In our case we never would take advantage of RequestBuilder's username and password fields. All of our apps that require authentication have the auth handled by the web server. Each app lives under a directory with Basic Auth enabled on the directory. We also redirect all non- SSL traffice to the auth'd dirs to https versions of the URL. The server side scripts can then get the remote_user info from the query string. We would not use the RequestBuilder username and password because we figure those strings must be embedded in the resulting javascript. and that might prove to be to tempting a target.
We have a couple of apps that live under SSL redirected dirs as above but without authentication set. These apps ask for usernames and passwords and pass that info along with the form data over the SSL connection to the server. On Jan 20, 7:48 am, chillyspoon <chillysp...@gmail.com> wrote: > Hi everyone, > > We use GWT extensively for a highly interactive user interface that > administers various software and hardware systems via a combination of > APIs. > > Right now I need to introduce functionality for file upload that is > posting (HTTP POST) to an SSL URL with preemptive BASIC AUTH. We are > using GWT 1.7 and cannot upgrade to 2.0 at this point by the way. > > I have noticed that RequestBuilder provides the means to set a user > and password but do not know how to use this in conjunction with > FormPanel and theFileUploadwidget. Although I suspect that a > successful "no op" RequestBuilder request will be enough to provide > authentication for following requests in the same session. > > My real problem is making any request as I don't appear to be able to > POST to a SSL protected URL at all. > > e.g. > > RequestBuilder rb = new RequestBuilder(RequestBuilder.POST, > "https://mydomain/other/"); > rb.setUser("myuser"); > rb.setPassword("mypass"); > rb.setHeader("http.authentication.preemptive", "true"); > > The URL definitely exists and is listening - I can post it using other > clients. > > "Access to restricted URI denied" > > I suspect I'm not even getting out of the browser but thought that it > should work as long as I'm on the same domain - would a different port > (which I do have) cause the same security gate to close? > > Cheers, > > Chilly. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.