mirrors
/
vaadin-framework
mirror of https://github.com/vaadin/framework.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 329 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14223 Commits
114 Branches
Tree: f2551a9fc0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f2551a9fc0'
${ noResults }
vaadin-framework/server/src/com/vaadin/server/communication/ServerRpcHandler.java

ServerRpcHandler.java 21KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528 
  1. /*

  2.  * Copyright 2000-2014 Vaadin Ltd.

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License"); you may not

  5.  * use this file except in compliance with the License. You may obtain a copy of

  6.  * the License at

  7.  *

  8.  * http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

  12.  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the

  13.  * License for the specific language governing permissions and limitations under

  14.  * the License.

  15.  */

  16. 

  17. package com.vaadin.server.communication;

  18. 

  19. import java.io.IOException;

  20. import java.io.Reader;

  21. import java.io.Serializable;

  22. import java.lang.reflect.Type;

  23. import java.util.ArrayList;

  24. import java.util.HashSet;

  25. import java.util.List;

  26. import java.util.Map;

  27. import java.util.Set;

  28. import java.util.logging.Level;

  29. import java.util.logging.Logger;

  30. 

  31. import com.vaadin.server.ClientConnector;

  32. import com.vaadin.server.JsonCodec;

  33. import com.vaadin.server.LegacyCommunicationManager;

  34. import com.vaadin.server.LegacyCommunicationManager.InvalidUIDLSecurityKeyException;

  35. import com.vaadin.server.ServerRpcManager;

  36. import com.vaadin.server.ServerRpcManager.RpcInvocationException;

  37. import com.vaadin.server.ServerRpcMethodInvocation;

  38. import com.vaadin.server.VaadinRequest;

  39. import com.vaadin.server.VaadinService;

  40. import com.vaadin.server.VariableOwner;

  41. import com.vaadin.shared.ApplicationConstants;

  42. import com.vaadin.shared.Connector;

  43. import com.vaadin.shared.communication.LegacyChangeVariablesInvocation;

  44. import com.vaadin.shared.communication.MethodInvocation;

  45. import com.vaadin.shared.communication.ServerRpc;

  46. import com.vaadin.shared.communication.UidlValue;

  47. import com.vaadin.ui.Component;

  48. import com.vaadin.ui.ConnectorTracker;

  49. import com.vaadin.ui.UI;

  50. 

  51. import elemental.json.JsonArray;

  52. import elemental.json.JsonException;

  53. import elemental.json.JsonObject;

  54. import elemental.json.JsonValue;

  55. import elemental.json.impl.JsonUtil;

  56. 

  57. /**

  58.  * Handles a client-to-server message containing serialized {@link ServerRpc

  59.  * server RPC} invocations.

  60.  *

  61.  * @author Vaadin Ltd

  62.  * @since 7.1

  63.  */

  64. public class ServerRpcHandler implements Serializable {

  65. 

  66.     /**

  67.      * A data transfer object representing an RPC request sent by the client

  68.      * side.

  69.      *

  70.      * @since 7.2

  71.      * @author Vaadin Ltd

  72.      */

  73.     public static class RpcRequest implements Serializable {

  74. 

  75.         private final String csrfToken;

  76.         private final JsonArray invocations;

  77.         private final int syncId;

  78.         private final JsonObject json;

  79. 

  80.         public RpcRequest(String jsonString, VaadinRequest request) {

  81.             json = JsonUtil.parse(jsonString);

  82. 

  83.             JsonValue token = json.get(ApplicationConstants.CSRF_TOKEN);

  84.             if (token == null) {

  85.                 this.csrfToken = ApplicationConstants.CSRF_TOKEN_DEFAULT_VALUE;

  86.             } else {

  87.                 String csrfToken = token.asString();

  88.                 if (csrfToken.equals("")) {

  89.                     csrfToken = ApplicationConstants.CSRF_TOKEN_DEFAULT_VALUE;

  90.                 }

  91.                 this.csrfToken = csrfToken;

  92.             }

  93. 

  94.             if (request.getService().getDeploymentConfiguration()

  95.                     .isSyncIdCheckEnabled()) {

  96.                 syncId = (int) json.getNumber(ApplicationConstants.SERVER_SYNC_ID);

  97.             } else {

  98.                 syncId = -1;

  99.             }

  100.             invocations = json.getArray(ApplicationConstants.RPC_INVOCATIONS);

  101.         }

  102. 

