com.vaadin.terminal.gwt.server.


Class AbstractApplicationServlet

java.lang.Object
  javax.servlet.GenericServlet
      javax.servlet.http.HttpServlet
          com.vaadin.terminal.gwt.server.AbstractApplicationServlet

All Implemented Interfaces:

Constants, Serializable, Servlet, ServletConfig

Direct Known Subclasses:

ApplicationRunnerServlet, ApplicationServlet

public abstract class AbstractApplicationServlet
extends HttpServlet
implements Constants

Abstract implementation of the ApplicationServlet which handles all communication between the client and the server. It is possible to extend this class to provide own functionality but in most cases this is unnecessary.

Since:

6.0

Version:

6.8.18

Author:

Vaadin Ltd.

See Also:

Serialized Form

Nested Class Summary
 class AbstractApplicationServlet.ParameterHandlerErrorImpl
          Implementation of ParameterHandler.ErrorEvent interface.
 class AbstractApplicationServlet.RequestError
           
protected static class AbstractApplicationServlet.RequestType
           
 class AbstractApplicationServlet.URIHandlerErrorImpl
          Implementation of URIHandler.ErrorEvent interface.
 
Field Summary
static String REQUEST_APPSTYLE
          This request attribute is used to add styles to the main element.
static String REQUEST_DEFAULT_THEME
          If set, do not load the default theme but assume that loading it is handled e.g.
static String REQUEST_FRAGMENT
          If the attribute is present in the request, a html fragment will be written instead of a whole page.
static String REQUEST_SHARED_WIDGETSET
          This request attribute indicates the shared widgetset (e.g.
static String REQUEST_VAADIN_STATIC_FILE_PATH
          This request attribute forces widgetsets to be loaded from under the specified base path; e.g shared widgetset for all portlets in a portal.
static String REQUEST_WIDGETSET
          This request attribute forces widgetset used; e.g for portlets that can not have different widgetsets.
static String VERSION
          The version number of this release.
static String VERSION_BUILD
          Build identifier.
static int VERSION_MAJOR
          Major version number.
static int VERSION_MINOR
          Minor version number.
static int VERSION_REVISION
          Version revision number.
 
Fields inherited from interface com.vaadin.terminal.gwt.server.Constants
AJAX_UIDL_URI, DEFAULT_BUFFER_SIZE, DEFAULT_THEME_CACHETIME, DEFAULT_THEME_NAME, DEFAULT_WIDGETSET, ERROR_NO_WINDOW_FOUND, INVALID_SECURITY_KEY_MSG, MAX_BUFFER_SIZE, NOT_PRODUCTION_MODE_INFO, PARAMETER_VAADIN_RESOURCES, PARAMETER_WIDGETSET, PORTAL_PARAMETER_VAADIN_RESOURCE_PATH, PORTAL_PARAMETER_VAADIN_THEME, PORTAL_PARAMETER_VAADIN_WIDGETSET, SERVLET_PARAMETER_DEBUG, SERVLET_PARAMETER_DISABLE_XSRF_PROTECTION, SERVLET_PARAMETER_PRODUCTION_MODE, SERVLET_PARAMETER_RESOURCE_CACHE_TIME, THEME_DIRECTORY_PATH, URL_PARAMETER_CLOSE_APPLICATION, URL_PARAMETER_REPAINT_ALL, URL_PARAMETER_RESTART_APPLICATION, URL_PARAMETER_THEME, WARNING_RESOURCE_CACHING_TIME_NOT_NUMERIC, WARNING_XSRF_PROTECTION_DISABLED, WIDGETSET_DIRECTORY_PATH, WIDGETSET_MISMATCH_INFO
 
Constructor Summary
AbstractApplicationServlet()
           
