FYI, my take on authentication and RequestFactory can be found at https://github.com/tbroyer/gwt-maven-archetypes/tree/master/guice-rf-activities (also uses Guice, GIN and Guava). I'm in the process of trading the userName and isAdmin JS variables for an object (managing ser/deserialization with AutoBeans) and logout (with a configurable logout URL, through JNDI). I'm using it to have pluggable authentication (static file, LDAP or database) and authentication mechanism (defaults to form auth, but can be changed to SSL client certificate or NTLM/SP-NEGO –in which case you'd configure the logout URL to the empty string to disable logout–) at the servlet container level. The code should be easy to migrate to GAE.
http://gwt-code-reviews.appspot.com/1806803/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
