Alright - thanks. Again, right now it just uses a hard coded string, which works. However, if a user generates three different forms, and then refreshes the three new windows (PDF file), the end result is three copies of the last form that was generated and added to the token.
Is there anything wrong with using a random number generator to generate the tokens? Provided the range is large enough, the probability of two generated forms during a single session getting the same random number is small, so they should essentially all be unique nearly 100% of the time. (After all, a user would only generate a few forms per session, or at most 20 or so). Is there anything wrong with this scheme? @flyingbuzz - your PDF looks nice. Right now ours is extremely basic just posting the details using new Phrase(). I haven't looked into styling it yet until I get the basic details down. Then I can go in and style them, but they will probably still be more basic than yours. They are simple behavior reports for students in school that displays some basic information about their behavior over the week / month / etc. On Apr 8, 1:50 am, Carl Pritchett <[email protected]> wrote: > Hi, > > You'll have to work out a token generation scheme. If you find a nice > one, post it. > > Sessions will typically timeout (the timeout is app server dependent), > but I also added session.invalidate() on login to ensure that the > previous session is invalidated (e.g. two users usin the same > browser). > > Carl. > > On Apr 8, 8:04 am, Superman859 <[email protected]> wrote: > > > Thanks Carl! Your method worked fine. It's almost fully implemented, > > but the only question I have that remains is the proper way to > > generate tokens. I haven't ever had to generate them before - is > > there an automatic way of generating unique tokens, or is generateToken > > () a function I would write myself and have to ensure that each token > > generated was unique? > > > For now, I just hard coded a random string into the code, which worked > > well enough to see that the PDF did indeed open in a new window and > > display as expected. > > > I will also need to figure out the session settings so that they are > > invalidated properly, although I think I will need to do a bit more > > reading on this. > > > // RPC code in the class which extends RemoteServiceServlet > > public String generatePDF(ReportDO report, int id) { > > > // initialize new document for PDF > > Document document = new Document(); > > > // generate one time token that the client can use to > > retrieve the > > PDF > > String token = "258958395ai53"; > > > // generate test PDF > > try { > > > ByteArrayOutputStream baos = new ByteArrayOutputStream(); > > PdfWriter.getInstance(document, baos); > > document.open(); > > document.add(new Paragraph("Hello World!")); > > document.close(); > > > byte[] pdf = baos.toByteArray(); > > > HttpServletRequest request = this.getThreadLocalRequest(); > > HttpSession session = request.getSession(); > > session.setAttribute(token, pdf); > > > } > > catch (Exception e) { > > > > System.out.println("ReportServlet::generatePDF::Exception " + > > e.getMessage()); > > } > > > return token; > > > } > > > // standard servlet > > public class PDFServlet extends HttpServlet { > > > public void doGet(HttpServletRequest request, HttpServletResponse > > response) throws IOException, ServletException { > > > // create output stream from byte array in session > > ByteArrayOutputStream baos = new ByteArrayOutputStream(); > > String token = request.getParameter("token"); > > byte[] pdf = (byte[]) > > request.getSession().getAttribute(token); > > baos.write(pdf); > > > // setting some response headers > > response.setHeader("Expires", "0"); > > response.setHeader("Cache-Control", "must-revalidate, > > post-check=0, > > pre-check=0"); > > response.setHeader("Pragma", "public"); > > > response.setContentType("application/pdf"); > > > // content length is needed for MSIE > > response.setContentLength(baos.size()); > > > // write ByteArrayOutputStream to ServletOutputStream > > ServletOutputStream out = response.getOutputStream(); > > baos.writeTo(out); > > out.flush(); > > } > > > } > > > // client side code section > > ReportController.getInstance().generatePDF(report, id, new > > AsyncCallback() { > > > public void onFailure(Throwable > > caught) { > > SC.say("Failed"); > > > } > > > public void onSuccess(Object > > result) { > > String token = (String) > > result; > > > > Window.open("PDFService?token=" + token, "_blank", > > "menubar=yes,location=yes,resizable=yes,scrollbars=yes,status=yes"); > > > } > > > }); > > } > > }); > > > On Apr 7, 1:04 