If you want to pass an "authentication token" on each request, then the RequestTransport is the way to go on the client-side.
Have a look http://code.google.com/p/google-web-toolkit/source/browse/tags/2.1.1/samples/expenses/src/main/java/com/google/gwt/sample/gaerequest/ which is used in the Expenses sample. However, if you want to do your login() call using RequestFactory, then you'd of course get rid of the servlet filter and then either add checks in each service method requiring authentication (not productive, but easy to comprehend) or somehow "filter" the invocations using a ServiceLayerDecorator (kind of AOP-like) that report() any unauthorized call. You'd probably couple that with a com.google.gwt.requestfactory.server.ExceptionHandler and generic error management in your Receiver subclasses (in onFailure). I'm talking from experience: I'd highly recommend doing sign-in outside the app and use the approach used by the Expenses sample (though I acknowledge there are use-cases for "in app" authentication that people think are worth the trouble) -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.