My goal is to have a HTTPS secured login service (GWT-RPC) and the rest is non-HTTPS. I want to have a non开发者_JAVA百科-HTTPS authentication service that checks the session if the user is logged in and successfully authenticated. If this fails, the service shall redired the client to the HTTPS secured login. My idea is to do authentication in every service (except the login service and the authentication service itself).
All services are XSRF protected (except the login service).
1) Does it make sense to have every service authenticated? 2) Is there a way to do that in the service on the server-side (until now I have only found ways to do that on the client)?
In my opinion it makes sense. It's important to not leave any security holes open.
Within your
RemoteServiceServlet, you can do the following to redirect your request to HTTPS:getThreadLocalResponse().sendRedirect("https://yourUrl");
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论