Package com.google.gwt.user.client.rpc

Examples of com.google.gwt.user.client.rpc.RpcTokenException

233
234
235
236
237
238
239
240
241
242
243
        assertNull(caller.result);
    }

    /** Test onUnhandledError() for RpcTokenException. */
    @Test public void testOnUnhandledError4() {
        Throwable exception = new RpcTokenException("Hello");
        Caller caller = new Caller();
        caller.onUnhandledError(exception);

        assertEquals("generateRpcTokenExceptionError", caller.error.getMessage());
        assertNull(caller.statusCode);
View Full Code Here
87
88
89
90
91
92
93
94
    public void validateXsrfToken(RpcToken token) throws RpcTokenException {
        try {
            this.validateXsrfToken((XsrfToken) token);
        } catch (ClassCastException e) {
            LOGGER.error("Possible CSRF/XSRF attack: provided token is not XsrfToken");
            throw new RpcTokenException("Unable to verify CSRF/XSRF token: provided token is not XsrfToken");
        }
    }
View Full Code Here
100
101
102
103
104
105
106
107
108
109
     */
    @Override
    public void validateXsrfToken(XsrfToken token) throws RpcTokenException {
        if (token == null) {
            LOGGER.error("Possible CSRF/XSRF attack: token not provided.");
            throw new RpcTokenException("Unable to verify CSRF/XSRF token: token not provided");
        }

        this.validateXsrfToken(token.getToken());
    }
View Full Code Here
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
     */
    @Override
    public void validateXsrfToken(String token) throws RpcTokenException {
        if (token == null) {
            LOGGER.error("Possible CSRF/XSRF attack: token not provided.");
            throw new RpcTokenException("Unable to verify CSRF/XSRF token: token not provided");
        }

        String expectedToken = generateTokenFromCookie(this.getSessionCookie(), "verify");
        if (!expectedToken.equals(token)) {
            LOGGER.error("Possible CSRF/XSRF attack: expected [" + expectedToken + "], but got [" + token + "]");
            throw new RpcTokenException("CSRF/XSRF token not valid: possible CSRF/XSRF attack");
        }

        LOGGER.debug("CSRF/XSRF token [" + token + "] was valid.");
    }
View Full Code Here
131
132
133
134
135
136
137
138
139
140
    /** Generate a CSRF/XSRF token from a session cookie, validating that the cookie looks sensible. */
    protected static String generateTokenFromCookie(Cookie sessionCookie, String action) {
        if (sessionCookie == null || sessionCookie.getValue() == null || sessionCookie.getValue().length() == 0) {
            LOGGER.error("Unable to " + action + " CSRF/XSRF token: session cookie missing or empy");
            throw new RpcTokenException("Unable to " + action + " CSRF/XSRF token: session cookie missing or empy");
        }

        return generateTokenFromCookie(sessionCookie.getValue());
    }
View Full Code Here
207
208
209
210
211
212
213
214
    protected void checkPermutationStrongName() throws SecurityException {
        try {
            super.checkPermutationStrongName();
        } catch (SecurityException e) {
            LOGGER.error("Possible CSRF/XSRF attack: permutation strong name was empty");
            throw new RpcTokenException("Request blocked: permutation strong name was invalid");
        }
    }
View Full Code Here
30
31
32
33
34
35
36
37
38
39
40
  @Override
  protected void onAfterRequestDeserialized(RPCRequest rpcRequest) {
    HttpServletRequest req = getThreadLocalRequest();
   
    if (req.getParameter("throw") != null) {
      throw new RpcTokenException("This is OK. Testing RpcTokenException handler.");
    } else {
      RpcToken token = rpcRequest.getRpcToken();
      req.setAttribute(TOKEN, token);
    }
  }
View Full Code Here
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
   */
  @Override
  protected void validateXsrfToken(RpcToken token, Method method)
      throws RpcTokenException {
    if (token == null) {
      throw new RpcTokenException("XSRF token missing");
    }
    Cookie sessionCookie = Util.getCookie(getThreadLocalRequest(),
        sessionCookieName, false);
    if (sessionCookie == null || sessionCookie.getValue() == null ||
        sessionCookie.getValue().length() == 0) {
      throw new RpcTokenException("Session cookie is missing or empty! " +
          "Unable to verify XSRF cookie");
    }

    String expectedToken = Utility.toHexString(
        Utility.getMd5Digest(sessionCookie.getValue().getBytes()));
    XsrfToken xsrfToken = (XsrfToken) token;

    if (!expectedToken.equals(xsrfToken.getToken())) {
      throw new RpcTokenException("Invalid XSRF token");
    }
  }
View Full Code Here
189
190
191
192
193
194
195
196
197
198
199
    // generate XSRF cookie using session cookie
    Cookie sessionCookie = Util.getCookie(getThreadLocalRequest(),
        sessionCookieName, false);
    if (sessionCookie == null || sessionCookie.getValue() == null ||
        sessionCookie.getValue().length() == 0) {
      throw new RpcTokenException("Session cookie is not set or empty! " +
          "Unable to generate XSRF cookie");
    }
    byte[] cookieBytes =  sessionCookie.getValue().getBytes();
    return Utility.toHexString(Utility.getMd5Digest(cookieBytes));
  }
View Full Code Here
TOP

Related Classes of com.google.gwt.user.client.rpc.RpcTokenException

  • com.cedarsolutions.client.gwt.rpc.util.AbstractRpcCallerTest
  • com.cedarsolutions.server.service.impl.GwtCookieXsrfTokenService
  • com.cedarsolutions.wiring.gwt.rpc.SecuredServiceExporter
  • com.google.gwt.user.server.rpc.RpcTokenAwareRemoteService
  • com.google.gwt.user.server.rpc.XsrfProtectedServiceServlet
  • com.google.gwt.user.server.rpc.XsrfTokenServiceServlet
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.