File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes GWT and the fly likes Essential GWT - Security Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » GWT
Bookmark "Essential GWT - Security Question" Watch "Essential GWT - Security Question" New topic

Essential GWT - Security Question

dave natx

Joined: Sep 25, 2007
Posts: 4
Hi Federico,

In the security section do you offer any code solutions for XSRF (cross-site request forging)? Do you illustrate how to implement GWT with any security frameworks such as Spring Security?
Federico Kereki
Ranch Hand

Joined: Aug 27, 2010
Posts: 31

For XSRF, there are no good solutions other than what appears at this link, and in Chapter 10 I provided a link to it, but also provided some other methods based on hashes and digital signatures. As to Spring, I didn't use it, but will probably reconsider that since GWT 2.1 appears to be heading in Spring's way.

Hope this helps!

Great fan of Open Source, Linux, and web development with GWT; all of these come together for my ESSENTIAL GWT book!
dave natx

Joined: Sep 25, 2007
Posts: 4
Thank you for the reply! I will definitely check out the other methods in your book. I'm also interested in your MVP approach since you hit the nail on the head in another thread outlining the issues you’ve encountered with the existing libraries. e.g. nested widgets etc...

So far, with Spring for XSRF, I really like this approach:

I also like this one with gwt-dispatch and App Engine:

As you said, since GWT 2.1 is heading in that direction I hope to see some more "native" support for Spring Security.

I agree. Here's the link:
subject: Essential GWT - Security Question
It's not a secret anymore!