https://wiki.umiacs.umd.edu/adapt/index.php?action=history&feed=atom&title=Pawn2%3ACall_Flow 2026-04-05T20:07:45Z Revision history for this page on the wiki MediaWiki 1.43.7 https://wiki.umiacs.umd.edu/adapt/index.php?title=Pawn2:Call_Flow&diff=2359&oldid=prev 2009-02-24T16:39:10Z

<p></p> <p><b>New page</b></p><div>Overview of basic call flow and authentication for server-side calls.<br /> <br /> All GWT services must implement AuthorizationCheckRemoteServiceServlet. This handles checking to ensure that a client is authorized to use a call. Services must also implement the getAuthorizationEngine() call if their methods require any type of authorization beyond a client being logged in to PAWN. <br /> <br /> =Basic Call Flow=<br /> <br /> # Service is instantiated, constructor may call setContextRequired(false) if methods in the service do NOT require an authenticated user. Currently only the login service has this set. (default: required)<br /> # AuthorizationCheckRemoteServiceServlet.processCall decodes client request<br /> ## Logging MDC, method name and session set<br /> ## extract AuthenticationContext from session<br /> ## if AuthenticationContext is not present and context is required throw AccessDeniedException to client<br /> ## if getAuthorizationEngine returns non-null ServiceAuthorication, call checkAuthorization with context, method, and method parameters. ServiceAuthorication will throw an AccessDeniedException or IllegalArgumentException if a client is not authorized or passes bad data.<br /> ## call method with parameters. Any results and expected exceptions are encoded and returned to client. Declared exceptions should be logged by client prior to throwing.<br /> # Any unexpected/runtime exception is logged and thrown back to the client.</div>

Toaster