Sunday, April 30, 2023

Re: HTTP Method Override

I think Thomas is on the right track - the tester ran the query with the method override headers indicating "PUT" instead of "POST", and saw that the response came back "200 OK", and assumed that the attack had worked. Instead what happened is that gwt-rpc couldn't understand the request, and sent back an error - see the "//EX" prefix on the last line of the reply - but since it always leaves a 200 status code and, the tester believed that the request was handled properly. 

It might be important to communicate with them about what gwt-rpc is and does, and clarify what the attack that they believe succeeded should have done (and confirm with your own application that it did not), and likewise confirm their expectations for an HTTP call like this (did they expect that for any unknown header that the call would simply fail, etc). 




On Wednesday, April 26, 2023 at 5:32:09 AM UTC-5 Thomas Broyer wrote:
Those headers don't come from GWT itself, they've been added by the application or some library/framework it uses on top of GWT. It looks like that app is using something like gwt-dispatch, gwt-sl or spring4gwt or something like that, but maybe homemade.
What I'd do to tell if they're actually used/useful (in this specific case!):
  1. open the WAR and look at the WEB-INF/web.xml (or possibly some other configuration files if it uses, e.g., Spring or whatever) to try to find the servlet class mapped to the /dispatch/GetCompaniesAction path (could be as easy as a class named GetCompaniesAction)
  2. Decompile that class (using javap or an IDE) and look for a doPut(ServletRequest,ServletResponse) method. Possibly go up the class hierarchy until you find the RemoteServiceServlet.
Depending on the application, that may not lead to anything, but if there's a doPut, changes are it will be used.

Also look at the WEB-INF/web.xml for servlet filters, and at other configuration files (Spring mainly, if used) to see if there'd be some filter dedicated to handling those kind of headers.

Anyway, as said: this doesn't come from GWT itself.

(actually, I'd be more concerned about a Firefox 98 being used 😅)

Now I don't know Fortify WebInspect so maybe I'm also misinterpreting what's reported here: if this is a request made by Fortify WebInspect (rather than one made "on the wild" and intercepted by the solution) then I don't see why it'd be reported as a vulnerability, it could be that the server completely ignores the headers, right?

On Wednesday, April 26, 2023 at 11:37:00 AM UTC+2 cyclop...@gmail.com wrote:
We have a web app (GWT 2.7 ) from a vendor and we don't have any source codes.
Now we faced a vulnerability about HTTP Method Override for http header below
X-HTTP-METHOD
X-HTTP-Method-Override
X-METHOD-OVERRIDE

Fortify WebInspect report

Attack Request:
POST /CustomPortal/dispatch/GetCompaniesAction HTTP/1.1
Host: 10.4.202.26:8861
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/x-gwt-rpc; charset=utf-8
X-GWT-Permutation: 3EE8E625356CC9E9E724C10285609299
X-GWT-Module-Base: https://10.4.202.26:8861/CustomPortal/custom/
Referer: https://10.4.202.26:8861/CustomPortal/
Content-Length: 311
Origin: https://10.4.202.26:8861
Pragma: no-cache
X-HTTP-METHOD: PUT
X-HTTP-Method-Override: PUT
X-METHOD-OVERRIDE: PUT

Connection: Keep-Alive
X-WIPP: AscVersion=22.2.0....TRUNCATED...

Attack Response:
HTTP/1.1 200 OK
Set-Cookie: JSESSIONIDSSO=; path=/; HttpOnly; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self'; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; scriptsrc
'self' 'unsafe-inline' 'unsafe-eval';connect-src 'self' https: localhost;
Content-Disposition: attachment
Date: Fri, 21 Apr 2023 06:10:56 GMT
Connection: keep-alive
X-Content-Type-Options: nosniff
Content-Length: 177
Content-Type: application/json;charset=utf-8

//EX[3,0,2,1,0,1,["com...TRUNCATED...

Is there any way to disable these headers ?
Or is there any description to let me tell user this is NOT vulnerability ?

AP server is JBoss EAP 7.3.8 GA

Many thx!


--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/87c805d5-53c3-498b-bc27-ac6ea3728861n%40googlegroups.com.