 
Method Summary
 CommunicationManager createCommunicationManager(Application application)
          Deprecated. Instead of overriding this method, override WebApplicationContext implementation via getApplicationContext(HttpSession) method and in that customized implementation return your CommunicationManager in WebApplicationContext.getApplicationManager(Application, AbstractApplicationServlet) method.
protected  String createPreventCachingQueryString()
          To ensure the GWT kickstart scritp is downloaded each time (even if server caching is not set up right), we add a unique query parameter to the end of the script file.
protected  void criticalNotification(HttpServletRequest request, HttpServletResponse response, String caption, String message, String details, String url)
          Send a notification to client's application.
protected abstract  Class<? extends Application> getApplicationClass()
           
protected  WebApplicationContext getApplicationContext(HttpSession session)
          Gets the application context from an HttpSession.
protected  String getApplicationCSSClassName()
          Returns the application class identifier for use in the application CSS class name in the root DIV.
protected  String getApplicationProperty(String parameterName)
          Gets an application property value.
protected  URL getApplicationUrl(HttpServletRequest request)
          Gets the current application URL from request.
protected  Window getApplicationWindow(HttpServletRequest request, CommunicationManager applicationManager, Application application)
          Gets the existing application or create a new one.
protected  ClassLoader getClassLoader()
           
static String getDefaultTheme()
          Returns the default theme.
protected  Application getExistingApplication(HttpServletRequest request, boolean allowSessionCreation)
          Gets the existing application for given request.
protected abstract  Application getNewApplication(HttpServletRequest request)
          Creates a new application for the given request.
protected  String getNoScriptMessage()
          Returns a message printed for browsers without scripting support or if browsers scripting support is disabled.
protected  String getRequestPathInfo(HttpServletRequest request)
          Returns the path info; note that this _can_ be different than request.getPathInfo().
protected  AbstractApplicationServlet.RequestType getRequestType(HttpServletRequest request)
           
 int getResourceCacheTime()
          Returns the number of seconds the browser should cache a file.
 String getResourceLocation(String theme, ThemeResource resource)
          Gets relative location of a theme resource.
protected static String getResourcePath(ServletContext servletContext, String path)
          Gets resource path using different implementations.
protected  String getStaticFilesLocation(HttpServletRequest request)
          Return the URL from where static files, e.g.
protected  Application.SystemMessages getSystemMessages()
          Get system messages from the current application class
protected  String getSystemProperty(String parameterName)
          Gets an system property value.
protected  boolean handleURI(CommunicationManager applicationManager, Window window, HttpServletRequest request, HttpServletResponse response)
          Calls URI handlers for the request.
 void init(ServletConfig servletConfig)
          Called by the servlet container to indicate to a servlet that the servlet is being placed into service.
protected  boolean isAllowedVAADINResourceUrl(HttpServletRequest request, URL resourceUrl)
          Check whether a URL obtained from a classloader refers to a valid static resource in the directory VAADIN.
 boolean isProductionMode()
          Returns true if the servlet is running in production mode.
protected  boolean isStandalone()
           
static String safeEscapeForHtml(String unsafe)
          Escapes characters to html entities.
protected  void service(HttpServletRequest request, HttpServletResponse response)
          Receives standard HTTP requests from the public service method and dispatches them.
protected  void setAjaxPageHeaders(HttpServletResponse response)
          Method to set http request headers for the Vaadin kickstart page.
protected static String stripSpecialChars(String themeName)
          A helper method to strip away characters that might somehow be used for XSS attacs.
protected  void writeAjaxPage(HttpServletRequest request, HttpServletResponse response, Window window, Application application)
          This method writes the html host page (aka kickstart page) that starts the actual Vaadin application.
protected  void writeAjaxPageHtmlBodyStart(BufferedWriter page, HttpServletRequest request)
          Method to open the body tag of the html kickstart page.
protected  void writeAjaxPageHtmlHeader(BufferedWriter page, String title, String themeUri, HttpServletRequest request)
          Method to write the contents of head element in html kickstart page.
protected  void writeAjaxPageHtmlHeadStart(BufferedWriter page, HttpServletRequest request)
          Method to write the beginning of the html page.
protected  void writeAjaxPageHtmlMainDiv(BufferedWriter page, String appId, String classNames, String divStyle, HttpServletRequest request)
          Method to write the div element into which that actual Vaadin application is rendered.
protected  void writeAjaxPageHtmlVaadinScripts(Window window, String themeName, Application application, BufferedWriter page, String appUrl, String themeUri, String appId, HttpServletRequest request)
          Method to write the script part of the page which loads needed Vaadin scripts and themes.
protected  void writeStaticResourceResponse(HttpServletRequest request, HttpServletResponse response, URL resourceUrl)
          Writes the contents of the given resourceUrl in the response.
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service
 
