These are web standards, implemented in all viable web servers and
browsers. They work by configuring security realms on the server.
Then when the browsers requests a secured resource without [proper]
credentials, the standards define how the server challenges the
client, how the client responds, and how credentials are forwarded
with each subsequent request to the same realm. This basically makes
authentication orthogonal to your application design. The part most
people gag on is that the browser dialogs used for username/password
input are not under application designer control, so they look plain.
You can Google for tutorials and references. If you are Java on the
server, check the Servlet specifications for how to configure web.xml
to define secure resources, authentication type, etc.
Best,
Walden
On Sep 17, 12:13 pm, hezjing <[EMAIL PROTECTED]> wrote:
> I'm sorry, but I have to admit that I don't know HTTP Basic or Digest.Can
> you explain more (and any good article/tutorial)?
>
> Thank you!
>
> On Wed, Sep 17, 2008 at 10:57 PM, walden <[EMAIL PROTECTED]>wrote:
>
>
>
>
>
>
>
> > Not sure I understand your question. Yes, viisibility of the Session
> > in your service handling code is awkward, but you have figured out
> > what to do, as demonstrated by your code.
>
> > I have to say that this is yet another example of jumping through all
> > sorts of hoops trying to do custom authentication when you could much
> > more easily use HTTP Basic or Digest and get on with writing your
> > application. If you would like help with HTTP Basic or Digest, give a
> > holler.
>
> > Walden
>
> > On Sep 17, 8:07 am, Schimki86 <[EMAIL PROTECTED]> wrote:
> > > There is a login-page on startup at my GWT-Application. The user
> > > enters his login name and password and clicks a button to sign in. In
> > > my server- implementation there is a method which should sign the user
> > > in (and gets back a result- state):
>
> > > ...
> > > public int loginUser(String user, String password) {
> > > int result = -2;
> > > // check's whether user name equals a valid email
> > > if (Validator.validateEmail(user)) {
> > > DB_User db = new DB_User();
> > > // get request to create a session, when login for
> > creating the
> > > session later
> > > // HttpServletRequest request =
> > this.getThreadLocalRequest();
> > > // login the user
> > > result = db.loginUser(user.toLowerCase(), password,
> > request);
> > > }
> > > return result;}
>
> > > ...
>
> > > In the loginUser- method of "db" I create the session:
>
> > > ...
> > > HttpSession session = request.getSession();
> > > ...
>
> > > I don't know how I have to handle the session. There must be a "state"
> > > in the server- implementation which is compareable withe the current
> > > session, because only there I can access the session with
> > > "this.getThreadLocalRequest().getSession();", or!? How do I check
> > > whether the session is valid?
>
> > > Hope you can help and thx in advance!
>
> --
>
> Hez- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
