Error in DWR 2.0.5

dwr
user3310115 picture user3310115 · Feb 14, 2014 · Viewed 7.2k times · Source

I am only allowed to use DWR 2.0.5 as DWR 3 is not yet released. My servers is WAS 8.0. I have 2 URLS Page1 and Page 2. Page1 will have a simple lable and an empty textbox. Page2 has nothing. First I will enter Page1 and then I will enter Page 2 in another browser. When I enter Page2, the textbox in Page1 should be filled with a Message "Hello DWR". I'm trying to achieve this using reverse ajax. Below are my code snippets and config files.

**DWR.xml**
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dwr PUBLIC "-//GetAhead Limited//DTD Direct Web Remoting 2.0//EN" "http://getahead.ltd.uk/dwr/dwr20.dtd">
<dwr>
  <allow>
    <create creator="new" javascript="GetSession">
      <param name="class" value="com.americanexpress.as.springthread.web.util.GetSession"/>
     </create>
    <create creator="new" javascript="CallSession">
      <param name="class" value="com.americanexpress.as.springthread.web.util.CallSession"/>
    </create>
   </allow>
</dwr>


**web.xml**

<?xml version="1.0" encoding="UTF-8"?><web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
   <display-name>SpringThreadWebWAR</display-name>

   <servlet>
    <servlet-name>dwr-invoker</servlet-name>
    <display-name>DWR Servlet</display-name>
    <description>Direct Web Remoter Servlet</description>
    <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>

    <!-- This should NEVER be present in live -->
    <init-param>
      <param-name>debug</param-name>
      <param-value>true</param-value>
    </init-param>

    <!-- Remove this unless you want to use active reverse ajax -->
    <init-param>
      <param-name>activeReverseAjaxEnabled</param-name>
      <param-value>true</param-value>
    </init-param>

      <!-- Remove this unless you want to use active reverse ajax -->
     <init-param>
      <param-name>pollAndCometEnabled</param-name>
      <param-value>true</param-value>
    </init-param> 



    <!-- Keep this to elimintate CSRF attack -->
    <init-param>
      <param-name>crossDomainSessionSecurity</param-name>
      <param-value>false</param-value>
    </init-param> 
    <load-on-startup>1</load-on-startup>
  </servlet>
    <servlet-mapping>
    <servlet-name>dwr-invoker</servlet-name>
    <url-pattern>/dwr/*</url-pattern>
  </servlet-mapping>

    <servlet>
      <servlet-name>dispatcher</servlet-name>
      <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
      <load-on-startup>2</load-on-startup>
   </servlet>  

   <servlet-mapping>
      <servlet-name>dispatcher</servlet-name>
      <url-pattern>*.do</url-pattern>
   </servlet-mapping>
<env-entry>
      <env-entry-name>SLConfigFile</env-entry-name>
      <env-entry-type>java.lang.String</env-entry-type>
      <env-entry-value>log_servicelocator.xml</env-entry-value>
   </env-entry>
</web-app>

**dispatcher-servlet.xml**

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:task="http://www.springframework.org/schema/task"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/context
                        http://www.springframework.org/schema/context/spring-context-3.1.xsd
                        http://www.springframework.org/schema/mvc
                        http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
                        http://www.springframework.org/schema/tx
                        http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                        http://www.directwebremoting.org/schema/spring-dwr
                        http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd">

    <mvc:annotation-driven />       

    <context:component-scan base-package="com.americanexpress.as.springthread.web.controller" />
    <context:component-scan base-package="com.americanexpress.as.springthread.web.processor" />
    <context:component-scan base-package="com.americanexpress.as.springthread.web.util" />
    <mvc:view-controller path="/" view-name="index" />

    <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
            <property name="prefix" value="/WEB-INF/" />
            <property name="suffix" value=".jsp" />
    </bean>


    <bean id="fileData" class="com.americanexpress.as.springthread.web.util.FileData" />

    <bean id="schedulerTask"  class="org.springframework.scheduling.timer.MethodInvokingTimerTaskFactoryBean">
    <property name="targetObject" ref="fileData" />
    <property name="targetMethod" value="createFile" />
    </bean>

    <bean id="timerTask" class="org.springframework.scheduling.timer.ScheduledTimerTask">
    <property name="timerTask" ref="schedulerTask" />
    <property name="delay" value="600000000" />
    <property name="period" value="600000000" />
    </bean>

    <bean class="org.springframework.scheduling.timer.TimerFactoryBean">
    <property name="scheduledTimerTasks">
        <list>
            <ref local="timerTask" />
        </list>
    </property>
    </bean>

     <bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
        <property name="corePoolSize" value="1"></property>
        <property name="maxPoolSize" value="10"></property>
        <property name="WaitForTasksToCompleteOnShutdown" value="true"></property>
    </bean> 

    <bean id="threadRunner" class="com.americanexpress.as.springthread.web.util.ThreadRunner">
        <constructor-arg ref="taskExecutor" />
    </bean>




</beans>   

**Page1.jsp**

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
<script type='text/javascript' src='<%=request.getContextPath()%>/dwr/engine.js'></script>
<script type='text/javascript' src = '<%=request.getContextPath()%>/dwr/interface/GetSession.js'></script>
<script type='text/javascript' src='<%=request.getContextPath()%>/dwr/util.js'></script>
</head>
<body>
<!-- <input type="button" onclick="getSession();"> -->
<label id="label">Session Id</label>
<input type="text" id="tag">
<script type="text/javascript">
window.onload=function()
{
    dwr.engine.setActiveReverseAjax(true); // Initiate reverse ajax polling
    addAttributeToScriptSession(); // Make a remote call to the server to add an attribute onto the ScriptSession which will be used in determining what pages receive updates!

