Well you could use basic authentication by setting username and
password inside the header for every request you make. If you want to
have a login page you can either redirect to the spring security page
(which should redirect you right back) or you can create your own
login page/dialog. The relevant code I've used for that looks like
this:
// POST credentials
final StringBuilder content = new StringBuilder();
content.append("j_username=" + URL.encode(this.username.getText()));
content.append("&j_password=" + URL.encode(this.password.getText()));
final RequestBuilder builder = new
RequestBuilder(RequestBuilder.POST,
URL.encode("/server/j_spring_security_check"));
builder.setHeader("Content-Type", "application/x-www-form-urlencoded");
try {
builder.sendRequest(content.toString(), Callbacks.login());
} catch (final RequestException e) {
Window.alert(e.getLocalizedMessage());
}
The nice thing about that is, that you'll recieve a cookie from spring
security so you don't have to specify username and password in all
your requests. The only coupling you have with this approach is the
server URI (in this case "/server") but this could be moved to a
shared properties file or something similar.
Greets
On Thu, Jan 6, 2011 at 3:04 PM, julio <[email protected]> wrote:
> Hi,
>
> I need to use Spring Security 3 in my application which is composed by
> Spring 3 for the server side and GWT 2.1 for the client side.
>
> Client side and server side are totally ""decoupled"", I mean they
> don't belong to the same project in the eclipse workspace (server side
> is managed by maven and client side uses prebuilt ant files) and till
> now they "communicate" each other using Rest/Json.
>
> Googling I found some tutorials and tips about integration with Spring
> Security but all of them suppose that "client side" knows spring-
> server-side classes, and so using @Controller @Autowired etc under the
> gwt.server package. In my case this is not possible (or not clean to
> do).
>
> Is there a way to use Spring Security and keeping the code
> "decoupled"? Maybe for every (rest) client request I should use "basic
> authentication"? And what about a normal login page authentication?
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