Re: GWT 2.10.0 and TLD/JAR Scanner Error

I think a little more detail could help us to identify the problem, but to start with, gwt-dev should never be on your server classpath - and neither should its dependencies. If you have gwt-dev.jar or GWT's preferred apache-jsp.jar on your server classpath, you should remove that (either build your client separately from your server code, or exclude those dependencies from being provided at runtime by maven). Given that you are using WebLogic rather than Tomcat already, I'm guessing that this is the source of your problem.
On Friday, April 28, 2023 at 3:45:27 PM UTC-5 Aynesh Patel wrote:
Hello,

I have a GWT 2.10.0 project compiled in Java 11, built with Maven 3.8.4 through the GWT-maven-plugin, and deployed to a WebLogic 14c server. Recently I have seen errors related to the Tomcat JAR scanner and the embedded server utilized in development mode. The application was working but after the upgrade to version 2.10.0, errors fill the server out log in WebLogic that the Tomcat StandardJarScanner failed to scan JAR files from the classloader hierarchy along with a silent failure of the application itself. After ensuring GWT was starting in Production Mode, I added the following elements to the configuration section of the plugin to ensure the server would not start up:

<noServer>true</noServer>
<compilerArgs>
    <arg>-noincremental</arg>
</compilerArgs>

After recompiling with these changes the application was able to function normally once again but the errors regarding the JAR scanner being unable to scan from the classloader hierarchy remained. The JARs it attempted to scan were ones that are not part of the application nor in any of the dependency trees of the dependencies of the gwt-maven-plugin.

I want to disable that JAR scanning and the errors it produces when the application is started. I attempted to do so by adding a context.xml to the webapp/META-INF to the scanning with configuration to limit the scanner but it did not seem to have an effect. Here are logs for the errors happening in the out file for the WL server the application is deployed to:

Failed to scan <JarFile> from classloader hierarchy
Java.io.IOException: java.lang.reflect.InvocationTargetException
at org.apache.tomcat.util.compat.Jre9Compat.jarFileNewInstance(Jre9Compat.java:209)
at org.apache.tomcat.util.scan.JarFileUrlJar.<init>(JarFileUrlJar.java:65)
at org.apache.tomcat.util.scan.JarFactory.newInstance(JarFactory.java:49)
at org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:387)
at org.apache.tomcat.util.scan.StandardJarScanner.processURLs(StandardJarScanner.java:322)
at org.apache.tomcat.util.scan.StandardJarScanner.doScanClassPath(StandardJarScanner.java:284)
at org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:235)
at org.apache.jasper.servlet.TldScanner.scanJars(TldScanner.java:262)
at org.apache.jasper.servlet.TldScanner.scan(TldScanner.java:104)
at org.apache.jasper.servlet.JasperInitializer.onStartup(JasperInitializer.java:101)
at weblogic.servlet.internal.WebAppServletContext.initContainerInitializers(WebAppServletContext.java:1428)
...


Additionally, in the server log file there is this outputted on startup:
<warning: No org.apache.tomcat.JarScanner set in ServletContext. Falling back to default JarScanner implementation.>

This link (https://stackoverflow.com/questions/66689374/spring-boot-with-jetty-disable-o-a-tomcat-util-scan-standardjarscanner) mentioned that the org.apache.tomcat.util.scan.StandardJarScanner can originate from apache-jsp JARs which gwt-dev 2.10.0 has a dependency. I confirmed this in my IDE and maven repository but I have been unable to prevent the scanning of the classpath hierarchy for TLDs. Is there a way to disable this scanning of TLDs and JAR files from the classloader hierarchy?

Help is very much appreciated!

Thank you,
Aynesh Patel

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/4311a9f0-a0df-465c-b836-ab02988207c8n%40googlegroups.com.

Friday, April 28, 2023

GWT 2.10.0 and TLD/JAR Scanner Error

Hello,

I have a GWT 2.10.0 project compiled in Java 11, built with Maven 3.8.4 through the GWT-maven-plugin, and deployed to a WebLogic 14c server. Recently I have seen errors related to the Tomcat JAR scanner and the embedded server utilized in development mode. The application was working but after the upgrade to version 2.10.0, errors fill the server out log in WebLogic that the Tomcat StandardJarScanner failed to scan JAR files from the classloader hierarchy along with a silent failure of the application itself. After ensuring GWT was starting in Production Mode, I added the following elements to the configuration section of the plugin to ensure the server would not start up:

<noServer>true</noServer>
<compilerArgs>
    <arg>-noincremental</arg>
</compilerArgs>

After recompiling with these changes the application was able to function normally once again but the errors regarding the JAR scanner being unable to scan from the classloader hierarchy remained. The JARs it attempted to scan were ones that are not part of the application nor in any of the dependency trees of the dependencies of the gwt-maven-plugin.

