GWT RPC Cookie身份验证 [英] GWT RPC Cookie authentication

问题描述

我在我的glassfish服务器上使用gwt，我试图使一些我的RPC调用通过cookie验证。这可能吗？

I'm using gwt on my glassfish server, and I'm attempting to make some of my RPC calls authenticated via cookies. Is this possible? Are there any examples out there of how to code it?

推荐答案

只有认证的cookie才能使你的网站/服务容易受到跨站点请求伪造/ XSRF / CSRF攻击 - 详情请参阅 GWT应用程序的安全性。

Depending only on the cookie for authentication will make your website/services vulnerable to Cross-Site Request Forging/XSRF/CSRF attacks - read more on that in Security for GWT Applications.

最好的方法是仔细检查您从Cookie中获得的值以及通过其他方式传输到服务器的值（作为请求的一部分） （标题，自定义字段等）。

The best way would be to double check the value you get from the cookie and with the one that's been transported to the server by some other means - as part of the request (header, a custom field, etc).

除此之外，还有很多教程涵盖这个主题 - 只是搜索Java（servlet）身份验证 - 必须是GWT特定的。 Google Web Toolkit小组还有许多主题 about 主题。

Other than that, there are many tutorials covering the subject - just search for Java (servlet) authentication - it doesn't have to be GWT-specific. The Google Web Toolkit Group also has many threads about the subject.

这篇关于GWT RPC Cookie身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！