Contact us
Get started
Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Programmatically open a new browser window by Tarek Oraby, 3 weeks ago
Recent Posts
Vaadin Forum3. Vaadin 6, 7, 8

Vaadin - connection problem

Nazar Medeiros
6 years ago Oct 19, 2016 8:35am

Hello everyone,

I tried to send a simple request to my vaadin application (with an apache tomcat running in the background).
However.. I receive some error message which contains following content:

for(;;);[{"changes":{},"resources":{},"locales":{},"meta":{"appError":{"caption":"Internal error","url":null,"message":"Please notify the administrator.<br/>Take note of any unsaved data, and <u>click here</u> or press ESC to continue.","details":null}},"syncId":-1}]

Can anyone help me with that?
Best regards,
Nazar

Olli Tietäväinen
6 years ago Oct 27, 2016 8:49am

Hi,

what do you mean by "send a simple request" exactly? Can you describe what you're doing in more detail?

-Olli

+1
Tobias Demuth
6 years ago Oct 27, 2016 5:04pm

This kind of error comes normally together with some stacktrace in Tomcat-log. Please post that as well.

+1
Nazar Medeiros
6 years ago Nov 09, 2016 10:22am

The first request I sent, was the following one:

POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1

Host: localhost:8080

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/json; charset=UTF-8

Referer: http://localhost:8080/vaadin_vulnerabilities/

Content-Length: 297

Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865

Connection: close



{"csrfToken":"f4266a0d-6a78-4652-9d9e-6c00022165df","rpc":[["15","com.vaadin.shared.ui.button.ButtonServerRpc","click",[{"altKey":false,"button":"LEFT","clientX":122,"clientY":697,"ctrlKey":false,"metaKey":false,"relativeX":85,"relativeY":6,"shiftKey":false,"type":1}]]],"syncId":30,"clientId":49}

I received no error messages. I looked in the response and everything was fine.
After that, I sent another request which was a little different to the previous one:

POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1

Host: localhost:8080

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/json; charset=UTF-8

Referer: http://localhost:8080/vaadin_vulnerabilities/

Content-Length: 421

Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865

Connection: close



{"csrfToken":"f4266a0d-6a78-4652-9d9e-6c00022165df","rpc":[["0","com.vaadin.shared.ui.ui.UIServerRpc","scroll",[132,0]],["14","v","v",["text",["s","ls"]]],["14","v","v",["c",["i",2]]],["15","com.vaadin.shared.ui.button.ButtonServerRpc","click",[{"altKey":false,"button":"LEFT","clientX":114,"clientY":723,"ctrlKey":false,"metaKey":false,"relativeX":77,"relativeY":21,"shiftKey":false,"type":1}]]],"syncId":6,"clientId":50}

This request caused an error message. Here is my stacktrace:

Nov 09, 2016 5:10:57 AM com.vaadin.server.communication.UidlRequestHandler synchronizedHandleRequest
SEVERE: Error writing JSON to response
elemental.json.JsonException: Invalid object: expecting } or ,
    at elemental.json.impl.JsonTokenizer.parseObject(JsonTokenizer.java:236)
    at elemental.json.impl.JsonTokenizer.nextValue(JsonTokenizer.java:171)
    at elemental.json.impl.JreJsonFactory.parse(JreJsonFactory.java:64)
    at elemental.json.impl.JsonUtil.parse(JsonUtil.java:200)
    at com.vaadin.server.communication.ServerRpcHandler$RpcRequest.<init>(ServerRpcHandler.java:86)
    at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:231)
    at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:90)
    at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41)
    at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1414)
    at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:365)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1452)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

Can anyone explain this to me?
Best regards,
Nazar
 

Olli Tietäväinen
6 years ago Nov 09, 2016 10:31am

Looks like there's an error in your JSON, at least according to Elemental's JSON parser.

-Olli

Nazar Medeiros
6 years ago Nov 09, 2016 10:33am

Yes, but how can there be an error?.. I mean my request does not contain any irregular expressions. The only thing I recognized is, that the value of syncId remained at 6. Could this has any influence?

Nazar

Olli Tietäväinen
6 years ago Nov 09, 2016 10:34am

Have you tried with a different syncId?

-Olli

Nazar Medeiros
6 years ago Nov 09, 2016 10:40am

I just tried it out... Unfortunately the same error message. But this time, I could sent at least four request in a row until I received the message.

