Actually my app is a web interface to another backend app. So while logging into my app you are actually authenticating with the other backend app. The username/password, roles etc are maintained by the other app.
On Tue, Nov 18, 2008 at 11:56 PM, walden <[EMAIL PROTECTED]>wrote: > > Let's hear a bit more about that third party API for authentication. > Can you post the interface? Is it used for managing the login form, > or does it just handle the mapping of usernames to passwords and > roles? Depending on your answer, this may not preclude using HTTP > authentication *protocol*, which is where the simplicity/economy is to > be had. > > Walden > > On Nov 18, 10:40 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > > Actually my applications authentication is done by a third party. I need > to > > call their API to authenticate. So I wont b able to use the HTTP > > authentication. But I think, Lothar's idea is worth trying. Thnx Lothar. > > > > If anybody has any better suggestions plz post it here. > > > > - Litty > > > > On Tue, Nov 18, 2008 at 9:04 PM, olivier nouguier < > > > > > > > > [EMAIL PROTECTED]> wrote: > > > > > I agree with walden in most case ... if classic HTTP auth is enough > > > let HTTP do the job !! > > > > > But there is IMHO somes points hard to deal with only HTTP (and GWT > > > component of course): > > > * session expiration, because the GWT RPC will fail soon (401). > > > * forbiden because the GWT RPC will fail soon (403). > > > * activation of widget when authority is granted. > > > * logout (not possible with HTTP Basic). > > > > > On Tue, Nov 18, 2008 at 3:53 PM, walden <[EMAIL PROTECTED]> > > > wrote: > > > > > > You could try the simplest thing that could possibly work...HTTP > > > > Authentication: let the existing security stack earn its keep. > > > > > > Walden > > > > > > On Nov 18, 6:52 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > > > >> Hi All, > > > > > >> What should be the best authentication ans session management in GWT > > > apps? > > > >> Currently I am having this idea: > > > > > >> - Have a method checkSession() which will check for a valid > > > authenticated > > > >> session and throws an Exception if no valid session is there. > > > >> - Call this method in the beginning of every ServiceImpl method. > > > >> - In the onFailure of the async call backs catch this Exception > and > > > >> display the login page. > > > > > >> But this method has the following weak points: > > > > > >> - Some developer may forget to call the checkSession method. > > > >> - There is code duplication in the onFailure implementation > (Every > > > >> onFailure shud handle the authentication exception) > > > > > >> So any of you have any better ideas? > > > > > >> Regards, > > > >> Litty Preeth > > > > > -- > > > Si l'ignorance peut servir de consolation, elle n'en est pas moins > > > illusoire.- Hide quoted text - > > > > - Show quoted text - > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
