Hi All
I have a big GWT project, there are many services and methods need to
be protected. but I think it a hard work to
change all of code what call methods as the following code from google
document. So just want to know anybody
has any simple way can fix XRSF problem and no need to change so many
code for methods calling.
-------------------------------------------------------------
XsrfTokenServiceAsync xsrf =
(XsrfTokenServiceAsync)GWT.create(XsrfTokenService.class);
((ServiceDefTarget)xsrf).setServiceEntryPoint(GWT.getModuleBaseURL() +
"xsrf");
xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() {
public void onSuccess(XsrfToken token) {
MyServiceAsync rpc = (MyServiceAsync)GWT.create(MyService.class);
((HasRpcToken) rpc).setRpcToken(token);
// make XSRF protected RPC call
rpc.doStuff(new AsyncCallback<Void>() {
// ...
});
}
public void onFailure(Throwable caught) {
try {
throw caught;
} catch (RpcTokenException e) {
// Can be thrown for several reasons:
// - duplicate session cookie, which may be a sign of a cookie
// overwrite attack
// - XSRF token cannot be generated because session cookie
isn't
// present
} catch (Throwable e) {
// unexpected
}
});
-------------------------------------------------------------
Thanks
Joey
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
