GWT RPC XSRF protection - Invalid RPC token
pman
with gwt's eclipse sample. but, i got the
[ERROR] javax.servlet.ServletContext log: Exception while dispatching
incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method
'public abstract com.google.gwt.user.client.rpc.XsrfToken
com.google.gwt.user.client.rpc.XsrfTokenService.getNewXsrfToken()'
threw an unexpected exception:
com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token
(Session cookie is not set or empty! Unable to generate XSRF cookie)
at
com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:
385)
...
what else is missing? or what wrong with this -
/**
* Send the name from the nameField to the server and wait for a
* response.
*/
private void sendNameToServer() {
// First, we validate the input.
errorLabel.setText("");
final String textToServer = nameField.getText();
if (!FieldVerifier.isValidName(textToServer)) {
errorLabel.setText("Please enter at least four characters");
return;
}
// Then, we send the input to the server.
sendButton.setEnabled(false);
textToServerLabel.setText(textToServer);
serverResponseLabel.setText("");
XsrfTokenServiceAsync xsrf = (XsrfTokenServiceAsync) GWT
.create(XsrfTokenService.class);
((ServiceDefTarget) xsrf).setServiceEntryPoint(GWT
.getModuleBaseURL() + "xsrf");
xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() {
public void onSuccess(XsrfToken token) {
((HasRpcToken) greetingService).setRpcToken(token);
// make XSRF protected RPC call
greetingService.greetServer(textToServer,
new AsyncCallback<String>() {
public void onFailure(Throwable caught) {
// Show the RPC error message to the
// user
dialogBox
.setText("Remote Procedure Call - Failure");
serverResponseLabel
.addStyleName("serverResponseLabelError");
serverResponseLabel
.setHTML(SERVER_ERROR);
dialogBox.center();
closeButton.setFocus(true);
}
public void onSuccess(String result) {
dialogBox
.setText("Remote Procedure Call");
serverResponseLabel
.removeStyleName("serverResponseLabelError");
serverResponseLabel.setHTML(result);
dialogBox.center();
closeButton.setFocus(true);
}
});
}
public void onFailure(Throwable caught) {
try {
throw caught;
} catch (RpcTokenException e) {
// Can be thrown for several reasons:
// - duplicate session cookie, which may be a sign
// of a cookie
// overwrite attack
// - XSRF token cannot be generated because session
// cookie isn't
// present
} catch (Throwable e) {
// unexpected
}
}
});
}
Shawn Brown
> com.google.gwt.user.client.rpc.XsrfTokenService.getNewXsrfToken()'
> threw an unexpected exception:
> com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token
> (Session cookie is not set or empty! Unable to generate XSRF cookie)
What do these show? Have you tried logging the error?
> public void onFailure(Throwable caught) {
> try {
> throw caught;
> } catch (RpcTokenException e) {
> // Can be thrown for several reasons:
> // - duplicate session cookie, which may be a sign
> // of a cookie
> // overwrite attack
> // - XSRF token cannot be generated because session
> // cookie isn't
> // present
> } catch (Throwable e) {
> // unexpected
> }
> }
> });
> }
Do you have gwt-dev.jar in your classpath. I didn't and was seeing
and unexpected error when it couldn't generate the token for as the
needed class wasn't found. Not sure if that is your problem or not.
Shawn