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

VERSION

public static final String VERSION

The version number of this release. For example "6.2.0". Always in the format "major.minor.revision[.build]". The build part is optional. All of major, minor, revision must be integers.

VERSION_MAJOR

public static final int VERSION_MAJOR

Major version number. For example 6 in 6.2.0.

VERSION_MINOR

public static final int VERSION_MINOR

Minor version number. For example 2 in 6.2.0.

VERSION_REVISION

public static final int VERSION_REVISION

Version revision number. For example 0 in 6.2.0.

VERSION_BUILD

public static final String VERSION_BUILD

Build identifier. For example "nightly-20091123-c9963" in 6.2.0.nightly-20091123-c9963.

REQUEST_FRAGMENT

public static final String REQUEST_FRAGMENT

If the attribute is present in the request, a html fragment will be written instead of a whole page. It is set to "true" by the ApplicationPortlet (Portlet 1.0) and read by AbstractApplicationServlet.

REQUEST_VAADIN_STATIC_FILE_PATH

public static final String REQUEST_VAADIN_STATIC_FILE_PATH

This request attribute forces widgetsets to be loaded from under the specified base path; e.g shared widgetset for all portlets in a portal. It is set by the ApplicationPortlet (Portlet 1.0) based on Constants.PORTAL_PARAMETER_VAADIN_RESOURCE_PATH and read by AbstractApplicationServlet.

REQUEST_WIDGETSET

public static final String REQUEST_WIDGETSET

This request attribute forces widgetset used; e.g for portlets that can not have different widgetsets. It is set by the ApplicationPortlet (Portlet 1.0) based on ApplicationPortlet.PORTLET_PARAMETER_WIDGETSET and read by AbstractApplicationServlet.

REQUEST_SHARED_WIDGETSET

public static final String REQUEST_SHARED_WIDGETSET

This request attribute indicates the shared widgetset (e.g. portal-wide default widgetset). It is set by the ApplicationPortlet (Portlet 1.0) based on Constants.PORTAL_PARAMETER_VAADIN_WIDGETSET and read by AbstractApplicationServlet.

REQUEST_DEFAULT_THEME

public static final String REQUEST_DEFAULT_THEME

If set, do not load the default theme but assume that loading it is handled e.g. by ApplicationPortlet. It is set by the ApplicationPortlet (Portlet 1.0) based on Constants.PORTAL_PARAMETER_VAADIN_THEME and read by AbstractApplicationServlet.

REQUEST_APPSTYLE

public static final String REQUEST_APPSTYLE

This request attribute is used to add styles to the main element. E.g "height:500px" generates a style="height:500px" to the main element, useful from some embedding situations (e.g portlet include.) It is typically set by the ApplicationPortlet (Portlet 1.0) based on ApplicationPortlet.PORTLET_PARAMETER_STYLE and read by AbstractApplicationServlet.

Constructor Detail

AbstractApplicationServlet

public AbstractApplicationServlet()
Method Detail

init

public void init(ServletConfig servletConfig)
          throws ServletException

Called by the servlet container to indicate to a servlet that the servlet is being placed into service.

Specified by:
init in interface Servlet
Overrides:
init in class GenericServlet

Parameters:
servletConfig - the object containing the servlet's configuration and initialization parameters
Throws:
ServletException - if an exception has occurred that interferes with the servlet's normal operation.

getApplicationProperty

protected String getApplicationProperty(String parameterName)

Gets an application property value.

