A few approaches I think can be taken here. Two that come to mind ordered by the complexity level are:
Option 1:
If you are using Spring Security and have Method Security then ensure that the methods throw an exception when the session has expired (You should get an AccessDeniedException from Spring if my memory serves me right). Propagate that exception (GWT-RPC) in your case all the way to the client and let the client know that he has to logout/login. You can get more specific and create perhaps a Custom AccessDeniedException that's serializable all the way to the client side allowing you to know exactly why the exception took place based on the type of Exception received in the UI and at that point simply reload the user's UI for example instead of showing the message. The choice of prompting the user Vs reloading the UI is really up to how you think the implementation makes more sense based on your use case.
Option 2:
On the server side, create a class that implements something along the lines of HttpSessionListener. Integrate it with Spring (there are some tutorials online regarding this) and there you can know exactly when the session is destroyed or expired. You then face the dilemma of having to notify the user (client). For which you'll need a Server Push implementation (Look at Continuations using Jetty for example or how to implement it based on the servlet container you have). Using Server Push you can then right when it takes place notify the user that his/her session has expired or reload the client and force the user to re-login.
I am sure there are other options that you can try, but those are the ones that come to mind right now.
Happy Thanks Giving!
Alfredo
On Thu, Nov 24, 2011 at 8:24 AM, nacho <vela.ignacio@gmail.com> wrote:
I have implemented Spring Security and GWT togheter, but what I can't figure out hw can I handle is how to logout when an RPC fails because the user is not logged in anymore.
For example, the user logs in in my application, then he for example clean the browser session, so he is not logged in anymore. And now he want's to perform some action that call's an RPC, obviusly this call fails beacause the user need to be logued in to call /rpc/*
I would like that if the user logs out by any reason, and calls an RPC that fails (beacause he's logued out) redirect the user to the login again.--To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/zT2RLl-1ClgJ.
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Alfredo Quiroga-Villamil
AOL/Yahoo/Gmail/MSN IM: lawwton
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment