GWT平台登录+会话管理 [英] GWT-Platform login + session management
问题描述
我是gwt的新手,我正在使用gwt创建一个登录页面,我需要帮助处理会话管理。
这里给出的所有答案都解释了如何管理会话在服务器端,
我需要在客户端(浏览器会话)使用会话完全像JSP文件:
session.setAttribute(UserName,username); / code>
任何人都可以提供一个清楚的完整示例来说明如何实现这个功能(请记住我是gwt的新手)。
我看了这篇教程:
http ://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ
这对我没有帮助,因为它没有解释如何使用浏览器的会话。
谢谢。
客户端(浏览器会话)与JSP文件完全相同:session.setAttribute(UserName,username);
我想纠正你的误解。以下不是浏览器端代码,而不是浏览器端会话。它是服务器端代码,管理服务器端会话信息。
session.setAttribute(UserName,username);
您可以将此服务器端会话信息传输到JSP中的客户端,例如:
< script>
var username =<%= username%>;
< / script> b
code><脚本>
var username ='<%= session.getAttribute(UserName)%>';
< / script>
作为一名经验丰富的JSP程序员,您将意识到HTML / Javascript之间的解耦)和JSP本身。由于JSP面临的限制是你转向GWT的原因。
JSP生成的客户端和GWT生成的客户端之间的相似性
-
偶尔(可能频繁)程序员将服务器端代码误认为客户端代码,反之亦然。正如你所做的那样。
-
两者都生成发送给客户端以执行的javascript和HTML元素。无论您使用JSP生成的JavaScript做什么,都无法通过GWT客户端Java源代码来完成。
无论需要什么要通过JSP生成客户端代码来完成,还需要由GWT客户端代码完成。 您可以将会话信息嵌入到HTTP标头,POST或GET中参数。 -
您需要客户端维护会话信息,主要以cookies的形式。
-
在某些情况下,jsessionid cookie不是由服务器的响应设置的。
您的servlet或其容器可以生成http set-cookie头JSESSIONID。 -
由于request.getSession(),servlet可以控制何时创建cookie头。 b
。
JSP属的区别ted客户端和GWT生成的客户端
-
JSP生成的客户端根据请求/响应进行刷新。因此,您可以在每个请求/响应之间在客户端和服务器之间传输更改和数据。 GWT生成的客户端对客户端来说是持久的,不会刷新。正因为如此,您才会转向GWT。
-
p>
-
JSP中的所有Java代码都是服务器端代码。在JSP中,没有用Java编写的客户端代码。甚至用于生成HTML / javascript的Java代码都是服务器端代码。
所有客户端Java代码都被翻译/编译成Javascript。所以GWT的Java代码实际上就是编译器端的代码。 -
t忘记使用Dictionary类客户端代码将您的静态设置传递给GWT应用程序,然后在托管文件中定义Javascript对象。您可以将javascript对象设置为变量,并且在加载gwt模块后它们将可以被Dictionary类读取。
不要忘记您可以使用JSP以生成GWT托管文件 - 这样您就可以创建不同字典读物提供的不同行为,您可以为每次调用您的应用程序而个性化。 然而,您不应将会话ID或身份验证信息放在主机文件上。因为即使是由JSP动态生成的,它在持久GWT客户端上实际上也是静态的。 你可以使用Window.Location.reload()来不必要地刷新你GWT客户端,以防万一您仍然喜欢JSP的刷新效果。 GWT-RPC > - >
-
脚本包含(用于穿越SLD-SOP边界)
由于技术的异步性,所有客户端 - 服务器通信都要求GWT客户端提供回调。
查看 http://google-web-toolkit.googlecode.com/svn/javadoc/2.4/com/google/gwt/http/client/RequestBuilder.html (或者在您的GWT javadoc的个人副本中查看它)。
$ b
。
GWT中客户端服务器之间的通信方式
RequestBuilder
...您可以在其中定义集合并获取标题。您的服务器端必须与客户端一致使用哪个头名称。
您不需要依赖传统的JEE会话来维护会话。你可以设计你自己的令牌框架。或者使用现有的OAuth或OpenId。
在各种情况下,您不会在服务器响应中设置会话Cookie。
在某些情况下,编写GWT应用程序时可能需要放弃使用传统的JEE会话。
您应该考虑使用REST或REST-RPC,因为我正在试图以文件形式记录它(以蜗牛的速度): http://h2g2java.blessedgeek.com/2011/11/gwt-with-jax-rs-aka-rpcrest-part-0.html 。
REST不需要您维护会话cookie。在我看来,GWT最适合REST-RPC。
您可以浏览之前发布的帖子,其中有关于其他形式的GWT客户端服务器通信的解释。
I am new to gwt and I am creating a login page using gwt and I need help with session managment.
