GWT - Spring Security

[Victor Lujan]

Oh boy, I never get answers on this group.

I hope this one does.

So, I'm learning GWT, i need to implement a login module. I heard
spring security is kind of cool so I was going to download that,
until i realized that i had to download spring first, and then spring
security. The requirements are not precisely insignificant,
i was wondering if it's worthy downloading and installing all that,
against using some other google recommendation to do this.

What would i be missing without spring security?
do you think its worthy?
does anyone also thinks the requirements are a killer?

Thanks

[Alfredo Quiroga-Villamil]

Hello Victor:

If your focus is to learn GWT then I wouldn't dive into Spring just yet. For learning purposes, a simple method in your XServiceImplementation using GWT-RPC will do.

If you are planning to build a production application, then I would strongly suggest Spring with Spring Security in the backend.

Regards,

Alfredo

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

--
Alfredo Quiroga-Villamil

AOL/Yahoo/Gmail/MSN IM:  lawwton

[Victor Lujan]

Hi Alfredo!

Thanks for replying !

Im both learning and trying to do something very nice.

Im going to give Spring a shot then :D

All comments are still appreciated

On Nov 21, 7:49 pm, Alfredo Quiroga-Villamil <laww...@gmail.com>
wrote:

[-sowdri-]

If you are looking at Authentication and Authorization, then spring security is the de facto standard (of course this is all for the server side)!

[Victor Lujan]

Great, thank you both! I already downloaded spring and will update
you later : )

[Rob]

Hi,

If you are new to GWT then take a look at this post:

-> http://uptick.com.au/content/gwt-login-security

Cheers
Rob

[nacho]

I have implemented Spring Security and GWT togheter, but what I can't figure out hw can I handle is how to logout when an RPC fails because the user is not logged in anymore.

For example, the user logs in in my application, then he for example clean the browser session, so he is not logged in anymore. And now he want's to perform some action that call's an RPC, obviusly this call fails beacause the user need to be logued in to call /rpc/*

I would like that if the user logs out by any reason, and calls an RPC that fails (beacause he's logued out) redirect the user to the login again.

[Alfredo Quiroga-Villamil]

Hello:

A few approaches I think can be taken here. Two that come to mind ordered by the complexity level are:

Option 1:

If you are using Spring Security and have Method Security then ensure that the methods throw an exception when the session has expired (You should get an AccessDeniedException from Spring if my memory serves me right). Propagate that exception (GWT-RPC) in your case all the way to the client and let the client know that he has to logout/login. You can get more specific and create perhaps a Custom AccessDeniedException that's serializable all the way to the client side allowing you to know exactly why the exception took place based on the type of Exception received in the UI and at that point simply reload the user's UI for example instead of showing the message. The choice of prompting the user Vs reloading the UI is really up to how you think the implementation makes more sense based on your use case.

Option 2:

On the server side, create a class that implements something along the lines of HttpSessionListener. Integrate it with Spring (there are some tutorials online regarding this) and there you can know exactly when the session is destroyed or expired. You then face the dilemma of having to notify the user (client). For which you'll need a Server Push implementation (Look at Continuations using Jetty for example or how to implement it based on the servlet container you have). Using Server Push you can then right when it takes place notify the user that his/her session has expired or reload the client and force the user to re-login.

I am sure there are other options that you can try, but those are the ones that come to mind right now.

Happy Thanks Giving!

Alfredo

 

--

You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.

To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ.

To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

[jusran mawardi]

for nacho:

what if you save user information in variables/class that declared in MainEntryPoint. Whenever user refresh the browser, that variable will flush/reset to null, if that variable == null, show login page.

So far that's what i've been done, may be it's not the best way. 

--

You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ.
To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

--

Regards, 

--

Jusran Mawardi

[Saulo]

HI All. I'm trying to config roles and permissions into  a GWT app. This app has spring too, and I had thinking in Spring-security but I have problems with the integration, do you have any easy tutorial or example to do it?

To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsub...@googlegroups.com.

To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsub...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.