Package com.google.gwt.user.server.rpc

Class RemoteServiceServlet

java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
com.google.gwt.user.server.rpc.RemoteServiceServlet
All Implemented Interfaces:
SerializationPolicyProvider, Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
Direct Known Subclasses:
AbstractXsrfProtectedServiceServlet, RemoteLoggingServiceImpl, XsrfTokenServiceServlet
public class RemoteServiceServlet extends AbstractRemoteServiceServlet implements SerializationPolicyProvider
The servlet base class for your RPC service implementations that automatically deserializes incoming requests from the client and serializes outgoing responses for client/server RPCs.
See Also:

  • Constructor Details

    • RemoteServiceServlet

      public RemoteServiceServlet()
      The default constructor used by service implementations that extend this class. The servlet will delegate AJAX requests to the appropriate method in the subclass.

    • RemoteServiceServlet

      public RemoteServiceServlet(Object delegate)
      The wrapping constructor used by service implementations that are separate from this class. The servlet will delegate AJAX requests to the appropriate method in the given object.

  • Method Details

    • loadSerializationPolicy

      static SerializationPolicy loadSerializationPolicy(javax.servlet.http.HttpServlet servlet, javax.servlet.http.HttpServletRequest request, String moduleBaseURL, String strongName)
      Loads a serialization policy stored as a servlet resource in the same ServletContext as this servlet. Returns null if not found. (Used by HybridServiceServlet.)

    • init

      public void init(javax.servlet.ServletConfig config) throws javax.servlet.ServletException
      Overridden to load the gwt.codeserver.port system property.
      Specified by:
      init in interface javax.servlet.Servlet
      Overrides:
      init in class javax.servlet.GenericServlet
      Throws:
      javax.servlet.ServletException

    • getRequestModuleBasePath

      protected String getRequestModuleBasePath()
      Extract the module's base path from the current request.
      Returns:
      the module's base path, modulo protocol and host, as reported by GWT.getModuleBaseURL() or null if the request did not contain the "X-GWT-Module-Base" header

    • getSerializationPolicy

      public final SerializationPolicy getSerializationPolicy(String moduleBaseURL, String strongName)
      Description copied from interface: SerializationPolicyProvider
      Returns a SerializationPolicy for a given module base URL and serialization policy strong name.
      Specified by:
      getSerializationPolicy in interface SerializationPolicyProvider
      Parameters:
      moduleBaseURL - the URL for the module
      strongName - strong name of the serialization policy for the specified module URL
      Returns:
      a SerializationPolicy for a given module base URL and RPC strong name; must not return null

    • processCall

      public String processCall(String payload) throws SerializationException
      Process a call originating from the given request. This method calls checkPermutationStrongName() to prevent possible XSRF attacks and then decodes the payload using RPC.decodeRequest(String, Class, SerializationPolicyProvider) to do the actual work. Once the request is decoded processCall(RPCRequest) will be called.

      Subclasses may optionally override this method to handle the payload in any way they desire (by routing the request to a framework component, for instance). The HttpServletRequest and HttpServletResponse can be accessed via the AbstractRemoteServiceServlet.getThreadLocalRequest() and AbstractRemoteServiceServlet.getThreadLocalResponse() methods.

      This is public so that it can be unit tested easily without HTTP.
      Parameters:
      payload - the UTF-8 request payload
      Returns:
      a string which encodes either the method's return, a checked exception thrown by the method, or an IncompatibleRemoteServiceException
      Throws:
      SerializationException - if we cannot serialize the response
      UnexpectedException - if the invocation throws a checked exception that is not declared in the service method's signature
      RuntimeException - if the service method throws an unchecked exception (the exception will be the one thrown by the service)

    • processCall

      public String processCall(RPCRequest rpcRequest) throws SerializationException
      Process an already decoded RPC request. Uses the RPC.invokeAndEncodeResponse(Object, java.lang.reflect.Method, Object[]) method to do the actual work.

      Subclasses may optionally override this method to handle the decoded rpc request in any way they desire (by routing the request to a framework component, for instance). The HttpServletRequest and HttpServletResponse can be accessed via the AbstractRemoteServiceServlet.getThreadLocalRequest() and AbstractRemoteServiceServlet.getThreadLocalResponse() methods.

