Right, it's not implemented now, but planned. In M4+, all of these tokens will change from getClass().getName() to an obfuscated identifier (e.g. getToken(Foo.class) -> "xW"). The security provider implementation on the server will know how to decode these. I realize that, like pretty and short URLs, it would be nice go have compact history encoding, as well as options to control the look and feel if you want 'pretty/readable' tokens. I think Ray Ryan's currently designed encoding is just a place holder.
-Ray On Sun, Aug 22, 2010 at 5:56 AM, Patrick Julien <[email protected]> wrote: > I am familiar with SecurityProvider but it's used from the server, not > place history. SecurityProvider works on the server to determine if > an operation is allowed, which is just checking for the @Service > annotation right now. > > I am talking about the new methods in RequestFactory that provide > support for bookmarble locations based on Records. So for > UserAccountRecord, requestFactory.getToken(record); will produce a > string > > com.yourcompany.records.UserAccountRecord-id > > which is big > > On Sun, Aug 22, 2010 at 12:37 AM, Ray Cromwell <[email protected]> > wrote: > > > > > > On Sat, Aug 21, 2010 at 11:13 AM, Patrick Julien <[email protected]> > wrote: > >> > >> 1. The tokens are big, they include the full path to the class, so all > >> packages and the name of the class. It's a lot. In our case, it also > >> exposes the name of the contractor to the user of the application. > >> > > > > This is only temporarily, if you look, there's a class called > > SecurityProvider, eventually, all tokens will be mapped through this > > supporting arbitrary schemes. I believe we are looking at payload > > compression/minification for M4 or M5. I'll let Ray Ryan answer the > others. > > > > > > -- > > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors > -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
