Wednesday, June 15, 2011

GWT RequestBuilder vs RPC vs Script-Include

Which should we use: GWT RPC or RequestBuilder?

GWT presents four ways to perform async data transfer with the server.

  • GWT RPC
  • RequestBuilder
  • javascript include
  • the new-fangled ORM-friendly RequestFactory

GWT RPC is built on XMLHttpRequest (look up wikipedia on that) and therefore suffers the restriction of SLD SOP (Second level domain Same origin policy). I wrote a description of this at http://h2g2java.blessedgeek.com/2009/08/gwt-rpc.html. No doubt, newer browsers including IE 8 have a non-w3c-sanctioned XDomainRequest but I doubt GWT RPC has acquiesced to that new development.

RequestBuilder
RequestBuilder is also built on XMLHttpRequest. The difference between the two is that GWT RPC is an elaborate framework to define the client-server communication channel utilizing interfaces to provide Serializable POJO (plain old Java objects) transfer of data. Whereas RequestBuilder is simpler and more palatable to the usual adhoc-quick-and-dirty programmer. RequestBuilder requires you to concoct your own object data structure marshalling/demarshalling because you have to pass your data as String. But then you could encode the data structures using GWT's JSON marshalling/demarshalling routines. You can find my routine in Google Code to perform JSON data-transfer at http://code.google.com/p/synthfuljava/source/browse/trunk/gwt/http/org/synthful/gwt/http/client/JsonHttpResponseHandler.java

Is it true that GWT RPC actually calls RequestBuilder? I need to pace through the debugger to confirm that. I think I have already done that sometime before that confirms that GWT RPC actually calls RequestBuilder. GWT RPC uses its own esoteric encoding, and the format of POJO serialization is deliberately obfuscated.

JSON & JSONP
To transfer data using Javascript script include would require the data to be Javascript objects, obviously. And they Javascript objects would be stringified into text representation. Text representation of Javascript objects is JSON. You could send data to the server using JSON or whichever format that has been agreed upon between your GWT client and the server. However, the server needs to return data to your GWT client in JSONP.

JSONP is actually a Javascript function encapsulating the Javascript objects as its arguments. When the server sends your GWT cllient data using JSONP, it is actually attempting to execute a Javascript function. Therefore, that function would need to be predefined before receiving the JSONP data.
There are two ways that could happen:

  • The server sends a JSONP defining the function.
  • The client defines the function before sending the request.

Concurring the JSONP callback function with the server.
A general and his adjutant awaits to attack, each of their divisions on a different hill 10 miles apart. Their cloud of enemy is at the valley below them. The adjutant and the general agrees beforehand a set of orders correlated to a set of keywords. One of the orders could be like - attackFromLeft(orderDetails).

Similarly, the client would have predefined the Javascript callback function displayBarChart, and the data structure barChartDetails:

function displayBarChart(barChartDetails) { ... ...}

before sending a request to the server that would trigger receiving the data from the server:

displayBarChart({
  categories:[
    rambutans:{price:30, unit:kg},
    durians:{price:50, unit:pounds}
  ]
});

Script include to the rescue
Since, GWT-RPC uses its own esoteric encoding rather than JSONP, I can hardly see the possibility of its performing cross-domain GWT client-server communication.


To circumvent the SLD SOP restriction, whether in Javascript or any means of AJAX, you have to use the Javascript script include technique. i.e., < SCRIPT SRC='...' > tag. You could read my code on how to do that in the class JsonRemoteScriptCall at http://code.google.com/p/synthfuljava/source/browse/trunk/gwt/jsElements/org/synthful/gwt/javascript/client/JsonRemoteScriptCall.java.

This piece of code works on the browser DOM by dynamically defining a SCRIPT element in the DOM.

Script include is hazardous
Be duly warned that script include

<SCRIPT SRC=some-url ...></SCRIPT>

is hazardous in terms of security. Script include, like image include, allows your client to get resources from any server in the cloud that is willing to serve data to your client. And there will be no shortage of servers maliciously defining a Javascript function in the script.


