Thursday, January 9, 2014

Re: Best Practices for Server-side Authentication in GWT 2.5+

If you're just looking for simple authentication then you may want to take a look at: http://shiro.apache.org/. I've used it for simple authentication all the way up through using an LDAP backing store and it's pretty simple. It has some cool things like @RequiresAuthentication annotations that you can put on any RPC call you want to make sure the user is logged in for.

On Thursday, December 5, 2013 1:52:14 PM UTC-7, doctra...@gmail.com wrote:
Hi,

I'm trying to implement a login service whereby the user submits their username and password to the app server (using RPC or RF, it doesn't really matter).  Then on the server side, once I've verified that the credentials are valid, I need to:
  1. Call a loginDAO and record the login to persistence, then
  2. Set some sort of session variable and/or cookie that can be used on subsequent requests to authenticate the user against
  3. On such subsequent requests, check for the existence of the cookie and validate it;
  4. Then, if they are inactive for a period of time, or they want to log out, I need a way to clear the cookie or end the session somehow

I can handle #1 above all on my own, but I'm struggling with #2 - #4.  In older versions of GWT I read that I could implement my own UserInformation (and then configure the web.xml to accept this impl as a context param) like so:

public class MyUserInformation implements UserInformation {
    @Override
    public boolean isUserLoggedIn() {
        HttpServletRequest request = RequestFactoryServlet.getThreadLocalRequest();

        // Now query the request for the presence of a cookie or session var, etc. and return true or false accordingly.
    }
}

However, as of 2.5.1 (the version I'm using) this class has been removed altogether (or so it seems). So I ask, what is the proper way to implement GWT authentication now-a-days?  Is it still session/cookie based? If so, what does it look like, for both the login and the logout? Thanks!

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/groups/opt_out.

posted by twitter @ 3:04 PM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home


Real Estate