Hi Manfred, no no, the RPC & Spring in GWT works perfectly on our site ...
its when I try to add the XSRF that I run into trouble .... purely with how
to set the serviceDefTarget for it....
Found the answer:
Followed: http://www.gwtproject.org/doc/latest/DevGuideSecurityRpcXsrf.html
((ServiceDefTarget)xsrf).setServiceEntryPoint("gwt/xsrf");
*web.xml:*
<servlet>
<servlet-name>xsrf</servlet-name>
<servlet-class>com.google.gwt.user.server.rpc.XsrfTokenServiceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>xsrf</servlet-name>
*<url-pattern>/gwt/xsrf</url-pattern> *
</servlet-mapping>
Finally! Turn off the Spring csrf filter in securityContext.xml:
*<s:csrf disabled="true"/>*
Otherise Spring & Gwt are both tryint to do the same ting and Spring
CsrfFilter wants the /gwt/xsrf to also have a token!
Now it works fine and the OWASP ZAP doesn't deliver an XSRF weakness!!
On Mon, Nov 6, 2017 at 10:36 PM, Manfred Tremmel <[email protected]>
wrote:
> Am Montag, 6. November 2017, 17:08:27 CET schrieb Rencia Cloete:
> > More questions - help please... We have GWT + Spring
>
> Don't you think this is better placed in the gwt-user list?
> For myself, I've dropped the idea to combine RPC and Spring when
> implementing
> https://www.tecparts.com in 2014. Using REST with a Spring
> REST-Controller and
> RestyGWT or GWTP-REST-dispatcher is much easier and server side there are
> no
> GWT-dependencies needed. The current stack I use, I've described in the
> wiki
> at https://github.com/ManfredTremmel/gwt-bean-validators-example/wiki
>
> Manfred
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "GWT Contributors" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/google-web-toolkit-contributors/eMf39ktTQ8A/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/google-web-toolkit-contributors/3614585.qjKdrorpsP%40thinkpad.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups "GWT
Contributors" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-web-toolkit-contributors/CALND5bf4PZRPijk9GifEtfgRMmFSUmbpykzN2PnpGDo%2BCNqo0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
