RequestFactory accepts a parameter to define a
UserInformation<http://code.google.com/p/google-web-toolkit/source/browse/trunk/user/src/com/google/gwt/requestfactory/server/UserInformation.java>
class, you should implement this class with your authentication mechanism.
If this parameter is available requestfactory will call the
isUserLoggedIn method
before processing the call.
Check RequestFactoryFactoryServlet implementation.
http://code.google.com/p/google-web-toolkit/source/browse/trunk/user/src/com/google/gwt/requestfactory/server/RequestFactoryServlet.java
This is how we define the parameters on web.xml
<servlet>
<servlet-name>requestFactoryServlet</servlet-name>
<servlet-class>com.google.gwt.requestfactory.server.RequestFactoryServlet</servlet-class>
<init-param>
<param-name>userInfoClass</param-name>
<param-value>com.example.server.UserInformationImpl</param-value>
<init-param>
</servlet>
2011/8/17 July <[email protected]>
> hello all:
> I'm using GWT 2.3 requestfactory+ GAE 1.5 user authentication for my app,
> it only allows authenticated people to access, implemented as below:
> if the user has not login to Google, redirect him the Google login screen.
> if yes, check if he has the right to access. if yes display the web UI to
> user. or display error screen.
>
> My question is:
> 1. Do i have to check every gwtrequest to ensure the security? i mean, use
> a filter to check every gwtrequest to see if the user has the right to
> access. if so, the application is more secure but have to process much more
> extra payloads.
> 2. If i just use the login authentication but does not check every gwt
> requests after that, is there risk that un-authorized people may be able to
> access my app? Does requestfactory automatically have ways to protected
> this?
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-web-toolkit/-/h0Nx1ecMf2sJ.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