  103.         /**

  104.          * Gets the CSRF security token (double submit cookie) for this request.

  105.          *

  106.          * @return the CSRF security token for this current change request

  107.          */

  108.         public String getCsrfToken() {

  109.             return csrfToken;

  110.         }

  111. 

  112.         /**

  113.          * Gets the data to recreate the RPC as requested by the client side.

  114.          *

  115.          * @return the data describing which RPC should be made, and all their

  116.          *         data

  117.          */

  118.         public JsonArray getRpcInvocationsData() {

  119.             return invocations;

  120.         }

  121. 

  122.         /**

  123.          * Gets the sync id last seen by the client.

  124.          *

  125.          * @return the last sync id given by the server, according to the

  126.          *         client's request

  127.          */

  128.         public int getSyncId() {

  129.             return syncId;

  130.         }

  131. 

  132.         /**

  133.          * Gets the entire request in JSON format, as it was received from the

  134.          * client.

  135.          * <p>

  136.          * <em>Note:</em> This is a shared reference - any modifications made

  137.          * will be shared.

  138.          *

  139.          * @return the raw JSON object that was received from the client

  140.          *

  141.          */

  142.         public JsonObject getRawJson() {

  143.             return json;

  144.         }

  145.     }

  146. 

  147.     private static final int MAX_BUFFER_SIZE = 64 * 1024;

  148. 

  149.     /**

  150.      * Reads JSON containing zero or more serialized RPC calls (including legacy

  151.      * variable changes) and executes the calls.

  152.      *

  153.      * @param ui

  154.      *            The {@link UI} receiving the calls. Cannot be null.

  155.      * @param reader

  156.      *            The {@link Reader} used to read the JSON.

  157.      * @param request

  158.      * @throws IOException

  159.      *             If reading the message fails.

  160.      * @throws InvalidUIDLSecurityKeyException

  161.      *             If the received security key does not match the one stored in

  162.      *             the session.

  163.      */

  164.     public void handleRpc(UI ui, Reader reader, VaadinRequest request)

  165.             throws IOException, InvalidUIDLSecurityKeyException {

  166.         ui.getSession().setLastRequestTimestamp(System.currentTimeMillis());

  167. 

  168.         String changeMessage = getMessage(reader);

  169. 

  170.         if (changeMessage == null || changeMessage.equals("")) {

  171.             // The client sometimes sends empty messages, this is probably a bug

  172.             return;

  173.         }

  174. 

  175.         RpcRequest rpcRequest = new RpcRequest(changeMessage, request);

  176. 

  177.         // Security: double cookie submission pattern unless disabled by

  178.         // property

  179.         if (!VaadinService.isCsrfTokenValid(ui.getSession(),

  180.                 rpcRequest.getCsrfToken())) {

  181.             throw new InvalidUIDLSecurityKeyException("");

  182.         }

  183.         handleInvocations(ui, rpcRequest.getSyncId(),

  184.                 rpcRequest.getRpcInvocationsData());

  185. 

  186.         ui.getConnectorTracker().cleanConcurrentlyRemovedConnectorIds(

  187.                 rpcRequest.getSyncId());

  188.     }

  189. 

  190.     /**

  191.      * Processes invocations data received from the client.

  192.      * <p>

  193.      * The invocations data can contain any number of RPC calls, including

  194.      * legacy variable change calls that are processed separately.

  195.      * <p>

  196.      * Consecutive changes to the value of the same variable are combined and

  197.      * changeVariables() is only called once for them. This preserves the Vaadin

  198.      * 6 semantics for components and add-ons that do not use Vaadin 7 RPC

  199.      * directly.

  200.      *

  201.      * @param uI

  202.      *            the UI receiving the invocations data

  203.      * @param lastSyncIdSeenByClient

  204.      *            the most recent sync id the client has seen at the time the

  205.      *            request was sent

  206.      * @param invocationsData

  207.      *            JSON containing all information needed to execute all

  208.      *            requested RPC calls.

  209.      */

  210.     private void handleInvocations(UI uI, int lastSyncIdSeenByClient,

  211.             JsonArray invocationsData) {

  212.         // TODO PUSH Refactor so that this is not needed

  213.         LegacyCommunicationManager manager = uI.getSession()

  214.                 .getCommunicationManager();

  215. 

  216.         try {

  217.             ConnectorTracker connectorTracker = uI.getConnectorTracker();

  218. 

