Multiple RequestFactory servlets for a single GWT application

219 views
Skip to first unread message

Gilad Egozi

unread,
Feb 16, 2012, 2:59:53 PM2/16/12
to Google Web Toolkit, sh...@mindpos.com
Is it possible to have this? And how can this be achieved?

The motivation - I want one secured (SSL) service for user-
provisioning (passwords...), and one non-secured.

Thanks,
Gilad.

Kanagaraj M

unread,
Feb 17, 2012, 4:19:44 AM2/17/12
to google-we...@googlegroups.com, sh...@mindpos.com
I dont think, this is something to do with RequestFactoryServlet.
This has to be done in your web server not in any servlet.
For example,

 You can have a login page accessed through https, after the successful authentication you can redirect to another page(accessed through http, this is your GWT application as well).

Ashwin Desikan

unread,
Feb 17, 2012, 4:48:47 AM2/17/12
to google-we...@googlegroups.com, sh...@mindpos.com, Gilad Egozi
Gilad,

You can have multiple RequestFactoryServlets. check out the example below.


If you look at it closely, I have a different url mapping. You will have to define individual  RequestTransports to be associated with the url-mapping in your client.


Also, you will have to controll operations exposed by each of the requestFactories in your client. You can always have a base factory where you can provide common functions and move only the secured ones to SecuredRequestFactory

What I would recommend with this approach is, before using the RequestFactories have a check in your code to determine if a user is loggedIn. If logged in use the secure servlet for all requests.

example ;

web.xml

<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.example.server.gae.GaeAuthFilter</filter-class>
</filter>

<filter-mapping>
<filter-name>AuthFilter</filter-name>
<servlet-name>authRequestFactory</servlet-name>
</filter-mapping>

<servlet>
<servlet-name>authRequestFactory</servlet-name>
<servlet-class>com.google.web.bindery.requestfactory.server.RequestFactoryServlet</servlet-class>
</servlet>

<servlet>
<servlet-name>unAuthRequestFactory</servlet-name>
<servlet-class>com.google.web.bindery.requestfactory.server.RequestFactoryServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>unAuthRequestFactory</servlet-name>
<url-pattern>/unsignedRequest</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>authRequestFactory</servlet-name>
<url-pattern>/signedRequest</url-pattern>
</servlet-mapping>


client

//AuthenticatedRequestTransport

public class AuthenticatedRequestTransport extends DefaultRequestTransport {
   
    /**
     * default constructor. 
     *
     */
    public AuthenticatedRequestTransport() {
        super();
       
        //set the url
        String requestURL = GWT.getHostPageBaseURL() + "signedRequest";
        setRequestUrl(requestURL);
    }
}

//Un-Authenticated Request
public class UnAuthenticatedRequestTransport extends DefaultRequestTransport {
   
    public UnAuthenticatedRequestTransport() {
        super();
       
        //set the url
        String requestURL = GWT.getHostPageBaseURL() + "unsignedRequest";
        setRequestUrl(requestURL);
    }
}


regards
Ashwin

Thomas Broyer

unread,
Feb 18, 2012, 11:09:15 AM2/18/12
to google-we...@googlegroups.com, sh...@mindpos.com
Because RF works with reflection and stores some state in static variables, you cannot expose only a subset of proxies/services on a given endpoint (servlet instance). You can however do some runtime checks using ServiceLayerDecorators, just take care of overriding only the methods that are really "runtime" (in other words, do not override any method that's overriding in the internal ServiceLayerCache class). On the non-secured endpoint, you could for instance report() or die() when someone tries to invoke() any method that's annotated with some @Secure annotation.

Gilad Egozi

unread,
Feb 23, 2012, 5:30:38 PM2/23/12
to Google Web Toolkit
Hi Thomas

I'm not talking about two instances of the same RequestFactory class,
but rather on two different RFs with different services.
Does your explanation apply in that case too?

Thanks,
Gilad.

Thomas Broyer

unread,
Feb 23, 2012, 5:34:03 PM2/23/12
to google-we...@googlegroups.com


On Thursday, February 23, 2012 6:30:38 PM UTC+1, Gilad Egozi wrote:
Hi Thomas

I'm not talking about two instances of the same RequestFactory class,
but rather on two different RFs with different services.
Does your explanation apply in that case too?

Absolutely. The static state is on the server-side. 

Gilad Egozi

unread,
Mar 4, 2012, 12:16:46 PM3/4/12
to google-we...@googlegroups.com
Thanks Thomas, 
Do you know of some existing good examples for working with ServiceLayerDecorators?
We really want to use RequestFactory, but it seems that there are a lot of hidden disadvantages for every visible advantage it gives.
Reply all
Reply to author
Forward
0 new messages