Reviewers: Ray Ryan,
http://gwt-code-reviews.appspot.com/106803/diff/18/19 File user/src/com/google/gwt/rpc/server/RPC.java (right): http://gwt-code-reviews.appspot.com/106803/diff/18/19#newcode217 Line 217: throw new SerializationException( Yes, this gets handled in the same way as any other exception in the serving machinery. The browser client sees this as an opaque failure, and the server code has an opportunity to handle it in an arbitrary way by overriding AbstractRemoteServiceServlet.doUnexpectedFailure(Throwable) http://gwt-code-reviews.appspot.com/106803/diff/18/20 File user/src/com/google/gwt/user/server/rpc/AbstractRemoteServiceServlet.java (right): http://gwt-code-reviews.appspot.com/106803/diff/18/20#newcode107 Line 107: throw new RuntimeException("Unable to report failure", e); On 2009/11/19 21:56:34, Ray Ryan wrote: > So "Unable to report failure" will not reach the client, right? This doUnexpectedFailure() method is the only way that unchecked exceptions might be reported to the client. If we hit this throw statement, something has gone very wrong anyway, and it's unlikely that we could send a well-formed failure message to the client. http://gwt-code-reviews.appspot.com/106803/diff/18/21 File user/src/com/google/gwt/user/server/rpc/RPCServletUtils.java (right): http://gwt-code-reviews.appspot.com/106803/diff/18/21#newcode261 Line 261: response.getOutputStream().write(GENERIC_FAILURE_MSG.getBytes("UTF-8")); The rest of the RPC-handling code calls getOutputStream(). Even after resetting the response, you can't then call getWriter() on it. I'll add a comment to this effect. http://gwt-code-reviews.appspot.com/106803/diff/18/22 File user/test/com/google/gwt/user/client/rpc/RemoteServiceServletTest.java (right): http://gwt-code-reviews.appspot.com/106803/diff/18/22#newcode214 Line 214: public void testUnknownRuntimeException() { This test is run against both systems, so at least their behavior will be consistent. Description: This change ensures that the deRPC code will not attempt to send a RuntimeException (of a possibly unknown type) back to the client. Instead, the RuntimeException will be reported as a generic SerializationException to avoid exposing any internal data in the exception's message. Please review this at http://gwt-code-reviews.appspot.com/106803 Affected files: M user/src/com/google/gwt/rpc/server/RPC.java M user/src/com/google/gwt/user/server/rpc/AbstractRemoteServiceServlet.java M user/src/com/google/gwt/user/server/rpc/RPCServletUtils.java M user/test/com/google/gwt/user/client/rpc/RemoteServiceServletTest.java M user/test/com/google/gwt/user/client/rpc/RemoteServiceServletTestService.java M user/test/com/google/gwt/user/client/rpc/RemoteServiceServletTestServiceAsync.java M user/test/com/google/gwt/user/server/rpc/RemoteServiceServletTestServiceImplBase.java -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
