My favorites | Sign in
Google
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
New issue | Search
for
| Advanced search | Search tips
Issue 1297: Server should reduce the number of instances in which it sends classes which the client cannot deserialize
5 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  mmendez@google.com
Closed:  Aug 2007
Cc:  scottb@google.com
Type-Defect
Priority-High
Category-RPC
Milestone-1_4_RC2


Sign in to add a comment
 
Reported by gwt.team.mmendez, Jun 22, 2007 
Found in GWT Release:
All

Detailed description:
The ServerSerializationStreamWriter needs to clamp off classes which can't
be deserialized by the client.  Currently, it allows any class to be sent back.

If the class has a custom field serializer then we should allow it.  If the
class is assignable to IsSerialziable or Serializable and is default
instantiable we should allow it.  Local types and non-static member types
should be excluded.  In the case that a type is not allowed we should
ensure that this information is logged to facilitate debugging.

Originally, I had mixed feelings about doing this.  However, I have helped
people on GWTC and GWTU with problems that were ultimately caused because
the server can send down types which the client can't handle.  I will grant
that this won't be fool proof because the checks performed by the server
are not as extensive as those of the client but I think that it will reduce
the number incidents significantly.

Workaround if you have one:
None

Links to the relevant GWT Developer Forum posts:
http://groups.google.com/group/Google-Web-Toolkit/browse_thread/thread/b880ec6015b99a08
http://groups.google.com/group/Google-Web-Toolkit/browse_thread/thread/d2e8ee94c53d5a5f
http://groups.google.com/group/Google-Web-Toolkit-Contributors/browse_thread/thread/ef16c38f1a057ef8
Comment 1 by ispeters, Jun 22, 2007 
Depending on what your goals are, I don't think it's enough to allow any class that
is assignable to Serializable.

Two problem cases:

 - The entire hierarchy of Exceptions is Serializable, and I'm sure there's a
subclass of RuntimeException that's in java.something that is not emulated by
GWT--such an Exception could be thrown by the server by accident and not be
deserialized by the client

 - Dead code elimination seems to erase class definitions for things like
NullPointerException unless they're explicitly declared as thrown, or explicitly
caught, which means that the client can't deserialize a server-side
NullPointerException (for example) even though NullPointerException is both
assignable to Serializable _and_ emulated by GWT

Ian
Comment 2 by gwt.team.mmendez, Jun 22, 2007 
Updated the summary to clarify the goal.

"I will grant that this won't be fool proof because the checks performed by the
server are not as extensive as those of the client but I think that it will reduce
the number incidents significantly."

The cases that you point out are examples of why it won't be fool proof.  However,
there are a lot of common cases like Arrays.asList which it will catch that people
run into very often.

The fool proof solution requires that the server to know exactly what types the
client can handle and not send any types outside of that set.  For that to work, the
server would need to get that information from the proxy generation system.  That
plumbing is not in place today and it won't be in place for 1.4.
Summary: Server should reduce the number of instances in which it sends classes which the client cannot deserialize
Comment 3 by gwt.team.sumit, Jun 28, 2007 
(No comment was entered for this change.)
Labels: Category-RPC
Comment 4 by m.zdila, Jul 04, 2007 
Hello. I think this is related:
I was returning an object from RPC service. That object contained one property of 
type Serializable. On the client side the AsyncCallback.onFailure was invoked with 
Throwable caught.toString() + ":" + caught.getMessage() 
containing: "java.lang.ClassCastException: null". This was only in non-hosted mode. 
In hosted mode I got no exception but AsyncCallback.onSuccess was invoked.

GWT 1.4 RC1
Comment 5 by gwt.team.mmendez, Jul 05, 2007 
This can behavior can be explained by that fact that none of our JRE emulation
classes actually implement java.io.Serializable.  I suspect that that this is part of
the problem.  This would aslo explain why it works in hosted mode but not in web
mode.  See  Issue 1139  for more details.
Comment 6 by gwt.team.jgw, Jul 23, 2007 
(No comment was entered for this change.)
Labels: -Milestone-1_4_RC2
Comment 7 by gwt.team.scottb, Aug 13, 2007 
This has been committed as r1302.  Miguel, I'll let you add any notes you'd like to add.
Status: FixedNotReleased
Labels: Milestone-1_4_RC2
Comment 8 by gwt.team.scottb, Aug 20, 2007 
1.4 RC2 now released.
Status: Fixed
Comment 9 by sumitcha...@google.com, Apr 28, 2008
Owner: mmendez
Comment 10 by scottb@google.com, Apr 29, 2008
Comment 11 by scottb@google.com, Apr 29, 2008
Cc: -gwt.team.scottb sco...@google.com
Sign in to add a comment