Java tutorial
/* * Copyright 2009 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */ package com.google.gwt.rpc.server; import static com.google.gwt.user.client.rpc.RpcRequestBuilder.MODULE_BASE_HEADER; import com.google.gwt.rpc.client.impl.RemoteException; import com.google.gwt.user.client.rpc.IncompatibleRemoteServiceException; import com.google.gwt.user.client.rpc.SerializationException; import com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet; import com.google.gwt.user.server.rpc.RPCRequest; import com.google.gwt.user.server.rpc.RPCServletUtils; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.lang.ref.SoftReference; import java.net.InetAddress; import java.net.MalformedURLException; import java.net.URL; import java.net.UnknownHostException; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import java.util.zip.GZIPOutputStream; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * EXPERIMENTAL and subject to change. Do not use this in production code. * <p> * The servlet base class for your RPC service implementations that * automatically deserializes incoming requests from the client and serializes * outgoing responses for client/server RPCs. */ public class RpcServlet extends AbstractRemoteServiceServlet { protected static final String CLIENT_ORACLE_EXTENSION = ".gwt.rpc"; private static final boolean DUMP_PAYLOAD = Boolean.getBoolean("gwt.rpc.dumpPayload"); private final Map<String, SoftReference<ClientOracle>> clientOracleCache = new ConcurrentHashMap<String, SoftReference<ClientOracle>>(); /** * The implementation of the service. */ private final Object delegate; /** * The default constructor used by service implementations that * extend this class. The servlet will delegate AJAX requests to * the appropriate method in the subclass. */ public RpcServlet() { this.delegate = this; } /** * The wrapping constructor used by service implementations that are * separate from this class. The servlet will delegate AJAX * requests to the appropriate method in the given object. */ public RpcServlet(Object delegate) { this.delegate = delegate; } /** * This method creates the ClientOracle that will provide data about the * remote client. It delegates to * {@link #findClientOracleData(String, String)} to obtain access to * ClientOracle data emitted by the GWT compiler. */ public ClientOracle getClientOracle() throws SerializationException { String permutationStrongName = getPermutationStrongName(); if (permutationStrongName == null) { throw new SecurityException("Blocked request without GWT permutation header (XSRF attack?)"); } String basePath = getRequestModuleBasePath(); if (basePath == null) { throw new SecurityException("Blocked request without GWT base path header (XSRF attack?)"); } ClientOracle toReturn; // Fast path if the ClientOracle is already cached. if (clientOracleCache.containsKey(permutationStrongName)) { toReturn = clientOracleCache.get(permutationStrongName).get(); if (toReturn != null) { return toReturn; } } /* Synchronize to make sure expensive calls are executed only once. Double checked locking idiom works here because of volatiles in ConcurrentHashMap.*/ synchronized (clientOracleCache) { if (clientOracleCache.containsKey(permutationStrongName)) { toReturn = clientOracleCache.get(permutationStrongName).get(); if (toReturn != null) { return toReturn; } } if ("HostedMode".equals(permutationStrongName)) { if (!allowHostedModeConnections()) { throw new SecurityException("Blocked Development Mode request"); } toReturn = new HostedModeClientOracle(); } else { InputStream in = findClientOracleData(basePath, permutationStrongName); try { toReturn = WebModeClientOracle.load(in); } catch (IOException e) { throw new SerializationException( "Could not load serialization policy for permutation " + permutationStrongName, e); } } clientOracleCache.put(permutationStrongName, new SoftReference<ClientOracle>(toReturn)); } return toReturn; } /** * Process a call originating from the given request. Uses the * {@link RPC#invokeAndStreamResponse(Object, java.lang.reflect.Method, Object[], ClientOracle, OutputStream)} * method to do the actual work. * <p> * Subclasses may optionally override this method to handle the payload in any * way they desire (by routing the request to a framework component, for * instance). The {@link HttpServletRequest} and {@link HttpServletResponse} * can be accessed via the {@link #getThreadLocalRequest()} and * {@link #getThreadLocalResponse()} methods. * </p> * This is public so that it can be unit tested easily without HTTP. * * @param clientOracle the ClientOracle that will be used to interpret the * request * @param payload the UTF-8 request payload * @param stream the OutputStream that will receive the encoded response * @throws SerializationException if we cannot serialize the response */ public void processCall(ClientOracle clientOracle, String payload, OutputStream stream) throws SerializationException { assert clientOracle != null : "clientOracle"; assert payload != null : "payload"; assert stream != null : "stream"; try { RPCRequest rpcRequest = RPC.decodeRequest(payload, delegate.getClass(), clientOracle); onAfterRequestDeserialized(rpcRequest); RPC.invokeAndStreamResponse(delegate, rpcRequest.getMethod(), rpcRequest.getParameters(), clientOracle, stream); } catch (RemoteException ex) { throw new SerializationException("An exception was sent from the client", ex.getCause()); } catch (IncompatibleRemoteServiceException ex) { log("An IncompatibleRemoteServiceException was thrown while processing this