We currently have role-based validation implemented for all of our RPC calls, however, our PSG guys don't want the validation to occur on the same machine. Ideally, they want 1 machine to validate the RPC request (in the DMZ), and if it succeeds, then it gets passed along into the Tomcat instance which is deployed on the Internal Network. Does anyone know how to do this?
Obviously one solution is to have GWT deserialize the request on the "validation" server (DMZ), validate the request, and if it succeeds, pass the request along. However, this seems like a lot of work to me. Is there a way to inspect the POST payload and extract the RPC call being made (as a String) and then check it against a permission table? I know that for the the package name and RPC name are in the POST as plain-text, so it should be possible, but I'm not sure of a reliable way of extracting that information. If anyone has any ideas, I would love to hear them! Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
