/*
* Copyright 2009 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package com.google.gwt.rpc.server;
import com.google.gwt.rpc.client.ast.CommandSink;
import com.google.gwt.rpc.client.ast.HasValues;
import com.google.gwt.rpc.client.ast.ReturnCommand;
import com.google.gwt.rpc.client.ast.RpcCommand;
import com.google.gwt.rpc.client.ast.ThrowCommand;
import com.google.gwt.rpc.client.impl.HasValuesCommandSink;
import com.google.gwt.rpc.client.impl.RemoteException;
import com.google.gwt.user.client.rpc.IncompatibleRemoteServiceException;
import com.google.gwt.user.client.rpc.RemoteService;
import com.google.gwt.user.client.rpc.SerializationException;
import com.google.gwt.user.server.rpc.RPCRequest;
import com.google.gwt.user.server.rpc.RPCServletUtils;
import com.google.gwt.user.server.rpc.UnexpectedException;
import java.io.IOException;
import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
/**
* EXPERIMENTAL and subject to change. Do not use this in production code.
* <p>
* Utility class for integrating with the RPC system.
*/
public class RPC {
private static final HashMap<String, Class<?>> TYPE_NAMES = new HashMap<String, Class<?>>();
/**
* Static map of classes to sets of interfaces (e.g. classes). Optimizes
* lookup of interfaces for security.
*/
private static final Map<Class<?>, Set<String>> serviceToImplementedInterfacesMap = new HashMap<Class<?>, Set<String>>();
static {
// The space is needed to prevent name collisions
TYPE_NAMES.put(" Z", boolean.class);
TYPE_NAMES.put(" B", byte.class);
TYPE_NAMES.put(" C", char.class);
TYPE_NAMES.put(" D", double.class);
TYPE_NAMES.put(" F", float.class);
TYPE_NAMES.put(" I", int.class);
TYPE_NAMES.put(" J", long.class);
TYPE_NAMES.put(" S", short.class);
}
public static RPCRequest decodeRequest(String encodedRequest, Class<?> type,
ClientOracle clientOracle) throws RemoteException {
if (encodedRequest == null) {
throw new NullPointerException("encodedRequest cannot be null");
}
if (encodedRequest.length() == 0) {
throw new IllegalArgumentException("encodedRequest cannot be empty");
}
ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
try {
SimplePayloadDecoder decoder;
try {
decoder = new SimplePayloadDecoder(clientOracle, encodedRequest);
} catch (ClassNotFoundException e) {
throw new IncompatibleRemoteServiceException(
"Client does not have a type sent by the server", e);
}
CommandServerSerializationStreamReader streamReader = new CommandServerSerializationStreamReader();
if (decoder.getThrownValue() != null) {
streamReader.prepareToRead(Collections.singletonList(decoder.getThrownValue()));
try {
throw new RemoteException((Throwable) streamReader.readObject());
} catch (ClassCastException e) {
throw new SerializationException(
"The remote end threw something other than a Throwable", e);
} catch (SerializationException e) {
throw new IncompatibleRemoteServiceException(
"The remote end threw an exception which could not be deserialized",
e);
}
} else {
streamReader.prepareToRead(decoder.getValues());
}
// Read the name of the RemoteService interface
String serviceIntfName = streamReader.readString();
if (type != null) {
if (!implementsInterface(type, serviceIntfName)) {
// The service does not implement the requested interface
throw new IncompatibleRemoteServiceException(
"Blocked attempt to access interface '" + serviceIntfName
+ "', which is not implemented by '" + printTypeName(type)
+ "'; this is either misconfiguration or a hack attempt");
}
}
Class<?> serviceIntf;
try {
serviceIntf = getClassFromSerializedName(null, serviceIntfName,
classLoader);
if (!RemoteService.class.isAssignableFrom(serviceIntf)) {
// The requested interface is not a RpcService interface
throw new IncompatibleRemoteServiceException(
"Blocked attempt to access interface '"
+ printTypeName(serviceIntf)
+ "', which doesn't extend RpcService; "
+ "this is either misconfiguration or a hack attempt");
}
} catch (ClassNotFoundException e) {
throw new IncompatibleRemoteServiceException(
"Could not locate requested interface '" + serviceIntfName
+ "' in default classloader", e);
}
String serviceMethodName = streamReader.readString();
int paramCount = streamReader.readInt();
Class<?>[] parameterTypes = new Class[paramCount];
for (int i = 0; i < parameterTypes.length; i++) {
String paramClassName = streamReader.readString();
try {
parameterTypes[i] = getClassFromSerializedName(clientOracle,
paramClassName, classLoader);
} catch (ClassNotFoundException e) {
throw new IncompatibleRemoteServiceException("Parameter " + i
+ " of is of an unknown type '" + paramClassName + "'", e);
