Jeff,
Yeah I have a working prototype of that working now. The route we've
decided to take though is to have a developer mode and if set a
request filter will auto authenticate allowing direct connection to
GWT EntryPoint URLS with gwt.codeSvr included.
Thanks for all your help Jeff.
-Adam
On May 26, 10:14 am, Jeff Chimene <jchim...@gmail.com> wrote:
> Hi Adam:
>
> I get what you're saying.
>
> Do you have control over the logout hook? If so, why not add some
> intelligence that copies the gwt.codesvr parameter if it exists in the URL?
> I don't see any security implications here (perhaps I'm not sufficiently
> caffeinated)
>
> On Wed, May 26, 2010 at 5:25 AM, Adam <ambr...@gmail.com> wrote:
> > Jeff,
>
> > Thanks for the quick response. Yes, basically if you follow the
> > normal application flow you loose the gwt.codesvr parameter and
> > therefore the debug module logic doesn't work.
>
> > As for the authentication, we do authenticate people outside of GWT.
> > Our login process is actually done via struts. The issue is we have
> > web filters that redirect a user to the login page if they're not
> > authenticated yet. At the point of the redirect the gwt.codesvr is
> > lost. Honestly I think we shot ourself in the foot with the
> > javascript snippet that doesn't allow us to navigate away from the
> > page. Even if you're putting the same URL in the location bar as
> > shown it'll log you out.
>
> > Thanks for the code examples, I'll let you know what I end up doing.
>
> > -Adam
>
> > On May 25, 10:34 pm, Jeff Chimene <jchim...@gmail.com> wrote:
> > > On 05/25/2010 01:14 PM, Adam wrote:
>
> > > > Hey Gang,
>
> > > > I'm having an issue with DevMode working properly. We're using
> > > > noserver option and instead connecting to our JBoss application. I've
> > > > configured the GWT Plugin in Eclipse to point to our entrypoint page.
> > > > The issue is that container security redirects us to authenticate to
> > > > the application. This in itself isn't really an issue because I can
> > > > re-paste the link in the browser after authentication and I should be
> > > > at my entrypoint. The issue is we do not allow the user to navigate
> > > > away from our app without logging out. This is done through a simple
> > > > javascript hook that posts to a logout if you try to change the URL in
> > > > the location of the browser. The only way around this I've found is
> > > > to use a browser with "Tab" support and login on one tab and then
> > > > navigate to the GWT entrypoint including &gwt.codesvr= in another
> > > > tab.
>
> > > > Ideally I'd like to be able to login and navigate to my entrypoint
> > > > from within the app and have the debugging take place when I hit the
> > > > GWT module. The issue is that &gwt-codesvr is lost once you start to
> > > > click around on the application.
>
> > > > -Adam
>
> > > By "... click around on the application" I assume you mean the URL
> > changes.
>
> > > You have to preserve the gwt.codesvr parameter on each URL. This isn't
> > > difficult.
>
> > > I have a stand-alone login page that redirects to the GWT entrypoint.
> > > The login page transmits the url to the GWT entrypoint.
>
> > > <script>
> > > function getQueryVariable(variable) {
> > > var query = window.location.search.substring(1);
> > > var vars = query.split("&");
> > > for (var i=0;i<vars.length;i++) {
> > > var pair = vars[i].split("=");
> > > if (pair[0] == variable) {
> > > return pair[1];
> > > }
> > > }}
>
> > > </script>
> > > </head>
>
> > > <body>
> > > <form id='loginForm' action='cgi-bin/authenticate.cgi'
>
> > onsubmit="document.getElementById('gwt.codesvr').value=getQueryVariable('gwt.codesvr');
> > > return true;">
> > > <input type="hidden" name='gwt.codesvr' id='gwt.codesvr'/>
> > > <span class="label">Username</span>
> > > <input type="text" size='30' maxLength='50' id='username' />
> > > <span class="label">Password</span>
> > > <input type="password" size='30' maxLength='50' id='password' />
> > > <input type="submit" value="login" />
> > > </form>
>
> > > I think the consensus is to perform authentication outside the GWT
> > > environment. When authentication fails, you can have a lightweight GWT
> > > session that redirects to the login page. By lightweight I mean to use
> > > codesplitting or GIN to lazy-load the bulk of the application after
> > > successfully authenticating.
>
> > > if (<<NOT AUTHENTICATED>>) {
> > > UrlBuilder urlBuilder = Window.Location.createUrlBuilder();
> > > urlBuilder.setPath(CONSTANTS.urlLogin());
> > > if (null != Window.Location.getParameter("gwt.codesvr")) {
> > > urlBuilder.setParameter("gwt.codesvr",
> > > Window.Location.getParameter("gwt.codesvr"));
> > > }
> > > Window.Location.assign(urlBuilder.buildString());
> > > return;
>
> > > }
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Google Web Toolkit" group.
> > To post to this group, send email to google-web-tool...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > google-web-toolkit+unsubscr...@googlegroups.com<google-web-toolkit%2bunsubscr...@googlegroups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/google-web-toolkit?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