  219.             Set<Connector> enabledConnectors = new HashSet<Connector>();

  220. 

  221.             List<MethodInvocation> invocations = parseInvocations(

  222.                     uI.getConnectorTracker(), invocationsData,

  223.                     lastSyncIdSeenByClient);

  224.             for (MethodInvocation invocation : invocations) {

  225.                 final ClientConnector connector = connectorTracker

  226.                         .getConnector(invocation.getConnectorId());

  227. 

  228.                 if (connector != null && connector.isConnectorEnabled()) {

  229.                     enabledConnectors.add(connector);

  230.                 }

  231.             }

  232. 

  233.             for (int i = 0; i < invocations.size(); i++) {

  234.                 MethodInvocation invocation = invocations.get(i);

  235. 

  236.                 final ClientConnector connector = connectorTracker

  237.                         .getConnector(invocation.getConnectorId());

  238.                 if (connector == null) {

  239.                     getLogger()

  240.                             .log(Level.WARNING,

  241.                                     "Received RPC call for unknown connector with id {0} (tried to invoke {1}.{2})",

  242.                                     new Object[] { invocation.getConnectorId(),

  243.                                             invocation.getInterfaceName(),

  244.                                             invocation.getMethodName() });

  245.                     continue;

  246.                 }

  247. 

  248.                 if (!enabledConnectors.contains(connector)) {

  249. 

  250.                     if (invocation instanceof LegacyChangeVariablesInvocation) {

  251.                         LegacyChangeVariablesInvocation legacyInvocation = (LegacyChangeVariablesInvocation) invocation;

  252.                         // TODO convert window close to a separate RPC call and

  253.                         // handle above - not a variable change

  254. 

  255.                         // Handle special case where window-close is called

  256.                         // after the window has been removed from the

  257.                         // application or the application has closed

  258.                         Map<String, Object> changes = legacyInvocation

  259.                                 .getVariableChanges();

  260.                         if (changes.size() == 1 && changes.containsKey("close")

  261.                                 && Boolean.TRUE.equals(changes.get("close"))) {

  262.                             // Silently ignore this

  263.                             continue;

  264.                         }

  265.                     }

  266. 

  267.                     // Connector is disabled, log a warning and move to the next

  268.                     getLogger().warning(

  269.                             getIgnoredDisabledError("RPC call", connector));

  270.                     continue;

  271.                 }

  272.                 // DragAndDropService has null UI

  273.                 if (connector.getUI() != null && connector.getUI().isClosing()) {

  274.                     String msg = "Ignoring RPC call for connector "

  275.                             + connector.getClass().getName();

  276.                     if (connector instanceof Component) {

  277.                         String caption = ((Component) connector).getCaption();

  278.                         if (caption != null) {

  279.                             msg += ", caption=" + caption;

  280.                         }

  281.                     }

  282.                     msg += " in closed UI";

  283.                     getLogger().warning(msg);

  284.                     continue;

  285. 

  286.                 }

  287. 

  288.                 if (invocation instanceof ServerRpcMethodInvocation) {

  289.                     try {

  290.                         ServerRpcManager.applyInvocation(connector,

  291.                                 (ServerRpcMethodInvocation) invocation);

  292.                     } catch (RpcInvocationException e) {

  293.                         manager.handleConnectorRelatedException(connector, e);

  294.                     }

  295.                 } else {

  296. 

  297.                     // All code below is for legacy variable changes

  298.                     LegacyChangeVariablesInvocation legacyInvocation = (LegacyChangeVariablesInvocation) invocation;

  299.                     Map<String, Object> changes = legacyInvocation

  300.                             .getVariableChanges();

  301.                     try {

  302.                         if (connector instanceof VariableOwner) {

  303.                             // The source parameter is never used anywhere

  304.                             changeVariables(null, (VariableOwner) connector,

  305.                                     changes);

  306.                         } else {

  307.                             throw new IllegalStateException(

  308.                                     "Received legacy variable change for "

  309.                                             + connector.getClass().getName()

  310.                                             + " ("

  311.                                             + connector.getConnectorId()

  312.                                             + ") which is not a VariableOwner. The client-side connector sent these legacy varaibles: "

  313.                                             + changes.keySet());

  314.                         }

  315.                     } catch (Exception e) {

  316.                         manager.handleConnectorRelatedException(connector, e);

  317.                     }

  318.                 }

  319.             }

  320.         } catch (JsonException e) {

  321.             getLogger().warning(

  322.                     "Unable to parse RPC call from the client: "

  323.                             + e.getMessage());

  324.             throw new RuntimeException(e);

  325.         }

  326.     }

  327. 

