example, stand-alone gwt openid project

[Matthew Pocock]

Hi,

I am developing a web application in GWT that requires user authentication. I don't really want to handle accounts and passwords myself, and would prefer to use openid. The GWT+openid tutorials I've seen tend to also use google app engine, but I don't think it is possible in my case to deploy in that environment. Although I'm an experienced Java developer, I'm a noob with GWT, so it would be really helpful if there was a fully-worked example application that I can grab, build, run and then adapt. However, I couldn't find anything like that from an afternoon of googling.

I saw some similar threads in this mailing list, but they all either go right over my head or point at a google app engine solution.

Thanks,

Matthew

[Ümit Seren]

You have two ways to solve this: 

1. Authenticate outside of GWT with dedicated servlet/jsp: In case you are using Spring or another Java application framework you can have a normal login.jsp page which deals with your openid authentication and after your are properly authenticated you can re-direct to the index.jsp page which loads your GWT application. Alternatively you could create a second entrypoint if you want to use GWT code in your login.jsp but usually the login.jsp is really a simple thing with pictures of openid providers and appropriate links. For Spring there are several tutorials and libraries to do that: http://www.packtpub.com/article/opening-up-to-openid-with-spring-security, http://krams915.blogspot.com/2011/02/spring-security-3-openid-login-with_13.html As soon as you are successfully logged in via the login.jsp page and re-direct tot he index.jsp you can store the user credentials in a HTTP sessions and also store it in variable in your index.jsp page (var user = {}) and then read it out from your GWT app. But make sure that you always do security checks on the backend when executing actions which require authorization. 
2. In case you don't want use a dedicated login page you could also do the login from within your GWT application. There are a couple of tutorials: http://code.google.com/p/gwtsecurity/, http://bsgdev.wordpress.com/2011/01/18/exploring-google-and-openid-login-with-spring-security-and-spring-roo/, http://technowobble.blogspot.com/2010/07/gwt-and-open-id-using-spring-security.html