Aw: Re: Security for RequestFactoryServlet and static cache in ServiceLayerCache
Hi Thomas, thanks for the feedback. Indeed the problem was to only intercept #createServiceInstance() but not #invoke(). Now, it works. Thanks, Stefan. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/UVBEQWJ6WjEzYTBK. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Security for RequestFactoryServlet and static cache in ServiceLayerCache
I think the field is static to allow multiple instances of the same servlet (for the same servlet-mapping, which I believe is allowed by the servlet spec) share the state, which is static anyway (what's cached is only what's derived from classes and interfaces). If your ServiceLayerDecorator intercepts createDomainObject, loadDomainObject(s), getProperty, setProperty and invoke, it should work. I'd rather have a single servlet-mapping that works whether the user is authenticated or not, and filters some calls out for unauthenticated requests (and/or checking the authenticated user's authorizations) -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/dzA2RVdsaWJVdkVK. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Security for RequestFactoryServlet and static cache in ServiceLayerCache
To allow some RequestFactory calls to be executed with and some without an authenticated session, I thought of providing two different RequestFactoryServlets at two different urls. The first one is secured by an http filter and the second is not. The unsecured version adds a special ServiceLayerDecorator to restrict access to some services from the back-end. The reason why this doesn't work is the static method cache in ServiceLayerCache. As the instance of ServiceLayerCache is only created once per servlet, I don't see a reason why to use a static field here. If this would be a normal field, I think the solution could work. Before opening a feature request, I'd like to hear other opinions. Regards, Stefan. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/TUttajlsbUJtSWtK. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
