Expand Authors Top

If you have a few years of experience in the Java ecosystem and you’d like to share that with the community, have a look at our Contribution Guidelines.

Expanded Audience – Frontegg – Security (partner)
announcement - icon User management is very complex, when implemented properly. No surprise here.

Not having to roll all of that out manually, but instead integrating a mature, fully-fledged solution - yeah, that makes a lot of sense.
That's basically what Frontegg is - User Management for your application. It's focused on making your app scalable, secure and enjoyable for your users.
From signup to authentication, it supports simple scenarios all the way to complex and custom application logic.

Have a look:

>> Elegant User Management, Tailor-made for B2B SaaS

November Discount Launch 2022 – Top
We’re finally running a Black Friday launch. All Courses are 30% off until the end of this week:


NPI – Lightrun – Spring (partner)

We rely on other people’s code in our own work. Every day. It might be the language you’re writing in, the framework you’re building on, or some esoteric piece of software that does one thing so well you never found the need to implement it yourself.

The problem is, of course, when things fall apart in production - debugging the implementation of a 3rd party library you have no intimate knowledge of is, to say the least, tricky. It’s difficult to understand what talks to what and, specifically, which part of the underlying library is at fault.

Lightrun is a new kind of debugger.

It's one geared specifically towards real-life production environments. Using Lightrun, you can drill down into running applications, including 3rd party dependencies, with real-time logs, snapshots, and metrics. No hotfixes, redeployments, or restarts required.

Learn more in this quick, 5-minute Lightrun tutorial:

>> The Essential List of Spring Boot Annotations and Their Use Cases

1. Overview

If you've been developing anything on the web, you're aware of the same-origin policy constraint browsers have when dealing with AJAX requests. The simple overview of the constraint is that any request originating from a different domain, schema or port, will not be permitted.

One way to relax this browser restriction when working with JSON data – is by using JSON with padding (JSON-P).

This article discusses Spring's support for working with JSON-P data – with the help of AbstractJsonpResponseBodyAdvice.

2. JSON-P in Action

The same-origin policy is not imposed over the <script> tag, allowing scripts to be loaded across different domains. JSON-P technique takes advantage of this by passing the JSON response as the argument of the javascript function.

2.1. Preparation

In our examples, we will use this simple Company class:

public class Company {
    private long id;
    private String name;
    // standard setters and getters

This class will bind the request parameters and shall be returned from the server as JSON representation.

The Controller method is a simple implementation as well – returning the Company instance:

public class CompanyController {

    @RequestMapping(value = "/companyRest",
      produces = MediaType.APPLICATION_JSON_VALUE)
    public Company getCompanyRest() {
        Company company = new Company(1, "Xpto");
        return company;

On the client side we can use jQuery library to create and send an AJAX request:

    url: 'http://localhost:8080/spring-mvc-java/companyRest',
    data: {
        format: 'json'
    type: 'GET',

Consider an AJAX request against the following URL:


The response from the server would be the following:


As the request was sent against the same schema, domain, and port, the response will not get blocked, and JSON data will be allowed by the browser.

2.2. Cross-Origin Request

By changing the request URL to:

the response will get blocked by the browser, due to request being sent from localhost to which is considered a different domain and presents a violation of the same-origin policy.

With JSON-P, we are able to add a callback parameter to the request:

On the client side it's as easy as adding the following parameters to the AJAX request:

    dataType: 'jsonp',

The getCompanyData will be the function called when the response is received.

If the server formats the response like the following:


browsers will not block it, as it will treat the response as a script negotiated and agreed upon between the client and the server on account of matching getCompanyData in both request and the response.

3. @ControllerAdvice Annotation

The beans annotated with @ControllerAdvice are able to assist all or a specific subset of Controllers and is used to encapsulate cross-cutting behavior shared between different Controllers. Typical usage patterns are related to exception handling, adding attributes to models or registering binders.

Starting with Spring 4.1, @ControllerAdvice is able to register the implementations of ResponseBodyAdvice interface which allows changing the response after its being returned by a controller method but before being written by a suitable converter.

4. Changing the Response Using AbstractJsonpResponseBodyAdvice

Also starting with Spring 4.1, we now have access to the AbstractJsonpResponseBodyAdvice class – which formats the response according to JSON-P standards.

This section explains how to put the base class at play and change the response without making any changes to the existing Controllers.

In order to enable Spring support for JSON-P, let’s start with the configuration:

public class JsonpControllerAdvice 
  extends AbstractJsonpResponseBodyAdvice {

    public JsonpControllerAdvice() {

The support is made using the AbstractJsonpResponseBodyAdvice class. The key passed on the super method is the one that will be used in URL requesting JSON-P data.

With this controller advice, we automatically convert the response to JSON-P.

5. JSON-P With Spring in Practice

With the previously discussed configuration in place, we are able to make our REST applications respond with JSON-P. In the following example, we will return company's data, so our AJAX request URL should be something like this:

As a result of the previous configuration, the response will look as follows:


As discussed, the response in this format will not get blocked despite originating from a different domain.

The JsonpControllerAdvice can easily be applied to any method that returns a response annotated with @ResponseBody and ResponseEntity.

There should be a function with the same name passed in the callback, getCompanyData, for handling all the responds.

6. Conclusion

This quick article shows how an otherwise tedious work of formatting the response to take advantage of JSON-P is simplified using the new functionality in Spring 4.1.

The implementation of the examples and code snippets can be found in this GitHub project.

November Discount Launch 2022 – Bottom
We’re finally running a Black Friday launch. All Courses are 30% off until the end of this week:


REST footer banner
Comments are closed on this article!