I want to disable that JAR scanning and the errors it produces when the application is started. I attempted to do so by adding a context.xml to the webapp/META-INF to the scanning with configuration to limit the scanner but it did not seem to have an effect. Here are logs for the errors happening in the out file for the WL server the application is deployed to:

Failed to scan <JarFile> from classloader hierarchy
Java.io.IOException: java.lang.reflect.InvocationTargetException
at org.apache.tomcat.util.compat.Jre9Compat.jarFileNewInstance(Jre9Compat.java:209)
at org.apache.tomcat.util.scan.JarFileUrlJar.<init>(JarFileUrlJar.java:65)
at org.apache.tomcat.util.scan.JarFactory.newInstance(JarFactory.java:49)
at org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:387)
at org.apache.tomcat.util.scan.StandardJarScanner.processURLs(StandardJarScanner.java:322)
at org.apache.tomcat.util.scan.StandardJarScanner.doScanClassPath(StandardJarScanner.java:284)
at org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:235)
at org.apache.jasper.servlet.TldScanner.scanJars(TldScanner.java:262)
at org.apache.jasper.servlet.TldScanner.scan(TldScanner.java:104)
at org.apache.jasper.servlet.JasperInitializer.onStartup(JasperInitializer.java:101)
at weblogic.servlet.internal.WebAppServletContext.initContainerInitializers(WebAppServletContext.java:1428)
...


Additionally, in the server log file there is this outputted on startup:
<warning: No org.apache.tomcat.JarScanner set in ServletContext. Falling back to default JarScanner implementation.>

This link (https://stackoverflow.com/questions/66689374/spring-boot-with-jetty-disable-o-a-tomcat-util-scan-standardjarscanner) mentioned that the org.apache.tomcat.util.scan.StandardJarScanner can originate from apache-jsp JARs which gwt-dev 2.10.0 has a dependency. I confirmed this in my IDE and maven repository but I have been unable to prevent the scanning of the classpath hierarchy for TLDs. Is there a way to disable this scanning of TLDs and JAR files from the classloader hierarchy?

Help is very much appreciated!

Thank you,
Aynesh Patel

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/424aa622-82e3-4231-b6e5-368cf9629584n%40googlegroups.com.

Thursday, April 20, 2023

Re: Building artifact without clutter

Hi, thanks a lot.

I create PR with update of the main README to redirect readers to a proper guide: https://github.com/gwtproject/gwt/pull/9828

On Tuesday, April 18, 2023 at 6:14:32 PM UTC+2 Colin Alworth wrote:

The maven artifacts require one more step to deploy, either to your maven local cache, or to an artifact server you can deploy to. Use the maven/push-gwtproject.sh script (see https://github.com/gwtproject/gwt/blob/main/maven/push-gwtproject.sh) and provide it a version, and optionally a gpg passphrase, maven repository id/url.

See also the nightly snapshot build code, which deploys in this way, by setting those values as env vars (except gpg passphrase) https://github.com/gwtproject/gwt/blob/9f175af25edc9713147d3994c59b4760c9a5346b/.github/workflows/full-check.yml#L95-L108


On Tuesday, April 18, 2023 at 11:09:47 AM UTC-5 mirosl...@ataccama.com wrote:
Hello,

I cloned gwt repo, I followed the steps and I created my own local artifact by using "ant clean dist" or "and clean dist-dev".

Everything works, BUT I would like to build artifact that is similar to official released artifacts like this.

Local artifacts have a lot of clutter that I don't need ant it actually causes problems and I was not able to find some parameters or some guideline how to achieve the result. On the screenshot you can see local artifact (left) and the one from official release.

How can I build the artifact without the clutter please?

gwtDifference.png

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/11c023e7-d3f5-46f8-8be2-fe0307205ba1n%40googlegroups.com.

Tuesday, April 18, 2023

Re: Building artifact without clutter

(Might be a better post for https://groups.google.com/g/google-web-toolkit-contributors)

The maven artifacts require one more step to deploy, either to your maven local cache, or to an artifact server you can deploy to. Use the maven/push-gwtproject.sh script (see https://github.com/gwtproject/gwt/blob/main/maven/push-gwtproject.sh) and provide it a version, and optionally a gpg passphrase, maven repository id/url.

See also the nightly snapshot build code, which deploys in this way, by setting those values as env vars (except gpg passphrase) https://github.com/gwtproject/gwt/blob/9f175af25edc9713147d3994c59b4760c9a5346b/.github/workflows/full-check.yml#L95-L108


On Tuesday, April 18, 2023 at 11:09:47 AM UTC-5 mirosl...@ataccama.com wrote:
Hello,

I cloned gwt repo, I followed the steps and I created my own local artifact by using "ant clean dist" or "and clean dist-dev".

Everything works, BUT I would like to build artifact that is similar to official released artifacts like this.

Local artifacts have a lot of clutter that I don't need ant it actually causes problems and I was not able to find some parameters or some guideline how to achieve the result. On the screenshot you can see local artifact (left) and the one from official release.

How can I build the artifact without the clutter please?

gwtDifference.png

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/9c86f1bd-9c4f-46f2-ad42-0e926c028b00n%40googlegroups.com.

Building artifact without clutter

Hello,

I cloned gwt repo, I followed the steps and I created my own local artifact by using "ant clean dist" or "and clean dist-dev".

Everything works, BUT I would like to build artifact that is similar to official released artifacts like this.

Local artifacts have a lot of clutter that I don't need ant it actually causes problems and I was not able to find some parameters or some guideline how to achieve the result. On the screenshot you can see local artifact (left) and the one from official release.

How can I build the artifact without the clutter please?

gwtDifference.png

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/c2c156f6-02b1-4a20-b3f6-a28ea45a6bd6n%40googlegroups.com.

Wednesday, April 12, 2023

Re: Jakarta EE 9 support in GWT

Thanks very much Colin. I will post on that Git discussion.

On Thursday, April 6, 2023 at 10:19:03 PM UTC+10 Colin Alworth wrote:
The work on this topic is being discussed on that ticket and related pull requests. In short, if there is community support to implement and test this, it will be present in a future release.

Please try the test builds already discussed there, and consider joining the discussion to help contribute to the work.

On Monday, April 3, 2023 at 2:44:48 AM UTC-5 mickn...@gmail.com wrote:
Hi,

I'm working on a large Java library that utilizes both Spring and GWT. We want to move to Spring 6 as soon as possible but currently cannot do this because GWT 2.10 uses javax instead of jakarta.

Some work towards supporting jakarta has been discussed here - https://github.com/gwtproject/gwt/issues/9727.

Are there any intentions to support Jakarta in an upcoming GWT release?

Thanks,
Mike.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/f42f9342-4936-4f4a-b68f-f1ade677fe85n%40googlegroups.com.

Tuesday, April 11, 2023

Re: Privacy Violation with SSN

I haven't seen this come up before in a scan like this, thanks for sharing!

This is due to the compiler, but rather than obfuscation, this is due to the compiler solving for a constant value rather than doing the math at runtime. This same constant appears in the GWT showcase as well, at https://samples.gwtproject.org/samples/Showcase/Showcase.html in the https://samples.gwtproject.org/samples/Showcase/showcase/deferredjs/5F20F7F6874DB82B437E6EA4319E4E9B/47.cache.js file.

function Hmc(a,b,c,d,e,f){Gmc();this.a=e;Th(a,Dwc(b,c,d,e,f));a.db==-1?(Sbc(),Idc(a.hb,133333119|(a.hb.__eventBits||0))):(a.db|=133333119)}

This is slightly different from yours, and not just in the obfuscation - I suspect that you have emulated stack traces enabled, which should allow you to check the value of the NWl and RWk constants to confirm - they should be the "stack trace element" information, like class+method name, line number etc.

In this case, that particular line comes from Image.java's constructor. That calls the constructor of the inner class UnclippedState, which has these lines:
    UnclippedState(Image image) {
      image.replaceElement(Document.get().createImageElement());
      // We are working around an IE race condition that can make the image
      // incorrectly cache itself if the load event is assigned at the same time
      // as the image is added to the dom.
      Event.sinkEvents(image.getElement(), Event.ONLOAD);


      // Todo(ecc) this could be more efficient overall.
      image.sinkEvents(Event.ONCLICK | Event.ONDBLCLICK | Event.MOUSEEVENTS | Event.ONLOAD
          | Event.ONERROR | Event.ONMOUSEWHEEL | Event.TOUCHEVENTS | Event.GESTUREEVENTS);
    }

That chained | expression results in the number you're seeing. Then, that value is passed to Widget.sinkEvents(), which looks like this:
  @Override
  public void sinkEvents(int eventBitsToAdd) {
    if (isOrWasAttached()) {
      super.sinkEvents(eventBitsToAdd);
    } else {
      eventsToSink |= eventBitsToAdd;
    }
  }


The isOrWasAttached() call is a comparison of a field to -1, and a ternary is used instead of an if/else for this:
a.db==-1 ?
    (Sbc(),Idc(a.hb,133333119|(a.hb.__eventBits||0))):
    (a.db|=133333119)

Now it becomes clear that "this.eventsToSink" is "a.db", and "eventBitsToAdd" is the constant int 133333119.

