I personally wouldn't expect an authentication/authorization component from a client side framework. Especially, because the login/logout often happens outside the context of the GWT app.
Security can only be provided by the server. So it depends on which server you use. If you use a JavaEE server, you can use JAAS (I don't find it very hard to configure). If you use PHP, you use whatever is cool in PHP. GWT is mainly a client side framework (with GWTRPC as a possible bridge to a Java server). Yes, you're right, the GWT documentation (or some blog somewhere) could provide an example how to set things up for different scenarios (note that there _is_ documentation on this for AppEngine in the GWT tutorial! And it involves only a few steps.) Just my opinion, but maybe this is because I wouldn't want to hide security anyway. Chris On Mar 5, 4:21 pm, Marley <[email protected]> wrote: > Authentication and Authorization is something a very large percentage > of Web Applications need. I am Googling "GWT Spring Security" and > various word combinations of "GWT and Security" and finding all sorts > of different threads and a spaghetti of XML descriptors and Classes > you need to implement, etc... Most of the information is out of > date. Wow. This is precisely the thing i expect a framework like GWT > to hide for me. > > It sure would be nice to have a default implementation as part of the > GWT, baked in if you will. Maybe just include a module, a extra jar or > two, etc... and write a little code or a few lines of configuration > and have a login page (you specify a html/jsp/etc... or you build > dynamically with GWT) which calls your specified code with the login > page values. If someone needs to use a different implementation or > not use it they simply do not include it. > > This built in Authentication/Authorization covers the rpc calls errors > when a session times out, login page, remember me, etc.... All the > things people expect a web application to support. Security is > fundamental to Web Applications and should not be so painful to > implement when using a Web Application framework. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
