HI, maybe this peace of code can Help :) :
You can use two modules/entries, one for the login other after login
on login
Client side:
public void onModuleLoad() {
this.setLoginPanel();
LogUtils.info("Showing Login page");
loginButton = new Button("Login");
loginButton.addListener(new ButtonListenerAdapter() {
public void onClick(Button button, EventObject e) {
userAuthentication();
}
});
.....
private void userAuthentication() {
if (this.userNameField.getValueAsString().equals(""))
Window.alert("username must not be empty.");
else {
loginService = GWT.create(LoginService.class);
String username = this.userNameField.getValueAsString();
String password = this.passwordField.getValueAsString();
this.loginService.login(username, password,
new AsyncCallback<LoginResponse>() {
public void onFailure(Throwable caught) {
Window.alert("server side failure: " + caught);
}
public void onSuccess(LoginResponse result) {
if (result.isLoginSuccess()){
Window.Location.replace("./../Main.html?gwt.codesvr=
127.0.0.1:9997");
}
else Window.alert("username or password invalid.");
}
});
}
}
ON SERVER SIDE (the login method):
public LoginResponse login(String username, String password) {
LoginPService loginService = ServiceLocator.getLoginService();
Person person = null;
try {
ManageLogs.info("Try to login for user: "+username);
person = loginService.getUserByUsername(username);
if (person == null){
return new LoginResponse(false, false);
} else if (!loginService.checkPassword(password)){
return new LoginResponse(false, false);
}
} catch (Throwable e) {
return new LoginResponse(false, false);
}
ManageLogs.info("Login sucessful for user: "+username);
LoginResponse response = new LoginResponse();
response.setLoginSuccess(true);
/*Creates de session*/
MainSession padroesSession = mainSession.getInstance();
mainSession.setRequest(getThreadLocalRequest());
mainSession.setUser(person);
return response;
}
THE MainSession
private static MainSession mainSession=null;
public static MainSession getInstance(){
if(mainSession == null){
mainSession = new MainSession();
return mainSession;
} else {
return mainSession;
}
}
private MainSession(){
}
private static final String USER_SESSION = "userSession";
private HttpServletRequest request = null;
private HttpSession session = null;
private String sessionId = "";
public Person getUser(){
if(null == session) return null;
return session.getAttribute(USER_SESSION) != null ?
(Person)session.getAttribute(USER_SESSION) : null;
}
public HttpSession getSession(){
return session;
}
public void invalidate(){
if(request!=null)
if(request.getSession(false)!= null)
request.getSession(false).invalidate();
if(null != session){
session.invalidate();
session = null;
}
setSessionId(null);
}
public void setUser(Person user){
if(null == user){
if(session!=null) session.removeAttribute(USER_SESSION);
return;
}
if(null != request)
this.session = request.getSession(true);
if(session!=null){
session.setAttribute(USER_SESSION, user);
setSessionId(session.getId());
}
}
public String getId(){
return request.getSession(false).getId();
}
public HttpServletRequest getRequest() {
return request;
}
public void setRequest(HttpServletRequest request) {
this.request = request;
}
public String getSessionId() {
return sessionId;
}
public void setSessionId(String sessionId) {
this.sessionId = sessionId;
}
....
ON THE SECOND ENTRY
public void onModuleLoad() {
LogUtils.info("Loading Padroes Module");
MainSessionServiceAsync mainSessionService =
GWT.create(MainSessionService.class);
AsyncCallback<Boolean> callback = new AsyncCallback<Boolean>(){
@Override
public void onFailure(Throwable caught) {
LogUtils.debug("no session available");
Window.Location.replace("./../Login.html");
}
@Override
public void onSuccess(Boolean result) {
if(!result){
LogUtils.debug("no session available");
Window.Location.replace("./../Login.html");
return;
}
LogUtils.info("creating new Session Time Out for this
session");
/* initialize timers for session time out control */
new SessionTimeOutControl();
/* Creates de layout +/
doLayout();
}
};
try{
mainSessionService.isValidSession(callback);
}catch(Exception e){
e.printStackTrace();
}
public void doLayout(){
AsyncCallback<PageConfiguration[]> callback = new
AsyncCallback<PageConfiguration[]>(){
@Override
public void onFailure(Throwable caught) {
LogUtils.debug("server side error on getting
PageConfiguration");
Window.Location.replace("./../Login.html");
}
@Override
public void onSuccess(PageConfiguration[] result) {
mainPanel.setStyleName("panel-border");
mainPanel.setFrame(true);
.......
Hope it helps :)
2010/6/21 Jaroslav Záruba <[email protected]>
> You don't need to generate session ids, they are generated automatically by
> server. You can invalidate session though, as you may notice in HttpSession
> API. This results in new session being generated. (I'm not sure though
> whether this happens immediately or on following http request. But that can
> be tested easily.)
>
> On Mon, Jun 21, 2010 at 11:17 PM, Rodrigo <[email protected]> wrote:
>
>> Hi,
>>
>> Can someone point me in the right direction to implement a login +
>> session system? What are the best practices? I read this page:
>>
>>
>> http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ
>>
>> but am still confused about how HttpSessions are to be used, how to
>> generate session ids, check if they're valid, etc. Any help is greatly
>> appreciated!
>>
>> -Rodrigo
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Google Web Toolkit" group.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected]<google-web-toolkit%[email protected]>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/google-web-toolkit?hl=en.
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<google-web-toolkit%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