Parameters:
parameterName - the Name or the parameter.
Returns:
String value or null if not found

getSystemProperty

protected String getSystemProperty(String parameterName)

Gets an system property value.

Parameters:
parameterName - the Name or the parameter.
Returns:
String value or null if not found

isProductionMode

public boolean isProductionMode()

Returns true if the servlet is running in production mode. Production mode disables all debug facilities.

Returns:
true if in production mode, false if in debug mode

getResourceCacheTime

public int getResourceCacheTime()

Returns the number of seconds the browser should cache a file. Default is 1 hour (3600 s).

Returns:
The number of seconds files are cached in the browser

service

protected void service(HttpServletRequest request,
                       HttpServletResponse response)
                throws ServletException,
                       IOException

Receives standard HTTP requests from the public service method and dispatches them.

Overrides:
service in class HttpServlet

Parameters:
request - the object that contains the request the client made of the servlet.
response - the object that contains the response the servlet returns to the client.
Throws:
ServletException - if an input or output error occurs while the servlet is handling the TRACE request.
IOException - if the request for the TRACE cannot be handled.

getClassLoader

protected ClassLoader getClassLoader()
                              throws ServletException

Throws:
ServletException

criticalNotification

protected void criticalNotification(HttpServletRequest request,
                                    HttpServletResponse response,
                                    String caption,
                                    String message,
                                    String details,
                                    String url)
                             throws IOException

Send a notification to client's application. Used to notify client of critical errors, session expiration and more. Server has no knowledge of what application client refers to.

Parameters:
request - the HTTP request instance.
response - the HTTP response to write to.
caption - the notification caption
message - to notification body
details - a detail message to show in addition to the message. Currently shown directly below the message but could be hidden behind a details drop down in the future. Mainly used to give additional information not necessarily useful to the end user.
url - url to load when the message is dismissed. Null will reload the current page.
Throws:
IOException - if the writing failed due to input/output error.

getResourcePath

protected static String getResourcePath(ServletContext servletContext,
                                        String path)

Gets resource path using different implementations. Required to supporting different servlet container implementations (application servers).

Parameters:
servletContext -
path - the resource path.
Returns:
the resource path.

stripSpecialChars

protected static String stripSpecialChars(String themeName)

A helper method to strip away characters that might somehow be used for XSS attacs. Leaves at least alphanumeric characters intact. Also removes eg. ( and ), so values should be safe in javascript too.

Parameters:
themeName -
Returns:

getDefaultTheme

public static String getDefaultTheme()

Returns the default theme. Must never return null.

Returns:

handleURI

protected boolean handleURI(CommunicationManager applicationManager,
                            Window window,
                            HttpServletRequest request,
                            HttpServletResponse response)
                     throws IOException

Calls URI handlers for the request. If an URI handler returns a DownloadStream the stream is passed to the client for downloading.

Parameters:
applicationManager -
window -
request -
response -
Returns:
true if an DownloadStream was sent to the client, false otherwise
Throws:
IOException

getNewApplication

protected abstract Application getNewApplication(HttpServletRequest request)
                                          throws ServletException

Creates a new application for the given request.

Parameters:
request - the HTTP request.
Returns:
A new Application instance.
Throws:
ServletException

writeStaticResourceResponse

protected void writeStaticResourceResponse(HttpServletRequest request,
                                           HttpServletResponse response,
                                           URL resourceUrl)
                                    throws IOException

Writes the contents of the given resourceUrl in the response. Can be overridden to add/modify response headers and similar.

Parameters:
request - The request for the resource
response - The response
resourceUrl - The url to send
Throws:
IOException

isAllowedVAADINResourceUrl

protected boolean isAllowedVAADINResourceUrl(HttpServletRequest request,
                                             URL resourceUrl)

Check whether a URL obtained from a classloader refers to a valid static resource in the directory VAADIN. Warning: Overriding of this method is not recommended, but is possible to support non-default classloaders or servers that may produce URLs different from the normal ones. The method prototype may change in the future. Care should be taken not to expose class files or other resources outside the VAADIN directory if the method is overridden.

