public abstract class AbstractXsrfProtectedServiceServlet extends RemoteServiceServlet
XsrfProtect
or NoXsrfProtect
annotation to enable or disable XSRF protection
on all methods of an RPC interface or a single method correspondingly.
RpcToken
or its implementation, then XSRF token
validation is performed on all methods of that interface except for the
method returning RpcToken
.
XsrfProtectedServiceServlet
,
Serialized FormperThreadRequest, perThreadResponse
Constructor and Description |
---|
AbstractXsrfProtectedServiceServlet()
The default constructor used by service implementations that
extend this class.
|
AbstractXsrfProtectedServiceServlet(java.lang.Object delegate)
The wrapping constructor used by service implementations that are
separate from this class.
|
Modifier and Type | Method and Description |
---|---|
protected void |
onAfterRequestDeserialized(RPCRequest rpcRequest)
Override this method to examine the deserialized version of the request
before the call to the servlet method is made.
|
protected boolean |
shouldValidateXsrfToken(java.lang.reflect.Method method)
Override this method to change default XSRF enforcement logic.
|
protected abstract void |
validateXsrfToken(RpcToken token,
java.lang.reflect.Method method)
Override this method to perform XSRF token verification.
|
checkPermutationStrongName, doGetSerializationPolicy, getCodeServerPolicyUrl, getRequestModuleBasePath, getSerializationPolicy, init, loadPolicyFromCodeServer, loadSerializationPolicy, onAfterResponseSerialized, onBeforeRequestDeserialized, processCall, processCall, processPost, shouldCompressResponse
doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, readContent
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, service
public AbstractXsrfProtectedServiceServlet()
public AbstractXsrfProtectedServiceServlet(java.lang.Object delegate)
protected void onAfterRequestDeserialized(RPCRequest rpcRequest)
AbstractRemoteServiceServlet
onAfterRequestDeserialized
in class AbstractRemoteServiceServlet
protected boolean shouldValidateXsrfToken(java.lang.reflect.Method method)
method
- Method being invokedtrue
if XSRF token should be verified, false
otherwiseprotected abstract void validateXsrfToken(RpcToken token, java.lang.reflect.Method method) throws RpcTokenException
token
- RpcToken
included with an RPC request.method
- method being invoked via this RPC call.RpcTokenException
- if token verification failed.