Hi, You can override the RemoteServiceServlet 'processCall' method, which is invoked for every incoming call (this is how Hibernate4GWT works seamlessly with input ou output parameters).
Regards Bruno On 3 oct, 16:16, walden <[EMAIL PROTECTED]> wrote: > Dean, > > GWT RPC clearly does not have the security aspect designed in; it > seems designed for use with an orthogonal security mechanism, such as > found in the HTTP specs. > > A bit of a leap, but have you mentally walked through what would > happen if you ditched SESSION-based security and went with Digest? I > think this approach would sidestep a huge amount of custom programming > for you. Question is, what would you be losing that you can't live > without? > > In my application, if I start up a browser and type the URL of my RPC > service (before authenticating), the JAAS system in JBoss issues a > challenge from way down in the stack (my RPC code never sees it), and > the browser puts up a login form. This is pretty much what should > happen when your logged in user encounters a session timeout. > > Walden > > On Oct 3, 3:42 am, "olivier nouguier" <[EMAIL PROTECTED]> > wrote: > > > Hi, > > If you don't want to give a try with Spring( or Guice), you could use > > AspectJ to weave your desired behaviour (handling security). > > But it might be more long && hard than to learn spring && spring security > > (I've just post a project that illustrate this). > > hih > > > On Fri, Oct 3, 2008 at 7:23 AM, deanhiller <[EMAIL PROTECTED]> wrote: > > > > I saw someone talking about proxying all the methods to add code(like > > > an aspect or filter) using spring and I am wondering how I can do > > > this(hopefully without spring as I don't feel like learning that right > > > now and just want a quick solution). > > > > Basically, if my GWT servlet has these methods > > > public void doSomething(int i); > > > public String doSomethingAgain(String s); > > > public long increaseSomething(int i); > > > > BEFORE methods are even called, I want to chech if there is a User > > > object in the Session(ie. user is logged in). If there is not, the > > > Session probably expired and I want to throw a NotLoggedInException on > > > every one of these methods(but not in the method itself). I would > > > prefer this is reusable in an abstract class that implements > > > RemoteServiceServlet and any GWT Servlet any team creates here will > > > extend that and inherit this functionality since all the > > > authentication stuff is the same for all our services. > > > > How do I do this in a common way? It looks like the > > > RemoteServiceServlet is kind of screwed up in not exposing a good > > > method to override that I could use as the filter. > > > > Any ideas? > > > thanks, > > > Dean > > > -- > > "Quand le dernier arbre sera abattu, la dernière rivière asséchée, le > > dernier poisson péché, l'homme va s'apercevoir que l'argent n'est pas > > comestible" > > - proverbe indien Cri- Hide quoted text - > > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
