wood burning stoves*
The moose likes GWT and the fly likes Essential GWT - Security Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » GWT
Bookmark "Essential GWT - Security Question" Watch "Essential GWT - Security Question" New topic
Author

Essential GWT - Security Question

dave natx
Greenhorn

Joined: Sep 25, 2007
Posts: 4
Hi Federico,

In the security section do you offer any code solutions for XSRF (cross-site request forging)? Do you illustrate how to implement GWT with any security frameworks such as Spring Security?
Federico Kereki
author
Ranch Hand

Joined: Aug 27, 2010
Posts: 31
Hi!

For XSRF, there are no good solutions other than what appears at this link, and in Chapter 10 I provided a link to it, but also provided some other methods based on hashes and digital signatures. As to Spring, I didn't use it, but will probably reconsider that since GWT 2.1 appears to be heading in Spring's way.

Hope this helps!


Great fan of Open Source, Linux, and web development with GWT; all of these come together for my ESSENTIAL GWT book!
dave natx
Greenhorn

Joined: Sep 25, 2007
Posts: 4
Thank you for the reply! I will definitely check out the other methods in your book. I'm also interested in your MVP approach since you hit the nail on the head in another thread outlining the issues you’ve encountered with the existing libraries. e.g. nested widgets etc...

So far, with Spring for XSRF, I really like this approach: http://technowobble.blogspot.com/2010/05/gwt-and-spring-security.html

I also like this one with gwt-dispatch and App Engine:
http://turbomanage.wordpress.com/2009/10/07/calling-appengine-securely-from-gwt-with-gwt-dispatch/

As you said, since GWT 2.1 is heading in that direction I hope to see some more "native" support for Spring Security.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Essential GWT - Security Question
 
Similar Threads
Sending HTTP Request in GWT
Security in GWT
Ex GWT
GWT in Action:Qurie about Java Script
Essential GWT content