Hi,
I'm trying to implement a login service whereby the user submits their
username and password to the app server (using RPC or RF, it doesn't really
matter). Then on the server side, once I've verified that the credentials
are valid, I need to:
1. Call a loginDAO and record the login to persistence, then
2. Set some sort of session variable and/or cookie that can be used on
subsequent requests to authenticate the user against
3. On such subsequent requests, check for the existence of the cookie
and validate it;
4. Then, if they are inactive for a period of time, or they want to log
out, I need a way to clear the cookie or end the session somehow
I can handle #1 above all on my own, but I'm struggling with #2 - #4. In
older versions of GWT I read that I could implement my own UserInformation
(and then configure the web.xml to accept this impl as a context param)
like so:
public class MyUserInformation implements UserInformation {
@Override
public boolean isUserLoggedIn() {
HttpServletRequest request =
RequestFactoryServlet.getThreadLocalRequest();
// Now query the request for the presence of a cookie or session
var, etc. and return true or false accordingly.
}
}
*However*, as of 2.5.1 (the version I'm using) this class has been removed
altogether (or so it seems). So I ask, what is the proper way to implement
GWT authentication now-a-days? Is it still session/cookie based? If so,
what does it look like, for both the login and the logout? Thanks!
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.
