GWT RPC XSRF protection - Invalid RPC token

Wed, 04 May 2011 13:04:27 -0700 

i followed the instruction as per 
http://code.google.com/webtoolkit/doc/latest/DevGuideSecurityRpcXsrf.html
with gwt's eclipse sample. but, i got the

[ERROR] javax.servlet.ServletContext log: Exception while dispatching
incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method
'public abstract com.google.gwt.user.client.rpc.XsrfToken
com.google.gwt.user.client.rpc.XsrfTokenService.getNewXsrfToken()'
threw an unexpected exception:
com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token
(Session cookie is not set or empty! Unable to generate XSRF cookie)
        at
com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:
385)
...

what else is missing? or what wrong with this -

                        /**
                         * Send the name from the nameField to the server and 
wait for a
                         * response.
                         */
                        private void sendNameToServer() {
                                // First, we validate the input.
                                errorLabel.setText("");
                                final String textToServer = nameField.getText();
                                if (!FieldVerifier.isValidName(textToServer)) {
                                        errorLabel.setText("Please enter at 
least four characters");
                                        return;
                                }

                                // Then, we send the input to the server.
                                sendButton.setEnabled(false);
                                textToServerLabel.setText(textToServer);
                                serverResponseLabel.setText("");

                                XsrfTokenServiceAsync xsrf = 
(XsrfTokenServiceAsync) GWT
                                                .create(XsrfTokenService.class);
                                ((ServiceDefTarget) 
xsrf).setServiceEntryPoint(GWT
                                                .getModuleBaseURL() + "xsrf");
                                xsrf.getNewXsrfToken(new 
AsyncCallback<XsrfToken>() {

                                        public void onSuccess(XsrfToken token) {

                                                ((HasRpcToken) 
greetingService).setRpcToken(token);

                                                // make XSRF protected RPC call
                                                
greetingService.greetServer(textToServer,
                                                                new 
AsyncCallback<String>() {
                                                                        public 
void onFailure(Throwable caught) {
                                                                                
// Show the RPC error message to the
                                                                                
// user
                                                                                
dialogBox
                                                                                
                .setText("Remote Procedure Call - Failure");
                                                                                
serverResponseLabel
                                                                                
                .addStyleName("serverResponseLabelError");
                                                                                
serverResponseLabel
                                                                                
                .setHTML(SERVER_ERROR);
                                                                                
dialogBox.center();
                                                                                
closeButton.setFocus(true);
                                                                        }

                                                                        public 
void onSuccess(String result) {
                                                                                
dialogBox
                                                                                
                .setText("Remote Procedure Call");
                                                                                
serverResponseLabel
                                                                                
                .removeStyleName("serverResponseLabelError");
                                                                                
serverResponseLabel.setHTML(result);
                                                                                
dialogBox.center();
                                                                                
closeButton.setFocus(true);
                                                                        }
                                                                });
                                        }

                                        public void onFailure(Throwable caught) 
{
                                                try {
                                                        throw caught;
                                                } catch (RpcTokenException e) {
                                                        // Can be thrown for 
several reasons:
                                                        // - duplicate session 
cookie, which may be a sign
                                                        // of a cookie
                                                        // overwrite attack
                                                        // - XSRF token cannot 
be generated because session
                                                        // cookie isn't
                                                        // present
                                                } catch (Throwable e) {
                                                        // unexpected
                                                }
                                        }
                                });
                        }

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Reply via email to