Class RemoteServiceServlet
- All Implemented Interfaces:
SerializationPolicyProvider
,jakarta.servlet.Servlet
,jakarta.servlet.ServletConfig
,Serializable
- Direct Known Subclasses:
AbstractXsrfProtectedServiceServlet
,RemoteLoggingServiceImpl
,XsrfTokenServiceServlet
- See Also:
-
Field Summary
Fields inherited from class com.google.gwt.user.server.rpc.jakarta.AbstractRemoteServiceServlet
perThreadRequest, perThreadResponse
-
Constructor Summary
ConstructorDescriptionThe default constructor used by service implementations that extend this class.RemoteServiceServlet
(Object delegate) The wrapping constructor used by service implementations that are separate from this class. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
This method is called byprocessCall(String)
and will throw a SecurityException ifAbstractRemoteServiceServlet.getPermutationStrongName()
returnsnull
.protected SerializationPolicy
doGetSerializationPolicy
(jakarta.servlet.http.HttpServletRequest request, String moduleBaseURL, String strongName) Loads theSerializationPolicy
for given module base URL and strong name.protected String
getCodeServerPolicyUrl
(String strongName) Returns a URL for fetching a serialization policy from a Super Dev Mode code server.protected String
Extract the module's base path from the current request.final SerializationPolicy
getSerializationPolicy
(String moduleBaseURL, String strongName) Returns aSerializationPolicy
for a given module base URL and serialization policy strong name.void
init
(jakarta.servlet.ServletConfig config) Overridden to load the gwt.codeserver.port system property.protected SerializationPolicy
Loads a serialization policy from a Super Dev Mode code server.(package private) static SerializationPolicy
loadSerializationPolicy
(jakarta.servlet.http.HttpServlet servlet, jakarta.servlet.http.HttpServletRequest request, String moduleBaseURL, String strongName) Loads a serialization policy stored as a servlet resource in the same ServletContext as this servlet.protected void
onAfterResponseSerialized
(String serializedResponse) Override this method to examine the serialized response that will be returned to the client.protected void
onBeforeRequestDeserialized
(String serializedRequest) Override this method to examine the serialized version of the request payload before it is deserialized into objects.processCall
(RPCRequest rpcRequest) Process an already decoded RPC request.processCall
(String payload) Process a call originating from the given request.final void
processPost
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Standard HttpServlet method: handle the POST.protected boolean
shouldCompressResponse
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String responsePayload) Determines whether the response to a given servlet request should or should not be GZIP compressed.Methods inherited from class com.google.gwt.user.server.rpc.jakarta.AbstractRemoteServiceServlet
doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, onAfterRequestDeserialized, readContent
Methods inherited from class jakarta.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, service
Methods inherited from class jakarta.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
-
Constructor Details
-
RemoteServiceServlet
public RemoteServiceServlet()The default constructor used by service implementations that extend this class. The servlet will delegate AJAX requests to the appropriate method in the subclass. -
RemoteServiceServlet
The wrapping constructor used by service implementations that are separate from this class. The servlet will delegate AJAX requests to the appropriate method in the given object.
-
-
Method Details
-
loadSerializationPolicy
static SerializationPolicy loadSerializationPolicy(jakarta.servlet.http.HttpServlet servlet, jakarta.servlet.http.HttpServletRequest request, String moduleBaseURL, String strongName) Loads a serialization policy stored as a servlet resource in the same ServletContext as this servlet. Returns null if not found. (Used by HybridServiceServlet.) -
init
public void init(jakarta.servlet.ServletConfig config) throws jakarta.servlet.ServletException Overridden to load the gwt.codeserver.port system property.- Specified by:
init
in interfacejakarta.servlet.Servlet
- Overrides:
init
in classjakarta.servlet.GenericServlet
- Throws:
jakarta.servlet.ServletException
-
getRequestModuleBasePath
Extract the module's base path from the current request.- Returns:
- the module's base path, modulo protocol and host, as reported by
GWT.getModuleBaseURL()
ornull
if the request did not contain the "X-GWT-Module-Base" header
-
getSerializationPolicy
Description copied from interface:SerializationPolicyProvider
Returns aSerializationPolicy
for a given module base URL and serialization policy strong name.- Specified by:
getSerializationPolicy
in interfaceSerializationPolicyProvider
- Parameters:
moduleBaseURL
- the URL for the modulestrongName
- strong name of the serialization policy for the specified module URL- Returns:
- a
SerializationPolicy
for a given module base URL and RPC strong name; must not returnnull
-
processCall
Process a call originating from the given request. This method callscheckPermutationStrongName()
to prevent possible XSRF attacks and then decodes thepayload
usingRPC.decodeRequest(String, Class, SerializationPolicyProvider)
to do the actual work. Once the request is decodedprocessCall(RPCRequest)
will be called.Subclasses may optionally override this method to handle the payload in any way they desire (by routing the request to a framework component, for instance). The
This is public so that it can be unit tested easily without HTTP.HttpServletRequest
