Hi,
what do you mean by “send a simple request” exactly? Can you describe what you’re doing in more detail?
-Olli
Hi,
what do you mean by “send a simple request” exactly? Can you describe what you’re doing in more detail?
-Olli
This kind of error comes normally together with some stacktrace in Tomcat-log. Please post that as well.
The first request I sent, was the following one:
[code]
POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Referer: http://localhost:8080/vaadin_vulnerabilities/
Content-Length: 297
Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865
Connection: close
{“csrfToken”:“f4266a0d-6a78-4652-9d9e-6c00022165df”,“rpc”:[[“15”,“com.vaadin.shared.ui.button.ButtonServerRpc”,“click”,[{“altKey”:false,“button”:“LEFT”,“clientX”:122,“clientY”:697,“ctrlKey”:false,“metaKey”:false,“relativeX”:85,“relativeY”:6,“shiftKey”:false,“type”:1}]
]],“syncId”:30,“clientId”:49}
[/code]I received no error messages. I looked in the response and everything was fine.
After that, I sent another request which was a little different to the previous one:
[code]
POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Referer: http://localhost:8080/vaadin_vulnerabilities/
Content-Length: 421
Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865
Connection: close
{“csrfToken”:“f4266a0d-6a78-4652-9d9e-6c00022165df”,“rpc”:[[“0”,“com.vaadin.shared.ui.ui.UIServerRpc”,“scroll”,[132,0]
],[“14”,“v”,“v”,[“text”,[“s”,“ls”]
]],[“14”,“v”,“v”,[“c”,[“i”,2]
]],[“15”,“com.vaadin.shared.ui.button.ButtonServerRpc”,“click”,[{“altKey”:false,“button”:“LEFT”,“clientX”:114,“clientY”:723,“ctrlKey”:false,“metaKey”:false,“relativeX”:77,“relativeY”:21,“shiftKey”:false,“type”:1}]
]],“syncId”:6,“clientId”:50}
[/code]This request caused an error message. Here is my stacktrace:
Nov 09, 2016 5:10:57 AM com.vaadin.server.communication.UidlRequestHandler synchronizedHandleRequest
SEVERE: Error writing JSON to response
elemental.json.JsonException: Invalid object: expecting } or ,
at elemental.json.impl.JsonTokenizer.parseObject(JsonTokenizer.java:236)
at elemental.json.impl.JsonTokenizer.nextValue(JsonTokenizer.java:171)
at elemental.json.impl.JreJsonFactory.parse(JreJsonFactory.java:64)
at elemental.json.impl.JsonUtil.parse(JsonUtil.java:200)
at com.vaadin.server.communication.ServerRpcHandler$RpcRequest.<init>(ServerRpcHandler.java:86)
at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:231)
at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:90)
at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41)
at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1414)
at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:365)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1452)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Can anyone explain this to me?
Best regards,
Nazar
Looks like there’s an error in your JSON, at least according to Elemental’s JSON parser.
-Olli
Yes, but how can there be an error?.. I mean my request does not contain any irregular expressions. The only thing I recognized is, that the value of syncId remained at 6. Could this has any influence?
Nazar
Have you tried with a different syncId?
-Olli
I just tried it out… Unfortunately the same error message. But this time, I could sent at least four request in a row until I received the message.
Nazar
Can you explain me another thing maybe?
I enter a value in a textfield and press the enter-key to send the request. The request contains following content:[code]
POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Referer: http://localhost:8080/vaadin_vulnerabilities/
Content-Length: 292
Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865
Connection: close
{“csrfToken”:“f4266a0d-6a78-4652-9d9e-6c00022165df”,“rpc”:[[“0”,“com.vaadin.shared.ui.ui.UIServerRpc”,“scroll”,[132,0]
],[“12”,“v”,“v”,[“text”,[“s”,“Nazar”]
]],[“12”,“v”,“v”,[“c”,[“i”,5]
]],[“0”,“v”,“v”,[“actiontarget”,[“c”,“12”]
]],[“0”,“v”,“v”,[“action”,[“s”,“1”]
]]],“syncId”:101,“clientId”:69}
[/code]When I don’t change the value in the textfield and send the same request again, the content of the request changes to following:
[code]
POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Referer: http://localhost:8080/vaadin_vulnerabilities/
Content-Length: 164
Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865
Connection: close
{“csrfToken”:“f4266a0d-6a78-4652-9d9e-6c00022165df”,“rpc”:[[“0”,“v”,“v”,[“actiontarget”,[“c”,“12”]
]],[“0”,“v”,“v”,[“action”,[“s”,“1”]
]]],“syncId”:102,“clientId”:70}
[/code]You can see the changes in the token. The second one is much shorter. Why is this the case?
