Re: GWT cross-site request

[Alfredo Quiroga]

http://google-web-toolkit.googlecode.com/svn/javadoc/2.0/com/google/gwt/jsonp/client/JsonpRequestBuilder.html

Might help

Sent from my iPhone

On Apr 13, 2013, at 8:36 PM, Robson Braga  wrote:

> I get it! The following line was missing:
> 
> var script = document.createElement("script");
> 
> My bad...
> 
> 
> Em sábado, 13 de abril de 2013 21h27min29s UTC-3, Robson Braga escreveu:
>> 
>> Hi folks,
>> 
>> I have a webservice that returns a JSONP. The URL of the webservice is this:
>> 
>> http://user:password@localhost:8080/project/api/clientByEmail?email=u...@domain.com&callback=callback1
>> 
>> The result of that URL is this:
>> 
>> callback1({"personId":"1","email":"u...@domain.com","password":"5f4dcc3b5aa765d61d8327deb882cf99","personType":"1","documentNumber":"191","fullName":"Name
>>  Middle Last","phone":"4130232076","mobile":"4191199614","active":"true"})
>> 
>> I'm writting a GWT form to retrieve this information from my webservice. I 
>> have the following function, copied from GWT Tutorial, to do that:
>> 
>> public native static void getClientJson(String url, GwtTest handler) /*-{
>> // [1] The script starts by setting up a 

Re: GWT cross-site request

[Robson Braga]

I get it! The following line was missing:

var script = document.createElement("script");

My bad...



Em sábado, 13 de abril de 2013 21h27min29s UTC-3, Robson Braga escreveu:
>
> Hi folks,
>
> I have a webservice that returns a JSONP. The URL of the webservice is 
> this:
>
> http://user:password@localhost:8080/project/api/clientByEmail?email=
> u...@domain.com&callback=callback1
>
> The result of that URL is this:
>
> callback1({"personId":"1","email":"u...@domain.com","password":"5f4dcc3b5aa765d61d8327deb882cf99","personType":"1","documentNumber":"191","fullName":"Name
>  
> Middle Last","phone":"4130232076","mobile":"4191199614","active":"true"})
>
> I'm writting a GWT form to retrieve this information from my webservice. I 
> have the following function, copied from GWT Tutorial, to do that:
>
> public native static void getClientJson(String url, GwtTest handler) 
> /*-{
> // [1] The script starts by setting up a 

GWT cross-site request

[Robson Braga]

Hi folks,

I have a webservice that returns a JSONP. The URL of the webservice is this:

http://user:password@localhost:8080/project/api/clientByEmail?email=u...@domain.com&callback=callback1

The result of that URL is this:

callback1({"personId":"1","email":"u...@domain.com","password":"5f4dcc3b5aa765d61d8327deb882cf99","personType":"1","documentNumber":"191","fullName":"Name
 
Middle Last","phone":"4130232076","mobile":"4191199614","active":"true"})

I'm writting a GWT form to retrieve this information from my webservice. I 
have the following function, copied from GWT Tutorial, to do that:

public native static void getClientJson(String url, GwtTest handler) 
/*-{
// [1] The script starts by setting up a 

Re: GWT Cross-site request for autocomplete box

[Alp Yilancioglu]

Thank you for your time and informatiom 
 
Best Regards..
 

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/iT0jDIhCg5wJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Cross-site request for autocomplete box

[Alp Yilancioglu]

i found my problem
 
By creating the callback function outside the requestObject()   > not 
like requestObject(new Async...(..) )
 

*AsyncCallback* abc= new *AsyncCallback*  {}

and this way i set the object name with the parameter name  

jsonp.setCallbackParam("json.wrf=abc");

 
 

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/ZwOQLUfHmb0J.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Cross-site request for autocomplete box

[Alp Yilancioglu]

The JS function names seems to be the same 

this is the request : 
http://localhost:8080/solr/collection1/select?q=TUR&wt=json&json.wrf=
__gwt_jsonp__.P2.onSuccess

this is the response : 
__gwt_jsonp__.P2.onSuccess
({"responseHeader":{"status":0,"QTime":1,"params":{"json.wrf":"__gwt_jsonp__
.P2.onSuccess","q":"TUR","wt":"json"}},"response":{"numFound":2,"start":0,"docs":[{"co":["Turkey"],"id":"117194","name":"TUR
 
