Another thing you can do in order to always send your session
identifier as part of your request is use the RequestBuilder and add
the identifier as a request header.
RequestBuilder requestBuilder = new RequestBuilder("POST", "/
myServletUrl");
RequestBuilder.setHeader("X-Session-Id", mySessionIdFromCookie);
On Dec 1, 8:31 am, gregor <[EMAIL PROTECTED]> wrote:
> Hi Patrick,
>
> I think you probably want to call the static async instance according
> to usual RPC protocol, i.e. in this case SecureRemoteServiceAsync,
> otherwise you might get confused as to what's going on
>
>
>
>
>
> > --- Code, I hope this formats reasonably in the post. ---
> > public interface SecureRemoteService extends RemoteService {
>
> > /**
> > * Utility/Convenience class.
> > * Use SecureRemoteService.Async.getInstance() to access static
> > instance of IpsvRmapServiceAsync
> > */
> > public static class SecureRemoteServiceAsync {
> > private static Async ourInstance = null;
>
> > public static synchronized SecureRemoteServiceAsync
> > getInstance() {
> > if (ourInstance == null) {
> > ourInstance = (SecureRemoteServiceAsync)
> > GWT.create(SecureRemoteService.class);
> > }
> > return ourInstance;
> > }
>
> > public void setServiceEntryPoint(String entryPoint) {
> > // This is where the magic happens.
> > ((ServiceDefTarget)
> > ourInstance).setServiceEntryPoint
> > (GWT.getModuleBaseURL() + entryPoint + "?sessionID=" + getSessionID
> > ());
> > }
>
> > private String getSessionID() {
> > // Do stuff to get sessionID
> > return "SessionID";
> > }
> > }}
>
> > --- End of code ---
>
> Then you use it like so in code:
>
> SecureRemoteServiceAsync async
> = SecureRemoteServiceAsync.App.getInstance(); //
> the URL will now have the SessionID param
> async.someMethod(param, new secureRemoteServiceCallback());
>
> Note that this does not work across the board, you have to do this
> once for each RPC service separately (i.e. once per RPC service
> interface declared), but if you extend RemoteServiceServlet and
> override the processCall() method to grab and check sesionID
> parameter, then use this extended RemoteServiceServlet this for all
> your RPC services, they will all validate the sessionID.
>
> I guess it's a matter of taste and situation, but I think I prefer the
> second method (the Command pattern variation) becasue a) if you want
> to change the way you handle this session thing, you just do it the
> Payload base class and the extended RemoteServiceServlet.processCall
> (), you do not have to change all your RPC Async interfaces and b)
> this Payload pattern is useful for a lot of other reasons in handling
> objects over the wire. I think it deals with the XSRF issue too (but
> I'm sure Reinier will nail me to wall again if wrong!)
>
> regards
> gregor
>
>
>
> > From what I can see, this should work if the interface extends the
> > SecureRemoteService instead of the normal one. However, to properly
> > create an instance of this class, the programmer now has to do
> > something different from the normal procedure. Instead of calling the
> > normal GWT.create(someService.class) and casting it to the Async
> > version, he has to call on GWT.create(someService.Async.class). This
> > means he has to modify all of his proxy creation statements as well.
>
> > Is there any way to get around this?
>
> > Thanks, Patrick
>
> > PS: Graag gedaan.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
