com.google.gwt.user.server.rpc
Class RemoteServiceServlet

java.lang.Object
  javax.servlet.GenericServlet
      javax.servlet.http.HttpServlet
          com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
              com.google.gwt.user.server.rpc.RemoteServiceServlet

All Implemented Interfaces:

SerializationPolicyProvider, java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

Direct Known Subclasses:

AbstractXsrfProtectedServiceServlet, RemoteLoggingServiceImpl, XsrfTokenServiceServlet

public class RemoteServiceServlet
extends AbstractRemoteServiceServlet
implements SerializationPolicyProvider

The servlet base class for your RPC service implementations that automatically deserializes incoming requests from the client and serializes outgoing responses for client/server RPCs.

See Also:

Serialized Form

RemoteServiceServlet

public RemoteServiceServlet()

The default constructor used by service implementations that extend this class. The servlet will delegate AJAX requests to the appropriate method in the subclass.

RemoteServiceServlet

public RemoteServiceServlet(java.lang.Object delegate)

The wrapping constructor used by service implementations that are separate from this class. The servlet will delegate AJAX requests to the appropriate method in the given object.

loadSerializationPolicy

static SerializationPolicy loadSerializationPolicy(javax.servlet.http.HttpServlet servlet,
                                                   javax.servlet.http.HttpServletRequest request,
                                                   java.lang.String moduleBaseURL,
                                                   java.lang.String strongName)

Loads a serialization policy stored as a servlet resource in the same ServletContext as this servlet. Returns null if not found. (Used by HybridServiceServlet.)

init

public void init(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException

Overridden to load the gwt.codeserver.port system property.

Specified by:

init in interface javax.servlet.Servlet

Overrides:

init in class javax.servlet.GenericServlet

Throws:

javax.servlet.ServletException

getRequestModuleBasePath

protected java.lang.String getRequestModuleBasePath()

Extract the module's base path from the current request.

Returns:

the module's base path, modulo protocol and host, as reported by GWT.getModuleBaseURL() or null if the request did not contain the "X-GWT-Module-Base" header

getSerializationPolicy

public final SerializationPolicy getSerializationPolicy(java.lang.String moduleBaseURL,
                                                        java.lang.String strongName)

Description copied from interface: SerializationPolicyProvider

Returns a SerializationPolicy for a given module base URL and serialization policy strong name.

Specified by:

getSerializationPolicy in interface SerializationPolicyProvider

Parameters:

moduleBaseURL - the URL for the module

strongName - strong name of the serialization policy for the specified module URL

Returns:

a SerializationPolicy for a given module base URL and RPC strong name; must not return null

processCall

public java.lang.String processCall(java.lang.String payload)
                             throws SerializationException

Process a call originating from the given request. This method calls checkPermutationStrongName() to prevent possible XSRF attacks and then decodes the payload using RPC.decodeRequest(String, Class, SerializationPolicyProvider) to do the actual work. Once the request is decoded processCall(RPCRequest) will be called.

Subclasses may optionally override this method to handle the payload in any way they desire (by routing the request to a framework component, for instance). The HttpServletRequest and HttpServletResponse can be accessed via the AbstractRemoteServiceServlet.getThreadLocalRequest() and AbstractRemoteServiceServlet.getThreadLocalResponse() methods.

This is public so that it can be unit tested easily without HTTP.

Parameters:

payload - the UTF-8 request payload

Returns:

a string which encodes either the method's return, a checked exception thrown by the method, or an IncompatibleRemoteServiceException

Throws:

SerializationException - if we cannot serialize the response

UnexpectedException - if the invocation throws a checked exception that is not declared in the service method's signature

java.lang.RuntimeException - if the service method throws an unchecked exception (the exception will be the one thrown by the service)

processCall

public java.lang.String processCall(RPCRequest rpcRequest)
                             throws SerializationException

Process an already decoded RPC request. Uses the RPC.invokeAndEncodeResponse(Object, java.lang.reflect.Method, Object[]) method to do the actual work.

Subclasses may optionally override this method to handle the decoded rpc request in any way they desire (by routing the request to a framework component, for instance). The HttpServletRequest and HttpServletResponse can be accessed via the AbstractRemoteServiceServlet.getThreadLocalRequest() and AbstractRemoteServiceServlet.getThreadLocalResponse() methods.

