In such a scenario, you'll generally have a "session" maintained by the server through a cookie, which will be enough (yes, cookies are not that secure, but still deemed secure enough that everyone from Google to Facebook, Twitter, Microsoft, Yahoo!, etc. use them). The RequestTransport will then be useful to detect when the session/cookie have expired.
Now, if your "host page" (the page that "hosts" the GWT app) can now an authentication token, then you can output it in the page (using a JSP for instance) and use a Dictionary to retrieve it from your GWT code. See http://code.google.com/webtoolkit/articles/dynamic_host_page.html -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.