Links to github source to confirm:
https://github.com/gwtproject/gwt/blob/1671fc2730e23b371962f482830c090b901ea54e/user/src/com/google/gwt/user/client/ui/Image.java#L371-L381
https://github.com/gwtproject/gwt/blob/1671fc2730e23b371962f482830c090b901ea54e/user/src/com/google/gwt/user/client/ui/Widget.java#L238-L245

So - this is not a SSN, but just happens to have the same number of digits.
On Tuesday, April 11, 2023 at 1:35:58 PM UTC-5 cyclop...@gmail.com wrote:
We hava a GWT project, and user use WebInspect to scan, then they found a critial issue as below in the file 30.cache.js
Snap10.jpg
ssn.png

What's the "133333119" ?
Is that bacause GWT obfuscate ?
Sorry we don't have the source codes of this GWT project (We just have WAR file only)

Many thx.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/562db861-68c1-43d8-81fa-65ac79d00681n%40googlegroups.com.

Re: page navigation

It is difficult to be sure what you are asking, but to navigate automatically to a new URL, you might just want Window.Location..assign(newUrl) or Window.Location.replace(newUrl), depending on exactly what behavior you want to have in your user's browser history. Alternatively if you are using activities/places or history tokens, you should use that specific api to send the user to the correct view.

On Tuesday, April 11, 2023 at 1:35:58 PM UTC-5 KEERTHIKA C wrote:
after creating the login page on the succesfull login the page has to locate to the another page in gwt give me some sample

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/e133af6b-0013-4c56-97f7-1232862b3914n%40googlegroups.com.

page navigation

after creating the login page on the succesfull login the page has to locate to the another page in gwt give me some sample

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/65713ea3-a655-4c39-8e81-050878e12084n%40googlegroups.com.

Monday, April 10, 2023

Privacy Violation with SSN

We hava a GWT project, and user use WebInspect to scan, then they found a critial issue as below in the file 30.cache.js
Snap10.jpg
ssn.png

What's the "133333119" ?
Is that bacause GWT obfuscate ?
Sorry we don't have the source codes of this GWT project (We just have WAR file only)

Many thx.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/a448956e-9ef7-4060-817f-28657284323fn%40googlegroups.com.

Thursday, April 6, 2023

Re: Jakarta EE 9 support in GWT

The work on this topic is being discussed on that ticket and related pull requests. In short, if there is community support to implement and test this, it will be present in a future release.

Please try the test builds already discussed there, and consider joining the discussion to help contribute to the work.

On Monday, April 3, 2023 at 2:44:48 AM UTC-5 mickn...@gmail.com wrote:
Hi,

I'm working on a large Java library that utilizes both Spring and GWT. We want to move to Spring 6 as soon as possible but currently cannot do this because GWT 2.10 uses javax instead of jakarta.

Some work towards supporting jakarta has been discussed here - https://github.com/gwtproject/gwt/issues/9727.

Are there any intentions to support Jakarta in an upcoming GWT release?

Thanks,
Mike.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/11047a56-f8ef-40ee-8896-633facf10153n%40googlegroups.com.

Re: Question about setting GWT RPC timeout

What you're looking for is a way to re-try requests in the case where the server is unreachable, which is not something that HTTP or the browser gives you automatically. If you had a proxy, but the server itself was down, the proxy would likely return a 503 service unavailable status, which the client could use to retry until the service was available (which might only happen for a certain number of seconds or a certain number of tries). It might also be possible for a proxy to wait and retry the upstream server until it was available, but I can't think of a proxy right now with that feature.

HTTP itself doesn't have a timeout feature at all either. The timeout that you're setting on the client side is a simple GWT Timer, if the request hasn't finished (either in success or failure), it cancels the upstream request and presents the failure you're seeing to the client.

Be a little careful when implementing a retry mechanism, as it is possible that the call made it to the server, and the server performed the action, but the client lost internet connection while the response was on its way to the client - that is, retrying a non-idempotent or expensive action may cause problems you weren't expecting. A status code of 0 is usually the client's way of saying "I wasn't able to get any reply from the server for some reason" - taking that information and trying to do something simple and idempotent until a server connection can be reestablished lets you know that the server and network are both working again, followed by some "did my last action succeed" before trying again (or just let the user dismiss the message and try again) will help mitigate this class of issues. A proxy sending back a 503 is a safer way to be sure that the network connection is good, but only the server is down, so you can retry - but be aware that technically there might be a network issue between the proxy and server, though this is much less likely.

Good luck,
Colin

On Thursday, April 6, 2023 at 7:05:53 AM UTC-5 Dmitri wrote:
Dear Colin

Thank you so much for your advice. I'll take a closer look at those areas.

Just a little clarification: The server is not running at all. Both exceptions are generated from the client only with different timeout settings when it cannot reach the server.
When the server is running - no problems in both cases. The purpose of the code is to make the client wait longer when the server is unreachable due to temporary communication problems.

