Secure GWT applications

[rschaniel]

I try to secure my Google Web Toolkit Application with Spring Security 3.0.5. The problem is that the login form is not rendered correctly as you see in the screenshot Bildschirmfoto 2012-11-26 um 21.11.39.jpg.

In my opinion the problem is that the application runs in an iframe. If I call a service of the application which does not run in an iframe the login form is displayed correctly and the login works well.

So does anyone have an idea to solve this? I think the solution whould be to breakout of the iframe so that the login form is rendered on a new page.

Update:

My configuration so far:

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<beans:bean id="customAuthListener" class="com.nfl.economapp.security.CustomAuthListen er" />

<http auto-config="true" >
<intercept-url pattern="/**" access="ROLE_USER" />
<intercept-url pattern="/gwt/**" access="ROLE_USER" />
<intercept-url pattern="/_ah/**" filters="none" />
<form-login />
<logout />
</http>

<beans:bean id="customAuthenticationProvider" class="com.nfl.economapp.security.CustomAuthentica tionProvider" />

<authentication-manager alias="authenticationManager">
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>

</beans:beans>

[rschaniel]

The problem is most likely the RPC Call