  328.     /**

  329.      * Parse JSON from the client into a list of MethodInvocation instances.

  330.      *

  331.      * @param connectorTracker

  332.      *            The ConnectorTracker used to lookup connectors

  333.      * @param invocationsJson

  334.      *            JSON containing all information needed to execute all

  335.      *            requested RPC calls.

  336.      * @param lastSyncIdSeenByClient

  337.      *            the most recent sync id the client has seen at the time the

  338.      *            request was sent

  339.      * @return list of MethodInvocation to perform

  340.      */

  341.     private List<MethodInvocation> parseInvocations(

  342.             ConnectorTracker connectorTracker, JsonArray invocationsJson,

  343.             int lastSyncIdSeenByClient) {

  344.         int invocationCount = invocationsJson.length();

  345.         ArrayList<MethodInvocation> invocations = new ArrayList<MethodInvocation>(

  346.                 invocationCount);

  347. 

  348.         MethodInvocation previousInvocation = null;

  349.         // parse JSON to MethodInvocations

  350.         for (int i = 0; i < invocationCount; ++i) {

  351. 

  352.             JsonArray invocationJson = invocationsJson.getArray(i);

  353. 

  354.             MethodInvocation invocation = parseInvocation(invocationJson,

  355.                     previousInvocation, connectorTracker,

  356.                     lastSyncIdSeenByClient);

  357.             if (invocation != null) {

  358.                 // Can be null if the invocation was a legacy invocation and it

  359.                 // was merged with the previous one or if the invocation was

  360.                 // rejected because of an error.

  361.                 invocations.add(invocation);

  362.                 previousInvocation = invocation;

  363.             }

  364.         }

  365.         return invocations;

  366.     }

  367. 

  368.     private MethodInvocation parseInvocation(JsonArray invocationJson,

  369.             MethodInvocation previousInvocation,

  370.             ConnectorTracker connectorTracker, long lastSyncIdSeenByClient) {

  371.         String connectorId = invocationJson.getString(0);

  372.         String interfaceName = invocationJson.getString(1);

  373.         String methodName = invocationJson.getString(2);

  374. 

  375.         if (connectorTracker.getConnector(connectorId) == null

  376.                 && !connectorId.equals(ApplicationConstants.DRAG_AND_DROP_CONNECTOR_ID)) {

  377. 

  378.             if (!connectorTracker.connectorWasPresentAsRequestWasSent(

  379.                     connectorId, lastSyncIdSeenByClient)) {

  380.                 getLogger()

  381.                         .log(Level.WARNING,

  382.                                 "RPC call to "

  383.                                         + interfaceName

  384.                                         + "."

  385.                                         + methodName

  386.                                         + " received for connector "

  387.                                         + connectorId

  388.                                         + " but no such connector could be found. Resynchronizing client.");

  389.                 // This is likely an out of sync issue (client tries to update a

  390.                 // connector which is not present). Force resync.

  391.                 connectorTracker.markAllConnectorsDirty();

  392.             }

  393.             return null;

  394.         }

  395. 

  396.         JsonArray parametersJson = invocationJson.getArray(3);

  397. 

  398.         if (LegacyChangeVariablesInvocation.isLegacyVariableChange(

  399.                 interfaceName, methodName)) {

  400.             if (!(previousInvocation instanceof LegacyChangeVariablesInvocation)) {

  401.                 previousInvocation = null;

  402.             }

  403. 

  404.             return parseLegacyChangeVariablesInvocation(connectorId,

  405.                     interfaceName, methodName,

  406.                     (LegacyChangeVariablesInvocation) previousInvocation,

  407.                     parametersJson, connectorTracker);

  408.         } else {

  409.             return parseServerRpcInvocation(connectorId, interfaceName,

  410.                     methodName, parametersJson, connectorTracker);

  411.         }

  412. 

  413.     }

  414. 

  415.     private LegacyChangeVariablesInvocation parseLegacyChangeVariablesInvocation(

  416.             String connectorId, String interfaceName, String methodName,

  417.             LegacyChangeVariablesInvocation previousInvocation,

  418.             JsonArray parametersJson, ConnectorTracker connectorTracker) {

  419.         if (parametersJson.length() != 2) {

  420.             throw new JsonException(

  421.                     "Invalid parameters in legacy change variables call. Expected 2, was "

  422.                             + parametersJson.length());

  423.         }

  424.         String variableName = parametersJson.getString(0);

  425.         UidlValue uidlValue = (UidlValue) JsonCodec.decodeInternalType(

  426.                 UidlValue.class, true, parametersJson.get(1), connectorTracker);

  427. 

