Securiring GWT-RPC calls?

107 views
Skip to first unread message

Slava Imeshev

unread,
Oct 21, 2020, 2:56:10 PM10/21/20
to GWT Users
Are there best practices for securing RPC calls? In an app I'm working on some of the calls are OK to go through without authentication, and some do require authentication and authorization. Any thoughts / suggestions?

Slava

lofid...@gmail.com

unread,
Oct 21, 2020, 3:48:33 PM10/21/20
to GWT Users
I think, it depends on what kind of server-side technology do you use. 

I'm using normally REST APIs with Spring Boot and for that part I use Spring Security with OAuth2 / JWT token.

But the simplest one would be using Spring Boot and Spring Security like this example: https://spring.io/guides/gs/securing-web

Hope this helps!

Slava Imeshev

unread,
Oct 21, 2020, 3:53:22 PM10/21/20
to google-we...@googlegroups.com
It’s Java + Tomcat + GWT service servlet.

--
You received this message because you are subscribed to a topic in the Google Groups "GWT Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-web-toolkit/f_QJldsQ-y0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-web-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/e154fd85-7841-4a74-ac36-e7461c71a498n%40googlegroups.com.

lofid...@gmail.com

unread,
Oct 21, 2020, 4:49:18 PM10/21/20
to GWT Users
(1) The easiest way would be just to implement an auth filter in your servlet. Just put everything behind the "authentication". Only the login HTML/JSP should be accessible without authentication.

(2) Another way is to use Basic Auth of Tomcat



But if your webapp is getting complex I would prefer to use Spring Boot + Spring Security. Or maybe JavaEE + Security?
Reply all
Reply to author
Forward
0 new messages