}
}
try {
Method method = serviceIntf.getMethod(serviceMethodName, parameterTypes);
Object[] parameterValues = new Object[parameterTypes.length];
for (int i = 0; i < parameterValues.length; i++) {
Object o = CommandSerializationUtil.getAccessor(parameterTypes[i]).readNext(
streamReader);
parameterValues[i] = o;
}
return new RPCRequest(method, parameterValues, null, null, 0);
} catch (NoSuchMethodException e) {
throw new IncompatibleRemoteServiceException(
formatMethodNotFoundErrorMessage(serviceIntf, serviceMethodName,
parameterTypes));
}
} catch (SerializationException ex) {
throw new IncompatibleRemoteServiceException(ex.getMessage(), ex);
}
}
public static void invokeAndStreamResponse(Object target,
Method serviceMethod, Object[] args, ClientOracle clientOracle,
OutputStream stream) throws SerializationException {
if (serviceMethod == null) {
throw new NullPointerException("serviceMethod");
}
if (clientOracle == null) {
throw new NullPointerException("clientOracle");
}
CommandSink sink;
try {
sink = clientOracle.createCommandSink(stream);
} catch (IOException e) {
throw new SerializationException("Unable to initialize output", e);
}
try {
Object result = serviceMethod.invoke(target, args);
try {
streamResponse(clientOracle, result, sink, false);
} catch (SerializationException e) {
streamResponse(clientOracle, e, sink, true);
}
} catch (IllegalAccessException e) {
SecurityException securityException = new SecurityException(
formatIllegalAccessErrorMessage(target, serviceMethod));
securityException.initCause(e);
throw securityException;
} catch (IllegalArgumentException e) {
SecurityException securityException = new SecurityException(
formatIllegalArgumentErrorMessage(target, serviceMethod, args));
securityException.initCause(e);
throw securityException;
} catch (InvocationTargetException e) {
// Try to encode the caught exception
Throwable cause = e.getCause();
// Don't allow random RuntimeExceptions to be thrown back to the client
if (!RPCServletUtils.isExpectedException(serviceMethod, cause)) {
throw new UnexpectedException("Service method '"
+ getSourceRepresentation(serviceMethod)
+ "' threw an unexpected exception: " + cause.toString(), cause);
}
streamResponse(clientOracle, cause, sink, true);
}
sink.finish();
}
public static void streamResponseForFailure(ClientOracle clientOracle,
OutputStream out, Throwable payload) throws SerializationException {
CommandSink sink;
try {
sink = clientOracle.createCommandSink(out);
} catch (IOException e) {
throw new SerializationException("Unable to initialize output", e);
}
streamResponse(clientOracle, payload, sink, true);
sink.finish();
}
public static void streamResponseForSuccess(ClientOracle clientOracle,
OutputStream out, Object payload) throws SerializationException {
CommandSink sink;
try {
sink = clientOracle.createCommandSink(out);
} catch (IOException e) {
throw new SerializationException("Unable to initialize output", e);
}
streamResponse(clientOracle, payload, sink, false);
sink.finish();
}
private static String formatIllegalAccessErrorMessage(Object target,
Method serviceMethod) {
StringBuffer sb = new StringBuffer();
sb.append("Blocked attempt to access inaccessible method '");
sb.append(getSourceRepresentation(serviceMethod));
sb.append("'");
if (target != null) {
sb.append(" on target '");
sb.append(printTypeName(target.getClass()));
sb.append("'");
}
sb.append("; this is either misconfiguration or a hack attempt");
return sb.toString();
}
private static String formatIllegalArgumentErrorMessage(Object target,
Method serviceMethod, Object[] args) {
StringBuffer sb = new StringBuffer();
sb.append("Blocked attempt to invoke method '");
sb.append(getSourceRepresentation(serviceMethod));
sb.append("'");
if (target != null) {
sb.append(" on target '");
sb.append(printTypeName(target.getClass()));
sb.append("'");
}
sb.append(" with invalid arguments");
if (args != null && args.length > 0) {
sb.append(Arrays.asList(args));
}
return sb.toString();
}
private static String formatMethodNotFoundErrorMessage(Class<?> serviceIntf,
String serviceMethodName, Class<?>[] parameterTypes) {
StringBuffer sb = new StringBuffer();
sb.append("Could not locate requested method '");
sb.append(serviceMethodName);
sb.append("(");
for (int i = 0; i < parameterTypes.length; ++i) {
if (i > 0) {
sb.append(", ");
}
sb.append(printTypeName(parameterTypes[i]));
}
sb.append(")'");
sb.append(" in interface '");
sb.append(printTypeName(serviceIntf));
sb.append("'");
return sb.toString();
}
/**
* Returns the {@link Class} instance for the named class or primitive type.
