S.
I am sorry I provided only links, that was one of my early answer on SO ))
In case you don't want to modify your code as suggested by #user1979427 you can use a proxy server to modify headers or add headers on the fly.
For example in Apache HTTPD you would add something like below and proxy the
Header add HEADER "HEADERVALUE"
RequestHeader set HEADER "HEADERVALUE"
Refer to HTTPD doc
You should create a AddReqHeaderForFrowardWrapper request wrapper passing the headername and header values. And, override the request header related methods to return your custom header.
You can use Tracer to implement this.
There are frameworks available to support this implementation.
Spring has Sleuth, Zipkin, OpenTracing available.
I find OpenTracing to be easy to use without worrying about dependency conflicts.
Read more about it here: https://opentracing.io/guides/java/
Instead of writing a mock application, I used a browser add-on that allowed me to add custom headers!
For setting header in java, you can use:
request.setHeader(attributeName, attributeValue);
And for redirecting to another page, you can use:
request.sendRedirect(URL);