redirect problem
654 views
Skip to first unread message
deanhiller
Oct 2, 2008, 12:29:13 AM10/2/08
to Google Web Toolkit
I have a Servlet Filter installed, and because of our single sign on
between all our apps, this same Servlet Filter is used on all projects
and redirects to the login page after the session times out. the
problem is every function call in GWT that goes through this Servlet
Filter ends up passing back an Exception as it does not understand the
redirect
This is the code in the ServletFilter
response.sendRedirect(LOGIN_URL+"?session=timedOut);
Then in the GWT GUI, failure(Throwable e) is called with an
InvocationException. We don't want to have to code up every method
for redirecting of course. Much like JSF and AJAX, we just want the
redirects to work....ie. in Seam, if an AJAX request is made and the
ServletFilter does a redirect, the whole page redirects. Is there any
way to make GWT do that? This is really annoying as we have 10
projects and 30 methods on each so over 300 methods we have to code
this "special case" up for....and we are adding project after project
and people wil forget to add this special case. We need a better
way. This is sort of like an aspect, like transactions or logging and
we want to do it in a filter or proxy filter.
thanks,
Dean
between all our apps, this same Servlet Filter is used on all projects
and redirects to the login page after the session times out. the
problem is every function call in GWT that goes through this Servlet
Filter ends up passing back an Exception as it does not understand the
redirect
This is the code in the ServletFilter
response.sendRedirect(LOGIN_URL+"?session=timedOut);
Then in the GWT GUI, failure(Throwable e) is called with an
InvocationException. We don't want to have to code up every method
for redirecting of course. Much like JSF and AJAX, we just want the
redirects to work....ie. in Seam, if an AJAX request is made and the
ServletFilter does a redirect, the whole page redirects. Is there any
way to make GWT do that? This is really annoying as we have 10
projects and 30 methods on each so over 300 methods we have to code
this "special case" up for....and we are adding project after project
and people wil forget to add this special case. We need a better
way. This is sort of like an aspect, like transactions or logging and
we want to do it in a filter or proxy filter.
thanks,
Dean
falafala
Oct 2, 2008, 3:25:50 AM10/2/08
to Google Web Toolkit
The gwt client cannot interpret the redirect or invalid response
(hence invocation exception). I do it this way...
I use GWT server library so I can implement the service as POJO in
Spring container and published as gwt service. I cannot use servlet
filter bcoz it cannot handle the marshaling of the response. It
should be behind the GWT rpc servlet. So I intercept the call to POJO
service using Spring aop and check the session there, and throw
session expired exception. The "SessionExpiredException" can also
include the URL to be redirected. This can be marshaled and sent back
to the gwt client.
On the client side, you can catch the SessionExpiredException in the
AsyncCallback handler and call the Javascript to do the redirect.
(hence invocation exception). I do it this way...
I use GWT server library so I can implement the service as POJO in
Spring container and published as gwt service. I cannot use servlet
filter bcoz it cannot handle the marshaling of the response. It
should be behind the GWT rpc servlet. So I intercept the call to POJO
service using Spring aop and check the session there, and throw
session expired exception. The "SessionExpiredException" can also
include the URL to be redirected. This can be marshaled and sent back
to the gwt client.
On the client side, you can catch the SessionExpiredException in the
AsyncCallback handler and call the Javascript to do the redirect.
walden
Oct 2, 2008, 9:10:49 AM10/2/08
to Google Web Toolkit
Hi Dean,
In my earliest prototypes with GWT RPC, I decided I didn't want to
bother with failed calls, so I implemented my own AsyncCallbackAdapter
which stubs out the onFailure with a Window.alert(). Then I extend
that for the specific RPC cases. Strangely enough, I haven't had to
revisit that decision. I think the same approach would work for you,
except your default onFailure would inspect the exception to ascertain
that it represents a session timeout, and then effect the location
change to the login page. There would of course be a one-time effort
to put this in place of what you have now. And you would still need
to "educate" developers to always extend the adapter when implementing
new remote services.
Walden
In my earliest prototypes with GWT RPC, I decided I didn't want to
bother with failed calls, so I implemented my own AsyncCallbackAdapter
which stubs out the onFailure with a Window.alert(). Then I extend
that for the specific RPC cases. Strangely enough, I haven't had to
revisit that decision. I think the same approach would work for you,
except your default onFailure would inspect the exception to ascertain
that it represents a session timeout, and then effect the location
change to the login page. There would of course be a one-time effort
to put this in place of what you have now. And you would still need
to "educate" developers to always extend the adapter when implementing
new remote services.
