I agree with walden in most case ... if classic HTTP auth is enough let HTTP do the job !!
But there is IMHO somes points hard to deal with only HTTP (and GWT component of course): * session expiration, because the GWT RPC will fail soon (401). * forbiden because the GWT RPC will fail soon (403). * activation of widget when authority is granted. * logout (not possible with HTTP Basic). On Tue, Nov 18, 2008 at 3:53 PM, walden <[EMAIL PROTECTED]> wrote: > > You could try the simplest thing that could possibly work...HTTP > Authentication: let the existing security stack earn its keep. > > Walden > > On Nov 18, 6:52 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote: >> Hi All, >> >> What should be the best authentication ans session management in GWT apps? >> Currently I am having this idea: >> >> - Have a method checkSession() which will check for a valid authenticated >> session and throws an Exception if no valid session is there. >> - Call this method in the beginning of every ServiceImpl method. >> - In the onFailure of the async call backs catch this Exception and >> display the login page. >> >> But this method has the following weak points: >> >> - Some developer may forget to call the checkSession method. >> - There is code duplication in the onFailure implementation (Every >> onFailure shud handle the authentication exception) >> >> So any of you have any better ideas? >> >> Regards, >> Litty Preeth > > > -- Si l'ignorance peut servir de consolation, elle n'en est pas moins illusoire. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