INN 
HOTEL","lvl2":"Kuşadası","lvl1":"Aydın","_version_":1419004459433852929},{"co":["Turkey"],"id":"119294","name":"HAL-TUR
 
HOTEL","lvl2":"Denizli Merkez","lvl1":"Denizli"
,"_version_":1419004459561779201}]}})


any other suggestions for me without JSONPRequestBuilder class 
this is really important for me 

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/Qr-XQ_qp2XYJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Cross-site request for autocomplete box

[Thomas Broyer]

On Monday, November 19, 2012 3:40:45 PM UTC+1, Alp Yilancioglu wrote:
>
>  i looked from firebug, Gwt sets a dynamic onSuccess function name to 
>  the parameter name i have set as "json.wrf"  which  seems okey 
>
>  Unfortunetly both  , onSuccess  and  onFailure functuions are not get 
> called; 
>
> What should i do at this point?
>

Check that the response from Solr is correct: it might try to call another 
JS function than the one given in json.wrf, or there might be an error when 
calling that method and/or evaluating the script (Googling "solr jsonp" 
revealed a few bugs in Solr, they apparently have been fixed but you might 
have to check your version of Solr)

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/YaGH9cv35fwJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Cross-site request for autocomplete box

[Alp Yilancioglu]

 i looked from firebug, Gwt sets a dynamic onSuccess function name to 
 the parameter name i have set as "json.wrf"  which  seems okey 

 Unfortunetly both  , onSuccess  and  onFailure functuions are not get 
called; 

What should i do at this point?



 

 

 






-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/KBbqqEK4SDQJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Cross-site request for autocomplete box

[Thomas Broyer]

On Monday, November 19, 2012 3:02:08 PM UTC+1, Alp Yilancioglu wrote:
>
> Hi thanks for the information,
>  
> i have done what you have told,
> and here is the code; 
> unfirtunety unable to recieve the results ?
>

What do you mean? onSuccess is not called or you don't know what to do with 
the received JavaScriptObject?

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/p2ca8teWcx0J.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Cross-site request for autocomplete box

[Alp Yilancioglu]

Hi thanks for the information,
 
i have done what you have told,
and here is the code; 
unfirtunety unable to recieve the results ?
 
 
 
Client Side Code; 
   JsonpRequestBuilder jsonp = new JsonpRequestBuilder();
   
   String url = "http://localhost:8080/solr/select?q=TUR&wt=json";;
   jsonp.setCallbackParam("json.wrf");

jsonp.requestObject(url,new AsyncCallback() {

 public void onFailure(Throwable throwable) {... }
 public void onSuccess(JavaScriptObject rs) {   ...  }  
}
 );
 
 

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/8AYNqW6YO8IJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Cross-site request for autocomplete box

[Thomas Broyer]

On Monday, November 19, 2012 12:06:29 PM UTC+1, Alp Yilancioglu wrote:
>
> Hi
> i am trying to create a autosuggest box  which take data from my apacge 
> solr server which is going to be in another domain for production
> i just simply need to request a query with the address "
> http://localhost:8080/solr/select?q=ABC&callback=handleJsonResponse
> i can get JSON as a result or an XML as a result 
>
> i followed th steps from the developers page tutorials;
> it says give a parameter with a name of callback and set the callback 
> func.name ;
> and according to the tutorial it shows that the response has to be some 
> thing like  GivenCallBackName([ JsonResults ])
>

The docs are outdated, there's JsonpRequestBuilder now.

And to ask Solr to return JSON-P, there's a json.wrf parameter: 
http://wiki.apache.org/solr/SolJSON#JSON_specific_parameters
This is the value to pass to JsonpRequestBuilder's setCallbackParam method.

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/BsdY4tOEHkYJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

GWT Cross-site request for autocomplete box

[Alp Yilancioglu]

Hi
i am trying to create a autosuggest box  which take data from my apacge 
solr server which is going to be in another domain for production
i just simply need to request a query with the address 
"http://localhost:8080/solr/select?q=ABC&callback=handleJsonResponse
i can get JSON as a result or an XML as a result 

i followed th steps from the developers page tutorials;
it says give a parameter with a name of callback and set the callback 
func.name ;
and according to the tutorial it shows that the response has to be some 
thing like  GivenCallBackName([ JsonResults ])

Unfortunetly when i try to do this i got a reponse with the request 
parameters inside it when i do this manuelly from the iexplorer,
when i do this from gwt i get NULL as a returning result

 i got the code down below, wat should i do ?