andHttpServletResponse
can be accessed via theAbstractRemoteServiceServlet.getThreadLocalRequest()
andAbstractRemoteServiceServlet.getThreadLocalResponse()
methods.- Parameters:
payload
- the UTF-8 request payload- Returns:
- a string which encodes either the method's return, a checked
exception thrown by the method, or an
IncompatibleRemoteServiceException
- Throws:
SerializationException
- if we cannot serialize the responseUnexpectedException
- if the invocation throws a checked exception that is not declared in the service method's signatureRuntimeException
- if the service method throws an unchecked exception (the exception will be the one thrown by the service)
-
processCall
Process an already decoded RPC request. Uses theRPC.invokeAndEncodeResponse(Object, java.lang.reflect.Method, Object[])
method to do the actual work.Subclasses may optionally override this method to handle the decoded rpc request in any way they desire (by routing the request to a framework component, for instance). The
This is public so that it can be unit tested easily without HTTP.HttpServletRequest
andHttpServletResponse
can be accessed via theAbstractRemoteServiceServlet.getThreadLocalRequest()
andAbstractRemoteServiceServlet.getThreadLocalResponse()
methods.- Parameters:
rpcRequest
- the already decoded RPC request- Returns:
- a string which encodes either the method's return, a checked
exception thrown by the method, or an
IncompatibleRemoteServiceException
- Throws:
SerializationException
- if we cannot serialize the responseUnexpectedException
- if the invocation throws a checked exception that is not declared in the service method's signatureRuntimeException
- if the service method throws an unchecked exception (the exception will be the one thrown by the service)
-
processPost
public final void processPost(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException, SerializationException Standard HttpServlet method: handle the POST. This doPost method swallows ALL exceptions, logs them in the ServletContext, and returns a GENERIC_FAILURE_MSG response with status code 500.- Specified by:
processPost
in classAbstractRemoteServiceServlet
- Throws:
jakarta.servlet.ServletException
SerializationException
IOException
-
checkPermutationStrongName
This method is called byprocessCall(String)
and will throw a SecurityException ifAbstractRemoteServiceServlet.getPermutationStrongName()
returnsnull
. This method can be overridden to be a no-op if there are clients that are not expected to provide the "X-GWT-Permutation" header.- Throws:
SecurityException
- ifAbstractRemoteServiceServlet.getPermutationStrongName()
returnsnull
-
doGetSerializationPolicy
protected SerializationPolicy doGetSerializationPolicy(jakarta.servlet.http.HttpServletRequest request, String moduleBaseURL, String strongName) Loads theSerializationPolicy
for given module base URL and strong name. Returns the policy if successful or null if not found. Due to caching, this method will only be called once for each combination of moduleBaseURL and strongName.The default implementation loads serialization policies stored as servlet resources in the same ServletContext as this servlet.
Override this method to load the
SerializationPolicy
using an alternative approach.- Parameters:
request
- the HTTP request being servicedmoduleBaseURL
- as specified in the incoming payloadstrongName
- a strong name that uniquely identifies a serialization policy file
-
getCodeServerPolicyUrl
Returns a URL for fetching a serialization policy from a Super Dev Mode code server.By default, returns null. If the
gwt.codeserver.port
system property is set, returns a URL underhttp://localhost:{port}
.To use a server not on localhost, you must override this method. If you do so, consider the security implications: the policy server and network transport must be trusted or this could be used as a way to disable security checks for some GWT-RPC requests, allowing access to arbitrary Java classes.
- Parameters:
strongName
- the strong name from the GWT-RPC request (already validated).- Returns:
- the URL to use or
null
if no request should be made.
-
loadPolicyFromCodeServer
Loads a serialization policy from a Super Dev Mode code server. (Not used unlessgetCodeServerPolicyUrl(java.lang.String)
returns a URL.)The default version is a simple implementation built on java.net.URL that does no authentication. It should only be used during development.
-
onAfterResponseSerialized
Override this method to examine the serialized response that will be returned to the client. The default implementation does nothing and need not be called by subclasses.- Parameters:
serializedResponse
-
-
onBeforeRequestDeserialized
Override this method to examine the serialized version of the request payload before it is deserialized into objects. The default implementation does nothing and need not be called by subclasses.- Parameters:
serializedRequest
-
-
shouldCompressResponse
protected boolean shouldCompressResponse(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String responsePayload) Determines whether the response to a given servlet request should or should not be GZIP compressed. This method is only called in cases where the requester accepts GZIP encoding.This implementation currently returns
true
if the response string's estimated byte length is longer than 256 bytes. Subclasses can override this logic.- Parameters:
request
- the request being servedresponse
- the response that will be written intoresponsePayload
- the payload that is about to be sent to the client- Returns:
true
if responsePayload should be GZIP compressed, otherwisefalse
.
-