+1 I do always authorise user action at services. I cant find out any other solution.
2010/1/21 ailinykh <[email protected]> > By this way you secure the main page only. What is pretty much > useless. > All client/server communication is done through AJAX. You can't secure > it by a traditional servlet filter, > because GWT serialization doesn't know anything about redirect. You > will have something like serialization Exception. > Also you have to think about user authorization. Users with different > roles allowed to have access to different resources. > > I see the only way to do it- in every RPC call check user identity and > permissions, then throw application defined exception if something is > wrong. > On client side you have to catch that exception and redirect to login > page. > > Thank you, > Andrey > > On Jan 21, 6:35 am, FKereki <[email protected]> wrote: > > Hi! I was just checking the consensus on how to do a secure login and > > it seems to be along the lines of: > > > > * set a simple login application to run athttps:// > your.own.site.com/login > > * set the rest of your application to run athttp:// > your.own.site.com/main > > * if the user tries to directly go tohttp://your.own.site.com/main, > > redirect him tohttps://your.own.site.com/login > > * on successful login, set a cookie, and redirect tohttp:// > your.own.site.com/main > > > > Is this it? Am I missing something? Any better ways to do it? > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-web-toolkit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > > > -- Regards, Alexander--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
