com.google.gwt.user.server.rpc
Class AbstractXsrfProtectedServiceServlet
java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
com.google.gwt.user.server.rpc.RemoteServiceServlet
com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
- All Implemented Interfaces:
- SerializationPolicyProvider, java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
- Direct Known Subclasses:
- XsrfProtectedServiceServlet
public abstract class AbstractXsrfProtectedServiceServlet
- extends RemoteServiceServlet
An abstract class for XSRF protected RPC service implementations, which
decides if XSRF protection should be enforced on a method invocation based
on the following logic:
- RPC interface or method can be annotated with either
XsrfProtect
or NoXsrfProtect annotation to enable or disable XSRF protection
on all methods of an RPC interface or a single method correspondingly.
- RPC interface level annotation can be overridden by a method level
annotation.
- If no annotations are present and RPC interface contains method that
returns
RpcToken or its implementation, then XSRF token
validation is performed on all methods of that interface except for the
method returning RpcToken.
- See Also:
XsrfProtectedServiceServlet,
Serialized Form
|
Method Summary |
protected void |
onAfterRequestDeserialized(RPCRequest rpcRequest)
Override this method to examine the deserialized version of the request
before the call to the servlet method is made. |
protected boolean |
shouldValidateXsrfToken(java.lang.reflect.Method method)
Override this method to change default XSRF enforcement logic. |
protected abstract void |
validateXsrfToken(RpcToken token,
java.lang.reflect.Method method)
Override this method to perform XSRF token verification. |
| Methods inherited from class com.google.gwt.user.server.rpc.RemoteServiceServlet |
checkPermutationStrongName, doGetSerializationPolicy, getCodeServerPolicyUrl, getRequestModuleBasePath, getSerializationPolicy, init, loadPolicyFromCodeServer, loadSerializationPolicy, onAfterResponseSerialized, onBeforeRequestDeserialized, processCall, processCall, processPost, shouldCompressResponse |
| Methods inherited from class javax.servlet.http.HttpServlet |
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, service |
| Methods inherited from class javax.servlet.GenericServlet |
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AbstractXsrfProtectedServiceServlet
public AbstractXsrfProtectedServiceServlet()
- The default constructor used by service implementations that
extend this class. The servlet will delegate AJAX requests to
the appropriate method in the subclass.
AbstractXsrfProtectedServiceServlet
public AbstractXsrfProtectedServiceServlet(java.lang.Object delegate)
- The wrapping constructor used by service implementations that are
separate from this class. The servlet will delegate AJAX
requests to the appropriate method in the given object.
onAfterRequestDeserialized
protected void onAfterRequestDeserialized(RPCRequest rpcRequest)
- Description copied from class:
AbstractRemoteServiceServlet
- Override this method to examine the deserialized version of the request
before the call to the servlet method is made. The default implementation
does nothing and need not be called by subclasses.
- Overrides:
onAfterRequestDeserialized in class AbstractRemoteServiceServlet
shouldValidateXsrfToken
protected boolean shouldValidateXsrfToken(java.lang.reflect.Method method)
- Override this method to change default XSRF enforcement logic.
- Parameters:
method - Method being invoked
- Returns:
true if XSRF token should be verified, false
otherwise
validateXsrfToken
protected abstract void validateXsrfToken(RpcToken token,
java.lang.reflect.Method method)
throws RpcTokenException
- Override this method to perform XSRF token verification.
- Parameters:
token - RpcToken included with an RPC request.method - method being invoked via this RPC call.
- Throws:
RpcTokenException - if token verification failed.