GWT 2.7.0

com.google.gwt.user.server.rpc
Class RemoteServiceServlet

java.lang.Object
  extended by javax.servlet.GenericServlet
      extended by javax.servlet.http.HttpServlet
          extended by com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
              extended by com.google.gwt.user.server.rpc.RemoteServiceServlet
All Implemented Interfaces:
SerializationPolicyProvider, java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
Direct Known Subclasses:
AbstractXsrfProtectedServiceServlet, RemoteLoggingServiceImpl, XsrfTokenServiceServlet

public class RemoteServiceServlet
extends AbstractRemoteServiceServlet
implements SerializationPolicyProvider

The servlet base class for your RPC service implementations that automatically deserializes incoming requests from the client and serializes outgoing responses for client/server RPCs.

See Also:
Serialized Form

Field Summary
 
Fields inherited from class com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
perThreadRequest, perThreadResponse
 
Constructor Summary
RemoteServiceServlet()
          The default constructor used by service implementations that extend this class.
RemoteServiceServlet(java.lang.Object delegate)
          The wrapping constructor used by service implementations that are separate from this class.
 
Method Summary
protected  void checkPermutationStrongName()
          This method is called by processCall(String) and will throw a SecurityException if AbstractRemoteServiceServlet.getPermutationStrongName() returns null.
protected  SerializationPolicy doGetSerializationPolicy(javax.servlet.http.HttpServletRequest request, java.lang.String moduleBaseURL, java.lang.String strongName)
          Loads the SerializationPolicy for given module base URL and strong name.
protected  java.lang.String getCodeServerPolicyUrl(java.lang.String strongName)
          Returns a URL for fetching a serialization policy from a Super Dev Mode code server.
protected  java.lang.String getRequestModuleBasePath()
          Extract the module's base path from the current request.
 SerializationPolicy getSerializationPolicy(java.lang.String moduleBaseURL, java.lang.String strongName)
          Returns a SerializationPolicy for a given module base URL and serialization policy strong name.
 void init(javax.servlet.ServletConfig config)
          Overridden to load the gwt.codeserver.port system property.
protected  SerializationPolicy loadPolicyFromCodeServer(java.lang.String url)
          Loads a serialization policy from a Super Dev Mode code server.
(package private) static SerializationPolicy loadSerializationPolicy(javax.servlet.http.HttpServlet servlet, javax.servlet.http.HttpServletRequest request, java.lang.String moduleBaseURL, java.lang.String strongName)
          Loads a serialization policy stored as a servlet resource in the same ServletContext as this servlet.
protected  void onAfterResponseSerialized(java.lang.String serializedResponse)
          Override this method to examine the serialized response that will be returned to the client.
protected  void onBeforeRequestDeserialized(java.lang.String serializedRequest)
          Override this method to examine the serialized version of the request payload before it is deserialized into objects.
 java.lang.String processCall(RPCRequest rpcRequest)
          Process an already decoded RPC request.
 java.lang.String processCall(java.lang.String payload)
          Process a call originating from the given request.
 void processPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Standard HttpServlet method: handle the POST.
protected  boolean shouldCompressResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String responsePayload)
          Determines whether the response to a given servlet request should or should not be GZIP compressed.
 
Methods inherited from class com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, onAfterRequestDeserialized, readContent
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, service
 
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RemoteServiceServlet

public RemoteServiceServlet()
The default constructor used by service implementations that extend this class. The servlet will delegate AJAX requests to the appropriate method in the subclass.


RemoteServiceServlet

public RemoteServiceServlet(java.lang.Object delegate)
The wrapping constructor used by service implementations that are separate from this class. The servlet will delegate AJAX requests to the appropriate method in the given object.

Method Detail

loadSerializationPolicy

static SerializationPolicy loadSerializationPolicy(javax.servlet.http.HttpServlet servlet,
                                                   javax.servlet.http.HttpServletRequest request,
                                                   java.lang.String moduleBaseURL,
                                                   java.lang.String strongName)
Loads a serialization policy stored as a servlet resource in the same ServletContext as this servlet. Returns null if not found. (Used by HybridServiceServlet.)


init

public void init(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException
Overridden to load the gwt.codeserver.port system property.

Specified by:
init in interface javax.servlet.Servlet
Overrides:
init in class javax.servlet.GenericServlet
Throws:
javax.servlet.ServletException

getRequestModuleBasePath

protected java.lang.String getRequestModuleBasePath()
Extract the module's base path from the current request.

Returns:
the module's base path, modulo protocol and host, as reported by GWT.getModuleBaseURL() or null if the request did not contain the "X-GWT-Module-Base" header

getSerializationPolicy

public final SerializationPolicy getSerializationPolicy(java.lang.String moduleBaseURL,
                                                        java.lang.String strongName)
Description copied from interface: SerializationPolicyProvider
Returns a SerializationPolicy for a given module base URL and serialization policy strong name.

Specified by:
getSerializationPolicy in interface SerializationPolicyProvider
Parameters:
moduleBaseURL - the URL for the module
strongName - strong name of the serialization policy for the specified module URL
Returns:
a SerializationPolicy for a given module base URL and RPC strong name; must not return null

processCall

public java.lang.String processCall(java.lang.String payload)
                             throws SerializationException
Process a call originating from the given request. This method calls checkPermutationStrongName() to prevent possible XSRF attacks and then decodes the payload using RPC.decodeRequest(String, Class, SerializationPolicyProvider) to do the actual work. Once the request is decoded processCall(RPCRequest) will be called.