request syntax : 
 getJson(UNIQUE_ID_FOR_JS,  
"http://localhost:8080/solr/select?q=TUR&callback=handleJsonResponse&wt=json"_URL,
 
this); 

 

  
public native static void getJson(int requestId, String url,
  ProTravel handler) /*-{
   var callback = "callback" + requestId;

   // [1] Create a script element.
   var script = document.createElement("script");
   script.setAttribute("src", url+callback);
   script.setAttribute("type", "text/javascript");

   // [2] Define the callback function on the window object.
   window[callback] = function(jsonObj) {
   // [3]
 
handl...@com.gwt.pt.web.client.ProTestApp::handleJsonResponse(Lcom/google/gwt/core/client/JavaScriptObject;)(jsonObj);
 window[callback + "done"] = true;
   }

   // [4] JSON download has 1-second timeout.
   setTimeout(function() {
 if (!window[callback + "done"]) {
   
handl...@com.gwt.pt.web.client.ProTestApp::handleJsonResponse(Lcom/google/gwt/core/client/JavaScriptObject;)(null);
 }

 // [5] Cleanup. Remove script and callback elements.
 document.body.removeChild(script);
 delete window[callback];
 delete window[callback + "done"];
   }, 1000);

   // [6] Attach the script element to the document body.
   document.body.appendChild(script);
  }-*/;


/**
 * Handle the response to the request for stock data from a remote 
server.
 */
public void handleJsonResponse(JavaScriptObject jso) {
// this is the callback
   }

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/l6BhUdSJeIEJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Cross Site Request

[Michael Allan]

Padding the response with a function call - e.g. callback( ... ) - is
what makes it readable by pages from other domains.  If that's what
you need and the source domain provides only JSON:

[{"symbol": "ABC","price": 87.86,"change": -0.41}]

then one solution (I've heard) is to create a "pipe" that reads the
JSON from the original source and outputs it as JSONP:

  callback( [{"symbol": "ABC","price": 87.86,"change": -0.41}] );

Pages from any domain may direct their requests to the pipe.

-- 
Michael Allan

Toronto, +1 416-699-9528
http://zelea.com/


Muhammad Muaz said:
> I am trying this tutorial 
> ,it is 
> working fine if server specify the call back object, like if server prints 
> like this, 
> 
> 
> callback125([{"symbol":"DDD","price":10.610339195026,"change":0.053085447454327}]);
> 
> But my requirements are like, server can only print in pure `JSON` form 
> like this
> 
> [{"symbol": "ABC","price": 87.86,"change": -0.41}]
> 
> I tried to do so, json is retrieving but the callback method is not 
> invoking, Is there any solution that we dont need to specify callback 
> method ?

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Cross Site Request

[Muhammad Muaz]

I am trying this tutorial 
,it is 
working fine if server specify the call back object, like if server prints 
like this, 


callback125([{"symbol":"DDD","price":10.610339195026,"change":0.053085447454327}]);

But my requirements are like, server can only print in pure `JSON` form 
like this

[{"symbol": "ABC","price": 87.86,"change": -0.41}]

I tried to do so, json is retrieving but the callback method is not 
invoking, Is there any solution that we dont need to specify callback 
method ?

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/J-H9Le-5VaEJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT cross-site request without JSNI..?

[kim young ill]

thanx

On Mon, Jun 18, 2012 at 11:14 PM, Jens  wrote:

> is the request done by post or get ?
>>
>
> JSONP is always a GET request.
>
> -- J.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-web-toolkit/-/8-8M9x-umF4J.
>
> To post to this group, send email to google-web-toolkit@googlegroups.com.
> To unsubscribe from this group, send email to
> google-web-toolkit+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT cross-site request without JSNI..?

[Jens]

>
> is the request done by post or get ?
>

JSONP is always a GET request.

-- J.

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/8-8M9x-umF4J.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT cross-site request without JSNI..?

[kim young ill]

is the request done by post or get ?