Walden
deanhiller
Oct 2, 2008, 8:32:21 PM10/2/08
to Google Web Toolkit
This combined with the post just after sounds like the best solution
so far(though educating developers on using the adapter is a pain, it
will have to do).
In that case though, if I am using tomcat with straight GWT, can I
still do this? I don't know much about spring at all. Can I get more
details on how to specify the servlet in this case as don't you need
to specify the Spring servlet or specify the layer in between GWT
Servlet and client somehow. What does the code look like and what
does the web.xml look like here?
so far(though educating developers on using the adapter is a pain, it
will have to do).
In that case though, if I am using tomcat with straight GWT, can I
still do this? I don't know much about spring at all. Can I get more
details on how to specify the servlet in this case as don't you need
to specify the Spring servlet or specify the layer in between GWT
Servlet and client somehow. What does the code look like and what
does the web.xml look like here?
falafala
Oct 3, 2008, 4:19:51 AM10/3/08
to Google Web Toolkit
For GWT RPC and Spring integration, you may first look at the GWT
Server Library
http://gwt-widget.sourceforge.net/ . The GWT-SL provides a
GWTHandler to
handle the GWT RPC request and then invoke the corresponding service
POJO.
The configuration is rather standard and straight forward.
To intercept the call between the GWT-SL GWTHandler and the POJO
service,
you can look at the Spring AOP, eg, BeanNameAutoProxyCreator ... sth
like that.
Server Library
http://gwt-widget.sourceforge.net/ . The GWT-SL provides a
GWTHandler to
handle the GWT RPC request and then invoke the corresponding service
POJO.
The configuration is rather standard and straight forward.
To intercept the call between the GWT-SL GWTHandler and the POJO
service,
you can look at the Spring AOP, eg, BeanNameAutoProxyCreator ... sth
like that.
tin
Nov 27, 2008, 8:46:43 AM11/27/08
to Google Web Toolkit
Hi,
I am also facing the same issue. In my case, I have also used Acegi
Security to implement authorization. If session times out then in this
case, Authorization filters of the acegi will not work & control will
not be able to reach the GWT Handler. In this case, however, exception
would still be thrown. So what alternatives do I have in this case?
One that comes to mind is that I can leave authorization rules on the
GWT services as these services shall be accessed by someone who has
got access to the web page in first case. So no authorization for RPC
based services. If there is any authentication error, then the control
would reach GWT handler and the aspects can catch them, marshall them
and send them back to GWT client.
Comments?
Regards,
Nitin
I am also facing the same issue. In my case, I have also used Acegi
Security to implement authorization. If session times out then in this
case, Authorization filters of the acegi will not work & control will
not be able to reach the GWT Handler. In this case, however, exception
would still be thrown. So what alternatives do I have in this case?
One that comes to mind is that I can leave authorization rules on the
GWT services as these services shall be accessed by someone who has
got access to the web page in first case. So no authorization for RPC
based services. If there is any authentication error, then the control
would reach GWT handler and the aspects can catch them, marshall them
and send them back to GWT client.
Comments?
Regards,
Nitin
a44ever
Dec 12, 2008, 11:11:18 AM12/12/08
to Google Web Toolkit
I also use Spring Security and the technique described above
(created: FailureHandlingAsyncCallback implements AsyncCallback).
Problem is it works beautifully on FF but not on IE.
...
public void onFailure(Throwable caught)
{
maskArea.unmask();
if (caught instanceof StatusCodeException)
{
StatusCodeException sce = (StatusCodeException) caught;
if (sce.getStatusCode() == 302)
{
// Timeout occurred - go back to base url, forcing a clean re-
login
SelfServiceEntry.redirect(GWT.getModuleBaseURL());
}
}
else
MessageBox.alert("Error: " + caught);
}
deanhiller
Dec 19, 2008, 1:14:10 PM12/19/08
to Google Web Toolkit
So, I added code to my ServletFilter(I didn't feel like getting
involved in spring at all), but I could not get the code to work.....
http://groups.google.com/group/Google-Web-Toolkit/browse_thread/thread/8444004a667f11fe#
I think there is just a simple mistake...anyone know?
thanks,
Dean
involved in spring at all), but I could not get the code to work.....
http://groups.google.com/group/Google-Web-Toolkit/browse_thread/thread/8444004a667f11fe#
I think there is just a simple mistake...anyone know?
thanks,
Dean
Reply all
Reply to author
Forward
0 new messages