I seem to have encoded myself into a corner. First let me tell you what my ultimate goal is: I have a GWT application that will have features available to users who are not logged in, and other features available only to authenticated users. When a non-authenticated user clicks on something that requires authentication, I would like the input window to appear in a modal window and ask the user to authenticate. (if this is not clear, go to digg.com and try the "digg" story without logging in, you will see what I mean)
I have code to add a user and save their username and password (hashed with jBCrypt ). I also have an RPC that accepts a username and password and can verify the password is correct.
My problem is session validation. I can get JSESSIONID, but this is the part where I get lost. How do I associate a user ID with this session and how can I verify that it is still valid?
I know that Glassfish can manage the session, users and roles for me, but I don't know how to make this work seamlessly with GWT. Are there any examples with GWT and user authentication in Java EE? I work for several hours and haven’t come up with anything.
Kevmo source
share