Best regards,
Nazar
It depends on the changed state of your application. In the first one, the textual contents of the TextField have changed, so they have to be sent to the server. In the second one, the contents are the same, so they don’t have to be passed to the server anymore.
-Olli
Hmm… the content doesn’t have to be sent anymore, but a request is sent anyway, is it not? Using an http-Listener showed me, that also the second request was sent to the server. Have I understood someting wrong?
Nazar
No, that’s correct, your Action (the enter-key press) is still sent to the server in the second case.
-Olli
I found out why this error occurs. The first time you open a vaadin application and send a request, the clientId starts usually at 0 and increases by 1 for each request. When you send exactly the same request again, you won’t get any problems until the clientId reaches the value 10. At this point I got an error because the id contains TWO characters this time which is unexpected for the server.
Another situation… In case you start to send the request at 10, there won’t be any problems until the id reaches 100.
Best regards,
Nazar
Maybe the Content-Length parameter is wrong when you change the length of the content string? Like this:
Content-length=5
payload=“12345”
->ok
Content-length=5
payload=“12346”
→ ok
Content-length=5
payload=“123456”
→ not ok
-Olli
Hi Olli,
this was exactly the first thing I thought about and it is the correct suggestion!!!
Thanks a lot!
Best regards,
Nazar
No problem, you’re welcome.
-Olli
Hi Olli,
I could need your knowledge again.
When I send a request without increasing the clientId, I don’t get an error but I don’t get a correct response either. What I receive in such case looks a little bit weird. Could you explain this to me, please?
for(;;);[{“syncId”: 4, “resynchronize”: true, “clientId”: 3, “changes” : [[“change”,{“pid”:“0”},[“0”,{“id”:“0”,“location”:“http://localhost:8080/vaadin_vulnerabilities/#!main/hauptansicht”,“v”:{“action”:“”}},[“actions”,{},[“action”,{“key”:“1”,“caption”:“Shortcut Name”,“kc”:13,“mk”:[]
}]]]],[“change”,{“pid”:“18”},[“1”,{“id”:“18”}]
],[“change”,{“pid”:“13”},[“1”,{“id”:“13”,“iem”:“EAGER”,“iet”:400,“nvc”:true}]
],[“change”,{“pid”:“16”},[“1”,{“id”:“16”}]
],[“change”,{“pid”:“14”},[“1”,{“id”:“14”}]
]], “state”:{“0”:{“pageState”:{“title”:“Vaadin vulnerabilities”},“localeServiceState”:{“localeData”:[{“name”:“en_US”,“monthNames”:[“January”,“February”,“March”,“April”,“May”,“June”,“July”,“August”,“September”,“October”,“November”,“December”]
,“shortMonthNames”:[“Jan”,“Feb”,“Mar”,“Apr”,“May”,“Jun”,“Jul”,“Aug”,“Sep”,“Oct”,“Nov”,“Dec”]
,“shortDayNames”:[“Sun”,“Mon”,“Tue”,“Wed”,“Thu”,“Fri”,“Sat”]
,“dayNames”:[“Sunday”,“Monday”,“Tuesday”,“Wednesday”,“Thursday”,“Friday”,“Saturday”]
,“firstDayOfWeek”:0,“dateFormat”:“M/d/yy”,“twelveHourClock”:true,“hourMinuteDelimiter”:“:”,“am”:“AM”,“pm”:“PM”}]},“theme”:“mytheme”,“height”:“100.0%”,“width”:“100.0%”},“13”:{“text”:“k”,“immediate”:true,“caption”:“First name”,“errorMessage”:"
You can even see the contentMode of some Widgets. Is there a way I can hide this kind of information?
Thanks in advance!
Best regards,
Nazar
In what sense is the response you get not correct?
-Olli
The code I posted above is a “standard” response which I receive every time when I send a request again that has been already issued. To be more clear… I can send a request with a constant id (no increasing…) 10 times in a row and I get that kind of response. In case I increase the id (as expected from the server) the response is much shorter and I can even see the values I wanted to see e. g. names in a table.
Best regards,
Nazar
I think ultimately the state change you’re proposing just leads to that result.
-Olli
Thanks Olli!