Just a few quick notes: 1) JSecurity uses the JSecurity framework. Grails Acegi plugin uses the Acegi security framework, which is now called Spring Security.
2) You can configure session timeout either directly in the Session object (retrieve it using getSession() in a controller or access to the session object in a grails controller) or you can configure it for the entire web app in the web.xml. There is a web.xml session timeout setting you can use set. Whenever an ajax request hits the server and whenever you access the session, it should automatically renew your session expire lease. These ajax requests should be no different than a normal request to the server requesting for a page. You can also manually force a session refresh through the use of a Servlet Filter. On the client side using RPC, I have a defined LoginTimeoutException that gets thrown for any RPC request that comes in after a session expires. The RPC onFailure() will specifically check this exception and cause the browser to reload the web page. This reload will then force the user to the login page again. You can also have the client pop up a login dialog requesting for a relogin. Submitting this login request should reauthenticate the user and then recreate a new session. Hope this helps -ck On Feb 25, 2009, at 8:45 AM, Felipe Cypriano wrote: > I'm thinking in using Grails (JSecurity Plugin, which "is" Spring > Security) with GWT as the interface. Have you tried this? > > I haven't tested this yet, but the session expiration is a issue > using GWT? For example, the timeout for a session is 30 minutes, > everytime GWT does an "ajax" request the timeout counter is > restarted or every 30 minutes with the user didn't do a refresh (old > school request) the session will expires? > > > Thanks, > > --- > Felipe Marin Cypriano > Vitória - ES > http://www.linkedin.com/in/felipecypriano > > > On Wed, Feb 25, 2009 at 6:14 AM, David <[email protected]> wrote: > > I've added additional information (examples mainly) and will upload a > jar ASAP in order to make it easy to test. > > And do not hesitate to give me feedback. > > David > > On Feb 22, 4:13 pm, jossey <[email protected]> wrote: > > Hi David, > > I really appreciate you sharing this. > > Thanks. > > > > On Feb 19, 3:03 pm, David <[email protected]> wrote: > > > > > Hi everyone, > > > > > This is my second message promoting something I've put in my > "GWT test > > > area" :) I hope you'll find it useful : It may help people to > > > integrate Spring Security with GWT applications in a clean > (that's my > > > non-objective POV ! :)) way. > > > > > Here is a small introduction on how it works ; a more detailed > > > description is available on code.google.com. See the link at the > end > > > of this message. > > > > > First thing : it uses GWT-SL to use simple Spring beans to serve > RPC > > > calls. I've extended the original GWTHandler in order to provide a > > > convenient way to manage Security exceptions. I've also provided a > > > specific ExceptionTranslationFilter that can deal with security > > > exception too. > > > > > With these two parts, people can handle both URL filtering and AOP > > > strategies. > > > > > As usual, feel free to post your comments, I'll really > appreciate your > > > feedback. > > > > > Here is the URL of the Google Code's project > > > :http://code.google.com/p/gwt-incubator-lib > > > > > David > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
