public class XsrfProtectedServiceServlet extends AbstractXsrfProtectedServiceServlet
The servlet base class for RPC service implementations using default XSRF protection tied to authentication session cookie.
XSRF token validation is performed by generating MD5 hash of the session
cookie and comparing supplied XsrfToken
with the generated hash.
Session cookie name is specified by the "gwt.xsrf.session_cookie_name"
context parameter in web.xml
.
XsrfTokenService
can be used by
clients to obtain XsrfToken
s that will pass validation performed by
this class.
Modifier and Type | Field and Description |
---|---|
(package private) java.lang.String |
sessionCookieName |
perThreadRequest, perThreadResponse
Constructor and Description |
---|
XsrfProtectedServiceServlet() |
XsrfProtectedServiceServlet(java.lang.Object delegate) |
XsrfProtectedServiceServlet(java.lang.Object delegate,
java.lang.String sessionCookieName) |
XsrfProtectedServiceServlet(java.lang.String sessionCookieName) |
Modifier and Type | Method and Description |
---|---|
void |
init() |
protected void |
validateXsrfToken(RpcToken token,
java.lang.reflect.Method method)
Validates
XsrfToken included with RPCRequest against XSRF
cookie. |
onAfterRequestDeserialized, shouldValidateXsrfToken
checkPermutationStrongName, doGetSerializationPolicy, getCodeServerPolicyUrl, getRequestModuleBasePath, getSerializationPolicy, init, loadPolicyFromCodeServer, loadSerializationPolicy, onAfterResponseSerialized, onBeforeRequestDeserialized, processCall, processCall, processPost, shouldCompressResponse
doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, readContent
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, service
public XsrfProtectedServiceServlet()
public XsrfProtectedServiceServlet(java.lang.String sessionCookieName)
public XsrfProtectedServiceServlet(java.lang.Object delegate)
public XsrfProtectedServiceServlet(java.lang.Object delegate, java.lang.String sessionCookieName)
public void init() throws javax.servlet.ServletException
init
in class javax.servlet.GenericServlet
javax.servlet.ServletException
protected void validateXsrfToken(RpcToken token, java.lang.reflect.Method method) throws RpcTokenException
XsrfToken
included with RPCRequest
against XSRF
cookie.validateXsrfToken
in class AbstractXsrfProtectedServiceServlet
token
- RpcToken
included with an RPC request.method
- method being invoked via this RPC call.RpcTokenException
- if token verification failed.