Leveraging Servlet 3.0 - Authentication without Forms using GlassFish v3 and Vaadin
By pelegri on Apr 04, 2010
Servlet 3.0 also includes quite a number of security improvements, as described by Kumar a couple of months ago in a Summary of new Security Features in Servlet 3.0. As Ron explains, one of the themes is that Java EE 6 and Servlet 3.0 Converge on Container Security Functionality, another is extra functionality, as explained by Nithya's 3 recent posts (, , ) covering http-method-omission element in web.xml, and the authenticate and login methods of HttpServletRequest.
A great example of the new functionality is Bobby's Authentication Without the Form where he modifies the RIA app in Creating Secure Vaadin Applications using JavaEE 6 to use the new login machinery and thus remove the need for extraneous JSP files.
Bobby's very complete post includes full source code and a nice Screencast; note it requires a recent build of GlassFish 3.0.1 due to a bug in 3fcs.
I had not noticed Vaadin previously but it seems to be gaining some popularity; its programming model is strongly server-centric and generates client-code via GWT. You can see a Online Sampler and it recently deployed a Component Directory; its KB has a number of articles on how to use it with GlassFish Server. They also announced deals recently with BlackBelt Factory and with our old Liferay friends.
While chasing the sources for this spotlight I bumped into a number of other Java-based RIA frameworks including: Echo and ZK as well as frameworks like Flex/BlazeDS, GWT, and the JSF-based frameworks we know.