Nazar

Nazar Medeiros
6 years ago Nov 09, 2016 10:45am

Can you explain me another thing maybe?
I enter a value in a textfield and press the enter-key to send the request. The request contains following content:

POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1

Host: localhost:8080

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/json; charset=UTF-8

Referer: http://localhost:8080/vaadin_vulnerabilities/

Content-Length: 292

Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865

Connection: close



{"csrfToken":"f4266a0d-6a78-4652-9d9e-6c00022165df","rpc":[["0","com.vaadin.shared.ui.ui.UIServerRpc","scroll",[132,0]],["12","v","v",["text",["s","Nazar"]]],["12","v","v",["c",["i",5]]],["0","v","v",["actiontarget",["c","12"]]],["0","v","v",["action",["s","1"]]]],"syncId":101,"clientId":69}

When I don't change the value in the textfield and send the same request again, the content of the request changes to following:

POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1

Host: localhost:8080

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/json; charset=UTF-8

Referer: http://localhost:8080/vaadin_vulnerabilities/

Content-Length: 164

Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865

Connection: close



{"csrfToken":"f4266a0d-6a78-4652-9d9e-6c00022165df","rpc":[["0","v","v",["actiontarget",["c","12"]]],["0","v","v",["action",["s","1"]]]],"syncId":102,"clientId":70}

You can see the changes in the token. The second one is much shorter. Why is this the case?
Best regards,
Nazar

Olli Tietäväinen
6 years ago Nov 09, 2016 10:49am

It depends on the changed state of your application. In the first one, the textual contents of the TextField have changed, so they have to be sent to the server. In the second one, the contents are the same, so they don't have to be passed to the server anymore.

-Olli

+1
Nazar Medeiros
6 years ago Nov 09, 2016 10:55am

Hmm... the content doesn't have to be sent anymore, but a request is sent anyway, is it not? Using an http-Listener showed me, that also the second request was sent to the server. Have I understood someting wrong?

Nazar

Olli Tietäväinen
6 years ago Nov 09, 2016 11:04am

No, that's correct, your Action (the enter-key press) is still sent to the server in the second case.

-Olli

Nazar Medeiros
6 years ago Nov 15, 2016 8:53am

Nazar Medeiros: The first request I sent, was the following one:

POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1

Host: localhost:8080

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/json; charset=UTF-8

Referer: http://localhost:8080/vaadin_vulnerabilities/

Content-Length: 297

Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865

Connection: close



{"csrfToken":"f4266a0d-6a78-4652-9d9e-6c00022165df","rpc":[["15","com.vaadin.shared.ui.button.ButtonServerRpc","click",[{"altKey":false,"button":"LEFT","clientX":122,"clientY":697,"ctrlKey":false,"metaKey":false,"relativeX":85,"relativeY":6,"shiftKey":false,"type":1}]]],"syncId":30,"clientId":49}

I received no error messages. I looked in the response and everything was fine.
After that, I sent another request which was a little different to the previous one:

POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1

Host: localhost:8080

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/json; charset=UTF-8

Referer: http://localhost:8080/vaadin_vulnerabilities/

Content-Length: 421

Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865

Connection: close



{"csrfToken":"f4266a0d-6a78-4652-9d9e-6c00022165df","rpc":[["0","com.vaadin.shared.ui.ui.UIServerRpc","scroll",[132,0]],["14","v","v",["text",["s","ls"]]],["14","v","v",["c",["i",2]]],["15","com.vaadin.shared.ui.button.ButtonServerRpc","click",[{"altKey":false,"button":"LEFT","clientX":114,"clientY":723,"ctrlKey":false,"metaKey":false,"relativeX":77,"relativeY":21,"shiftKey":false,"type":1}]]],"syncId":6,"clientId":50}

This request caused an error message. Here is my stacktrace:

Nov 09, 2016 5:10:57 AM com.vaadin.server.communication.UidlRequestHandler synchronizedHandleRequest
SEVERE: Error writing JSON to response
elemental.json.JsonException: Invalid object: expecting } or ,
    at elemental.json.impl.JsonTokenizer.parseObject(JsonTokenizer.java:236)
    at elemental.json.impl.JsonTokenizer.nextValue(JsonTokenizer.java:171)
    at elemental.json.impl.JreJsonFactory.parse(JreJsonFactory.java:64)
    at elemental.json.impl.JsonUtil.parse(JsonUtil.java:200)
    at com.vaadin.server.communication.ServerRpcHandler$RpcRequest.<init>(ServerRpcHandler.java:86)
    at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:231)
    at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:90)
    at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41)
    at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1414)
    at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:365)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1452)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

Can anyone explain this to me?
Best regards,
Nazar
 

I found out why this error occurs. The first time you open a vaadin application and send a request, the clientId starts usually at 0 and increases by 1 for each request. When you send exactly the same request again, you won't get any problems until the clientId reaches the value 10. At this point I got an error because the id contains TWO characters this time which is unexpected for the server.

