Java – GWT, RPC security, HTTP headers, authentication and request builder

I assume that GWT RPC actually uses requestbuilder

Is there any way to extract the requestbuilder instance used by my RPC service asynchronous requester?

In fact, my question is, how do I extract the requestbuilder instance to insert the authentication token as an HTTP header? Is there any way to insert HTTP headers into RPC service requests?

Even if I can insert an HTTP header into the request, how can I tell the remote servlet that the authentication token is expected? So, in fact, does GWT RPC provide a framework for secure authentication?

I think the answer is no, or at least not convenient Am I right?

I use resteasy in combination with restygwt to use SSL. We can insert titles at any time By the way, restygwt constructs requests using requestbuilder

My actual motivation is to compare the security and effectiveness between GWT RPC and GWT jax-rs (restygwt resteasy) Therefore, if you, as a respondent, have an alternative detailed statement to compare the security and effectiveness of RPC with using requestbuilder or rest directly (instead of directly answering this question), please feel free to elaborate

Do I correctly assume that GWT RPC is not security friendly / effective, and should I avoid using GWT RPC for secure authentication requests?

Solution

You can have asynchronous methods return request or requestbuilder instead of void Request allows you to abort () a pending request, while requestbuilder allows you to modify the request before sending it (if you declare return type as requestbuilder, you are responsible for calling send () to actually send the request)

Alternatively, you can use rpcrequesbuilder to customize the requestbuilder for each call using a specific asynchronous service proxy