On Mon, Jun 18, 2012 at 9:54 PM, Jens  wrote:

> Sure you can do the same thing with JsonpRequestBuilder (
> http://google-web-toolkit.googlecode.com/svn/javadoc/2.4/com/google/gwt/jsonp/client/JsonpRequestBuilder.html
> ).
>
> -- J.
>
> Am Montag, 18. Juni 2012 20:11:53 UTC+2 schrieb Carsten:
>
>> Hi,
>>
>> is it possible to do a cross-site request with very little JSNI or none
>> at all?
>>
>> I am a beginner and followed this tutorial:
>> https://developers.google.com/**web-toolkit/doc/latest/**tutorial/Xsite<https://developers.google.com/web-toolkit/doc/latest/tutorial/Xsite>
>> Is it possible to do the same without ever writing native JS code?
>>
>> Cheers,
>> Carsten
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-web-toolkit/-/qjcZPl2Wq6sJ.
>
> To post to this group, send email to google-web-toolkit@googlegroups.com.
> To unsubscribe from this group, send email to
> google-web-toolkit+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT cross-site request without JSNI..?

[Jens]

Sure you can do the same thing with JsonpRequestBuilder 
(http://google-web-toolkit.googlecode.com/svn/javadoc/2.4/com/google/gwt/jsonp/client/JsonpRequestBuilder.html).

-- J.

Am Montag, 18. Juni 2012 20:11:53 UTC+2 schrieb Carsten:
>
> Hi,
>
> is it possible to do a cross-site request with very little JSNI or none at 
> all?
>
> I am a beginner and followed this tutorial: 
> https://developers.google.com/web-toolkit/doc/latest/tutorial/Xsite
> Is it possible to do the same without ever writing native JS code?
>
> Cheers,
> Carsten
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/qjcZPl2Wq6sJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

GWT cross-site request without JSNI..?

[Carsten]

Hi,

is it possible to do a cross-site request with very little JSNI or none at 
all?

I am a beginner and followed this tutorial: 
https://developers.google.com/web-toolkit/doc/latest/tutorial/Xsite
Is it possible to do the same without ever writing native JS code?

Cheers,
Carsten

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-web-toolkit/-/uvNMGWyQryMJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Making a cross site request to a service returning back XML

[Jeff Chimene]

On Fri, Feb 25, 2011 at 9:28 AM, ialexei  wrote:

> I have a legacy middleware application that returns back XML.
> It has lots of methods and is doing well in a stable production
> environment.
> I would like my GWT app (running on a different domain) to consume
> this data with minimal changes to the middleware.
>
> The way I see it I have these 2 options
> 1. Modify my middleware to return back JSONP instead of XML with an
> optional argument for return type.
> 2. Proxy calls to the middleware through a GWT servlet
>
> #1 would mean a change to every remote method call into equivalent
> JSONP.
> #2 would mean an additional hop
>

GWT is Javascript executing in a browser context. Just as, for example,
Firefox can download and render an XML file, so too can your app. I don't
know the mechanics of the request, but it sounds like it's a CGI contract
(as opposed to Java RPC): your middleware app will set the response MIME
type to "text/XML", your response handler will receive the response, if the
status is HTTP 200, it will parse the response via the browser.

You then navigate the resulting DOM tree and extract the relevant
tags/attributes/content.

hth,
jec

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: Making a cross site request to a service returning back XML

[ialexei]

My question was, Is there an option #3 ?

On Feb 25, 11:28 am, ialexei  wrote:
> I have a legacy middleware application that returns back XML.
> It has lots of methods and is doing well in a stable production
> environment.
> I would like my GWT app (running on a different domain) to consume
> this data with minimal changes to the middleware.
>
> The way I see it I have these 2 options
> 1. Modify my middleware to return back JSONP instead of XML with an
> optional argument for return type.
> 2. Proxy calls to the middleware through a GWT servlet
>
> #1 would mean a change to every remote method call into equivalent
> JSONP.
> #2 would mean an additional hop

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Making a cross site request to a service returning back XML

[ialexei]

I have a legacy middleware application that returns back XML.
It has lots of methods and is doing well in a stable production
environment.
I would like my GWT app (running on a different domain) to consume
this data with minimal changes to the middleware.

The way I see it I have these 2 options
1. Modify my middleware to return back JSONP instead of XML with an
optional argument for return type.
2. Proxy calls to the middleware through a GWT servlet

#1 would mean a change to every remote method call into equivalent
JSONP.
#2 would mean an additional hop

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Login/ Logout/ Remember Me (with concern in preventing Cross-Site Request Forgeries) Example

[lineman78]

I suggest using container managed security so that you don't have to
deal with most of this.  I have implemented a GWT-based form login,
but it required some hackery because of the way tomcat/glassfish
handle redirecting for form login using request dispatching, therefore
causing your moduleBaseUrl to be off and not being able to load any of
the successive resource files.  I was able to work around this using a
jsp to do a meta redirect so that the browser would go to the real
url.

