hi friends
I would want to know if call servlet from javascript is good practice or no?
I always call servlet from other servlet (mvc) but now in my job i must modify an application , tshi application call servlet from javascript!
that not look good!
Can someone give me an opinion?
There are many fine applications that use Ajax/Javascript to make calls to a Servlet. What in particular do find unappealing in the way your application is doing it? Can you post an example?
Junilu Lacar wrote:There are many fine applications that use Ajax/Javascript to make calls to a Servlet. What in particular do find unappealing in the way your application is doing it? Can you post an example?
I just was curious. I guess is not good practice for security. Or i am wrong?
Here a line example:
jhon masco wrote:I just was curious. I guess is not good practice for security. Or i am wrong?
I don't know. What do you consider insecure about that code?
(There's plenty of places in web applications where you can do insecure things; I'm just asking which of the long list of insecure things applies in this case.)
Actually, you cannot call a servlet from another servlet. You can only forward, unless you just break into the servlet's processing methods by main brute force.
You definitely don't "call" a servlet from JavaScript. Since JavaScript runs on the client and the servlet runs on the server, the client can only make an HTTP(S) request that invokes a servlet's processing method.
The biggest security risks in a J2EE application don't come so much from whether requests were made directly from a browser or via AJAX, but from whether or not the webapp was designed secure to begin with. Which is the main reason I make so much noise about not writing your own security system if the J2EE-standard one can be used instead.
Thanks for all the replies.
Then i would conclude that is not bad use javascript or ajax for call servlet (redirect).
Yes Tim, you are right when you say than the most important is the web application design.
Particularly i dont like when i can see the code of any file (.js.jsp.php, etc) from of my web browser.!
That is this case. I can access to the javascript files from the browser. That is a design problem definitively.!
I would want to know if call servlet from javascript is good practice or no?
Yes it is a good practice because by using javascript you can enrich the user experience... rather than using flash content(which can be annoying at times)...
Moreover you cannot call a servlet without using some kind of inter-laying code, example : javascript or ajax ....
I dont know why you are feeling this is not good pratice, but for your information, GMAIL is popular because most of the functionalities are implemented by using AJAX(calling servlet using java script).