java sap 超时再次请求_SAP ABAP和Java跨域请求问题的解决方案

There is an excellent blog Cross-domain communications with ABAP and JSONP written by Alessandro Spadoni.

And in this blog, I just record down my own study experience about how to achieve cross domain request in ABAP and Java.

Cross Domain Request in ABAP

Create a new ICF node in tcode SICF, implement the following source code in its handler class.4

METHOD if_http_extension~handle_request.

DATA: lv_text TYPE string value 'hello world'.

server->response->append_cdata(

data = lv_text

length = strlen( lv_text ) ).

ENDMETHOD.

Access the url in browser, and it works as expected.

And now try to access the url by AJAX in jQuery:

function getPostByAJAX(requestURL){

var html = $.ajax({

url: requestURL,

async: false}).responseText;

debugger;

return html;

}

You will get the following error message in browser: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘null’ is therefore not allowed access.

The request fails to finish due to same origin policy.

Add a few more codes in the ICF handler class:

METHOD if_http_extension~handle_request.

DATA: lv_text TYPE string VALUE 'hello world'.

CONSTANTS: cv_white_id TYPE string VALUE 'i042416'.

DATA(lv_origin) = server->request->get_header_field( 'origin' ).

DATA(lv_userid) = server->request->get_form_field( 'userId' ).

IF lv_userid = cv_white_id.

server->response->set_header_field(

EXPORTING

name = 'Access-Control-Allow-Origin'

value = lv_origin ).

ENDIF.

server->response->append_cdata(

data = lv_text

length = strlen( lv_text ) ).

ENDMETHOD.

And when requesting the resource again but this time with a hard coded user id which acts a a simulation of white list, the request can be successfully processed this time thanks to CORS:

The response is available in JavaScript code:

Change the user id to any other one and the request will fail again:

Cross Domain Request in Java

The similar logic as in ABAP.

Create a dynamic web project in Java with a servlet named “HelloWorldServlet”:

Copy the following implementation source code into the Servlet:

public class HelloWorldServlet extends HttpServlet {

private static final long serialVersionUID = 1L;

public HelloWorldServlet() {

super();

}

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

List allowedUserId = Arrays.asList(getServletContext().getInitParameter("userIds").trim().split(","));

String clientOrigin = request.getHeader("origin");

String ipAddress = request.getHeader("x-forwarded-for");

if (ipAddress == null) {

ipAddress = request.getRemoteAddr();

}

String userId = request.getParameter("userId");

if( userId != null)

userId = userId.trim();

if( allowedUserId.contains(userId)){

response.setHeader("Access-Control-Allow-Origin", clientOrigin);

}

if( ipAddress.equals("0:0:0:0:0:0:0:1"))

response.getWriter().println("local one");

else

response.getWriter().println("Hello World!");

}

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

doGet(request, response);

}

}

The web.xml in folder WEB-INF, which the allowed user ids are listed in node .

xmlns="http://java.sun.com/xml/ns/javaee"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"

id="WebApp_ID" version="2.5">

JerryTest

Hello

index.html

userIds

i042416,i042417,i042418

HelloWorldServlet

HelloWorldServlet

helloworld.HelloWorldServlet

HelloWorldServlet

/Hello

Now access the servlet with user id which is not included in the list, and the request fails:

And perform positive test via an allowed user id specified in request:

Request is successfully handled and returned to browser:

Client side workaround

Sometimes for development purpose we would like to bypass the limitation of same origin policy, and here below are two approaches I used in my daily work.

workaround 1: use Chrome extension “Allow-Control-Allow-Origin”

Once installed, just switch on CORS via checkbox:

This extension will automatically add a new field in request header to do the magic:

Now the response is available with the help of this extension, even the requested user id is not in allowed list:

workaround 2: disable same origin policy via Chrome start command argument –disable-web-security

Create a new shortcut and add the argument –disable-web-security

request detail:

This time the request is still successfully handled – you will see a warning “Stability and security will suffer.” in Chrome.

要获取更多Jerry的原创文章，请关注公众号"汪子熙":