Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Essential GWT - Security Question

 
dave natx
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Federico,

In the security section do you offer any code solutions for XSRF (cross-site request forging)? Do you illustrate how to implement GWT with any security frameworks such as Spring Security?
 
Federico Kereki
author
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

For XSRF, there are no good solutions other than what appears at this link, and in Chapter 10 I provided a link to it, but also provided some other methods based on hashes and digital signatures. As to Spring, I didn't use it, but will probably reconsider that since GWT 2.1 appears to be heading in Spring's way.

Hope this helps!
 
dave natx
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for the reply! I will definitely check out the other methods in your book. I'm also interested in your MVP approach since you hit the nail on the head in another thread outlining the issues you’ve encountered with the existing libraries. e.g. nested widgets etc...

So far, with Spring for XSRF, I really like this approach: http://technowobble.blogspot.com/2010/05/gwt-and-spring-security.html

I also like this one with gwt-dispatch and App Engine:
http://turbomanage.wordpress.com/2009/10/07/calling-appengine-securely-from-gwt-with-gwt-dispatch/

As you said, since GWT 2.1 is heading in that direction I hope to see some more "native" support for Spring Security.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic