Hi,

You'll have to work out a token generation scheme. If you find a nice
one, post it.

Sessions will typically timeout (the timeout is app server dependent),
but I also added session.invalidate() on login to ensure that the
previous session is invalidated (e.g. two users usin the same
browser).

Carl.

On Apr 8, 8:04 am, Superman859 <[email protected]> wrote:
> Thanks Carl!  Your method worked fine.  It's almost fully implemented,
> but the only question I have that remains is the proper way to
> generate tokens.  I haven't ever had to generate them before - is
> there an automatic way of generating unique tokens, or is generateToken
> () a function I would write myself and have to ensure that each token
> generated was unique?
>
> For now, I just hard coded a random string into the code, which worked
> well enough to see that the PDF did indeed open in a new window and
> display as expected.
>
> I will also need to figure out the session settings so that they are
> invalidated properly, although I think I will need to do a bit more
> reading on this.
>
> // RPC code in the class which extends RemoteServiceServlet
> public String generatePDF(ReportDO report, int id) {
>
>                 // initialize new document for PDF
>                 Document document = new Document();
>
>                 // generate one time token that the client can use to 
> retrieve the
> PDF
>                 String token = "258958395ai53";
>
>                 // generate test PDF
>                 try {
>
>                 ByteArrayOutputStream baos = new ByteArrayOutputStream();
>                 PdfWriter.getInstance(document, baos);
>                 document.open();
>                 document.add(new Paragraph("Hello World!"));
>                 document.close();
>
>                 byte[] pdf = baos.toByteArray();
>
>                 HttpServletRequest request = this.getThreadLocalRequest();
>                 HttpSession session = request.getSession();
>                 session.setAttribute(token, pdf);
>
>                 }
>                 catch (Exception e) {
>                         
> System.out.println("ReportServlet::generatePDF::Exception " +
> e.getMessage());
>                 }
>
>                 return token;
>
>         }
>
> // standard servlet
> public class PDFServlet extends HttpServlet {
>
>         public void doGet(HttpServletRequest request, HttpServletResponse
> response) throws IOException, ServletException {
>
>                 // create output stream from byte array in session
>                 ByteArrayOutputStream baos = new ByteArrayOutputStream();
>                 String token = request.getParameter("token");
>                 byte[] pdf = (byte[]) 
> request.getSession().getAttribute(token);
>                 baos.write(pdf);
>
>                 // setting some response headers
>                 response.setHeader("Expires", "0");
>                 response.setHeader("Cache-Control", "must-revalidate, 
> post-check=0,
> pre-check=0");
>                 response.setHeader("Pragma", "public");
>
>                 response.setContentType("application/pdf");
>
>                 // content length is needed for MSIE
>                 response.setContentLength(baos.size());
>
>                 // write ByteArrayOutputStream to ServletOutputStream
>                 ServletOutputStream out = response.getOutputStream();
>                 baos.writeTo(out);
>                 out.flush();
>         }
>
> }
>
> // client side code section
> ReportController.getInstance().generatePDF(report, id, new
> AsyncCallback() {
>
>                                         public void onFailure(Throwable 
> caught) {
>                                                 SC.say("Failed");
>
>                                         }
>
>                                         public void onSuccess(Object result) {
>                                                 String token = (String) 
> result;
>                                                 
> Window.open("PDFService?token=" + token, "_blank",
> "menubar=yes,location=yes,resizable=yes,scrollbars=yes,status=yes");
>
>                                         }
>
>                                 });
>                         }
>                 });
>
> On Apr 7, 1:04 am, Carl Pritchett <[email protected]> wrote:
>
> > The simplest safest way I can think of is basically the same as other
> > people have already stated in this thread.
> > Using a token and storing data in the session means that the pdf data
> > is unique to the user (as long as the session is invalidated
> > properly).
>
> > - Send an RPC call to generate the pdf (or at least send the
> > information used to generate the pdf)
> > - The RPC service saves the pdf (or request data) in the session:
>
> >         // use the data to create the PDF usingiTextetc
> >         byte[] pdf = generatePDF(requestData);
>
> >         // generate a one-time token that the client can use to
> > retrieve the PDF
> >         String token = generateToken();
>
> >         HttpServletRequest req = this.getThreadLocalRequest();
> >         HttpSession session = req.getSession();
> >         session.setAttribute(token, pdf);
> >         return token;
>
> > - Then the client calls a normal servlet with the token as a parameter
> > (localhost:8080/myApp/pdfRetriever?token=...)
> > - This servlet looks up the data in the session using the token,
> > removes the attribute, and sends back the pdf
>
> >         String token = req.getParameter("token");
