HttpUrlConnection Post causes the browser to download the response JSON in Java Proxy

Question

Hi all

I'm making call to Alfresco Webscripts which return JSON. I do this using GET requests which all work perfectly. If I do a file POST however, the Alfresco server receives the file correctly and sends back a JSON response, but this time the response causes the browser to prompt for a download instead of the letting Javascript process the callback.

Now all these calls are going through a "home made" reverse proxy (see below) which uses HttpUrlConnection. This proxy routes all the calls to an Alfresco running on another host. Everything else works fine (pngs, text, html, GET requests,even authentication). In both GET and POST responses the Content-Type is "application/json;charset=UTF-8"

Many thanks for any responses.

import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;

public class ReverseProxy extends GenericServlet{

public static final String SERVER_URL = "serverURL";
protected String serverURL;
protected boolean debug;

public ReverseProxy(){
}

public void init(ServletConfig config) throws ServletException {
    super.init(config);
    debug = Boolean.valueOf(config.getInitParameter("debug")).booleanValue();
    serverURL = config.getInitParameter("serverURL");
    if(serverURL == null){
        throw new ServletException("ReverseProxy servlet initialization parameter 'serverURL' not defined");
    }
}

public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException {
    InputStream inputStream;
    OutputStream outputStream;
    Exception exception;
    if(debug){System.out.println("ReverseProxy.service()");}
    HttpServletRequest request;
    HttpServletResponse response;
    try{
        request = (HttpServletRequest)req;
        response = (HttpServletResponse)resp;
    }
    catch(ClassCastException e){
        throw new ServletException("non-HTTP request or response");
    }
    String method = request.getMethod();
    StringBuffer urlBuffer = new StringBuffer();
    urlBuffer.append(serverURL);
    urlBuffer.append(request.getServletPath());
    if(request.getPathInfo() != null)
        urlBuffer.append(request.getPathInfo());
    if(request.getQueryString() != null){
        urlBuffer.append('?');
        urlBuffer.append(request.getQueryString());
    }
    URL url = new URL(urlBuffer.toString());

    //pass authentication
    String user=null, password=null;

    Set entrySet = req.getParameterMap().entrySet();
    Map headers = new HashMap();
    for ( Object anEntrySet : entrySet ) {
        Map.Entry header = (Map.Entry) anEntrySet;
        String key = (String) header.getKey();
        String value = ((String[]) header.getValue())[0];
        if ("user".equals(key)) {
            user = value;
        } else if ("password".equals(key)) {
            password = value;
        }else {
            headers.put(key, value);
        }
    }

    String userpass = null;
    if (user != null && userpass!=null) {
        userpass = user+":"+password;
    }
    String auth = request.getHeader("Authorization");
    if(auth != null){
        if (auth.toUpperCase().startsWith("BASIC ")){
            String userpassEncoded = auth.substring(6);
            userpass = new String(Base64.decodeBase64(userpassEncoded.getBytes()));
        }
    }

    String digest=null;
    if (userpass!=null) {
        if(debug){System.out.println("ReverseProxy found userpass:" + userpass);}
        digest = "Basic " + new String(Base64.encodeBase64((userpass).getBytes()));
    }
    else{
        if(debug){System.out.println("ReverseProxy found no auth credentials");}
    }

    //do connection
    HttpURLConnection connection = null;
    connection = (HttpURLConnection) url.openConnection();
    if (digest != null) {connection.setRequestProperty("Authorization", digest);}

    connection.setRequestMethod(method);
    connection.setDoInput(true);

    if(method.equals("POST")){
        if(request.getHeader("Content-Type") != null){
            if(debug){System.out.println("ReverseProxy Content-Type: " + request.getHeader("Content-Type"));}
            if(debug){System.out.println("ReverseProxy Content-Length: " + request.getHeader("Content-Length"));}
            if(request.getHeader("Content-Type").indexOf("multipart/form-data") != -1){
                connection.setRequestProperty("Content-Type", request.getHeader("Content-Type"));
                connection.setRequestProperty("Content-Length", request.getHeader("Content-Length"));
            }
        }
        connection.setDoOutput(true);
    }
    if(debug){
        System.out.println((new StringBuilder()).append("ReverseProxy: URL=").append(url).append(" method=").append(method).toString());
    }

