Software Development from Ryan

I had some trouble yesterday getting this done. Here's what happened:

1. I installed the jar files, both my jar file and gwt-user in /WEB-INF/lib through ftp. However tomcat loads these jar files when the server is restarted daily at 1am. This is a bit too long to wait for updates. The server does load class files immediatly. So I extracted both jars to /WEB-INF/classes.
2. There was no need to play with a web.xml file. You can access your servlet at http://www.domainname.com/servlet/servletname, (replace domainname and servletname, not servlet).
3. Running an HTTP GET on the servlet worked. So I ran GWT generated javascript to access the server. The RPC call failed. Debugging the javascript showed that it was a 500 Internal server error: Check the server logs for details.
4. Checking the server logs revealed nothing. I Called godaddy a couple times, (thank god for free long distance on skype). They didn't know why the error didn't show up in the logs and the guy I spoke with the second time didn't know what a servlet was.
5. I dug into the GWT source. The RemoteServiceServlet catchs all exceptions in the doPost method and passes them to the respondWithFailure method which adds the exception message to the tomcat log and returns the generic 500 internal error. I modified the source to return the exception and the stack.
6. The exception was a java security restriction on java.lang.reflect and happened in ServerSerializationStream.serializeClass. In this method objects are serialized and each field is set to be accessible, that is if they are private fields they become accessible for serialization. This is what you can't do on godaddy's tomcat. The code is written such that every field's accessibility is changed whether its private or not.
7. Changing the code so that it only sets the accessibility when the field is not accessible allows applications to get by with serializing classes with only public fields when on servers with this type of security restriction. Also, if you only serialized simple types, String, int etc. you most likely won't have this problem, although I haven't tested this.