Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve just started porting my GWT-RPC code to the new RequestFactory mechanism.
In order to prevent cross-site request forgery (CSRF), my GWT-RPC code grabbed the session id that had been stored in a cookie, and included it in the payload of the request. Is that possible with RequestFactory?
I understand that there are four mandatory Locator methods, including findEntity(id_type id); so I’m thinking: oh dear: where do I put my session id?
Generally, you’ll extend
DefaultRequestTransportto add the token to the request (such as a custom header, but you could also add it to the request body) and pass it to theinitof yourRequestFactory. On the server-side, you’ll either use a servlet filter or you’ll extendRequestFactoryServletto process the token before even processing the RequestFactory request. You’re free to define your own “protocol” here: e.g. returning a 403 or 401 status (or whatever) and then process it in theRequestTransportto communicate the result to your app.