A cross-domain question: can a normal request, but there is no way to get a response result
solution: set the request header, set up Access-Control-Allow-Origin request header in the resource request
// 3 set request headers.
Response.setHeader ( "access-Control-Allow- Origin", "*");
two .JSONP solve cross-domain problems
common cross-domain access problems, the browser will intercept all the src attribute will not intercept
ajax: http: // www.a.com:8080/a/AServlet
JSONP implementation principle: dynamic loading <script> tag, using the src attribute access server resources, but only support Get request
1. in our Ajax request them, need to be way JSONP request (jquery by means of dynamically generated sript)
JSONP: "when the front desk representatives to pass a background, the background before being passed to you jsonpCallBack"
designated 2. And then AJAX requests which need to be returned data format is JSONP
dataType: "JSONP"
Get 3.JSONP need to request username = zhangsan?
Things 4. background needs to be done:
1. Normal receiving data
2. Return data
reception transmission over jsonp need to backtrack
String jsonp=request.getP("jsonpCallBack");
Required to return the data into Success the JSON
response.getWirter.write (JSONP + "(" + data returned JSON + ")");
Solution:
Review Ajax request:
$ ( "Button #") the Click (function () {.
// Get the value of the text box
var username = $ ( "# username") Val ();.
// www Ajax requests .a.com a project of
$ .ajax ({
url: "http://www.a.com:8080/a/AServlet?username=" username +,
of the type: "GET",
JSONP: "jsonpCallBack", / / callback
dataType: "JSONP",
Success: function (Result) {
Alert (Result);
},
error: function () {
Alert ( 'system error ~')
}
});
});
change the background requests, it is necessary JSONP backtrack
protected void the doGet (the HttpServletRequest Request, the HttpServletResponse Response) throws ServletException, IOException {
//. 1. accepts data
String username = request.getParameter ( "username");
System.out.println ( "accepts data:" + username);
Ajax @ accept data transferred
String jsonpCallBack = request.getParameter ( "jsonpCallBack");
System.out.println ( "jsonpCallBack:" + jsonpCallBack);
Success JSON.toJSONString = String ( "Success");
. 2 // response result, data must JSON format
response.getWriter () Write (jsonpCallBack + "(" Success + + ")");.
.. 3 // setting request header
/*response.setHeader("Access-Control-Allow-Origin "," * "); * /
}
. use three HTTPClient solve: just do not send requests through the browser
Ajax page B project is no way to send a request to the a project because the browser will be blocked, go back, back to request a project by HTTPClient, to obtain a response result
Bindex.jsp page request to B 1.B engineering works Servlet
$ ( "# the Button"). the Click (function ( ) {
// get the text box to the value of the
var username = $ ( "# username") Val ();.
// Ajax requests www.a.com a project of
$ .ajax ({
url: "BServlet username =? "+ username,
type:" the GET ",
Success: function (Result) {
Alert (Result);
},
error:function () {
Alert ( 'System Error ~')
}
});
});
BServlet 2.B to simulate the engineering project A HTTP request to the
protected void the doGet (the HttpServletRequest Request, the HttpServletResponse Response) throws ServletException, IOException {
// internally forwarded by the HTTPClient
// build a connection
CloseableHttpClient client = HttpClients .createDefault ();
// build request
HttpGet HttpGet new new GET = ( "http://www.a.com:8080/a/AServlet?username=" + request.getParameter ( "username"));
// send a request
httpResponse = client.execute CloseableHttpResponse (gET);
// get return result
String = EntityUtils.toString the result (httpResponse.getEntity ());
// A project will respond to the results page
response.getWriter () write (result). ;
}
3.A process request engineering
protected void the doGet (the HttpServletRequest Request, the HttpServletResponse Response) throws ServletException, IOException {
//. 1 to accept data.
String username = request.getParameter ( "username");
System.out.println ( "accepted data : "+ username);
// 2 response result
response.getWriter () write ( "success" ).;
}
II. To prevent duplicate submission form
1. network delay, delay times within the network, frequent submission form
can only be submitted once, submit event monitoring form, by a boolean variable to distinguish've clicked or not clicked, if already clicked too, the form is not submitted, did not click submit
2. reload the page or backward
ideas are as follows: when I access the login page to create a token token (as a logo) and save them to the session, and then form the time of filing of the token will be submitted together with
the background Servlet to judge among the session token and the token is equal form submission, submission represents normal if they are equal (empty session), if not equal, filed on behalf of non-normal
Form.jsp page
<body >
<form Action = "FormServlet" the onsubmit = "return formSubmit ()" Method = "POST">
<INPUT type = "hidden" ID = "hiddenToken" name = "formToken" />
<INPUT type = "text" name = "username" />
<INPUT type = "Submit" value = "submit" />
</ form>
</ body>
<Script type = "text / JavaScript">
// create a variable false on behalf of not clicked, true representatives have clicked
var Flag = false;
function formSubmit () {
if (flag!) {// is negated to false
In Flag = to true;
return to true;
} the else {
return to false;
}
}
$(function () {
//生成令牌
$.ajax({
url:"TokenServlet",
type:"POST",
success:function (token) {
$("#hiddenToken").val(token);
}
})
})
</script>
TokenServlet:
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//生成令牌
String token = UUID.randomUUID().toString();
//令牌保存到session当中
request.getSession().setAttribute("sessionToken",token);
//响应
response.getWriter().write(token);
}
FormServlet:
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// authentication token
// Get the page hidden field data submitted
String formToken = request.getParameter ( "formToken");
// Get the Session Token
String sessionToken = (String) request.getSession () getAttribute ( "sessionToken." );
// If not the page and get the session, the representatives have submitted, do not resubmit
IF) {(formToken.equals (sessionToken!)
response.getWriter () the Write ( "do not send ~").;
return;
}
// receive data
String username = request.getParameter ( "username");
System.out.println ( "Data is received:" + username);
// token must be cleared, or will always be consistent
request.getSession () .removeAttribute ( "sessionToken");
{the try
// analog network delaying
the Thread.sleep (300);
} the catch (InterruptedException E) {
e.printStackTrace ();
}
// return data
response.getWriter () Write ( "Success");.
}
Three prevent XSS attacks: Most browsers have solved the problem
script injection
to prevent XSS attacks: Background created Filter filter, filter implanted script data <script>, use regular expressions to match the format of the submitted data