Am 02.05.2013 13:17, schrieb Eric Wittmann: > First, I just want to point out that, while I agree that the real > security constraints *must* live server-side, there are also > client-side security concerns. You guys have already mentioned (and > agreed on) things like showing information about the current user. I > wanted to add for the record (is there a record?? :)) that it would > also be extremely helpful in Errai to be able to bring the > roles/permissions across to the client so that UI elements (menu > items, buttons, entire pages) can be included/excluded easily based on > the user's permissions. That's not security, but it would be great if > it were a standard part of the framework. I absolutely agree, such functionality would have to be handcrafted, isn't it? No Principal/Credentials/Role etc in GWT...
> More importantly, Thomas - is there any chance you have either some > documentation or can point at the actual code to show examples of the > role/permission management you are using? Eric, I am really sorry, no. But then it is a young project, still plain SeamSecurity in it's simplest form, really nothing spectacular. IMHO the important point is: correctness, stability, extendability. It's an inhouse project, authenticating via JAAS/Kerberos on central AD, so I would not like my colleagues to mistrust my security impl (leaking passwords or similar :-) > On 05/02/2013 03:55 AM, Thomas Frühbeck wrote: >> - authentication by SeamSecurity (brings PicketLink, JAAS, >> powerful >> role/permission managent) - perhaps later exchange with DeltaSpike? No >> problem! > _______________________________________________ errai-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/errai-dev