call.", ex); RPC.streamResponseForFailure(clientOracle, stream, ex); } } /** * Standard HttpServlet method: handle the POST. * * This doPost method swallows ALL exceptions, logs them in the * ServletContext, and returns a GENERIC_FAILURE_MSG response with status code * 500. * * @throws IOException * @throws ServletException * @throws SerializationException */ @Override public final void processPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, SerializationException { /* * Get the ClientOracle before doing anything else, so that if ClientOracle * cannot be loaded, we haven't opened the response's OutputStream. */ ClientOracle clientOracle = getClientOracle(); // Read the request fully. String requestPayload = readContent(request); if (DUMP_PAYLOAD) { System.out.println(requestPayload); } response.setContentType("application/json"); response.setCharacterEncoding("UTF-8"); // Configure the OutputStream based on configuration and capabilities boolean canCompress = RPCServletUtils.acceptsGzipEncoding(request) && shouldCompressResponse(request, response); OutputStream out; if (DUMP_PAYLOAD) { out = new ByteArrayOutputStream(); } else if (canCompress) { RPCServletUtils.setGzipEncodingHeader(response); out = new GZIPOutputStream(response.getOutputStream()); } else { out = response.getOutputStream(); } // Invoke the core dispatching logic, which returns the serialized result. processCall(clientOracle, requestPayload, out); if (DUMP_PAYLOAD) { byte[] bytes = ((ByteArrayOutputStream) out).toByteArray(); System.out.println(new String(bytes, "UTF-8")); response.getOutputStream().write(bytes); } else if (canCompress) { /* * We want to write the end of the gzip data, but not close the underlying * OutputStream in case there are servlet filters that want to write * headers after processPost(). */ ((GZIPOutputStream) out).finish(); } } /** * Indicates whether or not an RPC request from a Development Mode client * should be serviced. Requests from Development Mode clients will expose * unobfuscated identifiers in the payload. It is intended that developers * override this method to restrict access based on installation-specific * logic (such as a range of IP addresses, checking for certain cookies, etc.) * <p> * The default implementation allows hosted-mode connections from the local * host, loopback addresses (127.*), site local (RFC 1918), link local * (169.254/16) addresses, and their IPv6 equivalents. * * @return <code>true</code> if a Development Mode connection should be * allowed * @see #getThreadLocalRequest() * @see InetAddress */ protected boolean allowHostedModeConnections() { return isRequestFromLocalAddress(); } /** * Override this method to control access to permutation-specific data. For * instance, the permutation-specific data may be stored in a database in * order to support older clients. * <p> * The default implementation attempts to load the file from the * ServletContext as * * <code>requestModuleBasePath + permutationStrongName + CLIENT_ORACLE_EXTENSION</code> * * @param requestModuleBasePath the module's base path, modulo protocol and * host, as reported by {@link #getRequestModuleBasePath()} * @param permutationStrongName the module's strong name as reported by * {@link #getPermutationStrongName()} */ protected InputStream findClientOracleData(String requestModuleBasePath, String permutationStrongName) throws SerializationException { String resourcePath = requestModuleBasePath + permutationStrongName + CLIENT_ORACLE_EXTENSION; InputStream in = getServletContext().getResourceAsStream(resourcePath); if (in == null) { throw new SerializationException( "Could not find ClientOracle data for permutation " + permutationStrongName); } return in; } /** * Extract the module's base path from the current request. * * @return the module's base path, modulo protocol and host, as reported by * {@link com.google.gwt.core.client.GWT#getModuleBaseURL()} or * <code>null</code> if the request did not contain the * {@value com.google.gwt.user.client.rpc.RpcRequestBuilder#MODULE_BASE_HEADER} header */ protected final String getRequestModuleBasePath() { try { String header = getThreadLocalRequest().getHeader(MODULE_BASE_HEADER); if (header == null) { return null; } String path = new URL(header).getPath(); String contextPath = getThreadLocalRequest().getContextPath(); if (!path.startsWith(contextPath)) { return null; } return path.substring(contextPath.length()); } catch (MalformedURLException e) { return null; } } /** * Determines whether the response to a given servlet request should or should * not be GZIP compressed. This method is only called in cases where the * requester accepts GZIP encoding. * <p> * This implementation currently returns <code>true</code> if the request * originates from a non-local address. Subclasses can override this logic. * </p> * * @param request the request being served * @param response the response that will be written into * @return <code>true</code> if responsePayload should be GZIP compressed, * otherwise <code>false</code>. */ protected boolean shouldCompressResponse(HttpServletRequest request, HttpServletResponse response) { return !isRequestFromLocalAddress(); } /** * Utility function to determine if the thread-local request originates from a * local address. */ private boolean isRequestFromLocalAddress() { try { InetAddress addr = InetAddress.getByName(getThreadLocalRequest().getRemoteAddr()); return InetAddress.getLocalHost().equals(addr) || addr.isLoopbackAddress() || addr.isSiteLocalAddress() || addr.isLinkLocalAddress(); } catch (UnknownHostException e) { return false; } } }