Hi,
I'm studying how to use Spring Security to secure GWT web apps (I'll check
Shiro in the future so I can't compare the two solutions).
I'm working backed by a open source github repo and you can take a look to
it: https://github.com/cristcost/springsec
however it is a work in progress, where
If you're just looking for simple authentication then you may want to take
a look at: http://shiro.apache.org/. I've used it for simple authentication
all the way up through using an LDAP backing store and it's pretty simple.
It has some cool things like @RequiresAuthentication annotations that
Hi,
I'm trying to implement a login service whereby the user submits their
username and password to the app server (using RPC or RF, it doesn't really
matter). Then on the server side, once I've verified that the credentials
are valid, I need to:
1. Call a loginDAO and record the login to
Hello,
I'm currently developing a Spring/GWT application most things are
going just fine but I've experienced some troubles integrating with
Spring Security. It looks like there is no way to install "global"
handlers for asyncCallback failures to handle 401/403 errors. As I've
found there's curren
Hi,
Whether any one has done JGuard based authentication with GWT
Application. Any pointers to the same are welcome.
Warm Regards,
Allahbaksh
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
I agree, using a realm (and useful options like digest) should be
completely transparent to the application.
Daniel Jue
On Tue, Jan 6, 2009 at 2:07 PM, Sumit Chandel wrote:
> Hi JCM,
>
> As far as I know, JDBCRealm is a completely server-side facility for
> managing accesses to the underlying R
Hi JCM,
As far as I know, JDBCRealm is a completely server-side facility for
managing accesses to the underlying RDBMS through JDBC drivers in Tomcat.
This should work the same way regardless of whether you are using GWT for
the client-side technology or not. Could you elaborate a little more on t
Hi All,
Is anyone using JDBC realm for authentication in their GWT apps?
If so, what is the best-practice mechanism for setting this up? I'm
familiar with using realms to authenticate web apps based on servlets
and JSPs, but I'm having some difficulty adapting that procedure to
GWT apps.
Any s
Hello everyone,
I think all arguments that can be made on this thread have been made.
Let's keep it friendly. I'm locking this thread; please take the time
you would have spent replying and spend it on thinking about how much
better this forum would be if we kept it positive and focused on the
te
walden, please, pretty pretty please, stop confusing GWT users with
your very bad advice. You just restated your earlier arguments without
taking into consideration anything I wrote. Sticking your fingers in
your ears and singing loudly doesn't really work, and I request the
common courtesy that y
In answer to the criticisms of HTTP authentication:
1. The generalilzations above about user experience don't click with
my experience with users. No one ever reported a broken application
on seeing the login dialog. THey really don't care if it's modal, if
the background is grey, or any of tha
Hello everyone,
Just a note that I've removed a couple of posts from this thread due
to inappropriate comments. This also seems like a good time to remind
everyone that we're here to collaborate and help each other, not to
curse or antagonize anyone.
One of the posts did contain some useful cont
walden,Stop being such a cry baby. So its okay for you to be snide with
other users but you don't like it when you get the treatment. Reinier is
also rather brash in his response to users, but the difference is he can
back his stuff up so I have nothing to say to him.
Stop complaining to the moder
I am using Apache Tomcat 5.5
On Wed, Nov 19, 2008 at 7:04 PM, walden <[EMAIL PROTECTED]> wrote:
>
> That's what I thought, and it does not exclude the possibility of
> using HTTP auth at all. For example, JBoss ships with some
> configurable authentication plug-ins for using back-end stores for
Walden,
See below, please.
On Wed, Nov 19, 2008 at 2:29 PM, walden <[EMAIL PROTECTED]> wrote:
>
> Olivier,
>
> I'm still a little perplexed, see below.
>
>> >> * session expiration, because the GWT RPC will fail soon (401).
>> >> * forbiden because the GWT RPC will fail soon (403).
>>
>> When
That's what I thought, and it does not exclude the possibility of
using HTTP auth at all. For example, JBoss ships with some
configurable authentication plug-ins for using back-end stores for
your realm data (JDBC, e.g.). In the worst case, you can roll your
own realm component (one Java class)
Olivier,
I'm still a little perplexed, see below.
> >> * session expiration, because the GWT RPC will fail soon (401).
> >> * forbiden because the GWT RPC will fail soon (403).
>
> When session is expired, the RPC will fail soon with a 401 (Auth
> required status), before GWT 1.5 it was not (e
Reinier,
I think you need a different outlet for your anger. I don't
appreciate you calling me a jackass, especially in a public forum such
as this. I'm going to ask the moderator to remove your post.
If you want to have the discussion, please take the prism glasses off,
try to read what I wro
2008/11/19 olivier nouguier <[EMAIL PROTECTED]>:
>
> gwt-log-2.5.2 is not available on public repository, did you install
> by hand in yours ?
Ohh... opps... I think this is the problem. I forgot that because
2.5.2 wasnt' available, I downgraded it to 2.5.0.
sorry for the noise ;)
--~--~-
Hi
It work for me...
* what is your environnement ? (OS, GWT version, java etc ...)
* did the war works out of hosted mode ?
On Tue, Nov 18, 2008 at 3:04 PM, Ian P. Christian <[EMAIL PROTECTED]> wrote:
>
> 2008/11/18 olivier nouguier <[EMAIL PROTECTED]>:
>
>> Yes there is a war sample and the p
gwt-log-2.5.2 is not available on public repository, did you install
by hand in yours ?
PS: as mentioned on
http://code.google.com/p/net-orcades-spring/wiki/Installation
On Tue, Nov 18, 2008 at 3:21 PM, Ian P. Christian <[EMAIL PROTECTED]> wrote:
>
> 2008/11/18 Ian P. Christian <[EMAIL PROTECTED
Walden
Sorry for your head ;).
