Package com.google.gwt.user.server.rpc
Class XsrfProtectedServiceServlet
- java.lang.Object
-
- javax.servlet.GenericServlet
-
- javax.servlet.http.HttpServlet
-
- com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
-
- com.google.gwt.user.server.rpc.RemoteServiceServlet
-
- com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
-
- com.google.gwt.user.server.rpc.XsrfProtectedServiceServlet
-
- All Implemented Interfaces:
SerializationPolicyProvider,java.io.Serializable,javax.servlet.Servlet,javax.servlet.ServletConfig
public class XsrfProtectedServiceServlet extends AbstractXsrfProtectedServiceServlet
EXPERIMENTAL and subject to change. Do not use this in production code.The servlet base class for RPC service implementations using default XSRF protection tied to authentication session cookie.
XSRF token validation is performed by generating MD5 hash of the session cookie and comparing supplied
XsrfTokenwith the generated hash. Session cookie name is specified by the "gwt.xsrf.session_cookie_name" context parameter inweb.xml.XsrfTokenServicecan be used by clients to obtainXsrfTokens that will pass validation performed by this class.
-
-
Field Summary
Fields Modifier and Type Field Description (package private) java.lang.StringsessionCookieName-
Fields inherited from class com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
perThreadRequest, perThreadResponse
-
-
Constructor Summary
Constructors Constructor Description XsrfProtectedServiceServlet()XsrfProtectedServiceServlet(java.lang.Object delegate)XsrfProtectedServiceServlet(java.lang.Object delegate, java.lang.String sessionCookieName)XsrfProtectedServiceServlet(java.lang.String sessionCookieName)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidinit()protected voidvalidateXsrfToken(RpcToken token, java.lang.reflect.Method method)ValidatesXsrfTokenincluded withRPCRequestagainst XSRF cookie.-
Methods inherited from class com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
onAfterRequestDeserialized, shouldValidateXsrfToken
-
Methods inherited from class com.google.gwt.user.server.rpc.RemoteServiceServlet
checkPermutationStrongName, doGetSerializationPolicy, getCodeServerPolicyUrl, getRequestModuleBasePath, getSerializationPolicy, init, loadPolicyFromCodeServer, loadSerializationPolicy, onAfterResponseSerialized, onBeforeRequestDeserialized, processCall, processCall, processPost, shouldCompressResponse
-
Methods inherited from class com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, readContent
-
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, service
-
-
-
-
Constructor Detail
-
XsrfProtectedServiceServlet
public XsrfProtectedServiceServlet()
-
XsrfProtectedServiceServlet
public XsrfProtectedServiceServlet(java.lang.String sessionCookieName)
-
XsrfProtectedServiceServlet
public XsrfProtectedServiceServlet(java.lang.Object delegate)
-
XsrfProtectedServiceServlet
public XsrfProtectedServiceServlet(java.lang.Object delegate, java.lang.String sessionCookieName)
-
-
Method Detail
-
init
public void init() throws javax.servlet.ServletException- Overrides:
initin classjavax.servlet.GenericServlet- Throws:
javax.servlet.ServletException
-
validateXsrfToken
protected void validateXsrfToken(RpcToken token, java.lang.reflect.Method method) throws RpcTokenException
ValidatesXsrfTokenincluded withRPCRequestagainst XSRF cookie.- Specified by:
validateXsrfTokenin classAbstractXsrfProtectedServiceServlet- Parameters:
token-RpcTokenincluded with an RPC request.method- method being invoked via this RPC call.- Throws:
RpcTokenException- if token verification failed.
-
-