Another situation.. In case you start to send the request at 10, there won't be any problems until the id reaches 100.

Best regards,
Nazar

Olli Tietäväinen
6 years ago Nov 15, 2016 8:57am

Maybe the Content-Length parameter is wrong when you change the length of the content string? Like this:

Content-length=5
payload="12345"
->ok

Content-length=5
payload="12346"
-> ok

Content-length=5
payload="123456"
-> not ok

-Olli

+1
Nazar Medeiros
6 years ago Nov 15, 2016 9:58am

Olli Tietäväinen: Maybe the Content-Length parameter is wrong when you change the length of the content string? Like this:

Content-length=5
payload="12345"
->ok

Content-length=5
payload="12346"
-> ok

Content-length=5
payload="123456"
-> not ok

-Olli

Hi Olli,

this was exactly the first thing I thought about and it is the correct suggestion!!!

Thanks a lot!

Best regards,
Nazar
 

Olli Tietäväinen
6 years ago Nov 15, 2016 10:15am

No problem, you're welcome.

-Olli

Nazar Medeiros
6 years ago Nov 16, 2016 1:44pm

Olli Tietäväinen: No problem, you're welcome.

-Olli

Hi Olli,

I could need your knowledge again.
When I send a request without increasing the clientId, I don't get an error but I don't get a correct response either. What I receive in such case looks a little bit weird. Could you explain this to me, please?

for(;;);[{"syncId": 4, "resynchronize": true, "clientId": 3, "changes" : [["change",{"pid":"0"},["0",{"id":"0","location":"http:\/\/localhost:8080\/vaadin_vulnerabilities\/#!main\/hauptansicht","v":{"action":""}},["actions",{},["action",{"key":"1","caption":"Shortcut Name","kc":13,"mk":[]}]]]],["change",{"pid":"18"},["1",{"id":"18"}]],["change",{"pid":"13"},["1",{"id":"13","iem":"EAGER","iet":400,"nvc":true}]],["change",{"pid":"16"},["1",{"id":"16"}]],["change",{"pid":"14"},["1",{"id":"14"}]]], "state":{"0":{"pageState":{"title":"Vaadin vulnerabilities"},"localeServiceState":{"localeData":[{"name":"en_US","monthNames":["January","February","March","April","May","June","July","August","September","October","November","December"],"shortMonthNames":["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],"shortDayNames":["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],"dayNames":["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],"firstDayOfWeek":0,"dateFormat":"M/d/yy","twelveHourClock":true,"hourMinuteDelimiter":":","am":"AM","pm":"PM"}]},"theme":"mytheme","height":"100.0%","width":"100.0%"},"13":{"text":"k","immediate":true,"caption":"First name","errorMessage":"<div><h2>java&#46;lang&#46;NullPointerException&#10;&#9;at&#32;com&#46;e
...
"caption":"Last name"},"15":{"caption":"Search by name"},"16":{"text":"","caption":"Eingabe für XSS"},"17":{"contentMode":"HTML","width":"100.0%"},"18":{"text":"","caption":"Eingabe für command injection"},"19":{"caption":"Command

You can even see the contentMode of some Widgets. Is there a way I can hide this kind of information?

Thanks in advance!
Best regards,
Nazar

Olli Tietäväinen
6 years ago Nov 16, 2016 2:27pm

In what sense is the response you get not correct?

-Olli

Nazar Medeiros
6 years ago Nov 16, 2016 2:32pm

Olli Tietäväinen: In what sense is the response you get not correct?

-Olli

The code I posted above is a "standard" response which I receive every time when I send a request again that has been already issued. To be more clear.. I can send a request with a constant id (no increasing..) 10 times in a row and I get that kind of response. In case I increase the id (as expected from the server) the response is much shorter and I can even see the values I wanted to see e. g. names in a table.

Best regards,
Nazar

Olli Tietäväinen
6 years ago Nov 16, 2016 2:56pm

I think ultimately the state change you're proposing just leads to that result. 

-Olli

+1
Nazar Medeiros
6 years ago Nov 18, 2016 1:41pm

Thanks Olli!