This is public so that it can be unit tested easily without HTTP.

Parameters:

rpcRequest - the already decoded RPC request

Returns:

a string which encodes either the method's return, a checked exception thrown by the method, or an IncompatibleRemoteServiceException

Throws:

SerializationException - if we cannot serialize the response

UnexpectedException - if the invocation throws a checked exception that is not declared in the service method's signature

java.lang.RuntimeException - if the service method throws an unchecked exception (the exception will be the one thrown by the service)

processPost

public final void processPost(javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response)
                       throws java.io.IOException,
                              javax.servlet.ServletException,
                              SerializationException

Standard HttpServlet method: handle the POST. This doPost method swallows ALL exceptions, logs them in the ServletContext, and returns a GENERIC_FAILURE_MSG response with status code 500.

Specified by:

processPost in class AbstractRemoteServiceServlet

Throws:

javax.servlet.ServletException

SerializationException

java.io.IOException

checkPermutationStrongName

protected void checkPermutationStrongName()
                                   throws java.lang.SecurityException

This method is called by processCall(String) and will throw a SecurityException if AbstractRemoteServiceServlet.getPermutationStrongName() returns null. This method can be overridden to be a no-op if there are clients that are not expected to provide the "X-GWT-Permutation" header.

Throws:

java.lang.SecurityException - if AbstractRemoteServiceServlet.getPermutationStrongName() returns null

doGetSerializationPolicy

protected SerializationPolicy doGetSerializationPolicy(javax.servlet.http.HttpServletRequest request,
                                                       java.lang.String moduleBaseURL,
                                                       java.lang.String strongName)

Loads the SerializationPolicy for given module base URL and strong name. Returns the policy if successful or null if not found. Due to caching, this method will only be called once for each combination of moduleBaseURL and strongName.

The default implementation loads serialization policies stored as servlet resources in the same ServletContext as this servlet.

Override this method to load the SerializationPolicy using an alternative approach.

Parameters:

request - the HTTP request being serviced

moduleBaseURL - as specified in the incoming payload

strongName - a strong name that uniquely identifies a serialization policy file

getCodeServerPolicyUrl

protected java.lang.String getCodeServerPolicyUrl(java.lang.String strongName)

Returns a URL for fetching a serialization policy from a Super Dev Mode code server.

By default, returns null. If the gwt.codeserver.port system property is set, returns a URL under http://localhost:{port}.

To use a server not on localhost, you must override this method. If you do so, consider the security implications: the policy server and network transport must be trusted or this could be used as a way to disable security checks for some GWT-RPC requests, allowing access to arbitrary Java classes.

Parameters:

strongName - the strong name from the GWT-RPC request (already validated).

Returns:

the URL to use or null if no request should be made.

loadPolicyFromCodeServer

protected SerializationPolicy loadPolicyFromCodeServer(java.lang.String url)

Loads a serialization policy from a Super Dev Mode code server. (Not used unless getCodeServerPolicyUrl(java.lang.String) returns a URL.)

The default version is a simple implementation built on java.net.URL that does no authentication. It should only be used during development.

onAfterResponseSerialized

protected void onAfterResponseSerialized(java.lang.String serializedResponse)

Override this method to examine the serialized response that will be returned to the client. The default implementation does nothing and need not be called by subclasses.

Parameters:

serializedResponse -

onBeforeRequestDeserialized

protected void onBeforeRequestDeserialized(java.lang.String serializedRequest)

Override this method to examine the serialized version of the request payload before it is deserialized into objects. The default implementation does nothing and need not be called by subclasses.

Parameters:

serializedRequest -

shouldCompressResponse

protected boolean shouldCompressResponse(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         java.lang.String responsePayload)

Determines whether the response to a given servlet request should or should not be GZIP compressed. This method is only called in cases where the requester accepts GZIP encoding.

This implementation currently returns true if the response string's estimated byte length is longer than 256 bytes. Subclasses can override this logic.

Parameters:

request - the request being served

response - the response that will be written into

responsePayload - the payload that is about to be sent to the client

Returns:

true if responsePayload should be GZIP compressed, otherwise false.