Hmm.. I ve a stupid question now..
Can't we use RemoteServiceServlet.getThreadLocalRequest().getSession()
to get the current session?
I found 'using the session' working in GWT 1.5.
On Dec 1, 9:31 am, jhulford <[EMAIL PROTECTED]> wrote:
> Another thing you can do in order to always send your session
> identifier as part of your request is use the RequestBuilder and add
> the identifier as a request header.
>
> RequestBuilder requestBuilder = new RequestBuilder("POST", "/
> myServletUrl");
> RequestBuilder.setHeader("X-Session-Id", mySessionIdFromCookie);
>
> On Dec 1, 8:31 am, gregor <[EMAIL PROTECTED]> wrote:
>
> > Hi Patrick,
>
> > I think you probably want to call the static async instance according
> > to usual RPC protocol, i.e. in this case SecureRemoteServiceAsync,
> > otherwise you might get confused as to what's going on
>
> > > --- Code, I hope this formats reasonably in the post. ---
> > > public interface SecureRemoteService extends RemoteService {
>
> > > /**
> > > * Utility/Convenience class.
> > > * Use SecureRemoteService.Async.getInstance() to access static
> > > instance of IpsvRmapServiceAsync
> > > */
> > > public static class SecureRemoteServiceAsync {
> > > private static Async ourInstance = null;
>
> > > public static synchronized SecureRemoteServiceAsync
> > > getInstance() {
> > > if (ourInstance == null) {
> > > ourInstance = (SecureRemoteServiceAsync)
> > > GWT.create(SecureRemoteService.class);
> > > }
> > > return ourInstance;
> > > }
>
> > > public void setServiceEntryPoint(String entryPoint) {
> > > // This is where the magic happens.
> > > ((ServiceDefTarget)
> > > ourInstance).setServiceEntryPoint
> > > (GWT.getModuleBaseURL() + entryPoint + "?sessionID=" + getSessionID
> > > ());
> > > }
>
> > > private String getSessionID() {
> > > // Do stuff to get sessionID
> > > return "SessionID";
> > > }
> > > }}
>
> > > --- End of code ---
>
> > Then you use it like so in code:
>
> > SecureRemoteServiceAsync async
> > = SecureRemoteServiceAsync.App.getInstance(); //
> > the URL will now have the SessionID param
> > async.someMethod(param, new secureRemoteServiceCallback());
>
> > Note that this does not work across the board, you have to do this
> > once for each RPC service separately (i.e. once per RPC service
> > interface declared), but if you extend RemoteServiceServlet and
> > override the processCall() method to grab and check sesionID
> > parameter, then use this extended RemoteServiceServlet this for all
> > your RPC services, they will all validate the sessionID.
>
> > I guess it's a matter of taste and situation, but I think I prefer the
> > second method (the Command pattern variation) becasue a) if you want
> > to change the way you handle this session thing, you just do it the
> > Payload base class and the extended RemoteServiceServlet.processCall
> > (), you do not have to change all your RPC Async interfaces and b)
> > this Payload pattern is useful for a lot of other reasons in handling
> > objects over the wire. I think it deals with the XSRF issue too (but
> > I'm sure Reinier will nail me to wall again if wrong!)
>
> > regards
> > gregor
>
> > > From what I can see, this should work if the interface extends the
> > > SecureRemoteService instead of the normal one. However, to properly
> > > create an instance of this class, the programmer now has to do
> > > something different from the normal procedure. Instead of calling the
> > > normal GWT.create(someService.class) and casting it to the Async
> > > version, he has to call on GWT.create(someService.Async.class). This
> > > means he has to modify all of his proxy creation statements as well.
>
> > > Is there any way to get around this?
>
> > > Thanks, Patrick
>
> > > PS: Graag gedaan.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
