search

jcricket / gwt-syncproxy

Provides Synchronous and Asynchronous access to GWT-RPC servlets from Java and Android
http://www.blueesoteric.com/open-source/gwt-syncproxy
Apache License 2.0
23 stars 14 forks source link

Blocked request without GWT permutation header (XSRF attack?) #40

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

I'm trying to run to following code:

rpcService =
        (GreetingServiceAsync)SyncProxy.newProxyInstance(
          GreetingServiceAsync.class,
          params[0] + "/demonstrator/", "greet");

      rpcService.greetServer("Android", new AsyncCallback() { ... });

What is the expected output? What do you see instead?
I expect to get "onSuccess" instead I get "onFailure". See additional 
information for stacktrace.

What version of the product are you using? On what operating system?
Android 4.4.2, GWT 2.6.0, SyncProxyAndroid-0.4.2, Windows 7 (64 bit), Eclipse 
Kepler  

Please provide any additional information below.
In LogCat I get:
Ingnoring header X-GWT-Permutation because its value was null.

And the output from GWT in eclipse is the following:

[WARN] Exception while dispatching incoming RPC call
java.lang.SecurityException: Blocked request without GWT permutation header 
(XSRF attack?)
    at com.google.gwt.user.server.rpc.RemoteServiceServlet.checkPermutationStrongName(RemoteServiceServlet.java:329)
    at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:260)
    at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:305)
    at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:68)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:370)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
    at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
    at java.lang.Thread.run(Thread.java:662)

I gwt-compiled the project and all the expected files are created. The 
*.nocache file is found and the *.cache.html are also found but if I understand 
correctly then there seems so be some problem with the *.gwt.rpc file. This 
file exists and is in the same folder as the nocache-file and cache.html files 
under war/demonstrator. I run the gwt project as a Web Application from eclipse.

Any ideas what's going wrong?
Thanks a lot!

Original issue reported on code.google.com by arnold.f...@gmail.com on 5 Aug 2014 at 9:44

GoogleCodeExporter commented 9 years ago 
Hi,

ok, I think I solved it. I made some mistake while setting up eclipse and there 
was something wrong with the source-linking. I just redid the setup and now it 
works. Just wanted to add this in case other people have the same problem.

Original comment by arnold.f...@gmail.com on 5 Aug 2014 at 10:24

GoogleCodeExporter commented 9 years ago 
This is typically seen when a GWT-compile still needs to be done. Take a look 
at CommonIssues for more details. Glad to hear this was resolved, issue is 
being closed.

Original comment by p.pr...@blueesoteric.com on 19 Sep 2014 at 12:37