All answers already given here, explains how to manage sessions on server side,
I need to use session on client side (browser's session) exactly like with JSP files:
session.setAttribute("UserName", username);
Can any one provide a clear full example of how to implement this (Remember I am new to gwt). I looked at this tutorial: http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ And this doesn't help me because it doesn't explain how to use the browser's session.
Thank you.
"I need to use session on client side (browser's session) exactly like with JSP files: session.setAttribute("UserName", username);"
I wish to correct your misconception. The following is not browser side code and not browser side session. It is server side code, managing server-side session info.
session.setAttribute("UserName", username);
You would transmit this server-side session info to the client in your JSP, for example:
<script>
var username = "<%=username%>";
</script>
Or,
<script>
var username = '<%=session.getAttribute("UserName")%>';
</script>
As an experienced JSP programmer, you would realise the decoupling between the HTML/Javascript (generated by the JSP) and the JSP itself. And for the limitations you had faced with JSP is the reason why you are turning to GWT.
The similarities between JSP generated client and GWT generated client
Occasionally (maybe frequently) programmers mistake server-side code as client-side code, vice versa. Just as you did.
Both generate javascript and HTML elements that is sent to the client to be executed.
Whatever you cannot do with javascript generated by JSP, similarly cannot be done by the GWT client-side Java source.
Whatever needs to be done by JSP generated client code, also needs to be done by GWT client code.
You can embed session information in the HTTP header, POST or GET parameters.
You need the client to maintain session info, mostly in the form of cookies.
Under certain circumstances, the jsessionid cookie is not set by server's response.
Your servlet or its container could generate the http set-cookie header for JSESSIONID.
The servlet can control when the cookie header is created - due to request.getSession().
.
The difference between JSP generated client and GWT generated client
JSP generated client is refreshed per request/response. As such, you can transmit changes and data between client and server for every request/response.
GWT generated client is persistent to the client and not refreshed. It is for this reason that you are turning to GWT.
This refresh difference is very crucial in understanding the difference in coding for GWT than for JSP.
All the Java code in JSP is server-side code. In JSPs, there are no client-side code written in Java. Even the Java code used for generating the HTML/javascript is server-side code.
All client-side Java code is translated/compiled into Javascript. So the GWT Java code is actually "compiler-side" code.
.
Means of communication between client-server in GWT
Don't forget to use the Dictionary class client side code to transmit your static settings to GWT app thro Javascript objects defined in the hosting file. You can set javascript objects as vars and they will be readable by the Dictionary class after the gwt module is loaded.
Don't forget that you can use JSP to generate the GWT hosting file - so that you can create different behaviours afforded by different Dictionary readings that you can individualise for each invocation of your app.
However, you should not place the session id or authentication info on the hosting file. Because even though dynamically generated by JSP, it is actually static on the persistent GWT client.
You can use Window.Location.reload() to needlessly refresh you GWT client, just in case you still love the refresh effects of JSP.
GWT-RPC
RequestBuilder
RequestFactory
REST and REST-RPC
Script include (for crossing SLD-SOP boundaries)
All client-server communication requires the GWT client to provide a callback, due to the asynchronicity of the technology.
Take a look at http://google-web-toolkit.googlecode.com/svn/javadoc/2.4/com/google/gwt/http/client/RequestBuilder.html (Or view it at your personal copy of the GWT javadoc).
... where you will be able to define set and get headers. Your server-side has to concur with the client what header name is used.
You do not need to depend on the conventional JEE session to "maintain session". You can contrive your own token framework. Or use an existing one, like OAuth or OpenId.
Under various conditions, you will not get session cookie set in the server's response.
Under certain circumstances, you may need to abandon the use of conventional JEE sessions altogether when writing a GWT app.
You should consider using REST or REST-RPC as I am attempting to document it (at a snail's pace) in: http://h2g2java.blessedgeek.com/2011/11/gwt-with-jax-rs-aka-rpcrest-part-0.html.
REST does not require you to maintain a session cookie. In my opinion, GWT works best with REST-RPC.
You could browse over previous posts there, where there are explanation on other forms of client-server comms with GWT.
这篇关于GWT平台登录+会话管理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
