Em terça-feira, 11 de dezembro de 2012 13h01min41s UTC-2, dhoffer escreveu:
> What technology do you use to implement that OpenId 'login page'? Is > it possible/practical to use GWT for this? As I understand it this > OpenId login sort of bootstraps your app, i.e. they don't get to your > GWT app until they have successfully completed this login. And then > how do you block access to your GWT app without a successful login > here, do you use some sort of web.xml security constraint? > Authentication is application state, i.e. the application maintains an authentication state object of some kind. When the application "starts" this state may be anonymous or something else. Based on this state it will decide which flows it enters or authorizes etc. It should then be possible to transition from anonymous to something else by activating the login process. When this process completes, it must change the application's authentication state and voilà. This state can survive User-Agent reloads if stored in the HttpSession. The process itself has an example in openid4java's documentation, the relying party example. It should be straightforward to make a servlet out of that. The login page itself is just a piece of UI you can paint on the screen however you like. Activating authentication must cause an HTTP request to the relying party servlet so the openid process starts. Some people like to put that in a separate "popup" window. -- P. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/bOl72-CcadIJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
