TechQA.

GWT-RPC or RequestFactory for Authentication?

806 views Asked by At

I'm trying to build a login screen for my GWT app. When you click the login button, the credentials (username & password) need to be sent to the server for authentication. I'm wondering what server communication method is a best fit for this: GWT-RPC or RequestFactory.

My understanding is the RequestFactory is more efficient and recommended over GWT-RPC, but it's more of a data/entity/persistence framework than a request-response framework like RPC. So although many GWT afficionados recommend using RequestFactory over GWT-RPC, I don't think RequestFactory can be used for this scenario. After all, I don't want to CRUD a login request, I want to send credentials to a server, perform secured authentication, and return a response to the client.

  1. Am I correct? Is GWT-RPC my only option? or
  2. Can RequestFactory be used. If so, how (need to see a code example of both client and server code)?
java authentication gwt gwt-rpc requestfactory
Original Q&A
3

There are 3 answers

6
Fedy2 On

With both technology you can send such information to server side, but as already you pointed out the RequestFactory is dedicated to entity management. In your case is better to use GWT-RPC because in order to only send the credentials server side, and eventually retrieve the authentication result, you don't need the RequestFactory surplus (delta transmission, entity management).

0
Chris Lercher On

For authentication, I would (almost) always use RequestBuilder, i.e. a simple HTTP(S!) POST. Why? Because this way you can implement a general authentication mechanism, that can not only be used by GWT apps. You gain the flexibility to add a simple HTML login page, single sign-on, standard server-side mechanisms (e.g. Spring security), etc.

A simple GWT re-login dialog is also no problem with RequestBuilder - to submit just username/password, GWT-RPC or RF is simply not necessary.

4
Manolo Carrasco Moñino On

You can use either, although RF is very used with EntityProxy, it also is thought to work with ValueProxy which mean transmit any type. RF facilitates as well execution of remote procedures passing Proxy types or primitive types.

Said that, I would use the technology used primarily in my app. If you are using RPC send your login/password in a RPC request, but if you are using RF use it, so as you dont mix things, although you can mix RF, RPC, and plain Ajax without problems.

What you have to be aware of, is that normally, in applications requiring authentication you have to use a filter to check whether the user has a valid session when requesting RPC or RF, so in the case of sending a request for login, you have to jump somehow the auth filter.

Related with security, both scenarios are the same, you have to do the request in an https enabled environment.

[EDIT]

This could be the interface for the client and the remote implementation of a RF call for login, as you can see it is really easy, you can add any method you need to these classes:

@Service(value = LoginUserService.class)
public interface LoginUserRequest extends RequestContext {
  Request<Boolean> login(String username, String password);
}

public class LoginUserService {
   // Using static you dont need to provide a Locator for the service
   static Boolean login(String username, String password) {
      return true;
   }
}

Related with auth filters for RF, you can take a look to this: GWT RequestFactory authentication functions

Related Questions in JAVA

Related Questions in AUTHENTICATION

Related Questions in GWT

Related Questions in GWT-RPC

Related Questions in REQUESTFACTORY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions