Re: how to secure RequestFactory in GWT 2.2

OK, I feel as if I'm solving this problem via Rubber duck debugging; sitting down to phrase my question reveals a potential solution:

• create MyRequestFactoryServlet that extends RequestFactoryServlet (I didn't realize this was an option; I thought the relevant methods therein were marked final, but that's not the case)
• override doGet()/doPost to check the user's session for a "userIsLoggedIn" object (which you can set via RPC or similar at your login page)
• throw an exception (or perhaps redirect) if the user is not logged in
• use MyRequestFactoryServlet in your web.xml rather than RequestFactoryServlet

I think this will work, but I wonder if there is not a more official solution, given that there used to be a UserInformation class that seemed to address this issue.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.