Hello there, my company needs to integrate Isomorphic Smartclient into backoffice module but my issue arises also for other technologies using dedicated servlets to provide json data for JS (eg. GWT).
Use case is: -browser requests 3rd party servlet configured in web.xml (say catalog module) -ofbiz checks to see if user is logged in. If yes lets request through. If not - redirects to login page. -user logs in 1. What is best way to secure separate servlet with ofbiz security mechanism? Any GET/POST request for this servlet should be checked similar way request to ControlServlet is being checked. 2. What is best way to secure third party resources (js/images/static html files)? Those files, I guess, should be checked by specifically implemented filter and then if user is logged in 'default' Tomcat servlet should be allowed to feed them to the browser. Now ContextFilter filter prevents resources from being served so this should also be reconfigured. I expect I have to write filter for this and do sth similar to checkLogin method in LoginWorker does but is it the right way? Thanks for clues Best Lukasz
