Google Git
Sign in
gwt / gwt / c967804bdcdbd5454b11e85ece5e1f4a8d1877d9
commitc967804bdcdbd5454b11e85ece5e1f4a8d1877d9[log] [tgz]
authormeder@google.com <meder@google.com@8db76d5a-ed1c-0410-87a9-c151d255dfc7>Sun Jan 30 21:12:03 2011 +0000
committermeder@google.com <meder@google.com@8db76d5a-ed1c-0410-87a9-c151d255dfc7>Sun Jan 30 21:12:03 2011 +0000
tree81d112cae5805603781f6ec865ba20644c0e9070
parentccfbab9aa45219faf3d2ff8a05adad9d4229f8cf [diff]
This change adds couple of things:
- abstract class which calls abstract XSRF token validation method based on
annotations (@XsrfProtect, @NoXsrfProtect).
- GWT RPC XSRF protection based on the above class, which derives XSRF token
from session cookie by computing MD5 over the cookie's value. Token can be
obtained from XsrfTokenService and must be set on client RPC endpoint via
HasRpcToken interface.


Review at http://gwt-code-reviews.appspot.com/1251801


git-svn-id: https://google-web-toolkit.googlecode.com/svn/trunk@9657 8db76d5a-ed1c-0410-87a9-c151d255dfc7
25 files changed
tree: 81d112cae5805603781f6ec865ba20644c0e9070
  1. build-tools/
  2. dev/
  3. dev-ext/
  4. distro-source/
  5. doc/
  6. eclipse/
  7. jni/
  8. plugins/
  9. reference/
  10. samples/
  11. servlet/
  12. tools/
  13. user/
  14. build.xml
  15. common.ant.xml
  16. platforms.ant.xml