That's what I thought, and it does not exclude the possibility of using HTTP auth at all. For example, JBoss ships with some configurable authentication plug-ins for using back-end stores for your realm data (JDBC, e.g.). In the worst case, you can roll your own realm component (one Java class) and plug it in to the container's security stack. What is your application server?
Walden On Nov 18, 11:14 pm, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > Actually my app is a web interface to another backend app. So while logging > into my app you are actually authenticating with the other backend app. The > username/password, roles etc are maintained by the other app. > > On Tue, Nov 18, 2008 at 11:56 PM, walden <[EMAIL PROTECTED]>wrote: > > > > > > > Let's hear a bit more about that third party API for authentication. > > Can you post the interface? Is it used for managing the login form, > > or does it just handle the mapping of usernames to passwords and > > roles? Depending on your answer, this may not preclude using HTTP > > authentication *protocol*, which is where the simplicity/economy is to > > be had. > > > Walden > > > On Nov 18, 10:40 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > > > Actually my applications authentication is done by a third party. I need > > to > > > call their API to authenticate. So I wont b able to use the HTTP > > > authentication. But I think, Lothar's idea is worth trying. Thnx Lothar. > > > > If anybody has any better suggestions plz post it here. > > > > - Litty > > > > On Tue, Nov 18, 2008 at 9:04 PM, olivier nouguier < > > > > [EMAIL PROTECTED]> wrote: > > > > > I agree with walden in most case ... if classic HTTP auth is enough > > > > let HTTP do the job !! > > > > > But there is IMHO somes points hard to deal with only HTTP (and GWT > > > > component of course): > > > > * session expiration, because the GWT RPC will fail soon (401). > > > > * forbiden because the GWT RPC will fail soon (403). > > > > * activation of widget when authority is granted. > > > > * logout (not possible with HTTP Basic). > > > > > On Tue, Nov 18, 2008 at 3:53 PM, walden <[EMAIL PROTECTED]> > > > > wrote: > > > > > > You could try the simplest thing that could possibly work...HTTP > > > > > Authentication: let the existing security stack earn its keep. > > > > > > Walden > > > > > > On Nov 18, 6:52 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > > > > >> Hi All, > > > > > >> What should be the best authentication ans session management in GWT > > > > apps? > > > > >> Currently I am having this idea: > > > > > >> - Have a method checkSession() which will check for a valid > > > > authenticated > > > > >> session and throws an Exception if no valid session is there. > > > > >> - Call this method in the beginning of every ServiceImpl method. > > > > >> - In the onFailure of the async call backs catch this Exception > > and > > > > >> display the login page. > > > > > >> But this method has the following weak points: > > > > > >> - Some developer may forget to call the checkSession method. > > > > >> - There is code duplication in the onFailure implementation > > (Every > > > > >> onFailure shud handle the authentication exception) > > > > > >> So any of you have any better ideas? > > > > > >> Regards, > > > > >> Litty Preeth > > > > > -- > > > > Si l'ignorance peut servir de consolation, elle n'en est pas moins > > > > illusoire.- Hide quoted text - > > > > - Show quoted text -- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
