XsrfProtectedServiceServlet (GWT Javadoc)

Overview

Package

Class

Use

Deprecated

Help

GWT 2.7.0

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.google.gwt.user.server.rpc
Class XsrfProtectedServiceServlet

java.lang.Object
  javax.servlet.GenericServlet
      javax.servlet.http.HttpServlet
          com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
              com.google.gwt.user.server.rpc.RemoteServiceServlet
                  com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
                      com.google.gwt.user.server.rpc.XsrfProtectedServiceServlet

All Implemented Interfaces:: SerializationPolicyProvider, java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class XsrfProtectedServiceServlet
extends AbstractXsrfProtectedServiceServlet
extends AbstractXsrfProtectedServiceServlet

EXPERIMENTAL and subject to change. Do not use this in production code.

The servlet base class for RPC service implementations using default XSRF protection tied to authentication session cookie.

XSRF token validation is performed by generating MD5 hash of the session cookie and comparing supplied XsrfToken with the generated hash. Session cookie name is specified by the "gwt.xsrf.session_cookie_name" context parameter in web.xml.

XsrfTokenService can be used by clients to obtain XsrfTokens that will pass validation performed by this class.

See Also:: XsrfTokenServiceServlet, AbstractXsrfProtectedServiceServlet, Serialized Form

Field Summary
`(package private) java.lang.String`	`sessionCookieName`

Fields inherited from class com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
`perThreadRequest, perThreadResponse`

Constructor Summary
`XsrfProtectedServiceServlet()`
`XsrfProtectedServiceServlet(java.lang.Object delegate)`
`XsrfProtectedServiceServlet(java.lang.Object delegate, java.lang.String sessionCookieName)`
`XsrfProtectedServiceServlet(java.lang.String sessionCookieName)`

Method Summary
`void`	`init()`
`protected void`	`validateXsrfToken(RpcToken token, java.lang.reflect.Method method)` Validates `XsrfToken` included with `RPCRequest` against XSRF cookie.

Methods inherited from class com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
`onAfterRequestDeserialized, shouldValidateXsrfToken`

Methods inherited from class com.google.gwt.user.server.rpc.RemoteServiceServlet
`checkPermutationStrongName, doGetSerializationPolicy, getCodeServerPolicyUrl, getRequestModuleBasePath, getSerializationPolicy, init, loadPolicyFromCodeServer, loadSerializationPolicy, onAfterResponseSerialized, onBeforeRequestDeserialized, processCall, processCall, processPost, shouldCompressResponse`

Methods inherited from class com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet
`doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, readContent`

Methods inherited from class javax.servlet.http.HttpServlet
`doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, service`

Methods inherited from class javax.servlet.GenericServlet
`destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, log, log`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

sessionCookieName

java.lang.String sessionCookieName

Constructor Detail