On Tue, Nov 18, 2008 at 7:29 PM, walden <[EMAIL PROTECTED]> wrote:
>
> Olivier,
>
>> * session expiration, because the GWT RPC will fail soon (401).
>> * forbiden because the GWT RPC will fail soon (403).
When session is expired, the RPC will fail soon with a 401
@Rick:
Ahh, that makes sense. However, its not logging out of HTTP Basic. Its
just invalidating a session ID. I also doubt that it'll work properly
if done in one browser session - the browser will keep re-sending the
Authorization header regardless of your invalidated session. The
browser doesn'
Actually my app is a web interface to another backend app. So while logging
into my app you are actually authenticating with the other backend app. The
username/password, roles etc are maintained by the other app.
On Tue, Nov 18, 2008 at 11:56 PM, walden <[EMAIL PROTECTED]>wrote:
>
> Let's hear a
http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ
/johan
On 18 Nov, 12:52, "Litty Preeth" <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> What should be the best authentication ans session management in GWT apps?
> Currently I am having this idea:
>
> - Have a method checkS
To logout from HTTP authentication use:
public void logout() {
HttpSession session = this.getThreadLocalRequest().getSession();
session.invalidate();
}
You can do this in your ServiceImpl class.
I kind of agree with Reinier, but might have used language that was
less strong.
--~--~
HTTP Authentication? Don't make me laugh - it's ridiculous design, and
more importantly, users don't get it. at all. They think your app is
broken and try to browse away (only they can't, that authentication
dialog box is modal). There's also no better security there than what
you can do with cook
2008/11/18 olivier nouguier <[EMAIL PROTECTED]>:
> Yes there is a war sample and the project that generate that war
> (net.orcades.spring-gwt-sample).
> All is provided in the checkout.
> It's maven driven.
This sample doesn't appear to work correctly 'out of the box'.
I did a 'source:jar insta
Olivier,
> * session expiration, because the GWT RPC will fail soon (401).
> * forbiden because the GWT RPC will fail soon (403).
> * activation of widget when authority is granted.
I'm scratching my head wondering what those mean. In my app, RPC's
are secure and they don't fail. As for wid
Let's hear a bit more about that third party API for authentication.
Can you post the interface? Is it used for managing the login form,
or does it just handle the mapping of usernames to passwords and
roles? Depending on your answer, this may not preclude using HTTP
authentication *protocol*, w
2008/11/18 Ian P. Christian <[EMAIL PROTECTED]>:
>> Yes there is a war sample and the project that generate that war
>> (net.orcades.spring-gwt-sample).
>> All is provided in the checkout.
>> It's maven driven.
>
> This sample doesn't appear to work correctly 'out of the box'.
Sorry, perhaps thi
You could use basic HTTP authentication with a Jaas Module, but it's
much much pain then integrating Spring :)
On Tue, Nov 18, 2008 at 4:40 PM, Litty Preeth <[EMAIL PROTECTED]> wrote:
> Actually my applications authentication is done by a third party. I need to
> call their API to authenticate.
Actually my applications authentication is done by a third party. I need to
call their API to authenticate. So I wont b able to use the HTTP
authentication. But I think, Lothar's idea is worth trying. Thnx Lothar.
If anybody has any better suggestions plz post it here.
- Litty
On Tue, Nov 18, 20
I agree with walden in most case ... if classic HTTP auth is enough
let HTTP do the job !!
But there is IMHO somes points hard to deal with only HTTP (and GWT
component of course):
* session expiration, because the GWT RPC will fail soon (401).
* forbiden because the GWT RPC will fail soon (403
You could try the simplest thing that could possibly work...HTTP
Authentication: let the existing security stack earn its keep.
Walden
On Nov 18, 6:52 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> What should be the best authentication ans session management in GWT apps?
> Current
Litty Preeth schrieb:
> But this method has the following weak points:
>
> * Some developer may forget to call the checkSession method.
>
> So any of you have any better ideas?
You can overwrite
public String processCall(String payload) throws SerializationException
and do the following:
On Tue, Nov 18, 2008 at 1:08 PM, Schimki86 <[EMAIL PROTECTED]> wrote:
> Is there an example how to start up with Spring (ACEGI / Spring Security) &
> GWT?
Yes there is a war sample and the project that generate that war
(net.orcades.spring-gwt-sample).
All is provided in the checkout.
It's maven
But I am not using Spring... :(
So any other ideas???
On Tue, Nov 18, 2008 at 5:29 PM, olivier nouguier <
[EMAIL PROTECTED]> wrote:
>
> Hi Litty,
>
> I've played with Spring security && GWT at
> http://code.google.com/p/net-orcades-spring/
>
> If you're confident with Spring (Security) && GWT th
Is there an example how to start up with Spring (ACEGI / Spring Security) &
GWT? What and where I have to configure Spring? I want to implement a User-
Login too. Can someone attach an example here in Google Groups?
2008/11/18 olivier nouguier <[EMAIL PROTECTED]>
>
> Hi Litty,
>
> I've played wit
Hi Litty,
I've played with Spring security && GWT at
http://code.google.com/p/net-orcades-spring/
If you're confident with Spring (Security) && GWT the lack of
documentation won't block you :-/
On Tue, Nov 18, 2008 at 12:52 PM, Litty Preeth <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> What shoul
Hi All,
What should be the best authentication ans session management in GWT apps?
Currently I am having this idea:
- Have a method checkSession() which will check for a valid authenticated
session and throws an Exception if no valid session is there.
- Call this method in the beginning
41 matches
Mail list logo
