Hello Koen,
I never used Requestfactory so I do not know if it is similar to RPC. In my
case, all my RPC Services can send a ServiceRemoteException (declared in
Services interfaces). (ServiceRemoteException is a custom exception that I
extended for my needs)
@RemoteServiceRelativePath("GWT.rpc")
public interface MyRemoteService extends RemoteService {
public void myRemoteMethod() throws ServiceRemoteException;
}
When There is a security exception (I am using a framework to manage
security checks called Shiro. http://shiro.apache.org/. I plugged it over
Guice and its AOP mechanism. Like this I can use special annotation on my
methods like @RequireAuthentication, @RequiresRole("role"), @RequiresGuest,
... and every time that a user try to access a method without the correct
permissions, a shiro exception is thrown.)
All Security Exception are caught by a global server exception catcher. (I
extendend the method processCall of the RemoteServiceServlet class for
this).
When a Shiro Security Exception is caught, I create a new
RemoteServiceException with some extra parameters that contains the security
exception type for the client.
Now, on the client, with RPC call, you calls methods with something similar
to this :
myService.myRemoteMethod(new AsyncCallback<Void>() {
@override
public void onSuccess(Void v) {
}
@override
public void onFailure(Throwable t) {
}
}
When a security exception occurs, the client code will execute the onFailure
method. Here you can manage how to handle your exception
onFailure(Throwable t) {
if(t instanceof RemoteServiceException) {
ExceptionType type = ((RemoteServiceException) t).getType();
if(type == SECURITY_AUTHENTICATION) {
placeController.goTo(new LoginPlace());
}
}
}
Now, maybe that you do not want to write this code in every onFailure(), so,
you can extends AsyncCallback class.
public abstract class ManagedAsyncCallback<T> extends AsyncCallback<T> {
@override
public void onFailure(Throwable t) {
// .. write your common security exception management here
}
}
then, when calling a service, you only have to override the onSuccess() in
quite every case, except in special situations.
myService.myRemoteMethod(new ManagedAsyncCallback<Void>() {
@override
public void onSuccess(Void v) {
}
}
I hope that it can help you :)
I do not know if RequestFactory is using somethig similar (onSuccess,
onFailure).
Thanks.
2010/11/17 koma <[email protected]>
> hi Nicolas & others,
>
> I understand how you work with the dynamic hosted page, but how do you
> throw the remote exception like you describe here :
>
> On server side, I use a security framework that check permission on
> rpc
> call. If user is not logged in (session has expired) but want to
> access to a
> "secured method" -> I throw a special remote exception. This
> exceptions is
> handled by a custom AsyncCallback that will redirects the user to a
> login
> page + sends a new LoginStatusEvent(false)
>
> I am using Requestfactory and I have "/gwtRequest" behind a security
> constraint; so I can block unauthorized request, but I am not
> receiving a RemoteException; Neither is 'onViolation' or 'onFailure'
> triggered; My console displays just a JSON exception that occurs.
>
> thx
>
> Koen
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<google-web-toolkit%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
