Multiple RequestFactory servlets for a single GWT application
219 views
Skip to first unread message
Gilad Egozi
Feb 16, 2012, 2:59:53 PM2/16/12
to Google Web Toolkit, sh...@mindpos.com
Is it possible to have this? And how can this be achieved?
The motivation - I want one secured (SSL) service for user-
provisioning (passwords...), and one non-secured.
Thanks,
Gilad.
The motivation - I want one secured (SSL) service for user-
provisioning (passwords...), and one non-secured.
Thanks,
Gilad.
Kanagaraj M
Feb 17, 2012, 4:19:44 AM2/17/12
to google-we...@googlegroups.com, sh...@mindpos.com
I dont think, this is something to do with RequestFactoryServlet.
This has to be done in your web server not in any servlet.
For example,
You can have a login page accessed through https, after the successful authentication you can redirect to another page(accessed through http, this is your GWT application as well).
Ashwin Desikan
Feb 17, 2012, 4:48:47 AM2/17/12
to google-we...@googlegroups.com, sh...@mindpos.com, Gilad Egozi
Gilad,
You can have multiple RequestFactoryServlets. check out the example below.
If you look at it closely, I have a different url mapping. You will have to define individual RequestTransports to be associated with the url-mapping in your client.
Also, you will have to controll operations exposed by each of the requestFactories in your client. You can always have a base factory where you can provide common functions and move only the secured ones to SecuredRequestFactory
What I would recommend with this approach is, before using the RequestFactories have a check in your code to determine if a user is loggedIn. If logged in use the secure servlet for all requests.
example ;
web.xml
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.example.server.gae.GaeAuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<servlet-name>authRequestFactory</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>authRequestFactory</servlet-name>
<servlet-class>com.google.web.bindery.requestfactory.server.RequestFactoryServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>unAuthRequestFactory</servlet-name>
<servlet-class>com.google.web.bindery.requestfactory.server.RequestFactoryServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>unAuthRequestFactory</servlet-name>
<url-pattern>/unsignedRequest</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>authRequestFactory</servlet-name>
<url-pattern>/signedRequest</url-pattern>
</servlet-mapping>
client
//AuthenticatedRequestTransport
public class AuthenticatedRequestTransport extends DefaultRequestTransport {
/**
* default constructor.
*
*/
public AuthenticatedRequestTransport() {
super();
//set the url
String requestURL = GWT.getHostPageBaseURL() + "signedRequest";
setRequestUrl(requestURL);
}
}
//Un-Authenticated Request
public class UnAuthenticatedRequestTransport extends DefaultRequestTransport {
public UnAuthenticatedRequestTransport() {
super();
//set the url
String requestURL = GWT.getHostPageBaseURL() + "unsignedRequest";
setRequestUrl(requestURL);
}
}
regards
Ashwin
You can have multiple RequestFactoryServlets. check out the example below.
If you look at it closely, I have a different url mapping. You will have to define individual RequestTransports to be associated with the url-mapping in your client.
Also, you will have to controll operations exposed by each of the requestFactories in your client. You can always have a base factory where you can provide common functions and move only the secured ones to SecuredRequestFactory
What I would recommend with this approach is, before using the RequestFactories have a check in your code to determine if a user is loggedIn. If logged in use the secure servlet for all requests.
example ;
web.xml
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.example.server.gae.GaeAuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<servlet-name>authRequestFactory</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>authRequestFactory</servlet-name>
<servlet-class>com.google.web.bindery.requestfactory.server.RequestFactoryServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>unAuthRequestFactory</servlet-name>
<servlet-class>com.google.web.bindery.requestfactory.server.RequestFactoryServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>unAuthRequestFactory</servlet-name>
<url-pattern>/unsignedRequest</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>authRequestFactory</servlet-name>
<url-pattern>/signedRequest</url-pattern>
</servlet-mapping>
client
//AuthenticatedRequestTransport
public class AuthenticatedRequestTransport extends DefaultRequestTransport {
/**
* default constructor.
*
*/
public AuthenticatedRequestTransport() {
super();
//set the url
String requestURL = GWT.getHostPageBaseURL() + "signedRequest";
setRequestUrl(requestURL);
}
}
//Un-Authenticated Request
public class UnAuthenticatedRequestTransport extends DefaultRequestTransport {
public UnAuthenticatedRequestTransport() {
super();
//set the url
String requestURL = GWT.getHostPageBaseURL() + "unsignedRequest";
setRequestUrl(requestURL);
}
}
regards
Ashwin
Thomas Broyer
Feb 18, 2012, 11:09:15 AM2/18/12
to google-we...@googlegroups.com, sh...@mindpos.com
Because RF works with reflection and stores some state in static variables, you cannot expose only a subset of proxies/services on a given endpoint (servlet instance). You can however do some runtime checks using ServiceLayerDecorators, just take care of overriding only the methods that are really "runtime" (in other words, do not override any method that's overriding in the internal ServiceLayerCache class). On the non-secured endpoint, you could for instance report() or die() when someone tries to invoke() any method that's annotated with some @Secure annotation.
Gilad Egozi
Feb 23, 2012, 5:30:38 PM2/23/12
to Google Web Toolkit
Hi Thomas
I'm not talking about two instances of the same RequestFactory class,
but rather on two different RFs with different services.
Does your explanation apply in that case too?
Thanks,
Gilad.
I'm not talking about two instances of the same RequestFactory class,
but rather on two different RFs with different services.
Does your explanation apply in that case too?
Thanks,
Gilad.
Thomas Broyer
Feb 23, 2012, 5:34:03 PM2/23/12
to google-we...@googlegroups.com
On Thursday, February 23, 2012 6:30:38 PM UTC+1, Gilad Egozi wrote:
Hi Thomas
I'm not talking about two instances of the same RequestFactory class,
but rather on two different RFs with different services.
Does your explanation apply in that case too?
Absolutely. The static state is on the server-side.
Gilad Egozi
Mar 4, 2012, 12:16:46 PM3/4/12
to google-we...@googlegroups.com
Thanks Thomas,
Do you know of some existing good examples for working with ServiceLayerDecorators?
We really want to use RequestFactory, but it seems that there are a lot of hidden disadvantages for every visible advantage it gives.
Reply all
Reply to author
Forward
0 new messages