I guess I'm speaking strictly of the null checks. It's fine for our sample code not to have a real auth system in its storage, of course.
Seems like your UserServiceWrapper should have a requireCurrentUserId() method that throws an exception if there is no id, and Task shouldn't be friendly. Is that reasonable? On Wed, May 4, 2011 at 11:19 AM, <rj...@google.com> wrote: > > > http://gwt-code-reviews.appspot.com/1432801/diff/1/samples/mobilewebapp/src/main/com/google/gwt/sample/mobilewebapp/server/domain/Task.java > File > > > samples/mobilewebapp/src/main/com/google/gwt/sample/mobilewebapp/server/domain/Task.java > (right): > > > http://gwt-code-reviews.appspot.com/1432801/diff/1/samples/mobilewebapp/src/main/com/google/gwt/sample/mobilewebapp/server/domain/Task.java#newcode48 > > samples/mobilewebapp/src/main/com/google/gwt/sample/mobilewebapp/server/domain/Task.java:48: > } > This seems bad. I'd never allow code like this in a production app. An > unauthorized user shouldn't even be able to reach this class. > > > http://gwt-code-reviews.appspot.com/1432801/ > -- http://groups.google.com/group/Google-Web-Toolkit-Contributors