Security for RequestFactoryServlet and static cache in ServiceLayerCache

To allow some RequestFactory calls to be executed with and some without an authenticated session, I thought of providing two different RequestFactoryServlets at two different urls. 

The first one is secured by an http filter and the second is not. The unsecured version adds a special ServiceLayerDecorator to restrict access to some services from the back-end. The reason why this doesn't work is the static method cache in ServiceLayerCache. As the instance of ServiceLayerCache is only created once per servlet, I don't see a reason why to use a static field here. If this would be a normal field, I think the solution could work.

Before opening a feature request, I'd like to hear other opinions.

Regards,

Stefan.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/TUttajlsbUJtSWtK.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.