Need help! I have an architecture described below
1) Client application 2) Server application Client and server applications hasn't dependencies and could be set on different servers. I have the same Object model using in both application. Client and server are using rpc to communicate. In server application I'm using Spring (org.springframework.web.servlet.DispatcherServlet) In client application - GWT It works perfect but it isn't secure. So now I need to add auth to my client application. Users could have different roles, that's why they could call only allowed remote procedures. Of course it should be checked on server side. I need some mechanism for detection users on server side. I could't find any suitable solution for my application architecture. I think should be any transparent mechanism for my architecture. Do you have any ideas? My idea is to add to every rpc call any parameter - session identifier. This identifier set to any user if auth was correct. This session id stored in data base for example and cleared after some times if user was inactive. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
