Hi Joey, The XSRF token is stateless so you only need to call the XsrfTokenService once per server session to obtain it. You can save it as a static variable in a service helper class. Thereafter, you just need to call setRpcToken for each service.
Some projects GWT.create() all services in a helper or factory class like public class ServiceHelper { private static SomeServiceAsync someService; static { (SomeServiceAsync) someService = GWT.create(SomeService.class); } public static getSomeService() { return someService; } } If you do this, you might initialize each service with the token when you create it. Thereafter, client code can call ServiceHelper.getSomeService() in order to make a request. For example, you could put the following in a static initializer in the ServiceHelper to obtain the XSRF token when the app loads: XsrfTokenServiceAsync xsrf = (XsrfTokenServiceAsync)GWT.create(XsrfTokenService.class); ((ServiceDefTarget)xsrf).setServiceEntryPoint(GWT.getModuleBaseURL() + "xsrf"); xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() { public void onSuccess(XsrfToken token) { initSomeService(token); initNextService(token); ... }); } As far as handling the XSRF exception centrally, you can wrap AsyncCallback with your own class like XsrfProtectedCallback in which you implement onFailure(). This is a good practice anyway in order to provide uniform error handling for your RPC calls. See HupaCallback in the Apache HupaMail project for an example of a wrapped callback. HTH, /dmc On Wed, Jul 6, 2011 at 4:33 AM, Joey <huazong...@gmail.com> wrote: > Hi All > > I have a big GWT project, there are many services and methods need to > be protected. but I think it a hard work to > change all of code what call methods as the following code from google > document. So just want to know anybody > has any simple way can fix XRSF problem and no need to change so many > code for methods calling. > > ------------------------------------------------------------- > XsrfTokenServiceAsync xsrf = > (XsrfTokenServiceAsync)GWT.create(XsrfTokenService.class); > ((ServiceDefTarget)xsrf).setServiceEntryPoint(GWT.getModuleBaseURL() + > "xsrf"); > xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() { > > public void onSuccess(XsrfToken token) { > MyServiceAsync rpc = (MyServiceAsync)GWT.create(MyService.class); > ((HasRpcToken) rpc).setRpcToken(token); > > // make XSRF protected RPC call > rpc.doStuff(new AsyncCallback<Void>() { > // ... > }); > } > > public void onFailure(Throwable caught) { > try { > throw caught; > } catch (RpcTokenException e) { > // Can be thrown for several reasons: > // - duplicate session cookie, which may be a sign of a cookie > // overwrite attack > // - XSRF token cannot be generated because session cookie > isn't > // present > } catch (Throwable e) { > // unexpected > } > }); > ------------------------------------------------------------- > > > Thanks > > Joey > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to google-web-toolkit@googlegroups.com. > To unsubscribe from this group, send email to > google-web-toolkit+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- David Chandler Developer Programs Engineer, GWT+GAE w: http://code.google.com/ b: http://turbomanage.wordpress.com/ b: http://googlewebtoolkit.blogspot.com/ t: @googledevtools -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.