My first app used in-app authentication (because the client wanted to bake
a lock screen after 30 minutes of inactivity in the webapp rather than
relying on the OS's built-in mechanism) and it caused us all sorts of
issues (disclaimer: at that time, Ray Ryan didn't praise MVP, decoupling
via
An alternative to using a Authentication filter would be to use a
Dynamic Proxy that form a central point of access to your public
methods (I use this between all my backend layers).
The proxy captures all RPC requests and controls authentication and
authorisation.
I do send a caller id with
Thomas,
Could you explain what do you check at the filter level? How do you
know if a user is authenticated when you make a GWT-RPC call? It is a
newbie question, I know, but it is not clear to me if we are
identifying the user by a query parameter or a HTTP header.
Thanks
On Dec 7, 4:01 am,
You could check it like this:
Normally my RPC calls look something like this:
modifyDeclarationOfLoggedInMember(DeclarationDto member);
Notice that you don't send the logged in member along as it's known in the
backend.
The logged in member is present in the session (at least his id).
If the is
On Wednesday, December 7, 2011 5:03:05 PM UTC+1, Alberto wrote:
Thomas,
Could you explain what do you check at the filter level? How do you
know if a user is authenticated when you make a GWT-RPC call? It is a
newbie question, I know, but it is not clear to me if we are
identifying the
Thanks a lot! This gives me a very good head start.
On Dec 7, 10:45 am, Thomas Broyer t.bro...@gmail.com wrote:
On Wednesday, December 7, 2011 5:03:05 PM UTC+1, Alberto wrote:
Thomas,
Could you explain what do you check at the filter level? How do you
know if a user is authenticated
Hi All-
I'm a new user who has been tasked with refactoring a GWT 2.3
application so that it can work behind something like Schibboleth or
OpenAM, as well as maintain a it's own authentication page/panel.
Searching the forum, I notice that most people when talking about
authentication are