HI All. I'm trying to config roles and permissions into a GWT app. This app has spring too, and I had thinking in Spring-security but I have problems with the integration, do you have any easy tutorial or example to do it?
On Thursday, November 24, 2011 6:11:00 PM UTC+1, Alfredo Quiroga-Villamil wrote: > > Hello: > > A few approaches I think can be taken here. Two that come to mind ordered > by the complexity level are: > > Option 1: > > If you are using Spring Security and have Method Security then ensure that > the methods throw an exception when the session has expired (You should get > an AccessDeniedException from Spring if my memory serves me right). > Propagate that exception (GWT-RPC) in your case all the way to the client > and let the client know that he has to logout/login. You can get more > specific and create perhaps a Custom AccessDeniedException that's > serializable all the way to the client side allowing you to know exactly > why the exception took place based on the type of Exception received in the > UI and at that point simply reload the user's UI for example instead of > showing the message. The choice of prompting the user Vs reloading the UI > is really up to how you think the implementation makes more sense based on > your use case. > > Option 2: > > On the server side, create a class that implements something along the > lines of HttpSessionListener. Integrate it with Spring (there are some > tutorials online regarding this) and there you can know exactly when the > session is destroyed or expired. You then face the dilemma of having to > notify the user (client). For which you'll need a Server Push > implementation (Look at Continuations using Jetty for example or how to > implement it based on the servlet container you have). Using Server Push > you can then right when it takes place notify the user that his/her session > has expired or reload the client and force the user to re-login. > > I am sure there are other options that you can try, but those are the ones > that come to mind right now. > > Happy Thanks Giving! > > Alfredo > > > On Thu, Nov 24, 2011 at 8:24 AM, nacho <[email protected]> wrote: > >> I have implemented Spring Security and GWT togheter, but what I can't >> figure out hw can I handle is how to logout when an RPC fails because the >> user is not logged in anymore. >> >> For example, the user logs in in my application, then he for example >> clean the browser session, so he is not logged in anymore. And now he >> want's to perform some action that call's an RPC, obviusly this call fails >> beacause the user need to be logued in to call /rpc/* >> >> I would like that if the user logs out by any reason, and calls an RPC >> that fails (beacause he's logued out) redirect the user to the login again. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google Web Toolkit" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ. >> >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/google-web-toolkit?hl=en. >> > > > > -- > Alfredo Quiroga-Villamil > > AOL/Yahoo/Gmail/MSN IM: lawwton > > > On Thursday, November 24, 2011 6:11:00 PM UTC+1, Alfredo Quiroga-Villamil wrote: > > Hello: > > A few approaches I think can be taken here. Two that come to mind ordered > by the complexity level are: > > Option 1: > > If you are using Spring Security and have Method Security then ensure that > the methods throw an exception when the session has expired (You should get > an AccessDeniedException from Spring if my memory serves me right). > Propagate that exception (GWT-RPC) in your case all the way to the client > and let the client know that he has to logout/login. You can get more > specific and create perhaps a Custom AccessDeniedException that's > serializable all the way to the client side allowing you to know exactly > why the exception took place based on the type of Exception received in the > UI and at that point simply reload the user's UI for example instead of > showing the message. The choice of prompting the user Vs reloading the UI > is really up to how you think the implementation makes more sense based on > your use case. > > Option 2: > > On the server side, create a class that implements something along the > lines of HttpSessionListener. Integrate it with Spring (there are some > tutorials online regarding this) and there you can know exactly when the > session is destroyed or expired. You then face the dilemma of having to > notify the user (client). For which you'll need a Server Push > implementation (Look at Continuations using Jetty for example or how to > implement it based on the servlet container you have). Using Server Push > you can then right when it takes place notify the user that his/her session > has expired or reload the client and force the user to re-login. > > I am sure there are other options that you can try, but those are the ones > that come to mind right now. > > Happy Thanks Giving! > > Alfredo > > > On Thu, Nov 24, 2011 at 8:24 AM, nacho <[email protected]> wrote: > >> I have implemented Spring Security and GWT togheter, but what I can't >> figure out hw can I handle is how to logout when an RPC fails because the >> user is not logged in anymore. >> >> For example, the user logs in in my application, then he for example >> clean the browser session, so he is not logged in anymore. And now he >> want's to perform some action that call's an RPC, obviusly this call fails >> beacause the user need to be logued in to call /rpc/* >> >> I would like that if the user logs out by any reason, and calls an RPC >> that fails (beacause he's logued out) redirect the user to the login again. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google Web Toolkit" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ. >> >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/google-web-toolkit?hl=en. >> > > > > -- > Alfredo Quiroga-Villamil > > AOL/Yahoo/Gmail/MSN IM: lawwton > > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/FIBJga7GP_gJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