Parameters:
request -
resourceUrl -
Returns:
Since:
6.6.7

getRequestType

protected AbstractApplicationServlet.RequestType getRequestType(HttpServletRequest request)

getSystemMessages

protected Application.SystemMessages getSystemMessages()

Get system messages from the current application class

Returns:

getApplicationClass

protected abstract Class<? extends Application> getApplicationClass()
                                                             throws ClassNotFoundException

Throws:
ClassNotFoundException

getStaticFilesLocation

protected String getStaticFilesLocation(HttpServletRequest request)

Return the URL from where static files, e.g. the widgetset and the theme, are served. In a standard configuration the VAADIN folder inside the returned folder is what is used for widgetsets and themes. The returned folder is usually the same as the context path and independent of the application.

Parameters:
request -
Returns:
The location of static resources (should contain the VAADIN directory). Never ends with a slash (/).

writeAjaxPage

protected void writeAjaxPage(HttpServletRequest request,
                             HttpServletResponse response,
                             Window window,
                             Application application)
                      throws IOException,
                             MalformedURLException,
                             ServletException

This method writes the html host page (aka kickstart page) that starts the actual Vaadin application.

If one needs to override parts of the host page, it is suggested that one overrides on of several submethods which are called by this method:

Parameters:
request - the HTTP request.
response - the HTTP response to write to.
out -
unhandledParameters -
window -
terminalType -
theme -
Throws:
IOException - if the writing failed due to input/output error.
MalformedURLException - if the application is denied access the persistent data store represented by the given URL.
ServletException

getApplicationCSSClassName

protected String getApplicationCSSClassName()

Returns the application class identifier for use in the application CSS class name in the root DIV. The application CSS class name is of form "v-app-"+getApplicationCSSClassName(). This method should normally not be overridden.

Returns:
The CSS class name to use in combination with "v-app-".

writeAjaxPageHtmlMainDiv

protected void writeAjaxPageHtmlMainDiv(BufferedWriter page,
                                        String appId,
                                        String classNames,
                                        String divStyle,
                                        HttpServletRequest request)
                                 throws IOException

Method to write the div element into which that actual Vaadin application is rendered.

Override this method if you want to add some custom html around around the div element into which the actual Vaadin application will be rendered.

Parameters:
page -
appId -
classNames -
divStyle -
request -
Throws:
IOException

writeAjaxPageHtmlVaadinScripts

protected void writeAjaxPageHtmlVaadinScripts(Window window,
                                              String themeName,
                                              Application application,
                                              BufferedWriter page,
                                              String appUrl,
                                              String themeUri,
                                              String appId,
                                              HttpServletRequest request)
                                       throws ServletException,
                                              IOException

Method to write the script part of the page which loads needed Vaadin scripts and themes.

Override this method if you want to add some custom html around scripts.

Parameters:
window -
themeName -
application -
page -
appUrl -
themeUri -
appId -
request -
Throws:
ServletException
IOException

createPreventCachingQueryString

protected String createPreventCachingQueryString()

To ensure the GWT kickstart scritp is downloaded each time (even if server caching is not set up right), we add a unique query parameter to the end of the script file.

Returns:

isStandalone

protected boolean isStandalone()

Returns:
true if the served application is considered to be the only or main content of the host page. E.g. various embedding solutions should override this to false.

writeAjaxPageHtmlBodyStart

protected void writeAjaxPageHtmlBodyStart(BufferedWriter page,
                                          HttpServletRequest request)
                                   throws IOException

Method to open the body tag of the html kickstart page.

This method is responsible for closing the head tag and opening the body tag.

Override this method if you want to add some custom html to the page.

Parameters:
page -
request -
Throws:
IOException

writeAjaxPageHtmlHeader

protected void writeAjaxPageHtmlHeader(BufferedWriter page,
                                       String title,
                                       String themeUri,
                                       HttpServletRequest request)
                                throws IOException

Method to write the contents of head element in html kickstart page.

