First, I just want to point out that, while I agree that the real security constraints *must* live server-side, there are also client-side security concerns. You guys have already mentioned (and agreed on) things like showing information about the current user. I wanted to add for the record (is there a record?? :)) that it would also be extremely helpful in Errai to be able to bring the roles/permissions across to the client so that UI elements (menu items, buttons, entire pages) can be included/excluded easily based on the user's permissions. That's not security, but it would be great if it were a standard part of the framework.
More importantly, Thomas - is there any chance you have either some documentation or can point at the actual code to show examples of the role/permission management you are using? On 05/02/2013 03:55 AM, Thomas Frühbeck wrote: > - authentication by SeamSecurity (brings PicketLink, JAAS, powerful > role/permission managent) - perhaps later exchange with DeltaSpike? No > problem! _______________________________________________ errai-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/errai-dev
