Hey all, I tried making my login form on my web app be protected by the XSRF servlet and I am getting RPC Token Exceptions thrown. I followed the implementation guidelines as described here<https://developers.google.com/web-toolkit/doc/latest/DevGuideSecurityRpcXsrf> and after I had issues I saw that someone else had the same sort of issue here<https://groups.google.com/forum/?fromgroups=#!searchin/google-web-toolkit/cookie/google-web-toolkit/ShVHH3kVbTQ/ZKurT_QIhzAJ>. I still have the same exception being thrown as per the second URL and I'm quite stuck as to what I'm supposed to do next.
I think that I'm just not setting the JSESSIONID cookie properly. If anyone can help explain how and where I'm supposed to do this that would be of a great help. If you look at the final comment on the second link, I think I can have a separate servlet that can set the cookie value? However, I don't know if that would open the application up for a security breach. The code that my app is failing at is here: private void makeSecureLogin(final String krb5Name, final String githubName, final String pwd) { XsrfTokenServiceAsync xsrf = (XsrfTokenServiceAsync) GWT.create(XsrfTokenService.class); ((ServiceDefTarget) xsrf).setServiceEntryPoint(GWT.getModuleBaseURL() + "xsrf"); xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() { @Override public void onFailure(Throwable throwable) { dialogBox.setText("Remote call failed"); try { throw throwable; } catch (RpcTokenException rpcException) { responseLabel.setHTML("RPC Token could not be generated."); } catch (Throwable other) { responseLabel.setHTML(other.getMessage()); } dialogBox.center(); } @Override public void onSuccess(XsrfToken xsrfToken) { ((HasRpcToken) loginService).setRpcToken(xsrfToken); loginService.login(krb5Name, githubName, pwd, getLoginCallback()); } }); } private AsyncCallback<KerberosUser> getLoginCallback() { AsyncCallback toReturn = new AsyncCallback<KerberosUser>() { @Override public void onFailure(Throwable throwable) { dialogBox.setText("Remote call failed"); try { throw throwable; } catch (LoginFailedException lfe) { responseLabel.setText(lfe.getSymbol()); } catch (Throwable other) { responseLabel.setText(other.getMessage()); } dialogBox.center(); } @Override public void onSuccess(KerberosUser kerberosUser) { dialogBox.setText("Remote call successful"); responseLabel.setText("Login for " + kerberosUser.getGithubName() + " succeeded."); dialogBox.center(); } }; return toReturn; } Any help would be very much appreciated. Thanks! -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.