I'm well on my way to getting this to work. I can determine whether
the method to be invoked requires authentication, and whether or not
the user is currently authenticated.
Currently, what I've done is defined a new runtime exception and
thrown that exception in my ServiceLayerDecorator if an
unauthenticated user tries to invoke a method requiring
authentication. I've then overridden doPost in my sub-class of
RequestFactoryServlet to catch this exception and set the status code
of the response to be 401.
Unfortunately, this doesn't quite work. I get the following in my
server console when this exception is thrown by my code:
SEVERE: Unexpected error
edu.hope.cs.surveys.editor.server.SessionExpiredException: Session
expired
at
edu.hope.cs.surveys.editor.server.ActiveSessionDecorator.invoke(ActiveSessionDecorator.java:
17)
at
com.google.web.bindery.requestfactory.server.ServiceLayerDecorator.invoke(ServiceLayerDecorator.java:
111)
at
com.google.web.bindery.requestfactory.server.SimpleRequestProcessor.processInvocationMessages(SimpleRequestProcessor.java:
455)
at
com.google.web.bindery.requestfactory.server.SimpleRequestProcessor.process(SimpleRequestProcessor.java:
225)
at
com.google.web.bindery.requestfactory.server.SimpleRequestProcessor.process(SimpleRequestProcessor.java:
127)
at
com.google.web.bindery.requestfactory.server.RequestFactoryServlet.doPost(RequestFactoryServlet.java:
133)
at
edu.hope.cs.surveys.editor.server.JandyRequestFactoryServlet.doPost(JandyRequestFactoryServlet.java:
28)
I see that SimpleRequestProcessor has a setExceptionHandler method
which is responsible for creating a ServerFailure object. Do I need
to provide a custom exception handler to the RequestProcessor? Or is
there some other way of catching the failure caused by the invoke
method of my ServiceLayerDecorator?
Thanks,
Ryan
On Jun 5, 11:13 am, Ashwin Desikan <ashwin.desi...@gmail.com> wrote:
> Thomas is correct. I had tried the route of creating two separate RF's. But
> that involves more work in comparison to annotations. In fact I changed my
> approach post Thomas suggestion in this forum quite sometime bac
>
> ~Ashwin
>
> Sent from my iPhone
>
> On Jun 5, 2012, at 7:38 PM, Thomas Broyer <t.bro...@gmail.com> wrote:
>
>
>
>
>
> > On Tuesday, June 5, 2012 3:58:22 PM UTC+2, Ryan McFall wrote:
> > After I wrote my original follow-up to Thomas' message, I thought of
> > having different services - one for methods that require
> > authentication, and one for those that don't. Then I can map my
> > ServletFilter to the URL for the service that requires authentication,
> > and not map it to those that don't.
>
> > That seems easier to me than the annotation route. Anyone have any
> > reasons to think otherwise?
>
> > It won't work. RequestFactoryServlet loads from the classpath, so unless
> > you somehow constrain the classpath of each servlet to only contain the
> > classes you want to expose, the unauthenticated servlet would be able to
> > load the "services requiring authentication", therefore allowing
> > unauthenticated access to them.
> > In other words, that's not how RF has been designed.
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Google Web Toolkit" group.
> > To view this discussion on the web
> > visithttps://groups.google.com/d/msg/google-web-toolkit/-/fl0PLdvGKHUJ.
> > To post to this group, send email to google-web-toolkit@googlegroups.com.
> > To unsubscribe from this group, send email to
> > google-web-toolkit+unsubscr...@googlegroups.com.
> > For more options, visit this group
> > athttp://groups.google.com/group/google-web-toolkit?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