PS there are some typos in the codes I provide which I made when clean-up for posting., Please ignore them.
Thank you again

Best regards
Dmitri


On Thu, Apr 6, 2023 at 9:49 PM Colin Alworth <nilo...@gmail.com> wrote:
I believe you're experiencing different timeouts in different cases. That is, the problem you're facing of a short timeout before you use your RPC_TIMEOUT_MS is a server-side timeout (or potentially a proxy?), but after you set a client-side timeout, the client is observing that the server is taking too long, and terminating the call from its side, resulting in the RequestTimeoutException.

To confirm this, try setting the client-side timeout to something like one minute, 60_000, and see that the error returns to the old message you were seeing. A timeout set like this does not guarantee that the server stops processing the request, only that the client stops waiting for it, and it may not be appropriate for your use case at all.

With the client-side timeout set to a reasonable amount or entirely removed, take a closer look at the error message you're getting from the server, and any server or proxy logs you're getting. If there is a proxy, see if you can connect directly to the server to rule out the proxy setting this short timeout. Very likely this is a configuration on the server/proxy that can be change to suit your requirements.

On Thursday, April 6, 2023 at 2:26:31 AM UTC-5 Dmitri wrote:
Dear gurus,

I'm learning Java and GWT and I'm facing a problem with setting timeout for PRC calls. I want to extend the RPC timeout before the client reports a failure. The code I'm using is attached below.

I'm running a client in firefox and experience the following problem:

I want to achieve a timeout of 20-30 seconds. However I can set the timeout (RPC_TIMEOUT_MS) only up to 3200mS. In case the server does not respond I receive the exception "com.google.gwt.http.client.RequestTimeoutException: A request timeout has expired after 3200 ms" accurately after defined time.

However in case set timeout exceeds the 3300ms of above the exception is different "com.google.gwt.user.client.rpc.StatusCodeException: 0" and is thrown always after 3-4 seconds.

What causes this exception and how can I extend the waiting time?

Thank you,
Best regards
Dmitri

The code:
public class MyClass implements EntryPoint {

  private static final int RPC_TIMEOUT_MS = 3300;

  private static class TimeoutRequestBuilder extends RpcRequestBuilder {
    @Override
    protected RequestBuilder doCreate(String serviceEntryPoint) {
  RequestBuilder builder = super.doCreate(serviceEntryPoint);
      builder.setTimeoutMillis(RPC_TIMEOUT_MS);
      return builder;
    }
  }

  private static final RpcRequestBuilder requestBuilder = new TimeoutRequestBuilder();
  private final HubServiceAsync myService = GWT.create(HubService.class);

  @Override
  public void onModuleLoad() {
    ((ServiceDefTarget) hmyService).setRpcRequestBuilder(requestBuilder);

    final MainView mainView = new MainView(hubService);

    RootPanel rootPanel = RootPanel.get();
    rootPanel.add(mainView);

    Window.addResizeHandler(new ResizeHandler() {
      @Override
      public void onResize(ResizeEvent event) {
        mainView.resize();
      }
    });
  }
}


--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/76443417-083f-4401-94f5-cd9fd392f80fn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/f58806df-5f66-4309-a925-caca309fb668n%40googlegroups.com.

Re: Question about setting GWT RPC timeout

Dear Colin

Thank you so much for your advice. I'll take a closer look at those areas.

Just a little clarification: The server is not running at all. Both exceptions are generated from the client only with different timeout settings when it cannot reach the server.
When the server is running - no problems in both cases. The purpose of the code is to make the client wait longer when the server is unreachable due to temporary communication problems.

PS there are some typos in the codes I provide which I made when clean-up for posting., Please ignore them.
Thank you again

Best regards
Dmitri


On Thu, Apr 6, 2023 at 9:49 PM Colin Alworth <niloc132@gmail.com> wrote:
I believe you're experiencing different timeouts in different cases. That is, the problem you're facing of a short timeout before you use your RPC_TIMEOUT_MS is a server-side timeout (or potentially a proxy?), but after you set a client-side timeout, the client is observing that the server is taking too long, and terminating the call from its side, resulting in the RequestTimeoutException.

To confirm this, try setting the client-side timeout to something like one minute, 60_000, and see that the error returns to the old message you were seeing. A timeout set like this does not guarantee that the server stops processing the request, only that the client stops waiting for it, and it may not be appropriate for your use case at all.

With the client-side timeout set to a reasonable amount or entirely removed, take a closer look at the error message you're getting from the server, and any server or proxy logs you're getting. If there is a proxy, see if you can connect directly to the server to rule out the proxy setting this short timeout. Very likely this is a configuration on the server/proxy that can be change to suit your requirements.

