What would happen in the case of a load balancer and rpc requests switching from one server to another from the same client , is sticky sessions required ?
On Jul 6, 4:32 pm, David Chandler <drfibona...@google.com> wrote: > Hi Joey, > > The XSRF token is stateless so you only need to call the XsrfTokenService > once per server session to obtain it. You can save it as a static variable > in a service helper class. Thereafter, you just need to call setRpcToken for > each service. > > Some projects GWT.create() all services in a helper or factory class like > > public class ServiceHelper { > > private static SomeServiceAsync someService; > > static { > (SomeServiceAsync) someService = GWT.create(SomeService.class); > > } > > public static getSomeService() { > return someService; > > } > } > > If you do this, you might initialize each service with the token when you > create it. Thereafter, client code can call ServiceHelper.getSomeService() > in order to make a request. For example, you could put the following in a > static initializer in the ServiceHelper to obtain the XSRF token when the > app loads: > > XsrfTokenServiceAsync xsrf = > (XsrfTokenServiceAsync)GWT.create(XsrfTokenService.class); > ((ServiceDefTarget)xsrf).setServiceEntryPoint(GWT.getModuleBaseURL() + > "xsrf"); > xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() { > > public void onSuccess(XsrfToken token) { > initSomeService(token); > initNextService(token); > ... > }); > } > > As far as handling the XSRF exception centrally, you can wrap AsyncCallback > with your own class like XsrfProtectedCallback in which you implement > onFailure(). This is a good practice anyway in order to provide uniform > error handling for your RPC calls. See HupaCallback in the Apache HupaMail > project for an example of a wrapped callback. > > HTH, > /dmc > > > > > > On Wed, Jul 6, 2011 at 4:33 AM, Joey <huazong...@gmail.com> wrote: > > Hi All > > > I have a big GWT project, there are many services and methods need to > > be protected. but I think it a hard work to > > change all of code what call methods as the following code from google > > document. So just want to know anybody > > has any simple way can fix XRSF problem and no need to change so many > > code for methods calling. > > > ------------------------------------------------------------- > > XsrfTokenServiceAsync xsrf = > > (XsrfTokenServiceAsync)GWT.create(XsrfTokenService.class); > > ((ServiceDefTarget)xsrf).setServiceEntryPoint(GWT.getModuleBaseURL() + > > "xsrf"); > > xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() { > > > public void onSuccess(XsrfToken token) { > > MyServiceAsync rpc = (MyServiceAsync)GWT.create(MyService.class); > > ((HasRpcToken) rpc).setRpcToken(token); > > > // make XSRF protected RPC call > > rpc.doStuff(new AsyncCallback<Void>() { > > // ... > > }); > > } > > > public void onFailure(Throwable caught) { > > try { > > throw caught; > > } catch (RpcTokenException e) { > > // Can be thrown for several reasons: > > // - duplicate session cookie, which may be a sign of a cookie > > // overwrite attack > > // - XSRF token cannot be generated because session cookie > > isn't > > // present > > } catch (Throwable e) { > > // unexpected > > } > > }); > > ------------------------------------------------------------- > > > Thanks > > > Joey > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google Web Toolkit" group. > > To post to this group, send email to google-web-toolkit@googlegroups.com. > > To unsubscribe from this group, send email to > > google-web-toolkit+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/google-web-toolkit?hl=en. > > -- > David Chandler > Developer Programs Engineer, GWT+GAE > w:http://code.google.com/ > b:http://turbomanage.wordpress.com/ > b:http://googlewebtoolkit.blogspot.com/ > t: @googledevtools -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.