On 26 January 2011 14:53, Thomas Broyer <t.bro...@gmail.com> wrote: > You mean how I *did* implement it? ;-) > > Using the same pattern as the Expenses sample: > > 1. out HTML host page (the one calling the *.nocache.js) is protected > with a simple servlet FORM authentication > (<login-config><auth-method>FORM</...> in the web.xml); nothing special > here. > 2. the server returns a known error response for unauthenticated > requests (i.e. a 401 status code, I didn't include a WWW-Authenticate > header > which is in violation of HTTP, but it just works so...), this is done in a > servlet Filter, where I simply check for request.getUserPrincipal() != > null. > This has really nothing specific to RequestFactory, and we use it with > other > XMLHttpRequest-driven requests too. > > I don´t know why this is wrong, but the checking of request.getUserPrincipal() != null seems to be valid only the first time a request is made. The following requests (made by the requestFactory), getUserPrincipal() returns null. Here´s my code in my AuthFilter class:
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; if(request.getUserPrincipal() == null) { response.setHeader("WWW-Authenticate", "FORM realm=\"userRealm\""); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } What am I doing wrong? > > 1. the client handles the known error response in a custom > RequestTransport (in our case, for the time being, we simply Window.alert() > the user, prompting him to refresh the page to re-authenticate) > > > (BTW, thank you for the "expert" qualifier ;-) ) > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to google-web-toolkit@googlegroups.com. > To unsubscribe from this group, send email to > google-web-toolkit+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.