Hi, You'll have to work out a token generation scheme. If you find a nice one, post it.
Sessions will typically timeout (the timeout is app server dependent), but I also added session.invalidate() on login to ensure that the previous session is invalidated (e.g. two users usin the same browser). Carl. On Apr 8, 8:04 am, Superman859 <[email protected]> wrote: > Thanks Carl! Your method worked fine. It's almost fully implemented, > but the only question I have that remains is the proper way to > generate tokens. I haven't ever had to generate them before - is > there an automatic way of generating unique tokens, or is generateToken > () a function I would write myself and have to ensure that each token > generated was unique? > > For now, I just hard coded a random string into the code, which worked > well enough to see that the PDF did indeed open in a new window and > display as expected. > > I will also need to figure out the session settings so that they are > invalidated properly, although I think I will need to do a bit more > reading on this. > > // RPC code in the class which extends RemoteServiceServlet > public String generatePDF(ReportDO report, int id) { > > // initialize new document for PDF > Document document = new Document(); > > // generate one time token that the client can use to > retrieve the > PDF > String token = "258958395ai53"; > > // generate test PDF > try { > > ByteArrayOutputStream baos = new ByteArrayOutputStream(); > PdfWriter.getInstance(document, baos); > document.open(); > document.add(new Paragraph("Hello World!")); > document.close(); > > byte[] pdf = baos.toByteArray(); > > HttpServletRequest request = this.getThreadLocalRequest(); > HttpSession session = request.getSession(); > session.setAttribute(token, pdf); > > } > catch (Exception e) { > > System.out.println("ReportServlet::generatePDF::Exception " + > e.getMessage()); > } > > return token; > > } > > // standard servlet > public class PDFServlet extends HttpServlet { > > public void doGet(HttpServletRequest request, HttpServletResponse > response) throws IOException, ServletException { > > // create output stream from byte array in session > ByteArrayOutputStream baos = new ByteArrayOutputStream(); > String token = request.getParameter("token"); > byte[] pdf = (byte[]) > request.getSession().getAttribute(token); > baos.write(pdf); > > // setting some response headers > response.setHeader("Expires", "0"); > response.setHeader("Cache-Control", "must-revalidate, > post-check=0, > pre-check=0"); > response.setHeader("Pragma", "public"); > > response.setContentType("application/pdf"); > > // content length is needed for MSIE > response.setContentLength(baos.size()); > > // write ByteArrayOutputStream to ServletOutputStream > ServletOutputStream out = response.getOutputStream(); > baos.writeTo(out); > out.flush(); > } > > } > > // client side code section > ReportController.getInstance().generatePDF(report, id, new > AsyncCallback() { > > public void onFailure(Throwable > caught) { > SC.say("Failed"); > > } > > public void onSuccess(Object result) { > String token = (String) > result; > > Window.open("PDFService?token=" + token, "_blank", > "menubar=yes,location=yes,resizable=yes,scrollbars=yes,status=yes"); > > } > > }); > } > }); > > On Apr 7, 1:04 am, Carl Pritchett <[email protected]> wrote: > > > The simplest safest way I can think of is basically the same as other > > people have already stated in this thread. > > Using a token and storing data in the session means that the pdf data > > is unique to the user (as long as the session is invalidated > > properly). > > > - Send an RPC call to generate the pdf (or at least send the > > information used to generate the pdf) > > - The RPC service saves the pdf (or request data) in the session: > > > // use the data to create the PDF usingiTextetc > > byte[] pdf = generatePDF(requestData); > > > // generate a one-time token that the client can use to > > retrieve the PDF > > String token = generateToken(); > > > HttpServletRequest req = this.getThreadLocalRequest(); > > HttpSession session = req.getSession(); > > session.setAttribute(token, pdf); > > return token; > > > - Then the client calls a normal servlet with the token as a parameter > > (localhost:8080/myApp/pdfRetriever?token=...) > > - This servlet looks up the data in the session using the token, > > removes the attribute, and sends back the pdf > > > String token = req.getParameter("token"); > > byte[] pdf = (byte[])req.getSession().getAttribute(token); > > > Carl. > > > On