    //set headers
    Set headersSet = headers.entrySet();
    for ( Object aHeadersSet : headersSet ) {
        Map.Entry header = (Map.Entry) aHeadersSet;
        connection.setRequestProperty((String) header.getKey(), (String) header.getValue());
    }

    connection.connect();
    inputStream = null;
    outputStream = null;
    try{
        if(method.equals("POST")){
            javax.servlet.ServletInputStream servletInputStream = request.getInputStream();
            outputStream = connection.getOutputStream();
            copy(servletInputStream, outputStream);
        }
        response.setContentLength(connection.getContentLength());
        response.setContentType(connection.getContentType());
        if(debug){System.out.println("ReverseProxy Connection Content-Type: " + connection.getContentType());}
        response.setCharacterEncoding(connection.getContentEncoding());
        String cacheControl = connection.getHeaderField("Cache-Control");
        if(cacheControl != null){
            response.setHeader("Cache-Control", cacheControl);
        }
        int responseCode = connection.getResponseCode();
        response.setStatus(responseCode);

        if(responseCode == 401){
            response.setHeader("WWW-Authenticate", "Basic realm=\"Login Required\"");
        }

        for( Iterator i = connection.getHeaderFields().entrySet().iterator() ; i.hasNext() ;){
            Map.Entry mapEntry = (Map.Entry)i.next();
            if(mapEntry.getKey()!=null){
                response.setHeader(mapEntry.getKey().toString(), ((List)mapEntry.getValue()).get(0).toString());
            }
        }

        //if(debug){System.out.println("ReverseProxy Connection Content-Disposition: " + connection.getHeaderField("Content-Disposition"));}

        if(debug){System.out.println((new StringBuilder()).append("ReverseProxy: response code '").append(responseCode).append("' from ").append(url).toString());}
        if (responseCode == 200 || responseCode == 201) {
            inputStream = connection.getInputStream();
        }
        else{
            inputStream = connection.getErrorStream();
        }

        javax.servlet.ServletOutputStream servletOutputStream = response.getOutputStream();
        copy(inputStream, servletOutputStream);
    }
    catch(IOException ex){
        if(debug)
            ex.printStackTrace();
        throw ex;
    }
    finally{
        //if(inputStream == null) goto _L0; else goto _L0
        //break;
    }
    if(inputStream != null){
        inputStream.close();
    }
    if(outputStream != null){
        outputStream.close();
    } 
    inputStream.close();
    if(outputStream != null){
        outputStream.close();
    }
    //throw exception;
}

public long copy(InputStream input, OutputStream output) throws IOException{
    byte buffer[] = new byte[4096];
    long count = 0L;
    for(int n = 0; -1 != (n = input.read(buffer));){
        output.write(buffer, 0, n);
        count += n;
    }

    output.flush();
    if(debug)
        System.err.println((new StringBuilder()).append("copy ").append(count).append(" bytes").toString());
    return count;
}

}

Answer 1

I guess the problem is more in the client side or a misconception in your side. It's correct behaviour if the browser prompts to download the file when it has a content type of application/json, because the browser itself doesn't know how to handle it. The browser can only display everything which matches a content type of at least text/* or image/*.

Normally, JSON responses are to be handled internally by JavaScript, which can perfectly handle ajaxical responses with a content type of application/json. You can test it by changing it to text/plain or text/javascript, you'll see that the browser will display it (because it matches text/*). But for JSON the correct content type is indeed application/json. Just keep it as is and use the right tools to download/open the JSON ;)

Answer 2

Solved (as per my comment)

If the request is a XmlHttpRequest sent from Javascript, then the "application/json" content type will be understood and a download will not occur. This is be true for both GET and POST requests. If one is doing a file upload, Libraries such as JQuery, ExtJS etc create a hidden form with a setting of "application/x-www-form-urlencoded" and post it (all without the users interaction). This means the response is being interpreted by the browser, not Javascript. The only way around this is to set the content type of the returning JSON to "text/html" (NOT "text/plain" or else the browser tries to add tags).