3 Replies Latest reply on Nov 29, 2007 5:44 PM by jdsignature

    GWT and JBoss customized login module

    jdsignature
    jdsignature Nov 26, 2007 10:40 AM

      Here is my problem, Can you give me some suggestions on what I am
      doing wrong.

      1. the form based authentication implemented in the GWT application,
      the login form is a simple login form to collect the user name ,
      passowrd;

      2. The real authentication handled in the JBoss container by
      customized login module;

      3. The user logged out the application,then the session.invalidate();

      4. The user attempted to revisit the GWT application to perform a
      search after log out: What I am expecting is that the login page
      should be repopulated and re-authenticate user, however, the GWT
      either continue to allow the user to revisit the application or send
      out the content of the HTML to the screen when the session closed.


      What I am doing wrong here, per your point The GWT only sent back the
      Object, so how GWT redirect the user to the login page?

      • 1967 Views
      • Tags:
        • 1. Re: GWT and JBoss customized login module
          antoine_h
          antoine_h Nov 27, 2007 5:19 AM (in response to jdsignature)

          I can't see exactly the details of how GWT get the logged user information (the "principal").
          but obviously, the GWT application does not know that the Principal is not anymore "out of use".

          two way :
          - at each request, the GWT re get the Principal (and may all other login information)
          - when the session is invalidate(), a event is sent to the GWT, so it also invalidate the user informations.

          globally : look the details of how the GWT get the userPrincipal from the session, and see why it keeps it after the log out.

          hope it helps...

            • Actions
          • 2. Re: GWT and JBoss customized login module
            jdsignature
            jdsignature Nov 27, 2007 6:38 PM (in response to jdsignature)

            Thanks for the replay, per my testing it indicated the user still was able to revisit the GWT based application even the session == null && the principal == null.

            So my question is:

            Can JBoss container enforce the login after the logout in the GWT based app? if is not, how to enforce the login in GWT are there any practical approach?

              • Actions
            • 3. Re: GWT and JBoss customized login module
              jdsignature
              jdsignature Nov 29, 2007 5:44 PM (in response to jdsignature)

              I took a further look, the JBoss did enforce the login again after the user logout. however, the content of the login page displayed to the user instead of the real login pages. this is tested in the GWT based application. Anybody saw this issues before, please advise. thanks

                • Actions