thanks Sebastian for the reply the basic authentication I think has worse performance than "login page" has it must authenticate every time (well, I could "forge" ad hoc filters chain but it always will hit the db) and u have not a real "logout".
with ur snippet i will use the login page :) On Jan 6, 2:24 pm, Sebastian Hoß <[email protected]> wrote: > Well you could use basic authentication by setting username and > password inside the header for every request you make. If you want to > have a login page you can either redirect to the spring security page > (which should redirect you right back) or you can create your own > login page/dialog. The relevant code I've used for that looks like > this: > > // POST credentials > final StringBuilder content = new StringBuilder(); > content.append("j_username=" + URL.encode(this.username.getText())); > content.append("&j_password=" + URL.encode(this.password.getText())); > > final RequestBuilder builder = new > RequestBuilder(RequestBuilder.POST, > URL.encode("/server/j_spring_security_check")); > builder.setHeader("Content-Type", > "application/x-www-form-urlencoded"); > > try { > builder.sendRequest(content.toString(), Callbacks.login()); > } catch (final RequestException e) { > Window.alert(e.getLocalizedMessage()); > } > > The nice thing about that is, that you'll recieve a cookie from spring > security so you don't have to specify username and password in all > your requests. The only coupling you have with this approach is the > server URI (in this case "/server") but this could be moved to a > shared properties file or something similar. > > Greets > > On Thu, Jan 6, 2011 at 3:04 PM, julio <[email protected]> wrote: > > Hi, > > > I need to use Spring Security 3 in my application which is composed by > > Spring 3 for the server side and GWT 2.1 for the client side. > > > Client side and server side are totally ""decoupled"", I mean they > > don't belong to the same project in the eclipse workspace (server side > > is managed by maven and client side uses prebuilt ant files) and till > > now they "communicate" each other using Rest/Json. > > > Googling I found some tutorials and tips about integration with Spring > > Security but all of them suppose that "client side" knows spring- > > server-side classes, and so using @Controller @Autowired etc under the > > gwt.server package. In my case this is not possible (or not clean to > > do). > > > Is there a way to use Spring Security and keeping the code > > "decoupled"? Maybe for every (rest) client request I should use "basic > > authentication"? And what about a normal login page authentication? > > > Thanks > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google Web Toolkit" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
