I’m using gwt on my glassfish server, and I’m attempting to make some of my RPC calls authenticated via cookies. Is this possible? Are there any examples out there of how to code it?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m using gwt on my glassfish server, and I’m attempting to make some of my RPC calls authenticated via cookies. Is this possible? Are there any examples out there of how to code it?
Depending only on the cookie for authentication will make your website/services vulnerable to Cross-Site Request Forging/XSRF/CSRF attacks – read more on that in Security for GWT Applications.
The best way would be to double check the value you get from the cookie and with the one that’s been transported to the server by some other means – as part of the request (header, a custom field, etc).
Other than that, there are many tutorials covering the subject – just search for Java (servlet) authentication – it doesn’t have to be GWT-specific. The Google Web Toolkit Group also has many threads about the subject.