GWT and Spring Security work perfectly together. See this as a starter point: http://www.jroller.com/sjivan/entry/ajax_based_login_using_aceci http://java.dzone.com/articles/integrating-gwt-spring
I advise you to use a classic HTML form for login, not a GWT based login dialog. On Jun 17, 7:19 am, fmod <[email protected]> wrote: > Hi, I need to re-implement the classic login page. And I'm a bit lost > with all the alternatives. The communication with the server is with > RPC. Until now the flow I was using was: > - User enters login and pass [client sends them in plain text to the > server] > - Server validates and generate a session id (String generated with > UUID) [server replies that]. > - On every request the client sends session id. (all the functions in > the rpc have sessionId) > - The server was keeping track of this session id and after 30 mins > without being used it removed it as valid session. > > This was working quite well, but it was a bit annoying to have this > sessionId all the time. Reading some posts, seems that is a bad idea > sending the session id all the time (at least as I understood). That I > can rely on the 'classical session' mechanism. So somehow the server > remembers the client after he logs in the first time. > > Here is my dilemma. This 'classical session' carried by the server > seems to disagree with the 'new Ajax-era' where the server carries no > status of the client. > > I think I'm totally messing concepts here. What is the correct way of > doing it? Is there some good explaining how to do it, maybe an example > will be great. > > Thank you in advance. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