On Thursday, April 6, 2023 at 2:26:31 AM UTC-5 Dmitri wrote:
Dear gurus,

I'm learning Java and GWT and I'm facing a problem with setting timeout for PRC calls. I want to extend the RPC timeout before the client reports a failure. The code I'm using is attached below.

I'm running a client in firefox and experience the following problem:

I want to achieve a timeout of 20-30 seconds. However I can set the timeout (RPC_TIMEOUT_MS) only up to 3200mS. In case the server does not respond I receive the exception "com.google.gwt.http.client.RequestTimeoutException: A request timeout has expired after 3200 ms" accurately after defined time.

However in case set timeout exceeds the 3300ms of above the exception is different "com.google.gwt.user.client.rpc.StatusCodeException: 0" and is thrown always after 3-4 seconds.

What causes this exception and how can I extend the waiting time?

Thank you,
Best regards
Dmitri

The code:
public class MyClass implements EntryPoint {

  private static final int RPC_TIMEOUT_MS = 3300;

  private static class TimeoutRequestBuilder extends RpcRequestBuilder {
    @Override
    protected RequestBuilder doCreate(String serviceEntryPoint) {
  RequestBuilder builder = super.doCreate(serviceEntryPoint);
      builder.setTimeoutMillis(RPC_TIMEOUT_MS);
      return builder;
    }
  }

  private static final RpcRequestBuilder requestBuilder = new TimeoutRequestBuilder();
  private final HubServiceAsync myService = GWT.create(HubService.class);

  @Override
  public void onModuleLoad() {
    ((ServiceDefTarget) hmyService).setRpcRequestBuilder(requestBuilder);

    final MainView mainView = new MainView(hubService);

    RootPanel rootPanel = RootPanel.get();
    rootPanel.add(mainView);

    Window.addResizeHandler(new ResizeHandler() {
      @Override
      public void onResize(ResizeEvent event) {
        mainView.resize();
      }
    });
  }
}


--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/76443417-083f-4401-94f5-cd9fd392f80fn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/CADg%3D4kbetG7OztqcyK8bNE5Zr6vd4h%2B_4UhgpQkxQyCGn1ABWA%40mail.gmail.com.

Re: Question about setting GWT RPC timeout

I believe you're experiencing different timeouts in different cases. That is, the problem you're facing of a short timeout before you use your RPC_TIMEOUT_MS is a server-side timeout (or potentially a proxy?), but after you set a client-side timeout, the client is observing that the server is taking too long, and terminating the call from its side, resulting in the RequestTimeoutException.

To confirm this, try setting the client-side timeout to something like one minute, 60_000, and see that the error returns to the old message you were seeing. A timeout set like this does not guarantee that the server stops processing the request, only that the client stops waiting for it, and it may not be appropriate for your use case at all.

With the client-side timeout set to a reasonable amount or entirely removed, take a closer look at the error message you're getting from the server, and any server or proxy logs you're getting. If there is a proxy, see if you can connect directly to the server to rule out the proxy setting this short timeout. Very likely this is a configuration on the server/proxy that can be change to suit your requirements.

On Thursday, April 6, 2023 at 2:26:31 AM UTC-5 Dmitri wrote:
Dear gurus,

I'm learning Java and GWT and I'm facing a problem with setting timeout for PRC calls. I want to extend the RPC timeout before the client reports a failure. The code I'm using is attached below.

I'm running a client in firefox and experience the following problem:

I want to achieve a timeout of 20-30 seconds. However I can set the timeout (RPC_TIMEOUT_MS) only up to 3200mS. In case the server does not respond I receive the exception "com.google.gwt.http.client.RequestTimeoutException: A request timeout has expired after 3200 ms" accurately after defined time.

However in case set timeout exceeds the 3300ms of above the exception is different "com.google.gwt.user.client.rpc.StatusCodeException: 0" and is thrown always after 3-4 seconds.

What causes this exception and how can I extend the waiting time?

