On 26 January 2011 14:53, Thomas Broyer <[email protected]> wrote:
> You mean how I *did* implement it? ;-)
>
> Using the same pattern as the Expenses sample:
>
> 1. out HTML host page (the one calling the *.nocache.js) is protected
> with a simple servlet FORM authentication
> (<login-config><auth-method>FORM</...> in the web.xml); nothing special
> here.
> 2. the server returns a known error response for unauthenticated
> requests (i.e. a 401 status code, I didn't include a WWW-Authenticate
> header
> which is in violation of HTTP, but it just works so...), this is done in a
> servlet Filter, where I simply check for request.getUserPrincipal() !=
> null.
> This has really nothing specific to RequestFactory, and we use it with
> other
> XMLHttpRequest-driven requests too.
>
> I don´t know why this is wrong, but the checking of
request.getUserPrincipal() != null seems to be valid only the first time a
request is made. The following requests (made by the requestFactory),
getUserPrincipal() returns null. Here´s my code in my AuthFilter class:
public void doFilter(ServletRequest servletRequest, ServletResponse
servletResponse, FilterChain filterChain) throws IOException,
ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if(request.getUserPrincipal() == null) {
response.setHeader("WWW-Authenticate", "FORM realm=\"userRealm\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
What am I doing wrong?
>
> 1. the client handles the known error response in a custom
> RequestTransport (in our case, for the time being, we simply Window.alert()
> the user, prompting him to refresh the page to re-authenticate)
>
>
> (BTW, thank you for the "expert" qualifier ;-) )
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
