FYI,
On Tue, Jun 22, 2010 at 2:33 PM, Rodrigo <[email protected]> wrote: > Ok I just answered 1.5 of my questions: > > #1- It actually does work, using getThreadLocalRequest().getSession(). > My test had failed for an alternate reason. > great! it works with me too :) > #4- (second half) Sessions are per-browser, so multiple tabs in the > same browser share sessions, but cross-browser tabs do not. > > That's true > The other questions remain... > see my other answer > > On Jun 22, 9:16 am, Rodrigo <[email protected]> wrote: > > Thanks for the response... A few questions come up: > > > > 1. I'm using an HttpServlet for authentication, along with > > RemoteServiceServlets for GWT-RPCs. But if I create an HttpSession in > > my authentication servlet, I cannot seem to access it on the > > RemoteServiceServlet... How am I supposed to access it? Example: > > > > // In authentication HttpServlet > > protected void doGet(HttpServletRequest req, HttpServletResponse resp) > > throws ServletException, IOException { > > // ... > > req.getSession().setAttribute("user", new User("testUser")); // > > creates a session if it didn't exist beforehand > > // ... > > > > } > > > > // In GWT RPC servlet > > public List<Offer> getOffers(int productId) { > > // ... > > User user = (User) > > getThreadLocalRequest().getSession().getAttribute("user"); // returns > > null > > // ... > > > > } > > > > 2. Why are you using a MainSession singleton object? I don't see it... > > Wouldn't it also fail once you have multiple users logged in at the > > same time? > > > > 3. In your Main page, you're doing 2 sequential RPC calls before you > > render anything: one to check logged in status, and one to load page > > contents. Is this advisable or could it be avoided somehow? For > > example, the server could set up a cookie with 'loggedIn=true' so that > > you can skip the first RPC at least. And whenever you actually have to > > fetch private content, the server can fail with a > > AuthenticationException if the user is in fact not logged in. So if a > > malicious user fakes the cookie to say he's logged in, the most he'll > > ever see is a 'Logout' button when there shouldn't be one. Any other > > place that needs to show user-specific information would still be > > protected at the server. Does this make sense? What are the drawbacks > > of this? > > > > 4. I assume the SessionTimeoutControl() object just sends an RPC to > > the server every x seconds to check if the session is still alive or > > not, correct? How do HttpSessions work across tabs and browsers? If my > > user has 2 tabs open at my site, does he have 1 or 2 sessions? If it's > > 2 browsers? > > > > Thanks! > > > > On Jun 21, 6:58 pm, Bruno Lopes <[email protected]> > > wrote: > > > > > HI, maybe this peace of code can Help :) : > > > > > You can use two modules/entries, one for the login other after login > > > > > on login > > > > > Client side: > > > > > public void onModuleLoad() { > > > this.setLoginPanel(); > > > LogUtils.info("Showing Login page"); > > > loginButton = new Button("Login"); > > > loginButton.addListener(new ButtonListenerAdapter() { > > > public void onClick(Button button, EventObject e) { > > > userAuthentication(); > > > } > > > }); > > > > > ..... > > > > > private void userAuthentication() { > > > if (this.userNameField.getValueAsString().equals("")) > > > Window.alert("username must not be empty."); > > > else { > > > loginService = GWT.create(LoginService.class); > > > String username = this.userNameField.getValueAsString(); > > > String password = this.passwordField.getValueAsString(); > > > this.loginService.login(username, password, > > > new AsyncCallback<LoginResponse>() { > > > public void onFailure(Throwable caught) { > > > Window.alert("server side failure: " + caught); > > > } > > > public void onSuccess(LoginResponse result) { > > > if (result.isLoginSuccess()){ > > > > Window.Location.replace("./../Main.html?gwt.codesvr= > > > 127.0.0.1:9997"); > > > } > > > else Window.alert("username or password invalid."); > > > } > > > }); > > > } > > > } > > > > > ON SERVER SIDE (the login method): > > > > > public LoginResponse login(String username, String password) { > > > LoginPService loginService = ServiceLocator.getLoginService(); > > > Person person = null; > > > > > try { > > > ManageLogs.info("Try to login for user: "+username); > > > person = loginService.getUserByUsername(username); > > > > > if (person == null){ > > > return new LoginResponse(false, false); > > > } else if (!loginService.checkPassword(password)){ > > > return new LoginResponse(false, false); > > > } > > > > > } catch (Throwable e) { > > > > > return new LoginResponse(false, false); > > > } > > > > > ManageLogs.info("Login sucessful for user: "+username); > > > > > LoginResponse response = new LoginResponse(); > > > response.setLoginSuccess(true); > > > > > /*Creates de session*/ > > > MainSession padroesSession = mainSession.getInstance(); > > > mainSession.setRequest(getThreadLocalRequest()); > > > > > mainSession.setUser(person); > > > return response; > > > } > > > > > THE MainSession > > > > > private static MainSession mainSession=null; > > > > > public static MainSession getInstance(){ > > > if(mainSession == null){ > > > mainSession = new MainSession(); > > > return mainSession; > > > } else { > > > return mainSession; > > > } > > > } > > > > > private MainSession(){ > > > > > } > > > > > private static final String USER_SESSION = "userSession"; > > > private HttpServletRequest request = null; > > > private HttpSession session = null; > > > private String sessionId = ""; > > > > > public Person getUser(){ > > > > > if(null == session) return null; > > > > > return session.getAttribute(USER_SESSION) != null ? > > > (Person)session.getAttribute(USER_SESSION) : null; > > > > > } > > > > > public HttpSession getSession(){ > > > return session; > > > } > > > > > public void invalidate(){ > > > if(request!=null) > > > if(request.getSession(false)!= null) > > > request.getSession(false).invalidate(); > > > if(null != session){ > > > session.invalidate(); > > > session = null; > > > } > > > setSessionId(null); > > > > > } > > > > > public void setUser(Person user){ > > > if(null == user){ > > > if(session!=null) session.removeAttribute(USER_SESSION); > > > return; > > > } > > > > > if(null != request) > > > this.session = request.getSession(true); > > > > > if(session!=null){ > > > session.setAttribute(USER_SESSION, user); > > > setSessionId(session.getId()); > > > } > > > > > } > > > > > public String getId(){ > > > return request.getSession(false).getId(); > > > } > > > > > public HttpServletRequest getRequest() { > > > return request; > > > } > > > > > public void setRequest(HttpServletRequest request) { > > > this.request = request; > > > } > > > > > public String getSessionId() { > > > return sessionId; > > > } > > > > > public void setSessionId(String sessionId) { > > > this.sessionId = sessionId; > > > } > > > > > .... > > > > > ON THE SECOND ENTRY > > > > > public void onModuleLoad() { > > > LogUtils.info("Loading Padroes Module"); > > > MainSessionServiceAsync mainSessionService = > > > GWT.create(MainSessionService.class); > > > > > AsyncCallback<Boolean> callback = new AsyncCallback<Boolean>(){ > > > @Override > > > public void onFailure(Throwable caught) { > > > LogUtils.debug("no session available"); > > > Window.Location.replace("./../Login.html"); > > > } > > > > > @Override > > > public void onSuccess(Boolean result) { > > > if(!result){ > > > LogUtils.debug("no session available"); > > > Window.Location.replace("./../Login.html"); > > > return; > > > } > > > > > LogUtils.info("creating new Session Time Out for this > > > session"); > > > /* initialize timers for session time out control */ > > > new SessionTimeOutControl(); > > > > > /* Creates de layout +/ > > > doLayout(); > > > > > } > > > }; > > > > > try{ > > > > > mainSessionService.isValidSession(callback); > > > > > }catch(Exception e){ > > > e.printStackTrace(); > > > > > } > > > > > public void doLayout(){ > > > AsyncCallback<PageConfiguration[]> callback = new > > > AsyncCallback<PageConfiguration[]>(){ > > > @Override > > > public void onFailure(Throwable caught) { > > > LogUtils.debug("server side error on getting > > > PageConfiguration"); > > > Window.Location.replace("./../Login.html"); > > > } > > > > > @Override > > > public void onSuccess(PageConfiguration[] result) { > > > mainPanel.setStyleName("panel-border"); > > > mainPanel.setFrame(true); > > > ....... > > > > > Hope it helps :) > > > > > 2010/6/21 Jaroslav Záruba <[email protected]> > > > > > > You don't need to generate session ids, they are generated > automatically by > > > > server. You can invalidate session though, as you may notice in > HttpSession > > > > API. This results in new session being generated. (I'm not sure > though > > > > whether this happens immediately or on following http request. But > that can > > > > be > > > > ... > > > > read more » > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-web-toolkit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
