Fetch JSON data from a third-party and getting around the SOP

The Same Origin Policy is preventing me from fetching the JSON data I need from anot开发者_开发知识库her web site (with permission). I saw one person who was working around this with JsonpRequestBuilder, but I'm not sure if that's going to be the best solution for me. The only other option that comes to my mind would be to have an intermediary servlet on my server.

What's my best bet here? I have concerns with both methods. With an intermediary servlet, I worry about the delay that would introduce. With the JsonpRequestBuilder, it looks like I have to create a complete JavascriptObject for each method I'll call from the other site, even though I only need to pull out a single value from some of those methods.

I don't use Java, but JSONP is what I usually implement when I need cross-domain chatter, and I'm sure someone will have made a Java library that unwraps it. It requires a change on the third-part's site, but it is a very simple change.

EDIT: Sounds like that is what that library does, sorry... but still... it's the way to go :)

Check out the CORS Specification. We are using this to successfully circumvent the SOP using our own server with GWT's devmode Jetty.

You don't have to "create a complete JavaScriptObject", a JavaScriptObject is actually just a mean to call to JavaScript from the Java world, so you only need the one getter for the value you need, and it can even return a "nested" value:

public native String getFoo() /*-{
    return this.nested[0].obj.foo;
}-*/;

Whether you'll use JSONP (and JsonpRequestBuilder) or a "proxy servlet" actually only depends by the capabilities of the "service" you need to call: JSONP is JavaScript, not JSON, so the server has to return a "JSONP response script" or you won't be able to use JsonpRequestBuilder (and similarly, you won't be able to (safely) use CORS or a proxy-servlet if the server returns a "JSONP script" rather than application/json).