Hi,
Good news I think I'm done with the security module, finally. But there is one
last thing that is bothering me. Maybe someone has a solution I didn't think of.
Like I've explained before I have a 2 SecurityInterceptors one on the client
and one on the server. With the client security interceptor I check the servers
state and 'redirect' the user to the login page if he is not logged in. Because
the client can be manipulated there is also a server side interceptor that will
throw a exception if the user is not logged in.
This is all very nice and all a user will have to do is annotate the methods. I
use the same annotation for both the client and the server side interceptor,
but I have to annotate the remote interface and the service implementation e.g.
@Remote
public interface MessageService {
@RequireAuthentication
String hello();
@RequireRoles("admin")
String ping();
}
@Service
public class MessageServiceImpl implements MessageService {
@Inject
AuthenticationService authenticationService;
@Override
@RequireAuthentication
public String hello() {
What I don't like is that the user will need to keep these to in sync, do you
guys have an idea to have only one of these but still have both of the
interceptors triggered?
Cheers,
Erik Jan
_______________________________________________
errai-dev mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/errai-dev
