If you want to have browsers auto-complete username/password in your
application's login form, you probably did (*I* did) this:
1. follow recommandations from
http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ,
i.e. your form and fields have to be in the original markup and you
mustn't use .submit() but let the browser submit using, say... a
submit button?
2. use something like that in your code:
// note the "true" second argument, to create a hidden iframe
FormPanel form = FormPanel.wrap(Document.get().getElementById
("login"), true);
form.addFormPanel(new FormPanel() {
public void onSubmit(FormSubmitEvent event) {
// do some validation before submitting (non-empty fields)
// and call event.setCancelled(true) if needed.
}
public void onSubmitComplete(FormSubmitCompleteEvent event) {
// somehow "parse" event.getResults() to know whether it
// succeeded or not.
}
});
3. Your server have to send its response in with Content-Type:text/
html, even if its JSON (hence the "parse" above)
But there's actually an alternative!
It never occured to me before someone pointed me to a login page that
does it: if your form submits to a javascript: URL, then the browser's
"auto-complete" feature will work (provided the form and fields were
in the original HTML page markup, same limitation as above).
What it means is that you can use GWT-RPC or RequestBuilder!!!
Your code now looks like:
private static native void injectLoginFunction() /*-{
$wnd.__gwt_login = @com.example.myapp.client.App::doLogin();
}-*/;
private static void doLogin() {
// get the fields values and do your GWT-RPC call or
// RequestBuilder thing here.
}
...
// notice that we now pass "false" as the second argument
FormPanel form = FormPanel.wrap(Document.get().getElementById
("login"), false);
form.setAction("javascript:__gwt_login()");
And of course, you can still validate the form before it's submitted:
form.addFormPanel(new FormPanel() {
public void onSubmit(FormSubmitEvent event) {
// do some validation before submitting (non-empty fields)
// and call event.setCancelled(true) if needed.
}
public void onSubmitComplete(FormSubmitCompleteEvent event) {
// will never be called.
}
});
Tested in IE7, Firefox 3.0 and Opera 10alpha; please update if it
works (or doesn't work) for you in other browsers.
The previous solution (using the iframe) was successfully tested in
IE6, IE7, IE8 (beta 1 at that time), Firefox 2 and 3.0, Opera (9.62 at
that time), Safari 3 for Windows and Google Chrome (1 and 2).