On Tuesday, June 5, 2012 3:58:22 PM UTC+2, Ryan McFall wrote:
After I wrote my original follow-up to Thomas' message, I thought of
having different services - one for methods that require
authentication, and one for those that don't. Then I can map my
ServletFilter to the URL for the service that requires authentication,
and not map it to those that don't.
That seems easier to me than the annotation route. Anyone have any
reasons to think otherwise?
It won't work. RequestFactoryServlet loads from the classpath, so unless you somehow constrain the classpath of each servlet to only contain the classes you want to expose, the unauthenticated servlet would be able to load the "services requiring authentication", therefore allowing unauthenticated access to them.
In other words, that's not how RF has been designed.
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/fl0PLdvGKHUJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment