Hey all,
I tried making my login form on my web app be protected by the XSRF servlet
and I am getting RPC Token Exceptions thrown. I followed the implementation
guidelines as described
here<https://developers.google.com/web-toolkit/doc/latest/DevGuideSecurityRpcXsrf>
and
after I had issues I saw that someone else had the same sort of issue
here<https://groups.google.com/forum/?fromgroups=#!searchin/google-web-toolkit/cookie/google-web-toolkit/ShVHH3kVbTQ/ZKurT_QIhzAJ>.
I still have the same exception being thrown as per the second URL and I'm
quite stuck as to what I'm supposed to do next.
I think that I'm just not setting the JSESSIONID cookie properly. If anyone
can help explain how and where I'm supposed to do this that would be of a
great help. If you look at the final comment on the second link, I think I
can have a separate servlet that can set the cookie value? However, I don't
know if that would open the application up for a security breach.
The code that my app is failing at is here:
private void makeSecureLogin(final String krb5Name, final
String githubName, final String pwd) {
XsrfTokenServiceAsync xsrf = (XsrfTokenServiceAsync)
GWT.create(XsrfTokenService.class);
((ServiceDefTarget)
xsrf).setServiceEntryPoint(GWT.getModuleBaseURL() + "xsrf");
xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() {
@Override
public void onFailure(Throwable throwable) {
dialogBox.setText("Remote call failed");
try {
throw throwable;
} catch (RpcTokenException rpcException) {
responseLabel.setHTML("RPC Token could not be
generated.");
} catch (Throwable other) {
responseLabel.setHTML(other.getMessage());
}
dialogBox.center();
}
@Override
public void onSuccess(XsrfToken xsrfToken) {
((HasRpcToken) loginService).setRpcToken(xsrfToken);
loginService.login(krb5Name, githubName, pwd,
getLoginCallback());
}
});
}
private AsyncCallback<KerberosUser> getLoginCallback() {
AsyncCallback toReturn = new AsyncCallback<KerberosUser>() {
@Override
public void onFailure(Throwable throwable) {
dialogBox.setText("Remote call failed");
try {
throw throwable;
} catch (LoginFailedException lfe) {
responseLabel.setText(lfe.getSymbol());
} catch (Throwable other) {
responseLabel.setText(other.getMessage());
}
dialogBox.center();
}
@Override
public void onSuccess(KerberosUser kerberosUser) {
dialogBox.setText("Remote call successful");
responseLabel.setText("Login for " +
kerberosUser.getGithubName() + " succeeded.");
dialogBox.center();
}
};
return toReturn;
}
Any help would be very much appreciated.
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