}

function addAttributeToScriptSession()
{
    alert('vamsi');
    GetSession.getSessionValue();
}

function getIt()
{
    alert('Maaan'); 
}
</script>
</body>
</html>

**Page2.jsp**



<%@page import="com.americanexpress.as.springthread.web.util.StatMap"%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
<script type='text/javascript' src='<%=request.getContextPath()%>/dwr/engine.js'></script>
<script type='text/javascript' src = '<%=request.getContextPath()%>/dwr/interface/CallSession.js'></script>
<script type='text/javascript' src='<%=request.getContextPath()%>/dwr/util.js'></script>
</head>
<body>
<!-- <input type="button" onclick="getSession();"> -->
<script type="text/javascript">
window.onload=function()
{
    dwr.engine.setActiveReverseAjax(true); // Initiate reverse ajax polling
     callSession(); // Make a remote call to the server to add an attribute onto the ScriptSession which will be used in determining what pages receive updates!
}

function callSession()
{
    alert('krishna');
    CallSession.callSession();
}
</script>
</body>
</html>

**CallSession.java**

package com.americanexpress.as.springthread.web.util;


import org.directwebremoting.ScriptSession;
import org.directwebremoting.ServerContext;
import org.directwebremoting.beehive.PageFlowCreator;
import org.directwebremoting.proxy.dwr.Util;


public class CallSession {

    public void callSession() throws ClassNotFoundException{
         ScriptSession sessionId = (ScriptSession)StatMap.statMap.get("sessionId");
         System.out.println("Session id in Page2 "+sessionId);
                /*Browser.withPage(sessionId.getPage(), new Runnable(){
            public void run() {
                Util.setValue("tag", "Hello World");
            }

        });*/
        Util u = new Util(sessionId);
        System.out.println("The value of u is "+u);
        u.setValue("tag","Hello World");
        }
}


**GetSession.java**

package com.americanexpress.as.springthread.web.util;

import org.directwebremoting.ScriptSession;

import org.directwebremoting.WebContextFactory;


public class GetSession {
    public void getSessionValue(){
        ScriptSession scriptSession = WebContextFactory.get().getScriptSession();
        System.out.println("************************"+scriptSession.getId()+"************************");
        StatMap.statMap.put("sessionId",scriptSession);

    }
}




Now after I execute this, I'm always getting the below exception

**Exception**

[2/12/14 6:31:50:775 MST] 0000001e PollHandler   E org.directwebremoting.dwrp.PollHandler checkNotCsrfAttack A request has been denied as a potential CSRF atack.
[2/12/14 6:31:50:781 MST] 0000001e ExceptionHand W org.directwebremoting.util.CommonsLoggingOutput warn Unhandled Exception
                                 java.lang.SecurityException: Session Error
        at org.directwebremoting.dwrp.PollHandler.checkNotCsrfAttack(PollHandler.java:252)
        at org.directwebremoting.dwrp.PollHandler.handle(PollHandler.java:99)
        at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:101)
        at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:146)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1224)
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:774)
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:456)
        at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:136)
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:79)
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:928)
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1025)
        at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3704)
        at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
        at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:962)
        at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
        at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305)
        at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
        at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784)
        at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
        at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
        at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
        at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
        at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
        at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
        at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
        at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1659)

[2/12/14 6:31:50:791 MST] 0000001e webapp        E com.ibm.ws.webcontainer.webapp.WebApp logServletError SRVE0293E: [Servlet Error]-[dwr-invoker]: com.ibm.wswebcontainer.webapp.WebAppErrorReport: Error. Details logged to the console
        at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:624)
        at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:642)
        at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:1236)
        at org.directwebremoting.servlet.ExceptionHandler.handle(ExceptionHandler.java:59)
        at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:112)
        at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:146)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1224)
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:774)
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:456)
        at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:136)
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:79)
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:928)
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1025)
        at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3704)
        at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
        at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:962)
        at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
        at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305)
        at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
        at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784)
        at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
        at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
        at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
        at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
        at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
        at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
        at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
        at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1659)


Kindly let me know if any configuration or any implementation is wrong a


Regards,
Vamsi 

Answer

Elye M. picture Elye M. · Mar 7, 2014

In your web.xml you have this lines of code

<!-- Keep this to elimintate CSRF attack -->
<init-param>
  <param-name>crossDomainSessionSecurity</param-name>
  <param-value>false</param-value>
</init-param> 

And i see your error is:

E org.directwebremoting.dwrp.PollHandler checkNotCsrfAttack 
A request has been denied as a potential CSRF atack.

So maybe try to set it in your web.xml to true...