Sim123,
I don't think you mentioned whether you are using the regular Hosted
Mode or the -noserver variant of that. To test ServletFilter
behavior, you will have to go with -noserver, or else test in a web
mode environment. That's the first thing.
Second, you are making assumptions about how GWT RPC maps onto an HTTP
POST. You cannot expect to dig RPC parameters out of the request as
if they were HTTP parameters. Basically, RPC is opaque.
So here's the rub, and now I get to preach from the top of my little
crate again. You are hand-rolling security by piggybacking
authentication session information right in the application layer of
your RPC stuff. You are paying the price for this doubly: (1) you are
polluting your applicationi logic with extra security parameters,
which should be orthogonal to your business logic, and (2) you can't
dig the session out of the RPC serialized mess, so even though you're
enduring the pain of (1), it won't work.
If I were you, I'd consider using either HTTP Basic, HTTP Digest, or
HTTP Basic over SSL for establishing and maintaining a secure session
with your server. It all depends on how secure your app needs to be.
If you just need reasonable protection against stolen credentials, the
second option above should be fine.
Walden
On Sep 29, 4:52 pm, sim123 <[EMAIL PROTECTED]> wrote:
> Thanks for reply, actually I don't know where exactly the problem is,
> please bare with me.
>
> First thing is : Compile/Browser option is not working when Filter is
> enabled, this filter just checks for existing session using
> request.getSession(false), if session exists request is valid other
> wise I am throwing an error message saying "session is null".
>
> In hosted mode everything works fine, no issues at all.
>
> Another thing which I noticed is strange behavior of
> request.getParameter method in case of RPC. RPC method are http POST
> method and now I am passing sessionID with request payload i.e.
> another parameter in my method
>
> public String getData(String studentID, string sessionID);
>
> I am trying to get this sessionID in my filter's dofilter method
>
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain chain) ServletException {
> if ( ! isLoginRequest(request) ) {
> session = ((HttpServletRequest) request).getSession();
> String sessionIDFromReq =
> ((HttpServletRequest)
> request).getSession().getParamter("sessionID"); //this ID is null
>
> if ( session.getID().equals( sessionIDFromReq) ) {
> chain.doFilter(request, response);
>
> } else {
>
> throw new ServletException("session is null");
> }
> }
>
> }
>
> The only thing I know is for some reason I am not getting sessionID in
> filter even thought session is created. Please help, I hope I made
> things little more clear this time.
> Thanks
> On Sep 29, 6:14 am, walden <[EMAIL PROTECTED]> wrote:
>
>
>
> > I'm not sure, but I think Tomcat should
> > treathttp://localhostandhttp://<ip-address> as different origins requiring
> > separate sessions.
> > If this is your only problem, then don't use the IP address to access
> > your site.
>
> > If it's not the only problem, thenpostsome meaningful diagnostics
> > from your server log. You should have done that in your firstpost.
>
> > Walden
>
> > On Sep 28, 1:08 pm, sim123 <[EMAIL PROTECTED]> wrote:
>
> > > Someone please look into this issue, I really have no clue what is
> > > going on.
>
> > > On Sep 27, 3:38 pm, sim123 <[EMAIL PROTECTED]> wrote:
>
> > > > I have a simple application built in GWT and java servlet
>
> > > > 1. User login : user logs in using a asynchronous call to server, RPC
> > > > service creates a session and return it to client, on OnSuccess of
> > > > this login call I load data on to browser, there are few RPC calls and
> > > > one call to downlaod pictures from another tomcat instance.
>
> > > > 2. I have servlet filter implemented to check if the request is valid
> > > > or not, based on session coming from Cookies this filter validates the
> > > > request and pass it to appropriate RPC or non RPC Servlet.
>
> > > > Now everything is working fine in hosted mode browser but when I do
> > > > compile/browse I get authentication exception in filter, I don't know
> > > > ehy is it so as I am getting the session ID back in onSuccess method
> > > > of Login call and after that I am performing all other operaitons. I
> > > > created a war file and deployed it on external tomcat, everything
> > > > works fine if I type "http://localhost:8080/login/Login.html";, but if
> > > > I type ip address of my machine instead of localhost I get same
> > > > authentication exception saying session is null, is there something
> > > > realated to redirecting to another tomcat's instance when loading
> > > > images? If that is the case why it is not happening in hosted mode and
> > > > in"localhsot" ?
>
> > > > I would really appreciate if somebody could please help me with this
> > > > issue.
>
> > > > Thansk for all the help and support- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
