public class RemoteServiceServlet extends AbstractRemoteServiceServlet implements SerializationPolicyProvider
perThreadRequest, perThreadResponse
Constructor and Description |
---|
RemoteServiceServlet()
The default constructor used by service implementations that
extend this class.
|
RemoteServiceServlet(Object delegate)
The wrapping constructor used by service implementations that are
separate from this class.
|
Modifier and Type | Method and Description |
---|---|
protected void |
checkPermutationStrongName()
This method is called by
processCall(String) and will throw a
SecurityException if AbstractRemoteServiceServlet.getPermutationStrongName() returns
null . |
protected SerializationPolicy |
doGetSerializationPolicy(javax.servlet.http.HttpServletRequest request,
String moduleBaseURL,
String strongName)
Loads the
SerializationPolicy for given module base URL and strong name. |
protected String |
getCodeServerPolicyUrl(String strongName)
Returns a URL for fetching a serialization policy from a Super Dev Mode code server.
|
protected String |
getRequestModuleBasePath()
Extract the module's base path from the current request.
|
SerializationPolicy |
getSerializationPolicy(String moduleBaseURL,
String strongName)
Returns a
SerializationPolicy for a given module base URL and
serialization policy strong name. |
void |
init(javax.servlet.ServletConfig config)
Overridden to load the gwt.codeserver.port system property.
|
protected SerializationPolicy |
loadPolicyFromCodeServer(String url)
Loads a serialization policy from a Super Dev Mode code server.
|
protected void |
onAfterResponseSerialized(String serializedResponse)
Override this method to examine the serialized response that will be
returned to the client.
|
protected void |
onBeforeRequestDeserialized(String serializedRequest)
Override this method to examine the serialized version of the request
payload before it is deserialized into objects.
|
String |
processCall(RPCRequest rpcRequest)
Process an already decoded RPC request.
|
String |
processCall(String payload)
Process a call originating from the given request.
|
void |
processPost(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Standard HttpServlet method: handle the POST.
|
protected boolean |
shouldCompressResponse(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String responsePayload)
Determines whether the response to a given servlet request should or should
not be GZIP compressed.
|
doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, onAfterRequestDeserialized, readContent
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, service
public RemoteServiceServlet()
public RemoteServiceServlet(Object delegate)
public void init(javax.servlet.ServletConfig config) throws javax.servlet.ServletException
init
in interface javax.servlet.Servlet
init
in class javax.servlet.GenericServlet
javax.servlet.ServletException
protected String getRequestModuleBasePath()
GWT.getModuleBaseURL()
or
null
if the request did not contain the
"X-GWT-Module-Base" headerpublic final SerializationPolicy getSerializationPolicy(String moduleBaseURL, String strongName)
SerializationPolicyProvider
SerializationPolicy
for a given module base URL and
serialization policy strong name.getSerializationPolicy
in interface SerializationPolicyProvider
moduleBaseURL
- the URL for the modulestrongName
- strong name of the serialization
policy for the specified module URLSerializationPolicy
for a given module base URL and RPC
strong name; must not return null
public String processCall(String payload) throws SerializationException
checkPermutationStrongName()
to prevent
possible XSRF attacks and then decodes the payload
using
RPC.decodeRequest(String, Class, SerializationPolicyProvider)
to do the actual work.
Once the request is decoded processCall(RPCRequest)
will be called.
Subclasses may optionally override this method to handle the payload in any
way they desire (by routing the request to a framework component, for
instance). The HttpServletRequest
and HttpServletResponse
can be accessed via the AbstractRemoteServiceServlet.getThreadLocalRequest()
and
AbstractRemoteServiceServlet.getThreadLocalResponse()
methods.
payload
- the UTF-8 request payloadIncompatibleRemoteServiceException
SerializationException
- if we cannot serialize the responseUnexpectedException
- if the invocation throws a checked exception
that is not declared in the service method's signatureRuntimeException
- if the service method throws an unchecked
exception (the exception will be the one thrown by the service)public String processCall(RPCRequest rpcRequest) throws SerializationException
RPC.invokeAndEncodeResponse(Object, java.lang.reflect.Method, Object[])
method to do the actual work.
Subclasses may optionally override this method to handle the decoded rpc
request in any way they desire (by routing the request to a framework
component, for instance).
The HttpServletRequest
and HttpServletResponse
can be accessed via the AbstractRemoteServiceServlet.getThreadLocalRequest()
and
AbstractRemoteServiceServlet.getThreadLocalResponse()
methods.
rpcRequest
- the already decoded RPC requestIncompatibleRemoteServiceException
SerializationException
- if we cannot serialize the responseUnexpectedException
- if the invocation throws a checked exception
that is not declared in the service method's signatureRuntimeException
- if the service method throws an unchecked
exception (the exception will be the one thrown by the service)public final void processPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException, SerializationException
processPost
in class AbstractRemoteServiceServlet
javax.servlet.ServletException
SerializationException
IOException
protected void checkPermutationStrongName() throws SecurityException
processCall(String)
and will throw a
SecurityException if AbstractRemoteServiceServlet.getPermutationStrongName()
returns
null
. This method can be overridden to be a no-op if there are
clients that are not expected to provide the
"X-GWT-Permutation"
header.SecurityException
- if AbstractRemoteServiceServlet.getPermutationStrongName()
returns
null
protected SerializationPolicy doGetSerializationPolicy(javax.servlet.http.HttpServletRequest request, String moduleBaseURL, String strongName)
SerializationPolicy
for given module base URL and strong name.
Returns the policy if successful or null if not found. Due to caching, this method
will only be called once for each combination of moduleBaseURL and strongName.
The default implementation loads serialization policies stored as servlet resources in the same ServletContext as this servlet.
Override this method to load the SerializationPolicy
using an
alternative approach.
request
- the HTTP request being servicedmoduleBaseURL
- as specified in the incoming payloadstrongName
- a strong name that uniquely identifies a serialization
policy fileprotected String getCodeServerPolicyUrl(String strongName)
By default, returns null. If the gwt.codeserver.port
system property is set,
returns a URL under http://localhost:{port}
.
To use a server not on localhost, you must override this method. If you do so, consider the security implications: the policy server and network transport must be trusted or this could be used as a way to disable security checks for some GWT-RPC requests, allowing access to arbitrary Java classes.
strongName
- the strong name from the GWT-RPC request (already validated).null
if no request should be made.protected SerializationPolicy loadPolicyFromCodeServer(String url)
getCodeServerPolicyUrl(java.lang.String)
returns a URL.)
The default version is a simple implementation built on java.net.URL that does no authentication. It should only be used during development.
protected void onAfterResponseSerialized(String serializedResponse)
serializedResponse
- protected void onBeforeRequestDeserialized(String serializedRequest)
serializedRequest
- protected boolean shouldCompressResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String responsePayload)
This implementation currently returns true
if the response
string's estimated byte length is longer than 256 bytes. Subclasses can
override this logic.
request
- the request being servedresponse
- the response that will be written intoresponsePayload
- the payload that is about to be sent to the clienttrue
if responsePayload should be GZIP compressed,
otherwise false
.Copyright © 2018. All rights reserved.