I seem to have coded myself into a corner. First let me tell you what my end goal is: I have a GWT app that will have features available to users who are not logged in, and other features only available to authenticated users. When an unauthenticated user clicks on something that requires authentication, I would like a login box to pop up in a modal window, and ask the user to authenticate. (if this is unclear go to digg.com and try to "digg" a story without being logged in, you'll see what I mean)
I have code to add a user and save their username and password (hashed with jBCrypt). I also have an RPC that accepts a username and password and can validate if the password is correct.
My problem is validating the session. I can get the JSESSIONID, but that's the part where I get lost. How do I associate the user's ID with that session, and how do I check that it's still valid?
I know glassfish can manage the session, users & roles for me, but I don't know how to make that work smoothly with GWT. Are there any examples with GWT and authenticating users in a J2EE environment? I've been googling for hours and I've come up with nothing.