Skip to content

GWT Integration Spring Security

Jump to bottom Edit New page
apetrelli edited this page May 3, 2013 · 1 revision

The gwt-integration-spring-security library helps to integrate some Spring Security facilities with GWT.

The problems

The solutions

Regenerate session ID after login

The problem: After login, the session ID should be regenerated to avoid Session fixation vulnerability.

The solution: Use SecureRequestFactoryServlet or a subclass.

It's just a matter of configuring your web.xml:

<servlet>
	<servlet-name>requestFactory</servlet-name>
	<servlet-class>com.github.apetrelli.gwtintegration.spring.security.SecureRequestFactoryServlet</servlet-class>
	<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
	<servlet-name>requestFactory</servlet-name>
	<url-pattern>/gwtRequest</url-pattern>
</servlet-mapping>

Distinguish security failures from the others

The problem: Security failures, when non-malicious users see them, usually it is a cause of an expired session. So this failure should be identified and treated separately.

The solution: Use SpringSecurityLoggingExceptionHandler as your exception handler in your RequestFactoryServlet class.

TODO: COMPLETE SERVER FAILURE CODE AND WRITE DOCS

Add a custom footer
Add a custom sidebar
Clone this wiki locally