It depends on how you are building your authorization. If you use something like Spring Security, this is done automatically with every RPC you make.
-- Arthur Kalmenson On Wed, Apr 1, 2009 at 11:43 PM, John Tamplin <j...@google.com> wrote: > On Wed, Apr 1, 2009 at 10:22 PM, Vitali Lovich <vlov...@gmail.com> wrote: >> >> I've encountered this pattern a few times, and think it would be great if >> the RPC layer could be given a serializable object that is always >> transferred on every RPC call. >> >> In the GWT security documentation it says not to use cookies but instead >> pass the session id manually on every RPC call, which is a real hassle to >> maintain & results in a lot of boilerplate. Instead it would be nice if the >> GWT layer could do it automatically for me, and then RemoteServiceServlet >> would provide it through a call like getSessionData() (templated for >> convenience) which would de-serialize the object & return it. >> >> Additionally, the server side could also set the data manually with >> setSessionData() & then the user side would never even need to know about >> it. > > Take a look at http://code.google.com/p/google-web-toolkit/wiki/RpcAuth > > -- > John A. Tamplin > Software Engineer (GWT), Google > > > > --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/Google-Web-Toolkit-Contributors -~----------~----~----~----~------~----~------~--~---
