A few suggestions about sign-in are already here although maybe they don't touch much about session expiration:
http://code.google.com/webtoolkit/articles/dynamic_host_page.html About the redirect you mentioned getting lost, my educated guess is that most likely the redirection is working but your responses (through RPC or whatever you use) don't handle them. Try printing the response text and most likely you'll see your login.jsp being sent. A couple of ways to handle session expiration: - A quick and dirty solution: parse a specific string that you will always have in your login.jsp within your callback(s). Once you know this is the response, then you can call "Window.Location.assign(redirectUrl)" to redirect to login.jsp, or display a login dialog. - A better but more involved solution is to throw a GWT-compatible exception once authentication fails (session expires) and have an abstract callback or one that all others extend to handle that exception in one place and do the same as I explained above. On Feb 7, 3:24 pm, andrew <[email protected]> wrote: > Hi, > > we are implementing an application using GWT2.1 + Spring security 3.0. > We use a SSO Kerberos authentication, if this fails, user can still > log in through a login page. > > Our basic configuration is something like this: > > <sec:http entry-point-ref="entryPoint"> > <sec:session-management invalid-session-url="/login.jsp" /> > <sec:intercept-url pattern="/login.jsp*" filters="none" /> > <sec:intercept-url pattern="/images/*" filters="none" /> > <sec:intercept-url pattern="/css/*" filters="none" /> > <sec:intercept-url pattern="/*" access="IS_AUTHENTICATED_FULLY" /> > <sec:custom-filter ref="spnegoProcessingFilter" > position="BASIC_AUTH_FILTER" /> > <sec:form-login login-page="/login.jsp" default-target-url="/ > Portal.html" always-use-default-target="false" authentication-failure- > url="/login.jsp?login_error" /> > <sec:logout logout-success-url="/login.jsp?logout" invalidate- > session="true" /> > </sec:http> > > The authentication process works fine. Our problem is, how to deal > with the session time-out. SpringSecurity recognizes the the session > is invalid and calls in the filter chain a > DefaultRedirectStrategy->response.redirect("/login.jsp"), how expected. But > the redirect gets > > lost and nothing happens. The user has to restart the browser or > recall the login URL by him self. > > I read somewhere, that redirects are ignored by the GWT client, but > I'm not sure with this. > > Any idea how to handle session-timeouts in GWT or how to make filter > redirects work for GWT clients? > > Thanks for any advice, > > Andrej -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
