Hello There have been many approaches to securing GWT applications, I think it all depends on your application workflow. But an approach similar to yours that i'm used to follows: - Create a servlet filter to filter requests for the GWT module servlets. Then in the doFilter() method do something like ... HttSession session = request.getSession(false); // get the session attached to request if(session == null) { // the case if client is not logged in ression.sendError(HttpServletResponse.SC_UNAUTHORIZED); } else { chain.doFilter(request, response); // pass request on to the GWT servlets } - Next create a custom AsyncCallback handler for the client side wherein the onFailure() method does something like this .. void doFailure(Throwable t) { try { throw t; } catch (IncompatibleRemoteServiceException e) { // this client code is not compatible with the server refresh the browser to download new one Window.Location.reload(); } catch (StatusCodeException e) { // the call didn't complete cleanly switch (e.getStatusCode()) { case 401: // Authentication required; reload the whole page so server can enforce login Window.Location.reload(); break; default: // do other tests or pass on to an abstract method so you can do more localized processing } } catch (Throwable e) { // shouldn't get here though ... } } then you can use the custom AsyncCallback handler in other RPC requests of the application However, this approach appears to require some application design issues - the URL (especially the history tokens) you choose SHOULD be mapped to known application states, so that the application can appear to return to where it was before the Window.Location.reload() call. - the host page of the GWT module SHOULD be placed behind a security constraint This way i've been able to use container managed security and standard servlet security annotations in my application Just another way of achieving the same result :-) Cheers Sikiru willemsl...@gmail.com wrote: In my GWT application MyApp I'm using container managed security --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~--- |
- Container managed security and time-out of the webap... willemsl...@gmail.com
- Re: Container managed security and time-out of ... Braheem Sikiru
- Re: Container managed security and time-out... willemsl...@gmail.com