AbstractRemoteServiceServlet.java example

Explorer
google-web-toolkit-svnmirror-master
/*
 * Copyright 2009 Google Inc.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package com.google.gwt.user.server.rpc;

import static com.google.gwt.user.client.rpc.RpcRequestBuilder.STRONG_NAME_HEADER;

import java.io.IOException;

import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * An abstract base class containing utility methods.
 */
public abstract class AbstractRemoteServiceServlet extends HttpServlet {

  protected transient ThreadLocal<HttpServletRequest> perThreadRequest;
  protected transient ThreadLocal<HttpServletResponse> perThreadResponse;

  public AbstractRemoteServiceServlet() {
    super();
  }

  /**
   * Standard HttpServlet method: handle the POST. Delegates to
   * {@link #processPost(HttpServletRequest, HttpServletResponse)}.
   * 
   * This doPost method swallows ALL exceptions, logs them in the
   * ServletContext, and returns a GENERIC_FAILURE_MSG response with status code
   * 500.
   */
  @Override
  public final void doPost(HttpServletRequest request,
      HttpServletResponse response) {
    // Ensure the thread-local data fields have been initialized

    try {
      // Store the request & response objects in thread-local storage.
      //
      synchronized (this) {
        validateThreadLocalData();
        perThreadRequest.set(request);
        perThreadResponse.set(response);
      }

      processPost(request, response);

    } catch (Throwable e) {
      // Give a subclass a chance to either handle the exception or rethrow it
      //
      doUnexpectedFailure(e);
    } finally {
      // null the thread-locals to avoid holding request/response
      //
      perThreadRequest.set(null);
      perThreadResponse.set(null);
    }
  }

  /**
   * Override this method to control what should happen when an exception
   * escapes the {@link #doPost} method. The default implementation will log the
   * failure and send a generic failure response to the client.
   * <p>
   * An "expected failure" is an exception thrown by a service method that is
   * declared in the signature of the service method. These exceptions are
   * serialized back to the client, and are not passed to this method. This
   * method is called only for exceptions or errors that are not part of the
   * service method's signature, or that result from SecurityExceptions,
   * SerializationExceptions, or other failures within the RPC framework.
   * <p>
   * Note that if the desired behavior is to both send the GENERIC_FAILURE_MSG
   * response AND to rethrow the exception, then this method should first send
   * the GENERIC_FAILURE_MSG response itself (using getThreadLocalResponse), and
   * then rethrow the exception. Rethrowing the exception will cause it to
   * escape into the servlet container.
   * 
   * @param e the exception which was thrown
   */
  protected void doUnexpectedFailure(Throwable e) {
    try {
      getThreadLocalResponse().reset();
    } catch (IllegalStateException ex) {
      /*
       * If we can't reset the request, the only way to signal that something
       * has gone wrong is to throw an exception from here. It should be the
       * case that we call the user's implementation code before emitting data
       * into the response, so the only time that gets tripped is if the object
       * serialization code blows up.
       */
      throw new RuntimeException("Unable to report failure", e);
    }
    ServletContext servletContext = getServletContext();
    RPCServletUtils.writeResponseForUnexpectedFailure(servletContext,
        getThreadLocalResponse(), e);
  }

  /**
   * Returns the strong name of the permutation, as reported by the client that
   * issued the request, or <code>null</code> if it could not be determined.
   * This information is encoded in the
   * {@value com.google.gwt.user.client.rpc.RpcRequestBuilder#STRONG_NAME_HEADER}
   * HTTP header.
   */
  protected final String getPermutationStrongName() {
    return getThreadLocalRequest().getHeader(STRONG_NAME_HEADER);
  }

  /**
   * Gets the <code>HttpServletRequest</code> object for the current call. It is
   * stored thread-locally so that simultaneous invocations can have different
   * request objects.
   */
  protected final HttpServletRequest getThreadLocalRequest() {
    synchronized (this) {
      validateThreadLocalData();
      return perThreadRequest.get();
    }
  }

  /**
   * Gets the <code>HttpServletResponse</code> object for the current call. It
   * is stored thread-locally so that simultaneous invocations can have
   * different response objects.
   */
  protected final HttpServletResponse getThreadLocalResponse() {
    synchronized (this) {
      validateThreadLocalData();
      return perThreadResponse.get();
    }
  }

  /**
   * Override this method to examine the deserialized version of the request
   * before the call to the servlet method is made. The default implementation
   * does nothing and need not be called by subclasses.
   * 
   * @param rpcRequest
   */
  protected void onAfterRequestDeserialized(RPCRequest rpcRequest) {
  }

  /**
   * Called by {@link #doPost} for type-specific processing of the request.
   * Because <code>doPost</code> swallows all <code>Throwables</code>, this
   * method may throw any exception the implementor wishes.
   */
  protected abstract void processPost(HttpServletRequest request,
      HttpServletResponse response) throws Throwable;

  /**
   * Override this method in order to control the parsing of the incoming
   * request. For example, you may want to bypass the check of the Content-Type
   * and character encoding headers in the request, as some proxies re-write the
   * request headers. Note that bypassing these checks may expose the servlet to
   * some cross-site vulnerabilities. Your implementation should comply with the
   * HTTP/1.1 specification, which includes handling both requests which include
   * a Content-Length header and requests utilizing <code>Transfer-Encoding:
   * chuncked</code>.
   * 
   * @param request the incoming request
   * @return the content of the incoming request encoded as a string.
   */
  protected String readContent(HttpServletRequest request)
      throws ServletException, IOException {
    return RPCServletUtils.readContentAsGwtRpc(request);
  }

  /**
   * Initializes the perThreadRequest and perThreadResponse fields if they are
   * null. This will occur the first time they are accessed after an instance of
   * this class is constructed or deserialized. This method should be called
   * from within a 'synchronized(this) {}' block in order to ensure that only
   * one thread creates the objects.
   */
  private void validateThreadLocalData() {
    if (perThreadRequest == null) {
      perThreadRequest = new ThreadLocal<HttpServletRequest>();
    }
    if (perThreadResponse == null) {
      perThreadResponse = new ThreadLocal<HttpServletResponse>();
    }
  }
}