There is an excellent blog Cross-domain communications with ABAP and JSONP written by Alessandro Spadoni.
And in this blog, I just record down my own study experience about how to achieve cross domain request in ABAP and Java.
Cross Domain Request in ABAP
Create a new ICF node in tcode SICF, implement the following source code in its handler class.4
Cross Domain Request in Java
The similar logic as in ABAP.
Create a dynamic web project in Java with a servlet named “HelloWorldServlet”:
public class HelloWorldServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public HelloWorldServlet() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
List<String> allowedUserId = Arrays.asList(getServletContext().getInitParameter("userIds").trim().split(","));
String clientOrigin = request.getHeader("origin");
String ipAddress = request.getHeader("x-forwarded-for");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
String userId = request.getParameter("userId");
if( userId != null)
userId = userId.trim();
if( allowedUserId.contains(userId)){
response.setHeader("Access-Control-Allow-Origin", clientOrigin);
}
if( ipAddress.equals("0:0:0:0:0:0:0:1"))
response.getWriter().println("local one");
else
response.getWriter().println("Hello World!");
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
The web.xml in folder WEB-INF, which the allowed user ids are listed in node .
Now access the servlet with user id which is not included in the list, and the request fails:
Client side workaround
Sometimes for development purpose we would like to bypass the limitation of same origin policy, and here below are two approaches I used in my daily work.
workaround 1: use Chrome extension “Allow-Control-Allow-Origin”
workaround 2: disable same origin policy via Chrome start command argument –disable-web-security
Create a new shortcut and add the argument –disable-web-security