GWT RPC Cookie Authentication

Question

GWT RPC Cookie Authentication

I use gwt on my Glassfish server and I am trying to make some of my RPC calls authenticated via cookies. Is it possible? Are there any examples of how to encode it?

+3

java authentication cookies gwt

Kevmo Feb 16 '10 at 2:05

source share

4 answers

I assume that you are using the GWT RPC servlet to process requests made by the client.

One option that comes to my mind is to write and configure a ServletFilter that can check the cookie before the request reaches the GWT servlet.

0

Hans westerbeek 16 . '10 6:31

cookie, . HTTPS?

0

Drejc 16 . '10 20:53

"", ..

request.getSession()

, GWT, "" , . , , GWT.

, . , , , GWT .

0

AlexJReid 16 . '10 21:20

Igor Klimer · Accepted Answer · 2010-02-16T13:49:55+0000

Depending on the authentication cookie, your site / services are vulnerable to cross-site request attacks Forging / XSRF / CSRF attacks - more on this in Security for GWT Applications .

The best way would be to double-check the value that you get from the cookie, and with the one that was sent to the server using other means - as part of the request (header, custom field, etc.).

In addition, there are many tutorials on the topic - just looking for Java authentication (servlet) - this is not necessary for the GWT-specific. The Google Web Toolkit Group also has many threads about the topic .

GWT RPC Cookie Authentication

More articles: