How to handle user state in RCP

[jweder]

Looking for recommendations on how to handle user information during a session inside a rich client. Primarily focused on dealing with things like identity and security implementation for a client session. This is commonly handled with web applications. I need examples for a rich Java application and am hoping someone can suggest solutions, in RCP or elsewhere.

Example:
user logs in with credentials
user is authenticated and authorities are loaded
subsequent browser interaction implicitly identifies session

The servlet container and interaction with it implicitly have this solved. Problem I have is what to do for a Java client that needs to access services. A Java client needs to get a service loaded with the appropriate security interceptor (AOP). This keeps leading me to a service factory pattern; where client calls to a service (that already has its session id) to load future services. This is kinda like replacing what the servlet container does for the browser.

The other issue I have is how to get the service factory to optionally return remoted instances. But that is for another forum.

[lstreepy]

Maybe I'm not fully understanding your question, but have you looked at the security classes in RCP, like AuthenticationAware, LoginAware, etc.? And the associated secure transports?

They should provide what you need to authenticate with a remote service and maintain a copy of the credentials on the client side.

However, I've got a feeling that your question is deeper than this. Can you elaborate?

Thanks,
Larry.

[ge0ffrey]

Larry wrote a very good guide about AuthenticationAware on the wiki (see user guide on site for link)