Dave, Since it is an enterprise application, authentication is handled by a SSO service which hands off to our application, so there is no "remember me" functionality. The less work your application has to do the better, just like using Gmail/fb auth on a website.
Here is the redacted and comment Spring Security config: Note that this is just a standard Spring Security config, but that the custom preauthoization filter is where the magic happens. That is where you'd do the lookup of your users to get entitlements and then store those in their session. These are what the Spring Method level security will check against. Checkout the famously verbose Spring Documentation on this<http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html>. Basically you just extend some of their interfaces and classes per the instructions and you should be off to the races. Sincerely, Joseph <?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation= "http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- Setup Spring Security --> <http auto-config="false" entry-point-ref="entryPoint" access-denied-page="/unprotected/sso_Error.jsp"> <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/> <!-- These resources are protected --> <custom-filter position="PRE_AUTH_FILTER" ref="preAuthProcessingFilter"/> </http> <!-- Users get this on auth failure --> <beans:bean id="entryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/> <!-- Authorization filter does user authorization --> <beans:bean id="preAuthProcessingFilter" class="com.foo.custom.PreAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager"/> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider ref="preAuthAuthProvider"/> </authentication-manager> <!-- Custom preAuthAuthProvider --> <beans:bean id="preAuthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider"> <beans:property name="preAuthenticatedUserDetailsService" > <beans:bean id="preAuthenticationUserDetailsService" class="com.foo.custom.UserDetailsService" /> </beans:property> </beans:bean> -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/5NPP8dahTdcJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.