> >         byte[] pdf = (byte[])req.getSession().getAttribute(token);
>
> > Carl.
>
> > On Apr 7, 11:18 am, Superman859 <[email protected]> wrote:
>
> > > Thanks for all the responses.  I had (and still do) little
> > > understanding of responses and requests as I rarely work directly with
> > > them.  However, I now see that GWT-RPC is not the way to go.  From
> > > what I've read and what I saw using Firebug, GWT-RPC sets up the
> > > response variable for it's own purposes as part of GWT-RPC, so by
> > > going in and modifying it myself I caused problems with GWT-RPC.
>
> > > Instead of extending RemoteServiceServlet, I extended HttpServlet and
> > > have been able to get a result.  However, I was not able to get a
> > > result from the GWT app yet using RequestBuilder.  I attempted to do
> > > so, and the function ran (I had some print statements which showed up
> > > in the log) successfully and the RequestCallback received a response.
> > > However, nothing happened.
>
> > > Is it possible to do this using RequestBuilder?  Using Firebug, I saw
> > > a response was generated and it seemed to have the correct headers as
> > > I had set.  However, no PDF file opened, was offered, etc. and it
> > > appeared as if nothing happened.
>
> > > I was able to get it to generate a PDF by simply typing the URL into
> > > my browser...
>
> > >www.site.com/app-name/PDFServlet
>
> > > that URL displayed a Hello World example PDF as expected.  Ideally,
> > > this would open by clicking from GWT app.  I suppose I could create a
> > > standard HTML link in the GWT app and that may work, but I wonder why
> > > the RequestBuilder did not work, even though response was returned.
>
> > > And finally - does anyone have any tips on ways to make it more secure
> > > somehow?  While there is a rare chance, and it probably wouldn't be
> > > anything serious, anyone could type in the URL in the browser and view
> > > the reports that will be generated, provided they pass in the report
> > > ID, etc.  Is there a way that it would only work if accessed from the
> > > app (which is user protected) or are there any other tips on making it
> > > a bit more secure?
>
> > > Below is my current servlet code, followed by the RequestBuilder part
> > > of the app that failed to work as expected.
>
> > > public class PDFServlet extends HttpServlet {
>
> > >         public void doGet(HttpServletRequest request, HttpServletResponse
> > > response) throws IOException, ServletException {
> > >                 System.out.println("Hello World! to follow");
>
> > >                 Document document = new Document();
>
> > >                 // generate test PDF
> > >                 try {
>
> > >                 ByteArrayOutputStream baos = new ByteArrayOutputStream();
> > >                 //PdfWriter.getInstance(document, new FileOutputStream
> > > ("HelloWorld.pdf"));
> > >                 PdfWriter.getInstance(document, baos);
> > >                 document.open();
> > >                 document.add(new Paragraph("Hello World!"));
> > >                 document.close();
>
> > >                 // setting some response headers
> > >                 response.setHeader("Expires", "0");
> > >                 response.setHeader("Cache-Control", "must-revalidate, 
> > > post-check=0,
> > > pre-check=0");
> > >                 response.setHeader("Pragma", "public");
>
> > >                 response.setContentType("application/pdf");
>
> > >                 // content length is needed for MSIE
> > >                 response.setContentLength(baos.size());
>
> > >                 // write ByteArrayOutputStream to ServletOutputStream
> > >                 ServletOutputStream out = response.getOutputStream();
> > >                 baos.writeTo(out);
> > >                 out.flush();
> > >                 }
> > >                 catch (Exception e) {
> > >                         System.out.println("PDFServlet::doGet::Exception 
> > > " + e.getMessage
> > > ());
> > >                 }
>
> > >         }
>
> > > }
>
> > > /*
> > >  * Code in GWT app - ultimately I will pass report type, ID to the
> > > servlet to generate the
> > >  * appropriate report
> > > */
> > > public void onRecordClick(RecordClickEvent event) {
> > >                                 //need to add report ID, etc. to the 
> > > request in the future
> > >                                 RequestBuilder request = new 
> > > RequestBuilder(RequestBuilder.GET,
> > > "PDFService");
> > >                                 request.setCallback(new RequestCallback() 
> > > {
>
> > >                                         public void onError(Request 
> > > request, Throwable exception) {
> > >                                                 SC.say("onError"); // 
> > > this is just an alert
>
> > >                                         }
>
> > >                                         public void 
> > > onResponseReceived(Request request,
> > >                                                         Response 
> > > response) {
> > >                                                 
> > > SC.say("onResponseReceived"); // alert
>
> > >                                         }
>
> > >                                 });
>
> > > On Apr 6, 5:45 pm, Daniel Jue <[email protected]> wrote:
>
> > > > There is a PDF generation demo using a GWT entrypoint on the 
> > > > DynamicJasper
> > > > website (a wrapper for Jasper,
>
> ...
>
> read more »

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to