am, Carl Pritchett <[email protected]> wrote: > > > > The simplest safest way I can think of is basically the same as other > > > people have already stated in this thread. > > > Using a token and storing data in the session means that the pdf data > > > is unique to the user (as long as the session is invalidated > > > properly). > > > > - Send an RPC call to generate the pdf (or at least send the > > > information used to generate the pdf) > > > - The RPC service saves the pdf (or request data) in the session: > > > > // use the data to create the PDF usingiTextetc > > > byte[] pdf = generatePDF(requestData); > > > > // generate a one-time token that the client can use to > > > retrieve the PDF > > > String token = generateToken(); > > > > HttpServletRequest req = this.getThreadLocalRequest(); > > > HttpSession session = req.getSession(); > > > session.setAttribute(token, pdf); > > > return token; > > > > - Then the client calls a normal servlet with the token as a parameter > > > (localhost:8080/myApp/pdfRetriever?token=...) > > > - This servlet looks up the data in the session using the token, > > > removes the attribute, and sends back the pdf > > > > String token = req.getParameter("token"); > > > byte[] pdf = (byte[])req.getSession().getAttribute(token); > > > > Carl. > > > > On Apr 7, 11:18 am, Superman859 <[email protected]> wrote: > > > > > Thanks for all the responses. I had (and still do) little > > > > understanding of responses and requests as I rarely work directly with > > > > them. However, I now see that GWT-RPC is not the way to go. From > > > > what I've read and what I saw using Firebug, GWT-RPC sets up the > > > > response variable for it's own purposes as part of GWT-RPC, so by > > > > going in and modifying it myself I caused problems with GWT-RPC. > > > > > Instead of extending RemoteServiceServlet, I extended HttpServlet and > > > > have been able to get a result. However, I was not able to get a > > > > result from the GWT app yet using RequestBuilder. I attempted to do > > > > so, and the function ran (I had some print statements which showed up > > > > in the log) successfully and the RequestCallback received a response. > > > > However, nothing happened. > > > > > Is it possible to do this using RequestBuilder? Using Firebug, I saw > > > > a response was generated and it seemed to have the correct headers as > > > > I had set. However, no PDF file opened, was offered, etc. and it > > > > appeared as if nothing happened. > > > > > I was able to get it to generate a PDF by simply typing the URL into > > > > my browser... > > > > >www.site.com/app-name/PDFServlet > > > > > that URL displayed a Hello World example PDF as expected. Ideally, > > > > this would open by clicking from GWT app. I suppose I could create a > > > > standard HTML link in the GWT app and that may work, but I wonder why > > > > the RequestBuilder did not work, even though response was returned. > > > > > And finally - does anyone have any tips on ways to make it more secure > > > > somehow? While there is a rare chance, and it probably wouldn't be > > > > anything serious, anyone could type in the URL in the browser and view > > > > the reports that will be generated, provided they pass in the report > > > > ID, etc. Is there a way that it would only work if accessed from the > > > > app (which is user protected) or are there any other tips on making it > > > > a bit more secure? > > > > > Below is my current servlet code, followed by the RequestBuilder part > > > > of the app that failed to work as expected. > > > > > public class PDFServlet extends HttpServlet { > > > > > public void doGet(HttpServletRequest request, > > > > HttpServletResponse > > > > response) throws IOException, ServletException { > > > > System.out.println("Hello World! to follow"); > > > > > Document document = new Document(); > > > > > // generate test PDF > > > > try { > > > > > ByteArrayOutputStream baos = new > > > > ByteArrayOutputStream(); > > > > //PdfWriter.getInstance(document, new FileOutputStream > > > > ("HelloWorld.pdf")); > > > > PdfWriter.getInstance(document, baos); > > > > document.open(); > > > > document.add(new Paragraph("Hello World!")); > > > > document.close(); > > > > > // setting some response headers > > > > response.setHeader("Expires", "0"); > > > > response.setHeader("Cache-Control", "must-revalidate, > > > > post-check=0, > > > > pre-check=0"); > > > > response.setHeader("Pragma", "public"); > > > > > response.setContentType("application/pdf"); > > > > > // content length is needed for MSIE > > > > > > ... > > read more » --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
