I am using Apache Tomcat 5.5 On Wed, Nov 19, 2008 at 7:04 PM, walden <[EMAIL PROTECTED]> wrote:
> > That's what I thought, and it does not exclude the possibility of > using HTTP auth at all. For example, JBoss ships with some > configurable authentication plug-ins for using back-end stores for > your realm data (JDBC, e.g.). In the worst case, you can roll your > own realm component (one Java class) and plug it in to the container's > security stack. What is your application server? > > Walden > > On Nov 18, 11:14 pm, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > > Actually my app is a web interface to another backend app. So while > logging > > into my app you are actually authenticating with the other backend app. > The > > username/password, roles etc are maintained by the other app. > > > > On Tue, Nov 18, 2008 at 11:56 PM, walden <[EMAIL PROTECTED] > >wrote: > > > > > > > > > > > > > Let's hear a bit more about that third party API for authentication. > > > Can you post the interface? Is it used for managing the login form, > > > or does it just handle the mapping of usernames to passwords and > > > roles? Depending on your answer, this may not preclude using HTTP > > > authentication *protocol*, which is where the simplicity/economy is to > > > be had. > > > > > Walden > > > > > On Nov 18, 10:40 am, "Litty Preeth" <[EMAIL PROTECTED]> wrote: > > > > Actually my applications authentication is done by a third party. I > need > > > to > > > > call their API to authenticate. So I wont b able to use the HTTP > > > > authentication. But I think, Lothar's idea is worth trying. Thnx > Lothar. > > > > > > If anybody has any better suggestions plz post it here. > > > > > > - Litty > > > > > > On Tue, Nov 18, 2008 at 9:04 PM, olivier nouguier < > > > > > > [EMAIL PROTECTED]> wrote: > > > > > > > I agree with walden in most case ... if classic HTTP auth is enough > > > > > let HTTP do the job !! > > > > > > > But there is IMHO somes points hard to deal with only HTTP (and GWT > > > > > component of course): > > > > > * session expiration, because the GWT RPC will fail soon (401). > > > > > * forbiden because the GWT RPC will fail soon (403). > > > > > * activation of widget when authority is granted. > > > > > * logout (not possible with HTTP Basic). > > > > > > > On Tue, Nov 18, 2008 at 3:53 PM, walden < > [EMAIL PROTECTED]> > > > > > wrote: > > > > > > > > You could try the simplest thing that could possibly work...HTTP > > > > > > Authentication: let the existing security stack earn its keep. > > > > > > > > Walden > > > > > > > > On Nov 18, 6:52 am, "Litty Preeth" <[EMAIL PROTECTED]> > wrote: > > > > > >> Hi All, > > > > > > > >> What should be the best authentication ans session management in > GWT > > > > > apps? > > > > > >> Currently I am having this idea: > > > > > > > >> - Have a method checkSession() which will check for a valid > > > > > authenticated > > > > > >> session and throws an Exception if no valid session is there. > > > > > >> - Call this method in the beginning of every ServiceImpl > method. > > > > > >> - In the onFailure of the async call backs catch this > Exception > > > and > > > > > >> display the login page. > > > > > > > >> But this method has the following weak points: > > > > > > > >> - Some developer may forget to call the checkSession method. > > > > > >> - There is code duplication in the onFailure implementation > > > (Every > > > > > >> onFailure shud handle the authentication exception) > > > > > > > >> So any of you have any better ideas? > > > > > > > >> Regards, > > > > > >> Litty Preeth > > > > > > > -- > > > > > Si l'ignorance peut servir de consolation, elle n'en est pas moins > > > > > illusoire.- Hide quoted text - > > > > > > - Show quoted text -- Hide quoted text - > > > > - Show quoted text - > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
