In our current project, I simply use <login-config><auth-method>FORM</auth-method>...</login-config> so the servlet container manages it for us (I don't quite like how it's done –"return to" URL stored in session, so even a simple login page isn't stateless!– but it works well). Our goal for this project is to delegate everything re. authentication to the container (and we use Jetty, so it's really easy to plug things in if we need to tweak the behavior; for intance, we currently use the "standard" servlet form login, but I could plug a "better" one –to my taste– without touching the app, it'd all be transparent).
In our previous project, where I implemented the "in app" login, I couldn't have used the web.xml config (specific environment). But it's no different actually (and I had to do it for another part of he app which doesn't use GWT): when you hit the app's URL and you're not authenticated, you're redirected to (or presented, without redirection<http://tools.ietf.org/html/draft-broyer-http-cookie-auth>) the login page. This is where you take note of the requested URL. When the login form is submitted, it sends that URL in addition to the user's credentials (or store it in the session, like standard's servlet form login), and if they're valid, the servlet redirects the user back to the initially-requested URL. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