Thank you,
Best regards
Dmitri

The code:
public class MyClass implements EntryPoint {

  private static final int RPC_TIMEOUT_MS = 3300;

  private static class TimeoutRequestBuilder extends RpcRequestBuilder {
    @Override
    protected RequestBuilder doCreate(String serviceEntryPoint) {
  RequestBuilder builder = super.doCreate(serviceEntryPoint);
      builder.setTimeoutMillis(RPC_TIMEOUT_MS);
      return builder;
    }
  }

  private static final RpcRequestBuilder requestBuilder = new TimeoutRequestBuilder();
  private final HubServiceAsync myService = GWT.create(HubService.class);

  @Override
  public void onModuleLoad() {
    ((ServiceDefTarget) hmyService).setRpcRequestBuilder(requestBuilder);

    final MainView mainView = new MainView(hubService);

    RootPanel rootPanel = RootPanel.get();
    rootPanel.add(mainView);

    Window.addResizeHandler(new ResizeHandler() {
      @Override
      public void onResize(ResizeEvent event) {
        mainView.resize();
      }
    });
  }
}


--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/76443417-083f-4401-94f5-cd9fd392f80fn%40googlegroups.com.

Wednesday, April 5, 2023

Question about setting GWT RPC timeout

Dear gurus,

I'm learning Java and GWT and I'm facing a problem with setting timeout for PRC calls. I want to extend the RPC timeout before the client reports a failure. The code I'm using is attached below.

I'm running a client in firefox and experience the following problem:

I want to achieve a timeout of 20-30 seconds. However I can set the timeout (RPC_TIMEOUT_MS) only up to 3200mS. In case the server does not respond I receive the exception "com.google.gwt.http.client.RequestTimeoutException: A request timeout has expired after 3200 ms" accurately after defined time.

However in case set timeout exceeds the 3300ms of above the exception is different "com.google.gwt.user.client.rpc.StatusCodeException: 0" and is thrown always after 3-4 seconds.

What causes this exception and how can I extend the waiting time?

Thank you,
Best regards
Dmitri

The code:
public class MyClass implements EntryPoint {

  private static final int RPC_TIMEOUT_MS = 3300;

  private static class TimeoutRequestBuilder extends RpcRequestBuilder {
    @Override
    protected RequestBuilder doCreate(String serviceEntryPoint) {
  RequestBuilder builder = super.doCreate(serviceEntryPoint);
      builder.setTimeoutMillis(RPC_TIMEOUT_MS);
      return builder;
    }
  }

  private static final RpcRequestBuilder requestBuilder = new TimeoutRequestBuilder();
  private final HubServiceAsync myService = GWT.create(HubService.class);

  @Override
  public void onModuleLoad() {
    ((ServiceDefTarget) hmyService).setRpcRequestBuilder(requestBuilder);

    final MainView mainView = new MainView(hubService);

    RootPanel rootPanel = RootPanel.get();
    rootPanel.add(mainView);

    Window.addResizeHandler(new ResizeHandler() {
      @Override
      public void onResize(ResizeEvent event) {
        mainView.resize();
      }
    });
  }
}


--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/CADg%3D4kYt_6AaBghGxUoB_HYiaLumFCXEcrmm%3Dacd9wvPYZY4BQ%40mail.gmail.com.

Re: [schema.org] Can I use itemprop="image" inside ?

hello
is it possible to delete this post ?
thanks

On Friday, 24 August 2012 at 15:39:57 UTC-5 regnoult axel wrote:
Cool ! That is the first time I rate an issue :D 
Indeed, it would be nice to manage the meta tag inside UI binder like an HTML Page.

In my webapp, I talk about movies, and I do not know if it will works well with crawling :(
Indeed, the information of the movie will appear in a POPUP. It exists meta tag for events, but how will the crawler will read the information inside a popup (that appears when the mouse is over the movie) ?

In other terms, I have understood that the server give a SNAPSHOT of the HTML page of my application, but in this HTML page, all the popup does not appear, so my question is : 

 - Will the crawler see that their is a clickEvent and then a popup and then it will read the information of the event's meta tag ?

Thanks you, 
Axel


--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/e515f527-b9df-4ba7-b8ff-1a5d2ba8308dn%40googlegroups.com.

Re: What is the minimum Internet speed connexion that the GWT team is considering when testing their GWT application ?

hello,
is it possible to delete this post ?
thanks you

On Thursday, 5 July 2012 at 07:20:19 UTC-5 regnoult axel wrote:
Thanks a lot Jens, this discussion gave me enought information to go futher...

Cheers,
Axel.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/69b50c43-a69a-4a06-a711-3b8fccea0e68n%40googlegroups.com.

Re: help to understand uiRenderer

hello,
is it possible to delete this post ? 

thanks you

On Tuesday, 8 January 2013 at 09:52:55 UTC-5 Axel REGNOULT wrote:
ok, I close this topic, my error was the importance to use the same parameter name Contact in the render method. 


void render(SafeHtmlBuilder sb, Contact contact);

 <ui:with
  field='contact'
  type='com.MS.client.core.MODEL.admin.Contact_database.Contact' />

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/59b2615f-a935-4c29-9998-90921519998dn%40googlegroups.com.