By this way you secure the main page only. What is pretty much useless. All client/server communication is done through AJAX. You can't secure it by a traditional servlet filter, because GWT serialization doesn't know anything about redirect. You will have something like serialization Exception. Also you have to think about user authorization. Users with different roles allowed to have access to different resources.
I see the only way to do it- in every RPC call check user identity and permissions, then throw application defined exception if something is wrong. On client side you have to catch that exception and redirect to login page. Thank you, Andrey On Jan 21, 6:35 am, FKereki <[email protected]> wrote: > Hi! I was just checking the consensus on how to do a secure login and > it seems to be along the lines of: > > * set a simple login application to run athttps://your.own.site.com/login > * set the rest of your application to run athttp://your.own.site.com/main > * if the user tries to directly go tohttp://your.own.site.com/main, > redirect him tohttps://your.own.site.com/login > * on successful login, set a cookie, and redirect > tohttp://your.own.site.com/main > > Is this it? Am I missing something? Any better ways to do it?
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