  428.         Object value = uidlValue.getValue();

  429. 

  430.         if (previousInvocation != null

  431.                 && previousInvocation.getConnectorId().equals(connectorId)) {

  432.             previousInvocation.setVariableChange(variableName, value);

  433.             return null;

  434.         } else {

  435.             return new LegacyChangeVariablesInvocation(connectorId,

  436.                     variableName, value);

  437.         }

  438.     }

  439. 

  440.     private ServerRpcMethodInvocation parseServerRpcInvocation(

  441.             String connectorId, String interfaceName, String methodName,

  442.             JsonArray parametersJson, ConnectorTracker connectorTracker)

  443.             throws JsonException {

  444.         ClientConnector connector = connectorTracker.getConnector(connectorId);

  445. 

  446.         ServerRpcManager<?> rpcManager = connector.getRpcManager(interfaceName);

  447.         if (rpcManager == null) {

  448.             /*

  449.              * Security: Don't even decode the json parameters if no RpcManager

  450.              * corresponding to the received method invocation has been

  451.              * registered.

  452.              */

  453.             getLogger().warning(

  454.                     "Ignoring RPC call to " + interfaceName + "." + methodName

  455.                             + " in connector " + connector.getClass().getName()

  456.                             + "(" + connectorId

  457.                             + ") as no RPC implementation is registered");

  458.             return null;

  459.         }

  460. 

  461.         // Use interface from RpcManager instead of loading the class based on

  462.         // the string name to avoid problems with OSGi

  463.         Class<? extends ServerRpc> rpcInterface = rpcManager.getRpcInterface();

  464. 

  465.         ServerRpcMethodInvocation invocation = new ServerRpcMethodInvocation(

  466.                 connectorId, rpcInterface, methodName, parametersJson.length());

  467. 

  468.         Object[] parameters = new Object[parametersJson.length()];

  469.         Type[] declaredRpcMethodParameterTypes = invocation.getMethod()

  470.                 .getGenericParameterTypes();

  471. 

  472.         for (int j = 0; j < parametersJson.length(); ++j) {

  473.             JsonValue parameterValue = parametersJson.get(j);

  474.             Type parameterType = declaredRpcMethodParameterTypes[j];

  475.             parameters[j] = JsonCodec.decodeInternalOrCustomType(parameterType,

  476.                     parameterValue, connectorTracker);

  477.         }

  478.         invocation.setParameters(parameters);

  479.         return invocation;

  480.     }

  481. 

  482.     protected void changeVariables(Object source, VariableOwner owner,

  483.             Map<String, Object> m) {

  484.         owner.changeVariables(source, m);

  485.     }

  486. 

  487.     protected String getMessage(Reader reader) throws IOException {

  488. 

  489.         StringBuilder sb = new StringBuilder(MAX_BUFFER_SIZE);

  490.         char[] buffer = new char[MAX_BUFFER_SIZE];

  491. 

  492.         while (true) {

  493.             int read = reader.read(buffer);

  494.             if (read == -1) {

  495.                 break;

  496.             }

  497.             sb.append(buffer, 0, read);

  498.         }

  499. 

  500.         return sb.toString();

  501.     }

  502. 

  503.     private static final Logger getLogger() {

  504.         return Logger.getLogger(ServerRpcHandler.class.getName());

  505.     }

  506. 

  507.     /**

  508.      * Generates an error message when the client is trying to to something

  509.      * ('what') with a connector which is disabled or invisible.

  510.      *

  511.      * @since 7.1.8

  512.      * @param connector

  513.      *            the connector which is disabled (or invisible)

  514.      * @return an error message

  515.      */

  516.     public static String getIgnoredDisabledError(String what,

  517.             ClientConnector connector) {

  518.         String msg = "Ignoring " + what + " for disabled connector "

  519.                 + connector.getClass().getName();

  520.         if (connector instanceof Component) {

  521.             String caption = ((Component) connector).getCaption();

  522.             if (caption != null) {

  523.                 msg += ", caption=" + caption;

  524.             }

  525.         }

  526.         return msg;

  527.     }

  528. }