Override this method if you want to add some custom html to the header of the page.

Parameters:
page -
title -
themeUri -
request -
Throws:
IOException

writeAjaxPageHtmlHeadStart

protected void writeAjaxPageHtmlHeadStart(BufferedWriter page,
                                          HttpServletRequest request)
                                   throws IOException

Method to write the beginning of the html page.

This method is responsible for writing appropriate doc type declarations and to open html and head tags.

Override this method if you want to add some custom html to the very beginning of the page.

Parameters:
page -
request -
Throws:
IOException

setAjaxPageHeaders

protected void setAjaxPageHeaders(HttpServletResponse response)

Method to set http request headers for the Vaadin kickstart page.

Override this method if you need to customize http headers of the page.

Parameters:
response -

getNoScriptMessage

protected String getNoScriptMessage()

Returns a message printed for browsers without scripting support or if browsers scripting support is disabled.

getApplicationUrl

protected URL getApplicationUrl(HttpServletRequest request)
                         throws MalformedURLException

Gets the current application URL from request.

Parameters:
request - the HTTP request.
Throws:
MalformedURLException - if the application is denied access to the persistent data store represented by the given URL.

getExistingApplication

protected Application getExistingApplication(HttpServletRequest request,
                                             boolean allowSessionCreation)
                                      throws MalformedURLException,
                                             SessionExpiredException

Gets the existing application for given request. Looks for application instance for given request based on the requested URL.

Parameters:
request - the HTTP request.
allowSessionCreation - true if a session should be created if no session exists, false if no session should be created
Returns:
Application instance, or null if the URL does not map to valid application.
Throws:
MalformedURLException - if the application is denied access to the persistent data store represented by the given URL.
IllegalAccessException
InstantiationException
SessionExpiredException

getApplicationWindow

protected Window getApplicationWindow(HttpServletRequest request,
                                      CommunicationManager applicationManager,
                                      Application application)
                               throws ServletException

Gets the existing application or create a new one. Get a window within an application based on the requested URI.

Parameters:
request - the HTTP Request.
application - the Application to query for window.
Returns:
Window matching the given URI or null if not found.
Throws:
ServletException - if an exception has occurred that interferes with the servlet's normal operation.

getRequestPathInfo

protected String getRequestPathInfo(HttpServletRequest request)

Returns the path info; note that this _can_ be different than request.getPathInfo(). Examples where this might be useful:

  • An application runner servlet that runs different Vaadin applications based on an identifier.
  • Providing a REST interface in the context root, while serving a Vaadin UI on a sub-URI using only one servlet (e.g. REST on http://example.com/foo, UI on http://example.com/foo/vaadin)
  • Parameters:
    request -
    Returns:

getResourceLocation

public String getResourceLocation(String theme,
                                  ThemeResource resource)

Gets relative location of a theme resource.

Parameters:
theme - the Theme name.
resource - the Theme resource.
Returns:
External URI specifying the resource

getApplicationContext

protected WebApplicationContext getApplicationContext(HttpSession session)

Gets the application context from an HttpSession. If no context is currently stored in a session a new context is created and stored in the session.

Parameters:
session - the HTTP session.
Returns:
the application context for HttpSession.

createCommunicationManager

@Deprecated
public CommunicationManager createCommunicationManager(Application application)

Deprecated. Instead of overriding this method, override WebApplicationContext implementation via getApplicationContext(HttpSession) method and in that customized implementation return your CommunicationManager in WebApplicationContext.getApplicationManager(Application, AbstractApplicationServlet) method.

Override this method if you need to use a specialized communicaiton mananger implementation.

Parameters:
application -
Returns:

safeEscapeForHtml

public static final String safeEscapeForHtml(String unsafe)

Escapes characters to html entities. An exception is made for some "safe characters" to keep the text somewhat readable.

Parameters:
unsafe -
Returns:
a safe string to be added inside an html tag