Apr 7, 11:18 am, Superman859 <[email protected]> wrote: > > > > Thanks for all the responses. I had (and still do) little > > > understanding of responses and requests as I rarely work directly with > > > them. However, I now see that GWT-RPC is not the way to go. From > > > what I've read and what I saw using Firebug, GWT-RPC sets up the > > > response variable for it's own purposes as part of GWT-RPC, so by > > > going in and modifying it myself I caused problems with GWT-RPC. > > > > Instead of extending RemoteServiceServlet, I extended HttpServlet and > > > have been able to get a result. However, I was not able to get a > > > result from the GWT app yet using RequestBuilder. I attempted to do > > > so, and the function ran (I had some print statements which showed up > > > in the log) successfully and the RequestCallback received a response. > > > However, nothing happened. > > > > Is it possible to do this using RequestBuilder? Using Firebug, I saw > > > a response was generated and it seemed to have the correct headers as > > > I had set. However, no PDF file opened, was offered, etc. and it > > > appeared as if nothing happened. > > > > I was able to get it to generate a PDF by simply typing the URL into > > > my browser... > > > >www.site.com/app-name/PDFServlet > > > > that URL displayed a Hello World example PDF as expected. Ideally, > > > this would open by clicking from GWT app. I suppose I could create a > > > standard HTML link in the GWT app and that may work, but I wonder why > > > the RequestBuilder did not work, even though response was returned. > > > > And finally - does anyone have any tips on ways to make it more secure > > > somehow? While there is a rare chance, and it probably wouldn't be > > > anything serious, anyone could type in the URL in the browser and view > > > the reports that will be generated, provided they pass in the report > > > ID, etc. Is there a way that it would only work if accessed from the > > > app (which is user protected) or are there any other tips on making it > > > a bit more secure? > > > > Below is my current servlet code, followed by the RequestBuilder part > > > of the app that failed to work as expected. > > > > public class PDFServlet extends HttpServlet { > > > > public void doGet(HttpServletRequest request, HttpServletResponse > > > response) throws IOException, ServletException { > > > System.out.println("Hello World! to follow"); > > > > Document document = new Document(); > > > > // generate test PDF > > > try { > > > > ByteArrayOutputStream baos = new ByteArrayOutputStream(); > > > //PdfWriter.getInstance(document, new FileOutputStream > > > ("HelloWorld.pdf")); > > > PdfWriter.getInstance(document, baos); > > > document.open(); > > > document.add(new Paragraph("Hello World!")); > > > document.close(); > > > > // setting some response headers > > > response.setHeader("Expires", "0"); > > > response.setHeader("Cache-Control", "must-revalidate, > > > post-check=0, > > > pre-check=0"); > > > response.setHeader("Pragma", "public"); > > > > response.setContentType("application/pdf"); > > > > // content length is needed for MSIE > > > response.setContentLength(baos.size()); > > > > // write ByteArrayOutputStream to ServletOutputStream > > > ServletOutputStream out = response.getOutputStream(); > > > baos.writeTo(out); > > > out.flush(); > > > } > > > catch (Exception e) { > > > System.out.println("PDFServlet::doGet::Exception > > > " + e.getMessage > > > ()); > > > } > > > > } > > > > } > > > > /* > > > * Code in GWT app - ultimately I will pass report type, ID to the > > > servlet to generate the > > > * appropriate report > > > */ > > > public void onRecordClick(RecordClickEvent event) { > > > //need to add report ID, etc. to the > > > request in the future > > > RequestBuilder request = new > > > RequestBuilder(RequestBuilder.GET, > > > "PDFService"); > > > request.setCallback(new RequestCallback() > > > { > > > > public void onError(Request > > > request, Throwable exception) { > > > SC.say("onError"); // > > > this is just an alert > > > > } > > > > public void > > > onResponseReceived(Request request, > > > Response > > > response) { > > > > > > SC.say("onResponseReceived"); // alert > > > > } > > > > }); > > > > On Apr 6, 5:45 pm, Daniel Jue <[email protected]> wrote: > > > > > There is a PDF generation demo using a GWT entrypoint on the > > > > DynamicJasper > > > > website (a wrapper for Jasper, > > ... > > read more » --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
