Let's hear a bit more about that third party API for authentication. Can you post the interface? Is it used for managing the login form, or does it just handle the mapping of usernames to passwords and roles? Depending on your answer, this may not preclude using HTTP authentication *protocol*, which is where the simplicity/economy is to be had.
Walden On Nov 18, 10:40 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > Actually my applications authentication is done by a third party. I need to > call their API to authenticate. So I wont b able to use the HTTP > authentication. But I think, Lothar's idea is worth trying. Thnx Lothar. > > If anybody has any better suggestions plz post it here. > > - Litty > > On Tue, Nov 18, 2008 at 9:04 PM, olivier nouguier < > > > > [EMAIL PROTECTED]> wrote: > > > I agree with walden in most case ... if classic HTTP auth is enough > > let HTTP do the job !! > > > But there is IMHO somes points hard to deal with only HTTP (and GWT > > component of course): > > * session expiration, because the GWT RPC will fail soon (401). > > * forbiden because the GWT RPC will fail soon (403). > > * activation of widget when authority is granted. > > * logout (not possible with HTTP Basic). > > > On Tue, Nov 18, 2008 at 3:53 PM, walden <[EMAIL PROTECTED]> > > wrote: > > > > You could try the simplest thing that could possibly work...HTTP > > > Authentication: let the existing security stack earn its keep. > > > > Walden > > > > On Nov 18, 6:52 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > > >> Hi All, > > > >> What should be the best authentication ans session management in GWT > > apps? > > >> Currently I am having this idea: > > > >> - Have a method checkSession() which will check for a valid > > authenticated > > >> session and throws an Exception if no valid session is there. > > >> - Call this method in the beginning of every ServiceImpl method. > > >> - In the onFailure of the async call backs catch this Exception and > > >> display the login page. > > > >> But this method has the following weak points: > > > >> - Some developer may forget to call the checkSession method. > > >> - There is code duplication in the onFailure implementation (Every > > >> onFailure shud handle the authentication exception) > > > >> So any of you have any better ideas? > > > >> Regards, > > >> Litty Preeth > > > -- > > Si l'ignorance peut servir de consolation, elle n'en est pas moins > > illusoire.- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
