we use server push for session time out and it works really great!
On Feb 28, 1:26 am, marcelstoer <mar...@frightanic.com> wrote:
> Is there some consensus or best practice in the GWT community as for
> how to deal with session timeout and container managed security? There
> are some pointers if you search for this subject, but some of the
> ideas are wild...
>
> In my case I use the Servlet container's built in security features
> for authentication as described in the Servlet specification. Hence,
> in my web.xm I protect access to the GWT application like so:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>my app</web-resource-name>
> <url-pattern>/app/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>*</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/public/login.jsp</form-login-page>
> <form-error-page>/public/login.jsp?retry=true</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <role-name>*</role-name>
> </security-role>
>
> So, the application (host/bootstrap page, RPC Servlet, etc.) is in the
> "app" folder and the login form (login.jsp) is in the "public" folder.
> This works flawlessly except for the session timeout use case.
> The application sends an RPC request to /app/AppServlet, the Servlet
> container requires authentication because the session had timed out
> and dutifully *forwards* to the login page. Hence, the result of the
> request is not some RPC/JSON/XML object as expected by the client but
> the login page HTML structure. The client simply isn't prepared for
> that and freezes i.e. doesn't do anything.
>
> I believe that on the server side everything is set up correctly. If
> the session timed out the requests don't even reach the RPC Servlet
> because it's intercepted by the container, fine.
>
> But how do you deal with this in the client?
> Should one write some custom AsyncCallback class that handles the
> reponse sent by the container?
>
> Thanks for your feedback.
> Marcel
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
