GWT RPC的Cookie认证 [英] GWT RPC Cookie authentication

问题描述

我用我的GlassFish服务器上GWT和我试图做一些通过cookie验证我的RPC调用。这可能吗？是否有任何的例子在那里如何code呢？

I'm using gwt on my glassfish server, and I'm attempting to make some of my RPC calls authenticated via cookies. Is this possible? Are there any examples out there of how to code it?

推荐答案

仅上的cookie进行身份验证根据会让你的网站/服务容易受到跨站点请求锻造/ XSRF / CSRF攻击 - 在阅读更多的是<一个HREF =htt​​p://groups.google.com/group/google-web-toolkit/web/security-for-gwt-applications相对=nofollow>安全GWT应用的。

Depending only on the cookie for authentication will make your website/services vulnerable to Cross-Site Request Forging/XSRF/CSRF attacks - read more on that in Security for GWT Applications.

最好的方法是仔细检查你的饼干和一个已经通过其他方式输送到服务器中的获得的价值 - 作为请求的一部分（标题，自定义字段等）

The best way would be to double check the value you get from the cookie and with the one that's been transported to the server by some other means - as part of the request (header, a custom field, etc).

除此之外，有很多教程涵盖的主题 - 只需搜索的Java（servlet的）身份验证 - 它不必须是GWT特有的。该谷歌Web工具包集团也有许多<一个href=\"http://groups.google.com/group/google-web-toolkit/browse_thread/thread/e8e14b16e57b266f/0f296a1553d18049\"相对=nofollow>线程 <一个href=\"http://groups.google.com/group/google-web-toolkit/browse_thread/thread/e3dc56f7e4199caf/30fb2a9083e137ff\"相对=nofollow>关于 <一个href=\"http://groups.google.com/group/google-web-toolkit/browse_thread/thread/6e8989af81306421/6609a58436180f91\"相对=nofollow>的 <一个href=\"http://groups.google.com/group/google-web-toolkit/browse_thread/thread/3ca02837f8108f99/cbb0efb4c8c1ed45\"相对=nofollow>主题。

Other than that, there are many tutorials covering the subject - just search for Java (servlet) authentication - it doesn't have to be GWT-specific. The Google Web Toolkit Group also has many threads about the subject.

这篇关于GWT RPC的Cookie认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！