What do you mean by "server push"? Could you maybe elaborate on your approach a little, thanks.
On Mar 6, 5:11 pm, Rakesh <rake...@gmail.com> wrote: > we use server push for session time out and it works really great! > > On Feb 28, 1:26 am, marcelstoer <mar...@frightanic.com> wrote: > > > Is there some consensus or best practice in the GWT community as for > > how to deal with session timeout and container managed security? There > > are some pointers if you search for this subject, but some of the > > ideas are wild... > > > In my case I use the Servlet container's built in security features > > for authentication as described in the Servlet specification. Hence, > > in my web.xm I protect access to the GWT application like so: > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>my app</web-resource-name> > > <url-pattern>/app/*</url-pattern> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > <http-method>DELETE</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>*</role-name> > > </auth-constraint> > > </security-constraint> > > > <login-config> > > <auth-method>FORM</auth-method> > > <form-login-config> > > <form-login-page>/public/login.jsp</form-login-page> > > <form-error-page>/public/login.jsp?retry=true</form-error-page> > > </form-login-config> > > </login-config> > > > <security-role> > > <role-name>*</role-name> > > </security-role> > > > So, the application (host/bootstrap page, RPC Servlet, etc.) is in the > > "app" folder and the login form (login.jsp) is in the "public" folder. > > This works flawlessly except for the session timeout use case. > > The application sends an RPC request to /app/AppServlet, the Servlet > > container requires authentication because the session had timed out > > and dutifully *forwards* to the login page. Hence, the result of the > > request is not some RPC/JSON/XML object as expected by the client but > > the login page HTML structure. The client simply isn't prepared for > > that and freezes i.e. doesn't do anything. > > > I believe that on the server side everything is set up correctly. If > > the session timed out the requests don't even reach the RPC Servlet > > because it's intercepted by the container, fine. > > > But how do you deal with this in the client? > > Should one write some custom AsyncCallback class that handles the > > reponse sent by the container? > > > Thanks for your feedback. > > Marcel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---