• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

Essential GWT - Security Question

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Federico,

In the security section do you offer any code solutions for XSRF (cross-site request forging)? Do you illustrate how to implement GWT with any security frameworks such as Spring Security?
 
author
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

For XSRF, there are no good solutions other than what appears at this link, and in Chapter 10 I provided a link to it, but also provided some other methods based on hashes and digital signatures. As to Spring, I didn't use it, but will probably reconsider that since GWT 2.1 appears to be heading in Spring's way.

Hope this helps!
 
dave natx
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for the reply! I will definitely check out the other methods in your book. I'm also interested in your MVP approach since you hit the nail on the head in another thread outlining the issues you’ve encountered with the existing libraries. e.g. nested widgets etc...

So far, with Spring for XSRF, I really like this approach: http://technowobble.blogspot.com/2010/05/gwt-and-spring-security.html

I also like this one with gwt-dispatch and App Engine:
http://turbomanage.wordpress.com/2009/10/07/calling-appengine-securely-from-gwt-with-gwt-dispatch/

As you said, since GWT 2.1 is heading in that direction I hope to see some more "native" support for Spring Security.

 
and POOF! You're gone! But look, this tiny ad is still here:
create, convert, edit or print DOC and DOCX in Java
https://products.aspose.com/words/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!