You mean how I *did* implement it? ;-) Using the same pattern as the Expenses sample:
1. out HTML host page (the one calling the *.nocache.js) is protected with a simple servlet FORM authentication (<login-config><auth-method>FORM</...> in the web.xml); nothing special here. 2. the server returns a known error response for unauthenticated requests (i.e. a 401 status code, I didn't include a WWW-Authenticate header which is in violation of HTTP, but it just works so...), this is done in a servlet Filter, where I simply check for request.getUserPrincipal() != null. This has really nothing specific to RequestFactory, and we use it with other XMLHttpRequest-driven requests too. 3. the client handles the known error response in a custom RequestTransport (in our case, for the time being, we simply Window.alert() the user, prompting him to refresh the page to re-authenticate) (BTW, thank you for the "expert" qualifier ;-) ) -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.