public abstract class AbstractXsrfProtectedServiceServlet extends RemoteServiceServlet
XsrfProtect
or NoXsrfProtect annotation to enable or disable XSRF protection
on all methods of an RPC interface or a single method correspondingly.
RpcToken or its implementation, then XSRF token
validation is performed on all methods of that interface except for the
method returning RpcToken.
XsrfProtectedServiceServlet,
Serialized FormperThreadRequest, perThreadResponse| Constructor and Description |
|---|
AbstractXsrfProtectedServiceServlet()
The default constructor used by service implementations that
extend this class.
|
AbstractXsrfProtectedServiceServlet(java.lang.Object delegate)
The wrapping constructor used by service implementations that are
separate from this class.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
onAfterRequestDeserialized(RPCRequest rpcRequest)
Override this method to examine the deserialized version of the request
before the call to the servlet method is made.
|
protected boolean |
shouldValidateXsrfToken(java.lang.reflect.Method method)
Override this method to change default XSRF enforcement logic.
|
protected abstract void |
validateXsrfToken(RpcToken token,
java.lang.reflect.Method method)
Override this method to perform XSRF token verification.
|
checkPermutationStrongName, doGetSerializationPolicy, getCodeServerPolicyUrl, getRequestModuleBasePath, getSerializationPolicy, init, loadPolicyFromCodeServer, loadSerializationPolicy, onAfterResponseSerialized, onBeforeRequestDeserialized, processCall, processCall, processPost, shouldCompressResponsedoPost, doUnexpectedFailure, getPermutationStrongName, getThreadLocalRequest, getThreadLocalResponse, readContentdoDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, service, servicepublic AbstractXsrfProtectedServiceServlet()
public AbstractXsrfProtectedServiceServlet(java.lang.Object delegate)
protected void onAfterRequestDeserialized(RPCRequest rpcRequest)
AbstractRemoteServiceServletonAfterRequestDeserialized in class AbstractRemoteServiceServletprotected boolean shouldValidateXsrfToken(java.lang.reflect.Method method)
method - Method being invokedtrue if XSRF token should be verified, false
otherwiseprotected abstract void validateXsrfToken(RpcToken token, java.lang.reflect.Method method) throws RpcTokenException
token - RpcToken included with an RPC request.method - method being invoked via this RPC call.RpcTokenException - if token verification failed.