Package com.google.gwt.user.server.rpc
Class XsrfProtectedServiceServlet
java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
com.google.gwt.user.server.rpc.RemoteServiceServlet
com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
com.google.gwt.user.server.rpc.XsrfProtectedServiceServlet
- All Implemented Interfaces:
SerializationPolicyProvider,Serializable,javax.servlet.Servlet,javax.servlet.ServletConfig
EXPERIMENTAL and subject to change. Do not use this in production code.
The servlet base class for RPC service implementations using default XSRF protection tied to authentication session cookie.
XSRF token validation is performed by generating MD5 hash of the session
cookie and comparing supplied XsrfToken with the generated hash.
Session cookie name is specified by the "gwt.xsrf.session_cookie_name"
context parameter in web.xml.
XsrfTokenService can be used by
clients to obtain XsrfTokens that will pass validation performed by
this class.
-
Field Summary
FieldsFields inherited from class com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
perThreadRequest, perThreadResponse -
Constructor Summary
ConstructorsConstructorDescriptionXsrfProtectedServiceServlet(Object delegate) XsrfProtectedServiceServlet(Object delegate, String sessionCookieName) XsrfProtectedServiceServlet(String sessionCookieName) -
Method Summary
Modifier and TypeMethodDescriptionvoidinit()protected voidvalidateXsrfToken(RpcToken token, Method method) ValidatesXsrfTokenincluded withRPCRequestagainst XSRF cookie.Methods inherited from class com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
onAfterRequestDeserialized, shouldValidateXsrfTokenMethods inherited from class com.google.gwt.user.server.rpc.RemoteServiceServlet
checkPermutationStrongName, doGetSerializationPolicy, getCodeServerPolicyUrl, getRequestModuleBasePath, getSerializationPolicy, init, loadPolicyFromCodeServer, loadSerializationPolicy, onAfterResponseSerialized, onBeforeRequestDeserialized, processCall, processCall, processPost, shouldCompressResponseMethods inherited from class com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, readContentMethods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, serviceMethods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, log, log
-
Field Details
-
sessionCookieName
String sessionCookieName
-
-
Constructor Details
-
XsrfProtectedServiceServlet
public XsrfProtectedServiceServlet() -
XsrfProtectedServiceServlet
-
XsrfProtectedServiceServlet
-
XsrfProtectedServiceServlet
-
-
Method Details
-
init
public void init() throws javax.servlet.ServletException- Overrides:
initin classjavax.servlet.GenericServlet- Throws:
javax.servlet.ServletException
-
validateXsrfToken
ValidatesXsrfTokenincluded withRPCRequestagainst XSRF cookie.- Specified by:
validateXsrfTokenin classAbstractXsrfProtectedServiceServlet- Parameters:
token-RpcTokenincluded with an RPC request.method- method being invoked via this RPC call.- Throws:
RpcTokenException- if token verification failed.
-