Re: gwt mvp sessions

Wed, 16 Feb 2011 03:15:09 -0800 

On 26 January 2011 14:53, Thomas Broyer <t.bro...@gmail.com> wrote:

> You mean how I *did* implement it? ;-)
>
> Using the same pattern as the Expenses sample:
>
>    1. out HTML host page (the one calling the *.nocache.js) is protected
>    with a simple servlet FORM authentication
>    (<login-config><auth-method>FORM</...> in the web.xml); nothing special
>    here.
>    2. the server returns a known error response for unauthenticated
>    requests (i.e. a 401 status code, I didn't include a WWW-Authenticate 
> header
>    which is in violation of HTTP, but it just works so...), this is done in a
>    servlet Filter, where I simply check for request.getUserPrincipal() != 
> null.
>    This has really nothing specific to RequestFactory, and we use it with 
> other
>    XMLHttpRequest-driven requests too.
>
> I don´t know why this is wrong, but the checking of
request.getUserPrincipal() != null seems to be valid only the first time a
request is made. The following requests (made by the requestFactory),
getUserPrincipal() returns null. Here´s my code in my AuthFilter class:

public void doFilter(ServletRequest servletRequest, ServletResponse
servletResponse, FilterChain filterChain) throws IOException,
ServletException {
  HttpServletRequest request = (HttpServletRequest) servletRequest;
  HttpServletResponse response = (HttpServletResponse) servletResponse;

  if(request.getUserPrincipal() == null) {
    response.setHeader("WWW-Authenticate", "FORM realm=\"userRealm\"");
    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
    return;
}

What am I doing wrong?

>
>    1. the client handles the known error response in a custom
>    RequestTransport (in our case, for the time being, we simply Window.alert()
>    the user, prompting him to refresh the page to re-authenticate)
>
>
> (BTW, thank you for the "expert" qualifier ;-) )
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To post to this group, send email to google-web-toolkit@googlegroups.com.
> To unsubscribe from this group, send email to
> google-web-toolkit+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to 
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Reply via email to