      This is public so that it can be unit tested easily without HTTP.
      Parameters:
      rpcRequest - the already decoded RPC request
      Returns:
      a string which encodes either the method's return, a checked exception thrown by the method, or an IncompatibleRemoteServiceException
      Throws:
      SerializationException - if we cannot serialize the response
      UnexpectedException - if the invocation throws a checked exception that is not declared in the service method's signature
      RuntimeException - if the service method throws an unchecked exception (the exception will be the one thrown by the service)

    • processPost

      public final void processPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException, SerializationException
      Standard HttpServlet method: handle the POST. This doPost method swallows ALL exceptions, logs them in the ServletContext, and returns a GENERIC_FAILURE_MSG response with status code 500.
      Specified by:
      processPost in class AbstractRemoteServiceServlet
      Throws:
      javax.servlet.ServletException
      SerializationException
      IOException

    • checkPermutationStrongName

      protected void checkPermutationStrongName() throws SecurityException
      This method is called by processCall(String) and will throw a SecurityException if AbstractRemoteServiceServlet.getPermutationStrongName() returns null. This method can be overridden to be a no-op if there are clients that are not expected to provide the "X-GWT-Permutation" header.
      Throws:
      SecurityException - if AbstractRemoteServiceServlet.getPermutationStrongName() returns null

    • doGetSerializationPolicy

      protected SerializationPolicy doGetSerializationPolicy(javax.servlet.http.HttpServletRequest request, String moduleBaseURL, String strongName)
      Loads the SerializationPolicy for given module base URL and strong name. Returns the policy if successful or null if not found. Due to caching, this method will only be called once for each combination of moduleBaseURL and strongName.

      The default implementation loads serialization policies stored as servlet resources in the same ServletContext as this servlet.

      Override this method to load the SerializationPolicy using an alternative approach.

      Parameters:
      request - the HTTP request being serviced
      moduleBaseURL - as specified in the incoming payload
      strongName - a strong name that uniquely identifies a serialization policy file

    • getCodeServerPolicyUrl

      protected String getCodeServerPolicyUrl(String strongName)
      Returns a URL for fetching a serialization policy from a Super Dev Mode code server.

      By default, returns null. If the gwt.codeserver.port system property is set, returns a URL under http://localhost:{port}.

      To use a server not on localhost, you must override this method. If you do so, consider the security implications: the policy server and network transport must be trusted or this could be used as a way to disable security checks for some GWT-RPC requests, allowing access to arbitrary Java classes.

      Parameters:
      strongName - the strong name from the GWT-RPC request (already validated).
      Returns:
      the URL to use or null if no request should be made.

    • loadPolicyFromCodeServer

      protected SerializationPolicy loadPolicyFromCodeServer(String url)
      Loads a serialization policy from a Super Dev Mode code server. (Not used unless getCodeServerPolicyUrl(java.lang.String) returns a URL.)

      The default version is a simple implementation built on java.net.URL that does no authentication. It should only be used during development.

    • onAfterResponseSerialized

      protected void onAfterResponseSerialized(String serializedResponse)
      Override this method to examine the serialized response that will be returned to the client. The default implementation does nothing and need not be called by subclasses.
      Parameters:
      serializedResponse -

    • onBeforeRequestDeserialized

      protected void onBeforeRequestDeserialized(String serializedRequest)
      Override this method to examine the serialized version of the request payload before it is deserialized into objects. The default implementation does nothing and need not be called by subclasses.
      Parameters:
      serializedRequest -

    • shouldCompressResponse

      protected boolean shouldCompressResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String responsePayload)
      Determines whether the response to a given servlet request should or should not be GZIP compressed. This method is only called in cases where the requester accepts GZIP encoding.

      This implementation currently returns true if the response string's estimated byte length is longer than 256 bytes. Subclasses can override this logic.

      Parameters:
      request - the request being served
      response - the response that will be written into
      responsePayload - the payload that is about to be sent to the client
      Returns:
      true if responsePayload should be GZIP compressed, otherwise false.