You could have 2 instance of RequestFactoryServlet: one "open", the other requiring authentication. On the client-side, use a RequestTransport to set the URL of the one servlet you want to use. And in each and every service, check if the user is logged in (so that even if the service is accessed through the "open" end point, a user couldn't access unauthorized data). The only difference between the two instances would be the way this is communicated to the client (so that it can be handled accordingly): with then "open" endpoint, onFailure of your Receiver would be called with the exception thrown by your service, whereas with the "secured" endpoint, the filter would send a specific response that the RequestTransport would handle.
Of course, you could even have a single, "open" endpoint, if you don't need the specific handling of lack of authentication (request blocked by a servlet filter, response handled in a RequestTransport; as in the Expenses sample). -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/oatg-6r-c-gJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
