Class XsrfProtectedServiceServlet

All Implemented Interfaces:
SerializationPolicyProvider, Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class XsrfProtectedServiceServlet extends AbstractXsrfProtectedServiceServlet
EXPERIMENTAL and subject to change. Do not use this in production code.

The servlet base class for RPC service implementations using default XSRF protection tied to authentication session cookie.

XSRF token validation is performed by generating MD5 hash of the session cookie and comparing supplied XsrfToken with the generated hash. Session cookie name is specified by the "gwt.xsrf.session_cookie_name" context parameter in web.xml.

XsrfTokenService can be used by clients to obtain XsrfTokens that will pass validation performed by this class.

See Also:
  • Field Details Link icon

    • sessionCookieName Link icon

      String sessionCookieName
  • Constructor Details Link icon

    • XsrfProtectedServiceServlet Link icon

      public XsrfProtectedServiceServlet()
    • XsrfProtectedServiceServlet Link icon

      public XsrfProtectedServiceServlet(String sessionCookieName)
    • XsrfProtectedServiceServlet Link icon

      public XsrfProtectedServiceServlet(Object delegate)
    • XsrfProtectedServiceServlet Link icon

      public XsrfProtectedServiceServlet(Object delegate, String sessionCookieName)
  • Method Details Link icon