Class XsrfProtectedServiceServlet
java.lang.Object
jakarta.servlet.GenericServlet
jakarta.servlet.http.HttpServlet
com.google.gwt.user.server.rpc.jakarta.AbstractRemoteServiceServlet
com.google.gwt.user.server.rpc.jakarta.RemoteServiceServlet
com.google.gwt.user.server.rpc.jakarta.AbstractXsrfProtectedServiceServlet
com.google.gwt.user.server.rpc.jakarta.XsrfProtectedServiceServlet
- All Implemented Interfaces:
SerializationPolicyProvider,jakarta.servlet.Servlet,jakarta.servlet.ServletConfig,Serializable
EXPERIMENTAL and subject to change. Do not use this in production code.
The servlet base class for RPC service implementations using default XSRF protection tied to authentication session cookie.
XSRF token validation is performed by generating MD5 hash of the session
cookie and comparing supplied XsrfToken with the generated hash.
Session cookie name is specified by the "gwt.xsrf.session_cookie_name"
context parameter in web.xml.
XsrfTokenService can be used by
clients to obtain XsrfTokens that will pass validation performed by
this class.
- See Also:
-
Field Summary
FieldsFields inherited from class com.google.gwt.user.server.rpc.jakarta.AbstractRemoteServiceServlet
perThreadRequest, perThreadResponse -
Constructor Summary
ConstructorsConstructorDescriptionXsrfProtectedServiceServlet(Object delegate) XsrfProtectedServiceServlet(Object delegate, String sessionCookieName) XsrfProtectedServiceServlet(String sessionCookieName) -
Method Summary
Modifier and TypeMethodDescriptionvoidinit()protected voidvalidateXsrfToken(RpcToken token, Method method) ValidatesXsrfTokenincluded withagainst XSRF cookie.invalid reference
RPCRequestMethods inherited from class com.google.gwt.user.server.rpc.jakarta.AbstractXsrfProtectedServiceServlet
onAfterRequestDeserialized, shouldValidateXsrfTokenMethods inherited from class com.google.gwt.user.server.rpc.jakarta.RemoteServiceServlet
checkPermutationStrongName, doGetSerializationPolicy, getCodeServerPolicyUrl, getRequestModuleBasePath, getSerializationPolicy, init, loadPolicyFromCodeServer, loadSerializationPolicy, onAfterResponseSerialized, onBeforeRequestDeserialized, processCall, processCall, processPost, shouldCompressResponseMethods inherited from class com.google.gwt.user.server.rpc.jakarta.AbstractRemoteServiceServlet
doPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, readContentMethods inherited from class jakarta.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, serviceMethods inherited from class jakarta.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, log, log
-
Field Details
-
sessionCookieName
String sessionCookieName
-
-
Constructor Details
-
XsrfProtectedServiceServlet
public XsrfProtectedServiceServlet() -
XsrfProtectedServiceServlet
-
XsrfProtectedServiceServlet
-
XsrfProtectedServiceServlet
-
-
Method Details
-
init
public void init() throws jakarta.servlet.ServletException- Overrides:
initin classjakarta.servlet.GenericServlet- Throws:
jakarta.servlet.ServletException
-
validateXsrfToken
ValidatesXsrfTokenincluded withagainst XSRF cookie.invalid reference
RPCRequest- Specified by:
validateXsrfTokenin classAbstractXsrfProtectedServiceServlet- Parameters:
token-RpcTokenincluded with an RPC request.method- method being invoked via this RPC call.- Throws:
RpcTokenException- if token verification failed.
-