3 Replies Latest reply on Nov 29, 2007 5:44 PM by mk dddd

    GWT and JBoss customized login module

    mk dddd Newbie

      Here is my problem, Can you give me some suggestions on what I am
      doing wrong.

      1. the form based authentication implemented in the GWT application,
      the login form is a simple login form to collect the user name ,

      2. The real authentication handled in the JBoss container by
      customized login module;

      3. The user logged out the application,then the session.invalidate();

      4. The user attempted to revisit the GWT application to perform a
      search after log out: What I am expecting is that the login page
      should be repopulated and re-authenticate user, however, the GWT
      either continue to allow the user to revisit the application or send
      out the content of the HTML to the screen when the session closed.

      What I am doing wrong here, per your point The GWT only sent back the
      Object, so how GWT redirect the user to the login page?

        • 1. Re: GWT and JBoss customized login module
          Antoine Herzog Master

          I can't see exactly the details of how GWT get the logged user information (the "principal").
          but obviously, the GWT application does not know that the Principal is not anymore "out of use".

          two way :
          - at each request, the GWT re get the Principal (and may all other login information)
          - when the session is invalidate(), a event is sent to the GWT, so it also invalidate the user informations.

          globally : look the details of how the GWT get the userPrincipal from the session, and see why it keeps it after the log out.

          hope it helps...

          • 2. Re: GWT and JBoss customized login module
            mk dddd Newbie

            Thanks for the replay, per my testing it indicated the user still was able to revisit the GWT based application even the session == null && the principal == null.

            So my question is:

            Can JBoss container enforce the login after the logout in the GWT based app? if is not, how to enforce the login in GWT are there any practical approach?

            • 3. Re: GWT and JBoss customized login module
              mk dddd Newbie

              I took a further look, the JBoss did enforce the login again after the user logout. however, the content of the login page displayed to the user instead of the real login pages. this is tested in the GWT based application. Anybody saw this issues before, please advise. thanks