*
* @param serializedName the serialized name of a class or primitive type
* @param classLoader the classLoader used to load {@link Class}es
* @return Class instance for the given type name
* @throws ClassNotFoundException if the named type was not found
*/
private static Class<?> getClassFromSerializedName(ClientOracle clientOracle,
String serializedName, ClassLoader classLoader)
throws ClassNotFoundException {
Class<?> value = TYPE_NAMES.get(serializedName);
if (value != null) {
return value;
}
// Interfaces don't exist in the client, so we use unobfuscated names
if (serializedName.charAt(0) == ' ') {
serializedName = serializedName.substring(1);
} else if (clientOracle != null) {
serializedName = clientOracle.getTypeName(serializedName);
}
assert serializedName != null;
return Class.forName(serializedName, false, classLoader);
}
/**
* Returns the source representation for a method signature.
*
* @param method method to get the source signature for
* @return source representation for a method signature
*/
private static String getSourceRepresentation(Method method) {
return method.toString().replace('$', '.');
}
/**
* Used to determine whether the specified interface name is implemented by
* the service class. This is done without loading the class (for security).
*/
private static boolean implementsInterface(Class<?> service, String intfName) {
synchronized (serviceToImplementedInterfacesMap) {
// See if it's cached.
//
Set<String> interfaceSet = serviceToImplementedInterfacesMap.get(service);
if (interfaceSet != null) {
if (interfaceSet.contains(intfName)) {
return true;
}
} else {
interfaceSet = new HashSet<String>();
serviceToImplementedInterfacesMap.put(service, interfaceSet);
}
if (!service.isInterface()) {
while ((service != null) && !RpcServlet.class.equals(service)) {
Class<?>[] intfs = service.getInterfaces();
for (Class<?> intf : intfs) {
if (implementsInterfaceRecursive(intf, intfName)) {
interfaceSet.add(intfName);
return true;
}
}
// did not find the interface in this class so we look in the
// superclass
//
service = service.getSuperclass();
}
} else {
if (implementsInterfaceRecursive(service, intfName)) {
interfaceSet.add(intfName);
return true;
}
}
return false;
}
}
/**
* Recursive helper for implementsInterface().
*/
private static boolean implementsInterfaceRecursive(Class<?> clazz,
String intfName) {
assert (clazz.isInterface());
if (clazz.getName().equals(intfName)) {
return true;
}
// search implemented interfaces
Class<?>[] intfs = clazz.getInterfaces();
for (Class<?> intf : intfs) {
if (implementsInterfaceRecursive(intf, intfName)) {
return true;
}
}
return false;
}
/**
* Straight copy from
* {@link com.google.gwt.dev.util.TypeInfo#getSourceRepresentation(Class)} to
* avoid runtime dependency on gwt-dev.
*/
private static String printTypeName(Class<?> type) {
// Primitives
//
if (type.equals(Integer.TYPE)) {
return "int";
} else if (type.equals(Long.TYPE)) {
return "long";
} else if (type.equals(Short.TYPE)) {
return "short";
} else if (type.equals(Byte.TYPE)) {
return "byte";
} else if (type.equals(Character.TYPE)) {
return "char";
} else if (type.equals(Boolean.TYPE)) {
return "boolean";
} else if (type.equals(Float.TYPE)) {
return "float";
} else if (type.equals(Double.TYPE)) {
return "double";
}
// Arrays
//
if (type.isArray()) {
Class<?> componentType = type.getComponentType();
return printTypeName(componentType) + "[]";
}
// Everything else
//
return type.getName().replace('$', '.');
}
private static void streamResponse(ClientOracle clientOracle, Object payload,
CommandSink sink, boolean asThrow) throws SerializationException {
HasValues command;
if (asThrow) {
command = new ThrowCommand();
assert payload instanceof Throwable : "Trying to throw something other than a Throwable";
// payload = new RemoteException((Throwable) payload);
} else {
command = new ReturnCommand();
}
CommandServerSerializationStreamWriter out = new CommandServerSerializationStreamWriter(
clientOracle, new HasValuesCommandSink(command));
out.writeObject(payload);
sink.accept((RpcCommand) command);
}
private RPC() {
}
}