Hey, I try your approach with cookies and seems to works fine! Thanks :)
On Tue, Jun 22, 2010 at 3:07 PM, Rodrigo <[email protected]> wrote: > Not sure if I understood your question.. But yes, the cookie is > accessed both at the client and at the server. So the server would set > it to 'loggedIn=true' upon a successful login, and clear it whenever > the user logs out OR if the server gets a request for private > information but the Session indicates that the user is not logged in.. > In that case, it clears the cookie and fails with an > AuthenticationException. The client redirects the user to login > whenever an AuthenticationException is received. > > Thus, the usage of the cookie allows the client to save some RPC calls > to the server. If a page doesn't contain private user-specific > content, but should still look different based on whether the user is > logged in or not, then the client can go off the cookie's information > and decide whether to display a 'Login' or 'Logout' button, for > example. > > On Jun 22, 9:54 am, Bruno Lopes <[email protected]> > wrote: > > FYI, > > > > > > > > On Tue, Jun 22, 2010 at 2:16 PM, Rodrigo <[email protected]> wrote: > > > Thanks for the response... A few questions come up: > > > > > 1. I'm using an HttpServlet for authentication, along with > > > RemoteServiceServlets for GWT-RPCs. But if I create an HttpSession in > > > my authentication servlet, I cannot seem to access it on the > > > RemoteServiceServlet... How am I supposed to access it? Example: > > > > > // In authentication HttpServlet > > > protected void doGet(HttpServletRequest req, HttpServletResponse resp) > > > throws ServletException, IOException { > > > // ... > > > req.getSession().setAttribute("user", new User("testUser")); // > > > creates a session if it didn't exist beforehand > > > // ... > > > } > > > > > // In GWT RPC servlet > > > public List<Offer> getOffers(int productId) { > > > // ... > > > User user = (User) > > > getThreadLocalRequest().getSession().getAttribute("user"); // returns > > > null > > > // ... > > > } > > > > > 2. Why are you using a MainSession singleton object? I don't see it... > > > Wouldn't it also fail once you have multiple users logged in at the > > > same time? > > > > > It works fine for multiple users because for each new request a new > > > > different session ID will be > > generated, and so a new session. > > > > 3. In your Main page, you're doing 2 sequential RPC calls before you> > render anything: one to check logged in status, and one to load page > > > contents. Is this advisable or could it be avoided somehow? For > > > example, the server could set up a cookie with 'loggedIn=true' so that > > > you can skip the first RPC at least. And whenever you actually have to > > > fetch private content, the server can fail with a > > > AuthenticationException if the user is in fact not logged in. So if a > > > malicious user fakes the cookie to say he's logged in, the most he'll > > > ever see is a 'Logout' button when there shouldn't be one. Any other > > > place that needs to show user-specific information would still be > > > protected at the server. Does this make sense? What are the drawbacks > > > of this? > > > > > I need those 2 because I can olny load the content if the > authentication > > > > was successful, > > and when that happens on the server side, the http session is created and > > also the user > > information is loaded. > > An only after this is possible to load the content. > > > > With a cookie, then on the client side I need to access to that cookie... > > actually I didn't check that, > > but the access to the cookie is not done on the server side, also ? > > > > > 4. I assume the SessionTimeoutControl() object just sends an RPC to > > > the server every x seconds to check if the session is still alive or > > > not, correct? How do HttpSessions work across tabs and browsers? If my > > > user has 2 tabs open at my site, does he have 1 or 2 sessions? If it's > > > 2 browsers? > > > > > The session time out control actual do more than that it uses the gwt > Timer > > > > to initialize an schedule in a new thread > > for a defined period of time, and the alert the user when the session is > > about to expire, > > if there the user do any event it will send a keep alive and > re-initialize > > the schedule, otherwise invalidate session > > e redirects to Login page. > > > > Across tabs will keep the same session until the user logout or the > session > > time out happens. > > Across browsers a new session is nedded. > > > > Hope it helps :) > > > > Bruno > > > > > Thanks! > > > > > On Jun 21, 6:58 pm, Bruno Lopes <[email protected]> > > > wrote: > > > > HI, maybe this peace of code can Help :) : > > > > > > You can use two modules/entries, one for the login other after login > > > > > > on login > > > > > > Client side: > > > > > > public void onModuleLoad() { > > > > this.setLoginPanel(); > > > > LogUtils.info("Showing Login page"); > > > > loginButton = new Button("Login"); > > > > loginButton.addListener(new ButtonListenerAdapter() { > > > > public void onClick(Button button, EventObject e) { > > > > userAuthentication(); > > > > } > > > > }); > > > > > > ..... > > > > > > private void userAuthentication() { > > > > if (this.userNameField.getValueAsString().equals("")) > > > > Window.alert("username must not be empty."); > > > > else { > > > > loginService = GWT.create(LoginService.class); > > > > String username = this.userNameField.getValueAsString(); > > > > String password = this.passwordField.getValueAsString(); > > > > this.loginService.login(username, password, > > > > new AsyncCallback<LoginResponse>() { > > > > public void onFailure(Throwable caught) { > > > > Window.alert("server side failure: " + caught); > > > > } > > > > public void onSuccess(LoginResponse result) { > > > > if (result.isLoginSuccess()){ > > > > > Window.Location.replace("./../Main.html?gwt.codesvr= > > > > 127.0.0.1:9997"); > > > > } > > > > else Window.alert("username or password > invalid."); > > > > } > > > > }); > > > > } > > > > } > > > > > > ON SERVER SIDE (the login method): > > > > > > public LoginResponse login(String username, String password) { > > > > LoginPService loginService = > ServiceLocator.getLoginService(); > > > > Person person = null; > > > > > > try { > > > > ManageLogs.info("Try to login for user: "+username); > > > > person = loginService.getUserByUsername(username); > > > > > > if (person == null){ > > > > return new LoginResponse(false, false); > > > > } else if (!loginService.checkPassword(password)){ > > > > return new LoginResponse(false, false); > > > > } > > > > > > } catch (Throwable e) { > > > > > > return new LoginResponse(false, false); > > > > } > > > > > > ManageLogs.info("Login sucessful for user: "+username); > > > > > > LoginResponse response = new LoginResponse(); > > > > response.setLoginSuccess(true); > > > > > > /*Creates de session*/ > > > > MainSession padroesSession = mainSession.getInstance(); > > > > mainSession.setRequest(getThreadLocalRequest()); > > > > > > mainSession.setUser(person); > > > > return response; > > > > } > > > > > > THE MainSession > > > > > > private static MainSession mainSession=null; > > > > > > public static MainSession getInstance(){ > > > > if(mainSession == null){ > > > > mainSession = new MainSession(); > > > > return mainSession; > > > > } else { > > > > return mainSession; > > > > } > > > > } > > > > > > private MainSession(){ > > > > > > } > > > > > > private static final String USER_SESSION = "userSession"; > > > > private HttpServletRequest request = null; > > > > private HttpSession session = null; > > > > private String sessionId = ""; > > > > > > public Person getUser(){ > > > > > > if(null == session) return null; > > > > > > return session.getAttribute(USER_SESSION) != null ? > > > > (Person)session.getAttribute(USER_SESSION) : null; > > > > > > } > > > > > > public HttpSession getSession(){ > > > > return session; > > > > } > > > > > > public void invalidate(){ > > > > if(request!=null) > > > > if(request.getSession(false)!= null) > > > > request.getSession(false).invalidate(); > > > > if(null != session){ > > > > session.invalidate(); > > > > session = null; > > > > } > > > > setSessionId(null); > > > > > > } > > > > > > public void setUser(Person user){ > > > > if(null == user){ > > > > if(session!=null) session.removeAttribute(USER_SESSION); > > > > return; > > > > } > > > > > > if(null != request) > > > > this.session = request.getSession(true); > > > > > > if(session!=null){ > > > > session.setAttribute(USER_SESSION, user); > > > > setSessionId(session.getId()); > > > > } > > > > > > } > > > > > > public String getId(){ > > > > return request.getSession(false).getId(); > > > > } > > > > > > public HttpServletRequest getRequest() { > > > > return request; > > > > } > > > > > > public void setRequest(HttpServletRequest request) { > > > > this.request = request; > > > > } > > > > > > public String getSessionId() { > > > > return sessionId; > > > > } > > > > > > public void setSessionId(String sessionId) { > > > > this.sessionId = sessionId; > > > > } > > > > > > .... > > > > > > ON THE SECOND ENTRY > > > > > > public void onModuleLoad() { > > > > LogUtils.info("Loading Padroes Module"); > > > > MainSessionServiceAsync mainSessionService = > > > > GWT.create(MainSessionService.class); > > > > > > AsyncCallback<Boolean> callback = new > AsyncCallback<Boolean>(){ > > > > @Override > > > > public void onFailure(Throwable caught) { > > > > LogUtils.debug("no session available"); > > > > Window.Location.replace("./../Login.html"); > > > > } > > > > > > @Override > > > > public void onSuccess(Boolean result) { > > > > if(!result){ > > > > LogUtils.debug("no session available"); > > > > Window.Location.replace("./../Login.html"); > > > > return; > > > > } > > > > > > LogUtils.info("creating new Session Time Out for this > > > > session"); > > > > /* initialize timers for session time out control */ > > > > new SessionTimeOutControl(); > > > > > > /* Creates de layout +/ > > > > doLayout(); > > > > > > } > > > > }; > > > > > > try{ > > > > > > mainSessionService.isValidSession(callback); > > > > > > }catch(Exception e){ > > > > e.printStackTrace(); > > > > > > } > > > > > > public void doLayout(){ > > > > AsyncCallback<PageConfiguration[]> callback = new > > > > AsyncCallback<PageConfiguration[]>(){ > > > > @Override > > > > public void onFailure(Throwable caught) { > > > > LogUtils.debug("server side error on getting > > > > PageConfiguration"); > > > > Window.Location.replace("./../Login.html"); > > > > } > > > > ... > > > > read more » > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-web-toolkit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