8 comments:

  1. The Lexus LX 570 is the luxury version of the Land Cruiser, with hydraulic suspension to smoothen the ride and escape those roots. The chassis is body on frame, and the drivetrain is full time four wheel drive, with a locking center differential. The engine is a brawny 5.7 liter V8 making 381 horsepower, mated to a new eight speed automatic transmission. (Michael Kors Jet Set Travel Crossbody Bag Black)

    Coach Factory Outlet Online Real Coach Bags, OBAMA: Well, I think it goes beyond race. Obviously, what this reveals is that we still have a host of racial stereotypes that are out there, and that we are fast loose in playing with those racial stereotypes and bandying them about and thinking that there aren't going to be any consequences to it. And that's a problem..

    UNC GREENSBORO: Talk about bad timing for the Spartans (14 18, 7 9). Last year's leading scorer, Kyle Cain (15.4 ppg, 8.9 rpg) somewhat inexplicably decided to turn pro after his junior season, so UNCG will be without last year's go to player. Here's the bad timing part: Three players with eligibility left after last season decided to transfer away from UNCG, which seriously depleted the team's roster. (Black And White Striped Michael Kors Bag)

    Blue And White Coach Purse, The pitching by committee approached worked out well, as the Blue and Gold were limited to five hits on the afternoon. On the flipside, JCU head coach Marc Thibeault turned to five different hurlers to complete the contest. Brandon Lucas and Brandon Maddern each made his first appearance of the season.

    Maria severely impacted most of our energy infrastructure.Officials said Puerto Rico has 2 400 miles of transmission lines, 30 000 miles of distribution lines and 342 substations that suffered substantial damage during the hurricane. Gonzalez said crews are tackling projects that include installing new poles and building primary transmission towers and connection wiring.Carlos Torres, who is overseeing power restoration efforts, said that crews are still finding unexpected damage including what he called severely impacted substations."We will not stop working until every person and business has their lights back on," he said.'Lack of respect'Among those still waiting for power is Eileen Cheverez, a 48 year old respiratory therapist who lives in Morovis, which borders Ciales. She said power was restored to homes around her, but that crews still need to set up a key cable so she can have lights."This truly consumes you mentally, emotionally," she said, adding that seeing homes lit up around her gives her some hope amid the frustration. (Michael Kors Jet Set Travel Black Purse)

    ReplyDelete
  2. It is not discounted."There are two scientific labs within close proximity of of Wuhan where scientists are believed to have been carrying out tests on the coronavirus: the Institute of Virology, and the the Wuhan Centre for Disease Control.Both are within 10 miles of the animal market where it is believed the outbreak started.Scientists disagree on whether an accidental laboratory leak is a plausible explanation.One biologist who believes it cannot be ruled out is Professor Richard Ebright of Rutgers University's Waksman Institute of Microbiology.Ebright is quoted in the Bulletin of the Atomic Scientists as saying many of the scientists in Wuhan who have been working on the coronavirus have only had "minimal protections" against infection."Virus collection, culture, isolation, or animal infection at BSL 2 [moderate biosafety level] with a virus having the transmission characteristics of the outbreak virus would pose substantial risk of infection of a lab worker, and from the lab worker, the public," he says.He goes on to say the evidence available leaves "a basis to rule out a lab construct, but no basis to rule out a lab accident."Johnson's government has reportedly started to question the veracity of China's statements regarding the coronavirus.Last week it was reported that UK officials were furious with the Chinese state for spreading disinformation about the severity of the pandemic, and believed China had up to 40 more cases of the virus than it had claimed.On Sunday, March 29, senior UK minister Michael Gove told the BBC he was skeptical of the China numbers."It was the case [that] the first case of coronavirus in China was established in December of last year, but it was also the case that some of the reporting from China was not clear about the scale, the nature, the infectiousness of this," he said.A report by the UK Parliament's Foreign Affairs Committee published on Monday accused the Chinese government of spreading "disinformation" about the spread of the virus.. {tag: Yeezy Season 3 Jacket White}

    ReplyDelete