Win a copy of Building Blockchain Apps this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Liutauras Vilda
  • Knute Snortum
  • Bear Bibeault
Sheriffs:
  • Devaka Cooray
  • Jeanne Boyarsky
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • salvin francis
Bartenders:
  • Tim Holloway
  • Piet Souris
  • Frits Walraven

Essential GWT - Security Question

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Federico,

In the security section do you offer any code solutions for XSRF (cross-site request forging)? Do you illustrate how to implement GWT with any security frameworks such as Spring Security?
 
author
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

For XSRF, there are no good solutions other than what appears at this link, and in Chapter 10 I provided a link to it, but also provided some other methods based on hashes and digital signatures. As to Spring, I didn't use it, but will probably reconsider that since GWT 2.1 appears to be heading in Spring's way.

Hope this helps!
 
dave natx
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for the reply! I will definitely check out the other methods in your book. I'm also interested in your MVP approach since you hit the nail on the head in another thread outlining the issues you’ve encountered with the existing libraries. e.g. nested widgets etc...

So far, with Spring for XSRF, I really like this approach: http://technowobble.blogspot.com/2010/05/gwt-and-spring-security.html

I also like this one with gwt-dispatch and App Engine:
http://turbomanage.wordpress.com/2009/10/07/calling-appengine-securely-from-gwt-with-gwt-dispatch/

As you said, since GWT 2.1 is heading in that direction I hope to see some more "native" support for Spring Security.

 
All of the following truths are shameless lies. But what about this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!