On Apr 7, 3:57 pm, Sripathi Krishnan 
wrote:
> For general ideas on how to implement remember me, the thread you started on
> stackoverflow<http://stackoverflow.com/questions/2594960/best-pratice-to-implement-...>should
> get you answers. I will try to answer the GWT specific things you
> should be doing over here.
>
> If you haven't already, please 
> readhttp://groups.google.com/group/Google-Web-Toolkit/web/security-for-gw
> Its a bit dated, and will perhaps take you a while to go through it, but it
> is definitely worth reading if you are concerned about security.
>
> Once you have implemented remember-me, it is important that your website
> doesn't have XSS (cross site scripting) or CSRF (cross site request forgery)
> loopholes. Additionally, you must use a SSL certificate (https) to protect
> the cookie from a man-in-the-middle attack.
>
> Some suggestions for XSS and CSRF from a GWT perspective -
>
> *Cross Site Scripting*
>
>    - Within GWT code, be wary of innerHTML() and eval() methods. Make sure
>    that whatever string you pass to these methods is trusted. If its not
>    trusted, you'd have to escape the
> strings<http://www.530geeks.com/encode.jsp>appropriately. GWT takes
> care of things everywhere else.
>    - If you are using JSNI, make sure you don't insert untrusted content
>    into the dom. Same as above, use escaping if the strings are not trusted.
>    - If you use an external javascript library, make sure it doesn't have
>    loopholes.
>    - Finally, if you use a jsp/servlet to generate the html, make sure that
>    it doesn't echo input parameters without first escaping them.
>
> *Cross Site Request Forgery*
>
>    - If you use GWT RPC (whether the legacy one or the new deRPC), you are
>    already protected. GWT sets custom request headers before making a RPC 
> call.
>    It also uses post with a custom content type. These cannot be forged using 
> a
>    script/image/iframe/form from another domain.
>    - If you use RequestBuilder to download JSON / XML, then you are on your
>    own. Follow the best practices laid down by
> OWASP<http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_...>.
>    GWTs security
> notes<http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gw...>also
> has notes on how to protect against csrf.
>
> --Sri
>
> On 8 April 2010 02:36, Manuel Carrasco Moñino  wrote:
>
> > GWT (client side) has nothing to do with HttpOnly cookies because the
> > browser can not read them using javascript.
>
> > You have to face it in the server side, sending a cookie from your
> > servlet to the browser with the HttpOnly attribute set, the browser
> > will remember it, and the next time it loads the GWT application it
> > has to ask the server via RPC to know if the user has the appropriate
> > cookies, if not you have to show the login screen.
>
> > -Manolo
>
> > On Wed, Apr 7, 2010 at 8:17 PM, yccheok  wrote:
> > > Does anyone have a good code example, on how to implement login/logout/
> > > remember me feature, using GWT, with concern on Cross-Site Request
> > > Forgeries.
>
> > > My plan is to use HttpOnly :
> >http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-http...
>
> > > However, I am not sure whether that will be sufficient enough.
>
> > > Thanks.
>
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > "Google Web Toolkit" group.
> > > To post to this group, send email to google-web-toolkit@googlegroups.com
> > .
> > > To unsubscribe from this group, send email to
> > google-web-toolkit+unsubscr...@googlegroups.com
> > .
> > > For more options, visit this group at
> >http://groups.google.com/group/google-web-toolkit?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Google Web Toolkit" group.
> > To post to this group, send email to google-web-tool...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > google-web-toolkit+unsubscr...@googlegroups.com
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/google-web-toolkit?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Login/ Logout/ Remember Me (with concern in preventing Cross-Site Request Forgeries) Example

[Sripathi Krishnan]

For general ideas on how to implement remember me, the thread you started on
stackoverflow<http://stackoverflow.com/questions/2594960/best-pratice-to-implement-secure-remember-me>should
get you answers. I will try to answer the GWT specific things you
should be doing over here.

If you haven't already, please read
http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt-applications.
Its a bit dated, and will perhaps take you a while to go through it, but it
is definitely worth reading if you are concerned about security.

Once you have implemented remember-me, it is important that your website
doesn't have XSS (cross site scripting) or CSRF (cross site request forgery)
loopholes. Additionally, you must use a SSL certificate (https) to protect
the cookie from a man-in-the-middle attack.

Some suggestions for XSS and CSRF from a GWT perspective -

*Cross Site Scripting*

   - Within GWT code, be wary of innerHTML() and eval() methods. Make sure
   that whatever string you pass to these methods is trusted. If its not
   trusted, you'd have to escape the
strings<http://www.530geeks.com/encode.jsp>appropriately. GWT takes
care of things everywhere else.
   - If you are using JSNI, make sure you don't insert untrusted content
   into the dom. Same as above, use escaping if the strings are not trusted.
   - If you use an external javascript library, make sure it doesn't have
   loopholes.
   - Finally, if you use a jsp/servlet to generate the html, make sure that
   it doesn't echo input parameters without first escaping them.

*Cross Site Request Forgery*

   - If you use GWT RPC (whether the legacy one or the new deRPC), you are
   already protected. GWT sets custom request headers before making a RPC call.
   It also uses post with a custom content type. These cannot be forged using a
   script/image/iframe/form from another domain.
   - If you use RequestBuilder to download JSON / XML, then you are on your
   own. Follow the best practices laid down by
OWASP<http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet>.
   GWTs security
notes<http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt-applications>also
has notes on how to protect against csrf.


--Sri



On 8 April 2010 02:36, Manuel Carrasco Moñino  wrote:

> GWT (client side) has nothing to do with HttpOnly cookies because the
> browser can not read them using javascript.
>
> You have to face it in the server side, sending a cookie from your
> servlet to the browser with the HttpOnly attribute set, the browser
> will remember it, and the next time it loads the GWT application it
> has to ask the server via RPC to know if the user has the appropriate
> cookies, if not you have to show the login screen.
>
> -Manolo
>
> On Wed, Apr 7, 2010 at 8:17 PM, yccheok  wrote:
> > Does anyone have a good code example, on how to implement login/logout/
> > remember me feature, using GWT, with concern on Cross-Site Request
> > Forgeries.
> >
> > My plan is to use HttpOnly :
> http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html
> >
> > However, I am not sure whether that will be sufficient enough.
> >
> > Thanks.
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> > To post to this group, send email to google-web-toolkit@googlegroups.com
> .
> > To unsubscribe from this group, send email to
> google-web-toolkit+unsubscr...@googlegroups.com
> .
> > For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
> >
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To post to this group, send email to google-web-tool...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-web-toolkit+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Re: GWT Login/ Logout/ Remember Me (with concern in preventing Cross-Site Request Forgeries) Example

[Manuel Carrasco Moñino]

GWT (client side) has nothing to do with HttpOnly cookies because the
browser can not read them using javascript.

You have to face it in the server side, sending a cookie from your
servlet to the browser with the HttpOnly attribute set, the browser
will remember it, and the next time it loads the GWT application it
has to ask the server via RPC to know if the user has the appropriate
cookies, if not you have to show the login screen.

-Manolo

On Wed, Apr 7, 2010 at 8:17 PM, yccheok  wrote:
> Does anyone have a good code example, on how to implement login/logout/
> remember me feature, using GWT, with concern on Cross-Site Request
> Forgeries.
>
> My plan is to use HttpOnly : 
> http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html
>
> However, I am not sure whether that will be sufficient enough.
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Google Web Toolkit" group.
> To post to this group, send email to google-web-tool...@googlegroups.com.
> To unsubscribe from this group, send email to 
> google-web-toolkit+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

GWT Login/ Logout/ Remember Me (with concern in preventing Cross-Site Request Forgeries) Example

[yccheok]

Does anyone have a good code example, on how to implement login/logout/
remember me feature, using GWT, with concern on Cross-Site Request
Forgeries.

My plan is to use HttpOnly : 
http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html

However, I am not sure whether that will be sufficient enough.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

cross-site request in StockWatcher not working for me

[fredrik]

Hi,
I have followed the StockWatcher tutorial from the start and all works
fine until "Making cross-site requests".
After the very last step I still get an "Error: Couldn't retrieve
JSON".

I am running from Eclipse, with the python script as "server".
(Windows7+Chrome/Firefox).
I have tried to restart Eclipse and import the files from the start of
the "Making cross-site requests" instead of working from my own files,
still the same problem.

Didn't find any similar experiences when googling the web.
Any suggestions?

Thanks,
Fredrik

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.