Dean, GWT RPC clearly does not have the security aspect designed in; it seems designed for use with an orthogonal security mechanism, such as found in the HTTP specs.
A bit of a leap, but have you mentally walked through what would happen if you ditched SESSION-based security and went with Digest? I think this approach would sidestep a huge amount of custom programming for you. Question is, what would you be losing that you can't live without? In my application, if I start up a browser and type the URL of my RPC service (before authenticating), the JAAS system in JBoss issues a challenge from way down in the stack (my RPC code never sees it), and the browser puts up a login form. This is pretty much what should happen when your logged in user encounters a session timeout. Walden On Oct 3, 3:42 am, "olivier nouguier" <[EMAIL PROTECTED]> wrote: > Hi, > If you don't want to give a try with Spring( or Guice), you could use > AspectJ to weave your desired behaviour (handling security). > But it might be more long && hard than to learn spring && spring security > (I've just post a project that illustrate this). > hih > > > > > > On Fri, Oct 3, 2008 at 7:23 AM, deanhiller <[EMAIL PROTECTED]> wrote: > > > I saw someone talking about proxying all the methods to add code(like > > an aspect or filter) using spring and I am wondering how I can do > > this(hopefully without spring as I don't feel like learning that right > > now and just want a quick solution). > > > Basically, if my GWT servlet has these methods > > public void doSomething(int i); > > public String doSomethingAgain(String s); > > public long increaseSomething(int i); > > > BEFORE methods are even called, I want to chech if there is a User > > object in the Session(ie. user is logged in). If there is not, the > > Session probably expired and I want to throw a NotLoggedInException on > > every one of these methods(but not in the method itself). I would > > prefer this is reusable in an abstract class that implements > > RemoteServiceServlet and any GWT Servlet any team creates here will > > extend that and inherit this functionality since all the > > authentication stuff is the same for all our services. > > > How do I do this in a common way? It looks like the > > RemoteServiceServlet is kind of screwed up in not exposing a good > > method to override that I could use as the filter. > > > Any ideas? > > thanks, > > Dean > > -- > "Quand le dernier arbre sera abattu, la dernière rivière asséchée, le > dernier poisson péché, l'homme va s'apercevoir que l'argent n'est pas > comestible" > - proverbe indien Cri- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
