Securiring GWT-RPC calls?

Skip to first unread message

Slava Imeshev

Oct 21, 2020, 2:56:10 PM10/21/20
to GWT Users
Are there best practices for securing RPC calls? In an app I'm working on some of the calls are OK to go through without authentication, and some do require authentication and authorization. Any thoughts / suggestions?


Oct 21, 2020, 3:48:33 PM10/21/20
to GWT Users
I think, it depends on what kind of server-side technology do you use. 

I'm using normally REST APIs with Spring Boot and for that part I use Spring Security with OAuth2 / JWT token.

But the simplest one would be using Spring Boot and Spring Security like this example:

Hope this helps!

Slava Imeshev

Oct 21, 2020, 3:53:22 PM10/21/20
It’s Java + Tomcat + GWT service servlet.

You received this message because you are subscribed to a topic in the Google Groups "GWT Users" group.
To unsubscribe from this topic, visit
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit

Oct 21, 2020, 4:49:18 PM10/21/20
to GWT Users
(1) The easiest way would be just to implement an auth filter in your servlet. Just put everything behind the "authentication". Only the login HTML/JSP should be accessible without authentication.

(2) Another way is to use Basic Auth of Tomcat

But if your webapp is getting complex I would prefer to use Spring Boot + Spring Security. Or maybe JavaEE + Security?
Reply all
Reply to author
0 new messages