I'd like to use Filter to implement all my security checks as a gateway to each gwt rpc call. I'm going to include a sessionID from the client as an argument to each RPC call. I'd like my filter in doFilter to be able to pull off that argument and check if the user is logged in and see what their role is.
In the example's I've seen, when implementing the doFilter() method it isn't clear how I can get that argument off the request. I looked at the methods for HttpServletRequest and didn't say anything useful. Also, once I have the request I'd like to be able to check if the role is appropriate for the method being invoked but it isn't clear to me how I can do this either without having groups of methods for each role and a specific filter that checks the specific role for each group. Maybe not a bad idea I guess. I've seen other slicker stuff using annotations that maybe the Filter could access the value of to compare the user's role with the annotated required role for the called method? Any info would be good here. In either case I would just throw an AuthenticationException right there and let the client handle it in the AsyncCallback's onFail(). Thanks for any help. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
