How to use https with a GWT application

[AL]

I write a Login service for my GWT application
in my client pakage i have a LoginService a LoginServiceAsync and a
LoginWidget
in the server pakage i have a LoginServiceImpl taht extends
RemoteServiceServlet and implements LoginService
Can i use https to call the service?
Otherwise how can i use https to exchange data between client and
server?

[Robert Hanson]

> > Can i use https to call the service?

Yes, as long as the service is on the same server as the app and
abides by the same origion policy.

http://en.wikipedia.org/wiki/Same_origin_policy

Rob
http://roberthanson.name

[AL]

On 14 Dic, 04:07, "Robert Hanson" <iamroberthan...@gmail.com> wrote:
> > > Can i use https to call the service?
>
> Yes, as long as the service is on the same server as the app and
> abides by the same origion policy.
>
> http://en.wikipedia.org/wiki/Same_origin_policy
>
> Robhttp://roberthanson.name
>

well Thanks for the references

but how to make this call?
i must Specify something in myApplication.gwt.xml module colling the
servlet?
setting my server engine?
what i do in practice?

[Robert Hanson]

> but how to make this call?

There is no difference, it is just a GWT-RPC call. You just target
"/myapp/myservlet", and the RPC will hit the same server where the
HTML/JS page was loaded from. It doesn't matter if the site is hosted
on http, https, port 8080, etc.

Rob

[Merah mohamed amine]

yes

<servlet path='/user' class='your_package.server.LoginServiceImpl'/>the same package where your LoginService is chage client for server

path='/user'  is servlet map url ;

like

private String moduleRelativeURL= GWT.getModuleBaseURL() + "user";

read documentation about gwt rpc
http://code.google.com/webtoolkit/documentation/com.google.gwt.doc.DeveloperGuide.RemoteProcedureCalls.html

On Dec 14, 2007 3:47 AM, AL < alessandr...@gmail.com> wrote:

[AL]

Finally i must set my web server (eg apache tomcat) to use https?
Thanks

[Reinier Zwitserloot]

Well, duh. Of course that's what you need to do. If you want your app
to be used with https exclusively, you also need to add a redirect to
your server so that http://yourserver.com/(.*) is redirected to
https://yourserver.com/$1

[Jason Essington]

Right, if you want to use https, then you must have a server capable
of serving https ...

some caveats you may want to be aware of.

If you want your RPCs to work via https, then your host page must be
loaded via https as well (Same Origin Policy)

However, when you use the regular GWT bootstrap code via https, you
lose the ability to cache the GWT code. So, your clients will have to
transfer the GWT *.cache.html file(s) each time they visit the page.

You can use the cross site bootstrap to load the GWT code via HTTP
while still using HTTPS for the host page and RPCs ... this will give
you the benefit of HTTPS for your RPCs while still caching the GWT code.

just replace your <script ... src="...nocache.js"> with <script ...
src="http://[serverurl]/...-xs.nocache.js">

Then of course you need to be sure that your server doesn't redirect
the requests for the *-xs.nocache.js or *.cache.js or cache.png (image
bundle) files to https.

If you do actually set things up this way, then you will have to be
sure that you build up your RPC endpoints using
GWT.getHostPageBaseURL() rather than GWT.getModuleBaseURL();

-jason

[Reinier Zwitserloot]

Jason: Doesn't that cause a popup for mixed secure and insecure
content on e.g. IE with default settings?