security - How to restrict some module of GWT based application from accessing it directly via url -

I have to protect a part of my GWT based application directly from accessing some URL.

Indeed there is an index page which is the login page. Its use gives credentials and enters the app (the module is to be saved).

What I am currently doing is that when a user logs in, I use the session (session .setAttribute ("username", user name)) and load the necessary view of the user in my user name session. Please.

Now whenever the user navigates, I call a method through RPC that checks whether the "username" attribute is set or not in session; If this is set, then the method returns the right and wrong otherwise and definitely if they return false then I load the index view of the application (which logs the user).

Now before calling me this method, the lugged user only prohibits illegal access through the URL etc.

Please guide me from the above scenario; If this is the right strategy to secure some modules or there are other good ways to do the same thing

Cheers! Raza

When your approach will work, I think that the servlet filter to author web server requests The best place is. Since all requests have to go through the filter before killing the servlet, this is the best place to move / revoke / redirect decisions based on URL patterns and your session attributes.

Having (/ *) the safety filter also ensures that all your web app requests go through the first authorization test, just leave the servlet code to do business content