Subclasses may optionally override this method to handle the payload in any way they desire (by routing the request to a framework component, for instance). The HttpServletRequest and HttpServletResponse can be accessed via the AbstractRemoteServiceServlet.getThreadLocalRequest() and AbstractRemoteServiceServlet.getThreadLocalResponse() methods.

This is public so that it can be unit tested easily without HTTP.

Parameters:
payload - the UTF-8 request payload
Returns:
a string which encodes either the method's return, a checked exception thrown by the method, or an IncompatibleRemoteServiceException
Throws:
SerializationException - if we cannot serialize the response
UnexpectedException - if the invocation throws a checked exception that is not declared in the service method's signature
java.lang.RuntimeException - if the service method throws an unchecked exception (the exception will be the one thrown by the service)

processCall

public java.lang.String processCall(RPCRequest rpcRequest)
                             throws SerializationException
Process an already decoded RPC request. Uses the RPC.invokeAndEncodeResponse(Object, java.lang.reflect.Method, Object[]) method to do the actual work.

Subclasses may optionally override this method to handle the decoded rpc request in any way they desire (by routing the request to a framework component, for instance). The HttpServletRequest and HttpServletResponse can be accessed via the AbstractRemoteServiceServlet.getThreadLocalRequest() and AbstractRemoteServiceServlet.getThreadLocalResponse() methods.

This is public so that it can be unit tested easily without HTTP.

Parameters:
rpcRequest - the already decoded RPC request
Returns:
a string which encodes either the method's return, a checked exception thrown by the method, or an IncompatibleRemoteServiceException
Throws:
SerializationException - if we cannot serialize the response
UnexpectedException - if the invocation throws a checked exception that is not declared in the service method's signature
java.lang.RuntimeException - if the service method throws an unchecked exception (the exception will be the one thrown by the service)

processPost

public final void processPost(javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response)
                       throws java.io.IOException,
                              javax.servlet.ServletException,
                              SerializationException
Standard HttpServlet method: handle the POST. This doPost method swallows ALL exceptions, logs them in the ServletContext, and returns a GENERIC_FAILURE_MSG response with status code 500.

Specified by:
processPost in class AbstractRemoteServiceServlet
Throws:
javax.servlet.ServletException
SerializationException
java.io.IOException

checkPermutationStrongName

protected void checkPermutationStrongName()
                                   throws java.lang.SecurityException
This method is called by processCall(String) and will throw a SecurityException if AbstractRemoteServiceServlet.getPermutationStrongName() returns null. This method can be overridden to be a no-op if there are clients that are not expected to provide the "X-GWT-Permutation" header.

Throws:
java.lang.SecurityException - if AbstractRemoteServiceServlet.getPermutationStrongName() returns null

doGetSerializationPolicy

protected SerializationPolicy doGetSerializationPolicy(javax.servlet.http.HttpServletRequest request,
                                                       java.lang.String moduleBaseURL,
                                                       java.lang.String strongName)
Loads the SerializationPolicy for given module base URL and strong name. Returns the policy if successful or null if not found. Due to caching, this method will only be called once for each combination of moduleBaseURL and strongName.

The default implementation loads serialization policies stored as servlet resources in the same ServletContext as this servlet.

Override this method to load the SerializationPolicy using an alternative approach.

Parameters:
request - the HTTP request being serviced
moduleBaseURL - as specified in the incoming payload
strongName - a strong name that uniquely identifies a serialization policy file

getCodeServerPolicyUrl

protected java.lang.String getCodeServerPolicyUrl(java.lang.String strongName)
Returns a URL for fetching a serialization policy from a Super Dev Mode code server.

By default, returns null. If the gwt.codeserver.port system property is set, returns a URL under http://localhost:{port}.

To use a server not on localhost, you must override this method. If you do so, consider the security implications: the policy server and network transport must be trusted or this could be used as a way to disable security checks for some GWT-RPC requests, allowing access to arbitrary Java classes.

Parameters:
strongName - the strong name from the GWT-RPC request (already validated).
Returns:
the URL to use or null if no request should be made.

loadPolicyFromCodeServer

protected SerializationPolicy loadPolicyFromCodeServer(java.lang.String url)
Loads a serialization policy from a Super Dev Mode code server. (Not used unless getCodeServerPolicyUrl(java.lang.String) returns a URL.)

The default version is a simple implementation built on java.net.URL that does no authentication. It should only be used during development.


onAfterResponseSerialized

protected void onAfterResponseSerialized(java.lang.String serializedResponse)
Override this method to examine the serialized response that will be returned to the client. The default implementation does nothing and need not be called by subclasses.

Parameters:
serializedResponse -

onBeforeRequestDeserialized

protected void onBeforeRequestDeserialized(java.lang.String serializedRequest)
Override this method to examine the serialized version of the request payload before it is deserialized into objects. The default implementation does nothing and need not be called by subclasses.

Parameters:
serializedRequest -

shouldCompressResponse

protected boolean shouldCompressResponse(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         java.lang.String responsePayload)
Determines whether the response to a given servlet request should or should not be GZIP compressed. This method is only called in cases where the requester accepts GZIP encoding.

This implementation currently returns true if the response string's estimated byte length is longer than 256 bytes. Subclasses can override this logic.

Parameters:
request - the request being served
response - the response that will be written into
responsePayload - the payload that is about to be sent to the client
Returns:
true if responsePayload should be GZIP compressed, otherwise false.

GWT 2.7.0